惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
Google DeepMind News
Google DeepMind News
Hugging Face - Blog
Hugging Face - Blog
D
Docker
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
Project Zero
Project Zero
Engineering at Meta
Engineering at Meta
J
Java Code Geeks
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
Simon Willison's Weblog
Simon Willison's Weblog
S
Security Affairs
NISL@THU
NISL@THU
T
Tor Project blog
A
About on SuperTechFans
宝玉的分享
宝玉的分享
腾讯CDC
S
Schneier on Security
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
P
Privacy & Cybersecurity Law Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Stack Overflow Blog
Stack Overflow Blog
P
Privacy International News Feed
雷峰网
雷峰网
C
Cyber Attacks, Cyber Crime and Cyber Security
Vercel News
Vercel News
Cisco Talos Blog
Cisco Talos Blog
D
DataBreaches.Net
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Google Online Security Blog
Google Online Security Blog
Recorded Future
Recorded Future
L
LINUX DO - 热门话题
Microsoft Security Blog
Microsoft Security Blog
Latest news
Latest news
C
Check Point Blog
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
Application and Cybersecurity Blog
Application and Cybersecurity Blog
爱范儿
爱范儿
月光博客
月光博客
V
Vulnerabilities – Threatpost
T
Threat Research - Cisco Blogs
P
Palo Alto Networks Blog
T
The Blog of Author Tim Ferriss
C
Cisco Blogs
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs

RUSI: What's New

Episode 21: Chinese Money Laundering and the ‘Flying Money’ Threat Armenia’s Election: A Win for Pashinyan, Yet the Kremlin Long Game Persists The Loyalty Trap: Trump and the Undermining of US Intelligence Power The End of Orbánism? Bosnia, Magyar and Europe’s Strategic Credibility The Curious Case of the Delayed Investment Plan The Energy Supply Cliff is Alarmingly Near Europe Means Business on Cloud and AI Sovereignty No-Rules Based Order: The World As It Really Is The Nathan Gill Case: Isolated Foreign Malign Interference Case or a Broader Hybrid Threat? Armenia’s Election and the Future of Security in the South Caucasus The DPRK’s Chemical Facilities: Sunchon Area: Site Profile 7 Reforming Defence: Lessons from the UK Defence Restructuring History The DPRK’s Chemical Facilities: 8th February Vinalon Complex: Site Profile 8 Power Under Dependency: Vulnerabilities in France’s Strategic Posture Re-Establishing Japan’s Intelligence Capability – ‘Spy Paradise’ lost? Episode 121: No Easy Off-Ramp: Iran, the US and the Search for a Deal Illegal High Street Enterprise. Closed for Business, Open for Crime Hollowing Out Lebanon: How Pressure on Hezbollah Could Save It Duke of Wellington Medal for Military History 2025 Episode 19: Adversarial Strategy: Russia’s Preparations for a Long War Who Rules Cyberspace? The Microsoft Approach to Cyber Diplomacy The Inextricable Link Between Geopolitics, Security and Humanitarian Impact Offshore Wind and Security in the North Sea: Key Findings from a Workshop Episode 20: Is Populism a Business Model? As US Scales Back Forces Earmarked for NATO, Opportunity Opens for Europe Recording: Subsea Cables: Risks, Security and Resilience ‘Always On’ and Defence Industry in the UK: Its Nature, Importance, Challenges and Ways Forward Turkey’s Iraq Gambit Amid the Strait of Hormuz Crisis Recording: The New Geography of Climate Change Order Missiles and Bombs to Increase European Combat Air Mass, Not Drones Canada Calling: Lessons for Europe on Confronting the Financing of Political Interference The Iranian Armed Forces and the Third Gulf War Water and Cognitive Warfare Episode 120: President Trump in Beijing: The Future of US-China Relations Missing Intelligence: The Trump Administration, Iran and the US Intelligence Community The Peace and Security System has Three Functions. African States Need a Fourth Recording: Kermit Roosevelt Lecture given by General Christopher Donahue Recording: David Miliband on Geopolitics, Security and the Humanitarian Impact The West’s Ukraine Sanctions Strategy has Lost its Way The UK’s Chagos Islands ‘Deal’: Where are We Now? Integrating Hunt Forward Operations for Enhanced UK Cyber Campaigning Europe’s AML Package: A Strong Framework at the Wrong Time? How North Korea is Modernising its Defence NATO’s Rutte is Doing a Tough Job. Europeans Should Help The US Army’s Next Generation Squad Weapon and the Future of NATO Standardisation Episode 15: Integrating Today’s Forces for Air and Missile Defence RUSI Reflects: The Reality of an Extended Closure of the Strait of Hormuz Corporations Must Re-learn How to be Geopolitical Actors Operational Continuity in a Contested Energy Transition Why the US’s Financial Efforts to Keep the Hormuz Strait Open Failed The Real Test for Iran Comes After the War Nationalism and Defence Willingness: Mobilising for the Future Licence to Operate: Transparency and Responsibility in UK Offensive Cyber Power Episode 16: Latvia’s Transformation: From Laundromat to Leader Four Alternative End States in Iran – the Only Good One Becomes Unlikely Crypto Moratorium is the Right Starting Point for Political Finance Reform UN Norms: Tackling the Rise of Cyber Capabilities The Gulf Does Not Want This War to Continue Events Events Events Events Events Bridging Digital Borders: Cybersecurity Capacity Building in Latin America Events Artificial Intelligence: Friend or Foe in Fighting Financial Crime? CTF Online Symposium: Islamic State – Khorasan Province Events UK National Security and the Net Zero Transition Launch of the Global Partnership for Responsible Cyber Behaviour Events Professor Sir David Omand on How to Survive a Crisis Instability in Russia: An Update by RUSI Experts The Casey Review: Implications for the Metropolitan Police Service Events Policing the Far Right Events UK PONI Annual Conference 2023 Events Events Events RUSI Space Power Conference 2023 Events Events Events Events Events RUSI Combat Air Conference 2023 Events RUSI Latin American Security Conference 2023 Events Events International Day of UN Peacekeepers Conference 2022 UK Project on Nuclear Issues Annual Conference 2022 RUSI Sea Power Conference 2022 Events Events Events
Speaking Without Escalating: Why the UK Needs Public Responsibility Signalling in Cyber Policy
2026-03-30 · via RUSI: What's New

Concept image of person with a digital background. Image generated with Canva AI.

The UK has an opportunity to strengthen deterrence through attribution without fear of escalation.

In 2025, Jaguar Land Rover was struck by a crippling ransomware campaign that forced five weeks of factory shutdowns, disrupted global supply chains, and inflicted nearly £2 billion in estimated losses. While publicly visible and materially severe, the incident did not prompt a state-level attribution statement from the UK government. Instead, technical confidence about the responsible criminal actors remained within classified channels, and the broader governance discourse defaulted to silence. This episode starkly illustrates a recurring problem in contemporary UK cyber policy: harmful cyber activity can inflict profound economic and social damage without triggering a visible, credible public response under the current attribution-centric model.

In recent years, the UK and its allies have repeatedly found themselves in a familiar position. Harmful cyber activity is ongoing. Inside government, confidence about who is responsible is high. Yet public attribution is delayed, diluted or quietly abandoned altogether. Weeks pass as allies negotiate language, assess escalation risks, and debate evidentiary thresholds. Meanwhile, the activity continues largely uninterrupted. This pattern is no longer exceptional. It reflects a structural tension at the heart of UK cyber governance: public attribution has become the primary visible marker of action, even though the conditions under which attribution is possible, or desirable are increasingly rare.

This Policy Perspective argues that the UK needs a new public governance instrument to address that gap. It proposes the development of Public Responsibility Signalling (PRS) as a distinct category of cyber response, positioned below public attribution but above silence. By enabling the UK to publicly identify responsible actors without asserting state responsibility, PRS would reduce incentives for below-threshold cyber activity while preserving political and legal restraint and intelligence secrecy.

Attribution Has Become a Bottleneck

Attribution in the UK serves important purposes. It reinforces accountability, supports international norms and enables certain legal and diplomatic measures. For those reasons, the international law norms set a high bar for attributing malicious cyber activity to a state.

But attribution is not just a technical judgement; it is a legal and political act. Naming a state publicly can carry consequences ranging from diplomatic escalation to reciprocal accusations or litigation risk. It may also require the disclosure of sensitive intelligence sources and methods. For these reasons, governments often judge that public attribution, even when technically justified, is not worth the cost.

quote

PRS is designed to acknowledge harmful activity and enable proportionate policy response even where formal attribution, particularly to a state actor, would be politically or evidentially constrained

The problem arises when high threshold for attribution becomes the informal gateway to response. In practice, if attribution cannot be achieved publicly and collectively, visible action often stalls. Attribution as a tool intended as a safeguard against escalation begins to function as a constraint on governance. This dynamic is particularly ill-suited to a threat environment dominated by non-state actors, criminal ecosystems and proxy groups that deliberately operate below the threshold.

A Reality Everyone Recognises, but Few Name

In practice, the UK, internally, already acts extensively without public attribution. Defensive operations, disruption of criminal infrastructure, cooperation with private-sector providers and other cyber activities are routinely conducted on the basis of classified intelligence and are seldom publicly acknowledged. Externally, however, action in the public domain is comparatively rare. In such cases, publicly available attribution performs an important signalling function: it communicates responsibility, frames behaviour as norm-violating and enables coordinated diplomatic, legal or economic responses with partners and allies.

What is missing is not capability, but doctrinal clarity in the UK. Public cyber policy discourse continues to treat attribution as the central indicator of responsibility to domestic and international audiences, partners, even though practitioners recognise that responsibility is often exercised quietly through operational responses.

This mismatch creates three problems. First, it obscures how cyber governance actually works. Second, it narrows the range of publicly legitimate responses available to policymakers. Third, it creates incentives for adversaries to operate just below the level of egregious activity that governments assess may trigger public attribution, confident that harm can be imposed without public consequence. Attribution is increasingly being asked to do more governance work than it can realistically sustain.

Introducing Public Responsibility Signalling

Public Responsibility Signalling (PRS) is a form of public action that allows the UK to identify state actors responsible for harmful cyber activity without asserting political attribution or legal state responsibility and at the same time not staying in the status quo (Table 1).

PRS is not attribution in the legal sense. It does not claim a breach of international law, trigger state responsibility, or rely on evidentiary standards appropriate for judicial proceedings. Although many public cyber attributions likewise avoid explicit legal characterisation, PRS differs in its function. Conventional attribution seeks to identify and publicly name responsible actors. By contrast, PRS is designed to acknowledge harmful activity and enable proportionate policy response even where formal attribution, particularly to a state actor, would be politically or evidentially constrained. In this sense, it provides a public response where the alternative might otherwise be silence.

In practical terms, PRS would allow the UK to say: we assess that this activity is being carried out by these actors; it is causing harm; and we are responding accordingly, without crossing the threshold into legal attribution.

Why This Matters for Below-Threshold Activity

At present, the absence of an intermediate public response category creates a governance vacuum and cyber-attacks continue. PRS would change that calculus. Public identification, even without legal attribution, carries reputational, economic and operational consequences. It enables coordinated action by allies and the private sector, supports disruption of enabling infrastructure and signals that harmful behaviour is being tracked and contested. Crucially, it also increases the public visibility of malicious activity. Moving incidents from classified awareness into the public and media domain can generate reputational pressure, mobilise defensive action across industry and strengthen the basis for collective responses by partners.

While such visibility does not guarantee deterrence, it can raise the political and operational costs of persistent malicious activity and reduce the space for adversaries to operate without scrutiny. Most importantly, PRS raises the expected cost of operating just below the attribution threshold, reducing the strategic advantage of ambiguity.

Preserving Law, Secrecy and Restraint

A common concern is that acting publicly without attribution risks eroding restraint or escalating conflict. Arguably, PRS would do the opposite. By introducing a category such as PRS, the UK could expand the range of publicly available responses to malicious cyber activity. Even where governments judge that the evidentiary or political conditions for formal attribution are not met, PRS would allow harmful activity to be acknowledged publicly rather than remaining unaddressed in the public domain. This increased visibility can generate reputational pressure, support coordinated defensive action by allies and the private sector, and signal that malicious behaviour is being monitored and contested. In this sense, the principal benefit of PRS lies less in redefining legal attribution standards and more in providing a public governance response where the alternative might otherwise be silence.

Enjoy our analysis and research? Ensure it shows up first on Google

Help your search results show more from RUSI. Adding RUSI as a preferred source on Google means our analysis appears more prominently.

Subscribe to the RUSI Library Newsletter

Receive quarterly library updates, highlights from the archive and upcoming events.

PRS also respects intelligence realities. Statements can be calibrated to avoid revealing sources and methods. In many cases, the signal itself is the policy tool; the evidentiary detail remains classified. By decoupling action from attribution, PRS reduces pressure to attribute publicly simply to justify response.

Defensive First, Not Offensive by Default: Bridging the Public–Private Gap

Although this debate often sits within discussions of offensive cyber capability, PRS is primarily a defensive governance tool. Its most immediate applications lie in enabling economic, regulatory, diplomatic, and cooperative responses to persistent harm. PRS does not expand offensive cyber powers. It structures how the UK communicates and coordinates responses that are already legally available but currently constrained by attribution politics.

PRS could also help align public and private responses. Private sector actors often experience cyber incidents first and are frequently responsible for technical investigation and disclosure. In doing so, they may have incentives to attribute incidents publicly in order to warn customers, demonstrate analytical capability, or shape threat perceptions. Governments, by contrast, face incentives to attribute more cautiously, as public attribution can carry diplomatic, legal, and strategic consequences. These asymmetries can produce a mismatch in public signalling between government and industry. A mechanism such as PRS could help bridge this gap by allowing governments to acknowledge harmful activity publicly without requiring the level of evidentiary certainty or political commitment associated with formal attribution.

A recognised PRS framework would provide a shared reference point. It would allow government to acknowledge responsibility and coordinate mitigation without over-committing legally, while giving the private sector clearer signals about when collective response is underway.

A New Norm for a Changed Environment

The UK has invested heavily in promoting responsible behaviour in cyberspace. But responsibility cannot be reduced to naming perpetrators. It also involves managing harm, reducing instability and preventing escalation over time. Public Responsibility Signalling offers a way to update cyber governance without abandoning its legal and ethical foundations. It adds a missing rung to the response ladder: one that sits between silence and attribution and that reflects how cyber conflict actually unfolds.

If the UK wants to deter below-threshold cyber activity, it must be able to act and be seen to act, below the attribution threshold. PRS provides a credible, restrained, and realistic way to do so. In cyber governance, silence should be a strategic choice, not the default outcome of legal, political and diplomatic caution. Public Responsibility Signalling gives the UK a way to speak without escalating, and to govern without pretending attribution is the only language available.

© RUSI, 2026.

The views expressed in this Cyber Effects Perspectives are the author's, and do not represent those of RUSI or any other institution.

For terms of use, see Website Terms and Conditions of Use.


WRITTEN BY

Klaudia Szabelka

Cyber Effects Fellow

View profile