State Responsibility and Cyberattacks: Dening Due Diligence Obligations
of “sponsoring” implies a form of state responsibility and insinuates
that hacktivism may be attributed to China under the relevant tests in
general international law.10 But attribution is only one possible test of
What is a State’s responsibility for its own actions or inaction during
these cyberattacks?11 A due diligence obligation in cyberspace12 (“cyber-
diligence”), if established, would oer victim States alternative legal
recourse for a territorial State’s breach of a primary obligation.13 Subject
to the contents and triggers of the obligation dened below, China and
the U.S. could invoke one another’s responsibility for failing to prevent
hacktivism within their territories.14 e failure could constitute an
internationally wrongful act, which would then enable either State to
e present paper uses hacktivism as its opening case study to
canvass the issue of State responsibility in cyberattacks. We now turn to
examine, starting from rst principles, the merits of including a cyber-
diligence obligation as part of the State responsibility framework.
10. See Stefan Talmon, e Responsibility of Outside Powers for Acts of Secessionist
Entities, 58 I’ C. L. Q. 493 (2009).
11. Int’l L. Comm., Responsibility of States for Internationally Wrongful Acts, arts.
2(b), G.A. Res 56/83, 53rd Sess., Jan. 28, 2002, U.N. Doc. A/RES/56/83 (Dec.
12. is paper adopts the denition of cyberspace as: the “[g]lobal domain within
the information environment consisting of the interdependent network of in-
formation technology infrastructures, including the internet, telecommunica-
tions networks, computer systems, and embedded processors and controllers.”
U.S. D’ D, D S D M:
T D C (May 12, 2008).
13. e State(s) from which the cyberattacks originate, or whose networks are im-
plicated in the cyberattack (territorial State). e State(s) whose networks are
injured in a cyberattack (victim State).
14. 1 O’ I L: P 391-92 (Robert Jennings & Sir
Arthur Watts eds, 9th ed. 2008).
15. Int’l L. Comm., supra note 11, at 38 ch. II. 91 art. 31.