Cyberwar has become an important feature in the international security policy discourse. For legal purposes the term Cyberwar describes computer network operations which start an armed conflict or which are conducted during such a conflict. However, due to technical im possibility and human incapability it is nearly unconceivable to identify the state launching a computer network operation. Thus, attribution based on provable causality seems practically impossible. Such a scenario is a severe challenge for the international legal order which is predominantly based on attribution on the basis of provable causality in order to direct States' behavior. The article discusses in which way the international legal order can address this challenge. In particular, arguments which aim to circumvent the thresholds of the right to self-defence and of countermeasures by lowering the standards of proof and basing attribution on assumptions are rejected. Instead the article calls for a change of perspective. A comparison is drawn to the precautionary principle in Environmental Law which addresses similar situations of lack of knowledge. Not the potential aggressor but all States using cyber technology would be the addressees of such an obligation. The precautionary approach would transfer regulation to the preliminary stage instead of using reactive responses.