论网络攻击在国际法上的归因

The Attribution of Cyber Attacks under International Law

大多数网络攻击的私人性和隐秘性特点,使得这类攻击在国际法上的归因成为一个较为复杂的问题。近年来,国际社会日益重视对这一问题的讨论,并提出了种种放宽甚至取消国际法上既有归因标准的主张。但是,这些主张在强调受害国维护自身网络安全需要的同时,忽视了其他国家受到无辜波及的风险,具有不同程度的片面性和局限性。对网络攻击确定国家责任的前提,是通过国际法进行负责任的归因,既不应使实际从事和控制网络攻击的国家逍遥法外,也不应扩大国家责任的范围而伤及无辜。联合国国际法委员会2001年《国家责任条款》中确定的归因规则,对于网络攻击的归因仍然发挥着不可替代的作用。

The attribution of cyber attacks under international law is an important and complicated issue, due mainly to the anonymous and private nature of most cyber attacks. In re- cent years, scholars from western countries have paid more and more attention to this issue, and have made various proposals to loosen and even abolish the existing attribution standards in in- ternational law, so as to facilitate the attribution of cyber attacks to states which arguably should be responsible. However, these proposals, while emphasizing the need of attacked states to en- sure their cyber security, are largely biased and unfounded, in that they ignore the potential risk for innocent states to be unduly held responsible. The precondition of establishing state respon- sibility for cyber attacks is responsible attribution in accordance with international law so that, on the one hand, states actually engaged in cyber attacks are not be allowed to escape interna- tional responsibility and, on the other hand, the scope of state responsibility is not improperly expanded to negatively affect innocent states. In this respect, the attribution rules in the UN In- ternational Law Commission＇ s 2001 Articles on State Responsibility have an indispensable role to play in the attribution of cyber attacks under international law.