Accession Number:

ADA602150

Title:

Strategies for Resolving the Cyber Attribution Challenge

Descriptive Note:

Corporate Author:

AIR UNIV MAXWELL AFB AL AIR FORCE RESEARCH INST

Personal Author(s):

Report Date:

2013-05-01

Pagination or Media Count:

109.0

Abstract:

Malicious cyber actors exploit gaps in technology and international cybersecurity cooperation to launch multistage, multijurisdictional attacks. Rather than consider technical attribution the challenge, a more accurate argument would be that solutions to preventing the attacks of most concern, multistage multi-jurisdictional ones, will require not only technical methods, but legalpolicy solutions as well. Deep understanding of the social, cultural, economic, and political dynamics of the nation-states where cyber threat actors operate is currently lacking. This project aims to develop a qualitative framework to guide US policy responses to states that are either origin or transit countries of cyber attacks. The current focus of attribution efforts within the national security context concentrates on law enforcement paradigms aiming to gather evidence to prosecute an individual attacker. This is usually dependent on technical means of attribution.2 In malicious cyber actions, spoofing or obfuscation of an identity most often occurs. It is not easy to know who conducts malicious cyber activity. But private sector reports have proven that it is possible to determine the geographic reference of threat actors to varying degrees. Based on these assumptions, nation-states, rather than individuals, should be held culpable for the malicious actions and other cyber threats that originate in or transit information systems within their borders or that are owned by their registered corporate entities. This work builds on other appealing arguments for state responsibility in cyberspace. Engaging the global community to develop a global culture of cybersecurity is a requirement for beginning the mitigation of the risks of countries being used for transiting or originating of malicious cyber acts. The United States will need to build a framework based on the articulated norms of responsible state behavior in cyberspace to legitimize this global engagement.

Subject Categories:

  • Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE