Stateless Attribution: Toward International Accountability in Cyberspace

Davis, John S., II; Boudreaux, Benjamin; Welburn, Jonathan W.; Aguirre, Jair; Ogletree, Cordaye; McGovern, Geoffrey; Chase, Michael S.

This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, it considers the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.

Read Online

Stateless Attribution

Toward International Accountability in Cyberspace

by John S. Davis II, Benjamin Boudreaux, Jonathan W. Welburn, Jair Aguirre, Cordaye Ogletree, Geoffrey McGovern, Michael S. Chase

View related products

Download

Download eBook for Free

Full Document

Format	File Size	Notes
PDF file	0.7 MB	Use Adobe Acrobat Reader version 10 or higher for the best experience.

تهديدات مجهولة المصدر: نحو مسائلة قانونية في الفضاء الإلكتروني

Arabic language version

Format	File Size	Notes
PDF file	0.9 MB	Use Adobe Acrobat Reader version 10 or higher for the best experience.

Purchase

Purchase Print Copy

	Format	List Price	Price
Add to Cart	Paperback64 pages	$20.00	$16.00 20% Web Discount

Research Questions

How is cyber attribution handled, presented, and received today?
What are the challenges in producing standardized and transparent attribution that may overcome concerns about credibility?
What is the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks?

The public attribution of a malicious cyber incident consists of identifying the responsible party behind the activity. A cyber attribution finding is a necessary prerequisite for holding actors accountable for malicious activity. Recently, several cyber incidents with geopolitical implications and the attribution findings associated with those incidents have received high-profile press coverage. Many segments of the general public disputed and questioned the credibility of the declared attributions. This report reviews the state of cyber attribution and examines alternative options for producing standardized and transparent attribution that may overcome concerns about credibility. In particular, this exploratory work considers the value of an independent, global organization whose mission consists of investigating and publicly attributing major cyber attacks.

Key Findings

Cyber Attribution Efforts Lack Uniformity and Credibility

Analysis of recent cases indicates that the practice of attribution has been diffuse and discordant, with no standard methodology used in the investigations to assess evidence, nor a universal confidence metric for reaching a finding.
In several cases, investigations were performed but no formal attribution finding was made public by the investigative entity or victim. Further, public statements of attribution have been met with suspicion, confusion, and a request for greater transparency about the investigation and the evidential basis.

Challenges in Cyber Attribution

The first challenge concerns the difficulty of reaching a cyber attribution finding. Technical, political, and all-source indicators are all tools used in determining attribution, and usually are used in some combination.
A second cyber attribution challenge concerns the issue of persuasively communicating a finding to an intended audience. Credibility hinges on several factors: strong evidence, demonstration of the requisite knowledge and skills for reaching a correct conclusion, a track record of accuracy and precision, a reputation for objective and unbiased analysis, and a transparent methodology that includes an independent review process.
Effective cyber attribution investigations will reflect these considerations and achieve credibility in the eyes of the of the target audience.

Recommendations

In light of the aforementioned challenges and insights, the authors propose and explore the nature of an international organization for cyber attribution, which this report refers to as the Global Cyber Attribution Consortium (the Consortium).
This broad team of international experts would provide independent investigation of major cyber incidents for the purpose of attribution. Membership should include representatives from two sectors: (1) technical experts from cybersecurity and information technology companies, as well as academia, and (2) cyberspace policy experts, legal scholars, and international policy experts from a diversity of academia and research organizations. A credible and transparent attribution organization should not include the formal representation of nation-states, to avoid an appearance of bias and to protect transparency.
The Consortium would work with victims or their advocates upon their request and with their cooperation to investigate cyber incidents using a diverse set of methodologies and would publish its findings for public review.
In addition to providing a credible and transparent judgment of attribution, the Consortium's investigations would help standardize diffuse methodological approaches, naming conventions, and confidence metrics that would advance shared understanding in cyberspace and promote global cybersecurity.
The international community could use the Consortium's findings to bolster network defenses, thwart future attacks, and pursue follow-on enforcement actions to hold the perpetrator(s) accountable.

Chapter One

Introduction
Chapter Two

A Review of Notable Cyber Attacks
Chapter Three

Cyber Attribution in Practice
Chapter Four

Toward a Global Consortium for Cyber Attribution
Chapter Five

The Core Features of a Cyber Attribution Organization
Chapter Six

Conclusion

Research conducted by

RAND National Security Research Division

This research was conducted within the International Security and Defense Policy Center of the RAND National Security Research Division.

This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit www.rand.org/pubs/permissions.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.

Ensuring that Government Use of Technology Serves the Public

Advancing Trustworthy Artificial Intelligence

Six Different Ways: Ukraine Lessons for Japanese Defense Planners

Teacher Well-Being, Russian PMCs, AI Conspiracy Theories: RAND Weekly Recap

Ukraine is running out of ammo. The West doesn’t have enough.

The Policy Currents Podcast

Helping Coastal Communities Plan for Climate Change

Managing Escalation in Crisis and War

Measuring Wellbeing to Help Communities Thrive

Assessing and Articulating the Wider Benefits of Research

Stateless Attribution