Act and Actor Attribution in Cyberspace: A Proposed Analytic Framework
Air War College Air University Maxwell AFB United States
Pagination or Media Count:
Cyber attribution continues to vex cyber operators. Often, it is dismissed as impossible to definitively obtain, or worse, unnecessary. Properly analyzed, cyber attribution consists of two components. Actor attribution is concerned with determining who or what entity committed an act of cyber hostility. Act attribution consists of determining the relative severity of a hostile cyber act and whether the act is the equivalent of an armed attack. Attribution is critically important to government actors because it shapes both the proper response to a hostile cyber act and helps determine the appropriate responding agency. However, despite its highly technical context, cyber attribution is not a science. Instead, it is a subjective analysis similar to the attribution conducted every day by legal practitioners in criminal and civil courts. This paper proposes a subjective, continuum-based analytic framework for assessing cyber actor and act attribution. Proper application of such a framework helps cyber practitioners assess the proper response and responder for hostile cyber acts, helps define the roles and responsibilities of responding agencies, enhances deterrence, and promotes analytic consistency in an area dominated by ambiguity.