Date of Award

Spring 2010

Document Type


Degree Name

Doctor of Philosophy (PhD)


International Studies

Committee Director

Kurt T. Gaubatz

Committee Member

Regina C. Karp

Committee Member

Michael L. McGinnis


One of the most significant challenges to deterring attacks in cyberspace is the difficulty of identifying and attributing attacks to specific state or non-state actors. The lack of technical detection capability moves the problem into the legal realm; however, the lack of domestic and international cyberspace legislation makes the problem one of international cooperation. Past assessments have led to collective paralysis pending improved technical and legal advancements. This paper demonstrates, however, that any plausible path to meaningful defense in cyberspace must include a significant element of international cooperation and regime formation.

The analytical approach diverges from past utilitarian-based assessments to understand the emerging regime, or implicit and explicit principles, norms, rules, and decision-making procedures, around which actor expectations are beginning to converge in the area of cyberspace attack attribution. The analysis applies a social-practice perspective of regime formation to identify meaningful normative and political recommendations. Various hypotheses of regime formation further tailor the recommendations to the current maturity level of international cooperation in this issue area.

Examining international cooperation in cyberspace and methods for maturing international cooperation to establish attribution in other domains inform political mitigations to the problem of cyberspace attack attribution. Potential solutions are analyzed with respect to four recent cyberspace attacks to illustrate how improved international cooperation might address the problem. Finally, a counterfactual analysis, or thought experiment, of how these recommendations might have been applied in the case of rampant Chinese cyber espionage inform specific current and future opportunities for implementation. Although timing is difficult to predict, the growing frequency and scope of cyber attacks indicate the window of opportunity to address the problem before some form of cataclysmic event is closing.