Publicly attributing cyber attacks: a framework

Citations of this article
Mendeley users who have this article in their library.

This article is free to access.


When should states publicly attribute cyber intrusions? Whilst this is a question governments increasingly grapple with, academia has hardly helped in providing answers. This article describes the stages of public attribution and provides a Public Attribution Framework designed to explain, guide, and improve decision making of public attribution by states. Our general argument is that public attribution is a highly complex process which requires trade-offs of multiple considerations. Effective public attribution not only necessitates a clear understanding of the attributed cyber operation and the cyber threat actor, but also the broader geopolitical environment, allied positions and activities, and the legal context. This also implies that more public attribution is not always better. Public attribution carries significant risks, which are often badly understood. We propose the decision maker’s attitude towards public attribution should be one of ‘strategic, coordinated pragmatism’. Public attribution–as part of a strategy–can only be successful if there is a consistent goal, whilst the avenues for potential negative counter effects are assessed on a case-by-case basis.




Egloff, F. J., & Smeets, M. (2021). Publicly attributing cyber attacks: a framework. Journal of Strategic Studies.

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free