This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility.
Alumni Impact Fund 2017: Winning Project
Thanks to all who supported the 2017 Alumni Impact Fund campaign. The following project has received Alumni Impact Fund support.
Promoting Accountability in Cyberspace
Public statements of cyber attribution ranging from the U.S. government’s declaration of Russian responsibility for the DNC hack to the recent attribution of WannaCry to North Korea have been met with mixed global confidence and calls for greater transparency on process and evidence. In an effort to address these concerns, recent RAND research recommended the creation of an independent, international organization tasked with investigating and publicly attributing major cyber attacks.
Several high-level actions on the international stage will bring the need for policy recommendations about cyber attribution to a head in 2018. Notable examples include a NATO summit, scheduled for July, where planned talks on countering nation-state cyber attacks will require credible attribution, and a European Union regulation that goes into effect in May, which will impact all companies conducting business in Europe that are vulnerable to global cyber attacks. Alumni Impact Fund support will enable outreach efforts, including commentary for international media outlets, to help start a global conversation and shape the developing policy narrative on accountability in cyberspace. Additionally, the funding will enable RAND to convene a workshop of high-level stakeholders to refine the specifications and the implementation of a global cyber attribution organization.