When is a Hack an Attack? A Sovereign State's Options if Attacked in Cyberspace: A Case Study of Estonia (Computer Hacking and Security )
暫譯: 何時黑客行為成為攻擊？主權國家在網絡攻擊下的選擇：愛沙尼亞案例研究（電腦駭客與安全）

For three weeks in 2007, the Republic of Estonia suffered a crippling cyber attack that left government, political and economic facets of the country helpless. This scenario provides a great template to examine the rights of a cyber attacked state in the context of international law. Estonias options were limited for numerous reasons including difficulty of attribution, lack of international standards, and the current political environment. Ultimately, unless a cyber attack causes undisputable damage and loss of human life, and it can be traced back to a source with high certainty, it is highly unlikely that a state will conventionally respond in self-defense. Currently, there are no clear international laws that govern the rights of any sovereign state in the event of a cyber attack absent the direct loss of human life or significant physical damage. The current approach is to take the existing laws and treaties and interpret them to fit the activities in the cyber domain. However, unlike a conventional attack, there are many more factors that blur the line in cyberspace. Attribution is much more difficult because there is limited physical evidence and usually is spread across different sovereign states. Without a common (and agreed upon) definition of what constitutes a cyber attack, how can nations defend themselves without risking the ethical, legal and moral obligations that should reign over states? The fundamental dilemma a state faces is to balance its retaliatory options with the requisite legal justifications if they cannot be confident of the source for the attack.