Accountability in Cyberspace: The Problem of Attribution
Jan 14, 2019
This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, it considers the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.
Toward International Accountability in Cyberspace
|PDF file||0.7 MB|
Arabic language version
|PDF file||0.9 MB|
|Add to Cart||Paperback64 pages||$20.00||$16.00 20% Web Discount|
The public attribution of a malicious cyber incident consists of identifying the responsible party behind the activity. A cyber attribution finding is a necessary prerequisite for holding actors accountable for malicious activity. Recently, several cyber incidents with geopolitical implications and the attribution findings associated with those incidents have received high-profile press coverage. Many segments of the general public disputed and questioned the credibility of the declared attributions. This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, this exploratory work considers the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.
A Review of Notable Cyber Attacks
Cyber Attribution in Practice
Toward a Global Consortium for Cyber Attribution
The Core Features of a Cyber Attribution Organization
This research was conducted within the International Security and Defense Policy Center of the RAND National Security Research Division.
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.