Stateless Attribution 2017
This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility.
Thanks to all who supported the 2017 Alumni Impact Fund campaign. The following project has received Alumni Impact Fund support.
Photo by Victoria / Adobe Stock
Public statements of cyber attribution ranging from the U.S. government’s declaration of Russian responsibility for the DNC hack to the recent attribution of WannaCry to North Korea have been met with mixed global confidence and calls for greater transparency on process and evidence. In an effort to address these concerns, recent RAND research recommended the creation of an independent, international organization tasked with investigating and publicly attributing major cyber attacks.
Several high-level actions on the international stage will bring the need for policy recommendations about cyber attribution to a head in 2018. Notable examples include a NATO summit, scheduled for July, and a European Union regulation that goes into effect in May, which will impact all companies conducting business in Europe that are vulnerable to global cyber attacks. Alumni Impact Fund support will enable outreach efforts to help start a global conversation and shape the developing policy narrative on accountability in cyberspace.
UPDATE: The research team created a video to help explain the complex subject of cyber attribution, and they published an op-ed on the topic. Additionally, the funding is supporting their engagement with high-level stakeholders in the cyber security community, including participation in cyber security workshops.
This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility.