Abstract
An increasing number of states use direct public political attribution to call out inappropriate behaviour in cyberspace attributable to another state. Shared understandings about conducting and communicating political attribution practices are essential to avoid misunderstandings and mitigate the risk of potential escalation between states. However, attribution remains only marginally addressed in the context of diplomatically negotiated cyber norms so far. This makes this policy instrument well suited to explore the formation of normative ideas through state practice as it leaves ample room for practical interpretation by states. Based on a selection of five case studies, this paper identifies which cyber operations the selected states have publicly attributed, how the attribution was communicated and justified, to what extent other states were involved in the process, and how other states perceived the attribution. This analysis of established and emerging state practice will permit new insights into how States currently perceive the respective normative framework, that is, formalised cyber norms, and conclusions as to what extent the observed State practice gives rise to new shared understandings about appropriate state behaviour - practised cyber norms - when it comes to direct public political attribution of cyber operations.