How to attribute an attack?
Previous posts have slightly touched upon the topic of attribution, however, as it is a very important issue I wanted to dedicate a single entry on it.
If the US decides to implement an offensive policy with respect to cyber security, and a cyber attack is taking place, how to attribute the attack? Can you assess for sure who attacked you?
Some cases have taken place whereby North-Korea or China were pointed out as being part of state- sponsored attacks. However, no one seems to know for sure.
In the article in the New York times of July 09 , the author states:“Cyberwarfare specialists cautioned this week that the Internet was effectively a “wilderness of mirrors,” and that attributing the source of cyberattacks and other kinds of exploitation is difficult at best and sometimes impossible.”In addition, the article talks about the US administration:
“With the administration cyberreview there are many government agencies orbiting around the policy debate that have an interest in pointing to [this incident] as evidence with obvious implications”.Would it really be that some incidents might cause many to vote for an offensive policy?
However, another article found describes perfectly some caveats.
On ubiwar.com, a short post also deals with the issue of attribution. It stated:“….going to war – cyber, or otherwise – without any proof is a poor and dangerous method of conducting international relations.”
It is a difficult issue and many have written entries/articles on it. Some say attribution is possible, whereas others say it is 100% impossible. Who to believe?
In an article by Jeffery Carr, one can read his suggestion to solve to the problem:“Structure cyberspace like airspace or territorial waters with designated areas of state responsibility. In other words, each nation controls and is responsible for its own cyberspace.”
My instant reaction: Is it really this ‘simple’?