Attribution of Malicious Cyber Incidents: From Soup to Nuts

Columbia Journal of International Affairs, Forthcoming

Hoover Institution Aegis Paper Series on National Security, Technology, and Law, (2016)

57 Pages Posted: 9 Sep 2016 Last revised: 2 Oct 2016

Herbert S. Lin

Center for International Security and Cooperation; Hoover Institution

Date Written: September 2, 2016

Abstract

Attribution of malicious cyber activities is a deep issue about which confusion and disquiet can be found in abundance. Attribution has many aspects — technical, political, legal, policy, and so on. A number of well-researched and executed papers cover one or more of these aspects, but integration of these aspects is usually left as an exercise for the analyst. This paper distinguishes between attribution of malicious cyber activity to a machine, to a specific human being pressing the keys that initiate that activity, and to a party that is deemed ultimately responsible for that activity. Which type of attribution is relevant depends on the goals of the relevant decision maker. Further, attribution is a multi-dimensional issue that draws on all sources of information available, including technical forensics, human intelligence, signals intelligence, history, and geopolitics, among others. From the perspective of the victim, some degree of factual uncertainty attaches to any of these types of attribution, although the last type — attribution to an ultimately responsible party — also implicates to a very large degree legal, policy, and political questions. But from the perspective of the adversary, the ability to conceal its identity from the victim with high confidence is also uncertain. It is the very existence of such risk that underpins the possibility of deterring hostile actions in cyberspace.

Keywords: cyberwar, cybersecurity, cyber conflict, cyber crime, attribution, cyber attack

Suggested Citation

Lin, Herbert S., Attribution of Malicious Cyber Incidents: From Soup to Nuts (September 2, 2016). Columbia Journal of International Affairs, Forthcoming; Hoover Institution Aegis Paper Series on National Security, Technology, and Law, (2016). Available at SSRN: https://ssrn.com/abstract=2835719

Herbert S. Lin (Contact Author)

Center for International Security and Cooperation ( email )

Stanford, CA California 94305
United States
6504978600 (Phone)
6504978600 (Fax)

Hoover Institution ( email )

Stanford, CA 94305-6010
United States
6504978600 (Phone)
6504978600 (Fax)

Paper statistics

Downloads
409
Rank
55,628
Abstract Views
1,109