Why Attribution in Cyber Conflict Is More Political Than Technical

Attribution in cyber conflict is often framed as a technical challenge—one of identifying perpetrators through digital forensics, malware signatures, and network tracing. However, this framing obscures a more important reality: attribution is fundamentally a political act. States do not simply discover responsibility; they construct it within strategic, legal, and normative contexts (Rid and Buchanan, 2015).

From a realist perspective, attribution functions as an instrument of statecraft. Publicly assigning responsibility serves signaling purposes, shaping deterrence and influencing adversary behavior (Schelling, 1966). The United States’ attribution of Iranian cyber operations—such as distributed denial-of-service attacks against financial institutions and intrusions into critical infrastructure—illustrates this dynamic (U.S. Department of Justice, 2016). In these cases, attribution is less about achieving courtroom-level certainty and more about establishing credibility and demonstrating resolve. By naming an adversary, a state signals both capability and intent, reinforcing deterrence even in the absence of immediate retaliation (Lindsay, 2015).

Constructivist analysis deepens this understanding by emphasizing how attribution is shaped by identity, norms, and shared expectations. Cyber operations exist within an evolving normative environment where rules remain contested (Wendt, 1999). Attribution, therefore, is not merely about “who did it,” but about how actions are interpreted within broader narratives. Iranian cyber activities, for instance, are frequently framed by Western states as destabilizing, while Iranian discourse positions them as legitimate resistance to external pressure (Lupovici, 2021). Attribution thus becomes a mechanism through which competing identities and norms are reinforced.

This duality carries significant policy implications. Overreliance on technical certainty can delay response and weaken deterrence, while overly politicized attribution risks escalation based on misperception. The policy challenge is not to eliminate ambiguity—an unrealistic objective—but to manage it strategically. This requires integrating technical analysis with calibrated political signaling, ensuring attribution supports broader security objectives without overcommitting to unverifiable claims (Egloff and Smeets, 2023).

Moreover, attribution plays a central role in shaping international cyber norms. Public attributions—particularly when coordinated among allies—contribute to defining acceptable state behavior in cyberspace (United Nations, 2021). However, inconsistent or selective attribution risks undermining legitimacy and reinforcing perceptions of political bias, weakening norm development efforts.

In practice, effective cyber strategy recognizes attribution as both a technical and political process. States must balance evidentiary standards with strategic necessity, using attribution not only to assign responsibility but to influence the broader security environment. In doing so, they acknowledge a central reality of cyber conflict: what matters is not only what can be proven, but what is believed.

References:

Egloff, F. and Smeets, M. (2023) ‘Publicly attributing cyber attacks: a framework’, Journal of Strategic Studies, 46(3), pp. 1–25.

Lindsay, J.R. (2015) ‘Tipping the scales: the attribution problem and the feasibility of deterrence against cyberattack’, Journal of Cybersecurity, 1(1), pp. 53–67.

Lupovici, A. (2021) The Power of Deterrence: Emotions, Identity, and American and Israeli Wars of Resolve. Cambridge: Cambridge University Press.

Rid, T. and Buchanan, B. (2015) ‘Attributing cyber attacks’, Journal of Strategic Studies, 38(1–2), pp. 4–37.

Schelling, T.C. (1966) Arms and Influence. New Haven: Yale University Press.

United Nations (2021) Report of the Group of Governmental Experts on Advancing Responsible State Behaviour in Cyberspace in the Context of International Security. New York: United Nations.

U.S. Department of Justice (2016) Seven Iranians Working for Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector. Washington, DC: DOJ.

Wendt, A. (1999) Social Theory of International Politics. Cambridge: Cambridge University Press.