Attribution – the process of allocating responsibility for a malicious cyber operation – is comprised of three distinct and intertwined aspects: factual or technical, legal, and political. This paper analyses these three aspects through the prism of the normative expectations of responsible State behaviour in cyberspace.

The paper goes on to make a number of suggestions of how to consider the challenges of attribution and how to operationalize norm B of the 2015 Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security.

Citation: Andraz Kastelic (2022) "Non-Escalatory Attribution of International Cyber Incidents: Facts, International Law and Politics", UNIDIR, Geneva, Switzerland.