Official Public Political Attribution of Cyber Operations: State of Play and Policy Options


In recent years, official public political attributions—a government entity’s public disclosure of information tying malicious cyber operations to another state through official channels—have gained traction as a policy instrument to establish accountability for malicious cyber activities, among other objectives. At the same time, there is no clear shared understanding among states about what characterizes a responsible use of this instrument, which could contribute to preventing misunderstandings and increasing the predictability of inter-state conduct. Attribution remains only marginally addressed in the context of diplomatically negotiated cyber norms so far. This makes this field well suited to explore the formation of normative ideas through state practice as it leaves ample room for practical interpretation by states.


Based on four case studies (Australia, Germany, Japan, and the United States), this paper identifies which cyber operations the selected states have publicly attributed, how the attribution was communicated and justified, and to what extent other states were involved in the process. The paper proposes and applies a framework of 13 parameters that serves to identify similarities and differences—areas of convergence and divergence—across countries, permitting new insights into how states currently perceive the respective normative framework.

Person photo

Christina Rupp

Stiftung Neue Verantwortung

Christina Rupp is Project Manager for Cybersecurity Policy and Resilience at the Berlin-based tech policy think tank Stiftung Neue Verantwortung (SNV). Her work focuses on issues of cyber diplomacy and cyber foreign policy, especially with regard to international norms for responsible state behavior in cyberspace, and EU Cybersecurity Policy. In this role, she also follows developments in the United Nations Open-ended Working Group on cybersecurity. Her presentations at academic conferences include the 2023 Annual Conference of the European Initiative for Security Studies (EISS) and the 2023 Science Peace Security Conference.

Christina specialized in foreign and international security policy during her studies of Political Science at the Universities of Copenhagen (M.Sc.), Bonn (B.A.) and Geneva, as well as a second master’s program in Public International Law at the University of Amsterdam (LL.M.). Before joining SNV, she gained practical insights into policy-making and processes of international relations at the Permanent Mission of Germany to the United Nations in New York, the German Federal Ministry of Defense, and the Aspen Institute Germany, among other institutions.