Identifying cyber-attackers to require high-tech sleuthing skills.

AuthorIasiello, Emilio
PositionViewpoint

The White House released in May 2011 the first "International Strategy for Cyberspace." This policy document promotes the U.S. vision for the future of the Internet and the nation's role in shaping that plan.

A key objective of this strategy is implementing a policy of deterrence that unequivocally states the government's intention to use "all necessary means to respond to hostile cyber-activity that threatens U.S., allied, or partner interests."

Deterrence relies on the ability to identify an attacker and demonstrate an effective means to dissuade further hostile activity. Currently, attribution remains a difficult endeavor as the anonymity afforded by the Internet often frustrates efforts to link actors with events. The attribution problem hinders the application of countermeasures, preemptive actions and mitigation strategies that minimize or neutralize threats before they are deployed.

Technical analysis attribution is insufficient to support a deterrence strategy alone. Rather, attribution must embody a fusion of technical, behavioral and cognitive analysis to achieve a higher rate of actor identification.

[ILLUSTRATION OMITTED]

No standard methodology exists today for establishing a degree of confidence in determining cyber-attribution. The defender must be able to identify the perpetrator for an appropriate response action. Consequently, they must believe their actions will be attributed so as to deter any further activity.

Compromising computers in different countries before launching an attack obfuscates an actor's true country of origin. Anonymous or proxy use further reduces identification efforts through technical means, as the last apparent source country of a cyber-attack is not necessarily the one from which the attack originated.

While technical software and hardware tools assist in detecting cyber-assaults, they do little in ascertaining the attacker's identity, intent or potential nation-state affiliation.

Perpetrators have been known to use botnets--a network of compromised computers that they control.

Operational security measures combined with an increasing sophistication of developed malware--such as Trojans, worms, keyloggers, rootkits and viruses--pose real challenges in determining who is actually conducting the malicious activity as well as the intent behind it.

The following are established methodologies that do not adequately address the nuances of the problem.

"Analytic Hierarchy Process" is a structured...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT