IV.

THE CYBER ATTACKS AGAINST THE COMPUTER SYSTEMS OF THE AMES POST AND
CHESTER & WALSINGHAM CANNOT BE ATTRIBUTED TO RIESLAND, AND IN ANY EVENT
DID NOT CONSTITUTE AN INTERNATIONALLY WRONGFUL ACT.
A. The cyber-attacks cannot be attributed to Reisland, and in any event did not
constitute an internationally wrongful act.
Attributing a cyber-attack to a certain source and discerning the intent of assailant
are of high significance in cyber-attacks. Ascription of an attack to a particular suspect
allows for a State to not attack an innocent country.
It is a quintessential principle of international law that States bear responsibility
for an act when: (i) the act in question is attributable to the State under international law;
and (ii) it constitutes a breach of an international legal obligation applicable to that State.
The mere fact that a cyber-operation has been launched or otherwise originates
from governmental cyber infrastructure is not sufficient evidence for attributing the
operation to that State. It merely denotes that the fact that a cyber-operation has been
mounted from government cyber infrastructure is an indication of that States
involvement. However, in and of itself, it does not serve as a legal basis for taking any
action against the State involved or otherwise holding it responsible for the acts in
question.
The law of State responsibility extend only to an act, or failure to act, that violates
international law. In other words an act committed by a States organ, or otherwise
attributable to it can only amount to an internationally wrongful act if it is contrary to
international law.

B. Cyber-attack or cyber-force is not within the purview of the prohibition against

threat or use of force under international law
Article 2 paragraph 4 of the UN Charter provides that, all Members [of the United
Nations] shall refrain in their international relations from the threat or use of force against
the territorial integrity or political independence of any state, or in any other manner
inconsistent with the Purposes of the United Nations. The question is whether cyber
force can be considered a type of force in the sense of Article 2(4).
The general criteria for the interpretation of treaties are spelt out in Article 31(1) of
the 1969 Vienna Convention on the Law of Treaties which provides that A treaty shall be
interpreted in good faith in accordance with the ordinary meaning to be given to the
terms of the treaty in their context and in the light of its object and purpose. A
teleological interpretation of Article 2(4) seems to support a narrow reading of the
provision that limits it to armed force.

The UN Charter offers no criteria by which to determine when an act amounts to a

use of force. In the Nicaragua case, the International Court of Justice (ICJ) stated that
scale and effects are to be considered when determining whether particular actions
amount to an armed attack. For cyber-attacks to become subject of use of force, the
intensity and impacts must be such that leads to injury or casualties or extensive
destruction of properties and not merely to partial damages or cyber larceny.
International law is generally prohibitive in nature. Acts that are not forbidden are
permitted; absent an express treaty or accepted customary law prohibition, an act is
presumptively legal. For instance, international law does not prohibit propaganda,
psychological operations, espionage, or mere economic pressure per se. Therefore, acts
falling into these and other such categories are presumptively legal. This being so, they
are less likely to be considered as uses of force.