Many malicious actors operate in cyberspace including States and criminal groups, with a mix of capabilities and motivations. Identifying the threat actor is the first and primary problem, while public assertions and decisions on legal and political responses follow. As the paper notes:
“State attribution with a high level of confidence is a precondition to effectively hold attackers accountable for their malicious actions, either through criminal indictments, sanctions, or other measures. Investigators assess so-called indicators of compromise (IOCs) to help determine the source and origin of a malicious action within the larger context and history of malicious actors’ patterns. The analysis supports the technical, operational, and strategic levels of an attribution investigation. However, in most cases, attackers are not caught red-handed and real-time observations of network activities may not be available. Thus, the collected IOCs indicate, ideally with a high degree of confidence, how a cyber incident unfolded; what tactics, techniques, and procedures (TTPs) attackers deployed; and how they match to known advanced persistent threat (APT) actors. This helps support attribution claims to establish the linkage between a threat actor and a state’s political or military leadership.”
Some cybersecurity firms, scholars, and think tanks have called for more cooperative approaches, including establishing levels of transparency and standards for “evidentiary processes” in attribution. Indeed, new approaches and mechanisms are needed to strengthen attribution and eventually accountability. This is especially true today as growing geopolitical tensions and conflicts playout prominently in cyberspace while at the same time the use of emerging technologies, such as artificial intelligence (AI), have the potential to elevate risk beyond cyberspace and affect international security, posing new, yet unsolved challenges to cyber attribution.
Tackling this challenge of building accountability through attribution, requires, first, a brief review of the historical context for attribution, followed by an analysis of public attribution as a political tool of states, then a rundown on the procedure of attributing an operation through investigation and political deliberation, and finally an assessment of policy ideas on how to move the needle on accountability.”
Read the full article in ORF America
