The majority of cyber-attacks in the world are launched by non-state actors, especially criminals looking for money. Most of these cyber-attacks are far from advanced and have relatively little societal consequences. Yet, state actors increasingly also seem to hire non-state actors to launch more severe cyber-attacks with potentially damaging effects for societies abroad. While effectively responding to state-launched cyber-attacks is already a complicated task, this becomes even more difficult when states hide behind non-state actors.
How could states respond to non-state cyber-attackers, especially those aiming for large-scale operations harming their societies? This Policy Brief will briefly explore the problems in dealing with non-state cyber-attackers and will offer some policy options that are available. The benefits and risks of the policy options will be discussed as well, especially from a viewpoint of escalation risks.
Read full policy brief