Today’s complex and interdependent global economy relies heavily on an Internet infrastructure that is fraught with risks, threats, and hazards the average computer user or small- and medium-sized enterprise is unaware of and unprepared for. Confidence in the ability to effectively, efficiently, and securely conduct commerce and business processes over the Internet and through emerging mobile device applications is vital and fundamental for vibrant and stable economies around the globe. The world faces unprecedented risks across the Internet in what has become known as “the twenty-first century’s Wild West,” where attacks on computer systems and networks are generally conducted with...

Cyber conflict activities constitute a critical form of coercive power. Effects can range from disruption to destruction. The loss of electrical power for extended periods of time, inability to conduct commerce due to networking failures, and incapacity of military organizations to command and control their forces are credible threats. In the past, the United States has faced adversarial states and violent nonstate actors organized in relatively hierarchical vertical structures. However, today the evolution of information and communication technology (ICT), such as those that make up the Internet, and the intensification of reliance on these vulnerable technologies provide US adversaries with...

Attribution of cyber events to people or machines is an overstated challenge. Every action in cyberspace has a source that can be identified if observers are looking. Experts have noted that “the very fact that one attempts to conduct cyber warfare means that some bit in some data stream is changed to reflect one’s presence and actions.”¹ All agents in the cyber world can be visible if a worldwide effort is in place to monitor malicious traffic and to punish behaviors that fall outside that which aims to use the Internet to communicate ideas freely, open pathways of commerce, or...

Global norms, institutions, and patterns of cooperation among state and private sector stakeholders can serve as a foundation for solving the attribution problem in cyberspace. Norms of state responsibility in cyberspace must be institutionalized at the international level, and they must be enforced by relevant US government departments, including defense, state, justice, and commerce, and by other appropriate federal, national, state, and tribal agencies.

More than one American expert has noted that “although numerous multinational organizations are working on various aspects of cyber crime and/or cyber conflict, only ITU has taken a global view and put forth an agenda intended...

The subject of this chapter is a possible framework to guide US statecraft in cyberspace based on the antitrafficking initiatives the United States sponsored in the past decade. As has been noted throughout this work, nation-states are not currently held culpable for the actions of malicious agents in cyberspace. The United States–China Economic and Security Review Commission recently stated that “even if circumstantial evidence points to China as the culprit, no legislation or policy currently exists to easily determine appropriate response options to attacks on U.S. military or civilian networks in which definitive attribution is lacking. Beijing, understanding this,...

The only way forward in creating a robust network of global processes and policies to found a formal international agreement is to begin by holding states accountable for malicious activities that originate in or transit their territories. The United States should not shy away from sponsoring existing international frameworks and the emerging institutions such as IMPACT.

Attributing a cyber attack to a state requires a rapid response to the event. Unlike law enforcement, different standards and technical evidence are required to hold states accountable. Experts have suggested that the high standard of evidence for criminal prosecution is not required from...