The Challenge of Attribution in Cyber War; Bring on the Lawyers

By Kevin Coleman
Defense Tech Cyber Warfare Analyst

Cyber Command says they’re developing a wide range of cyber weapons to provide all options when it comes to offensive and defensive retaliation in the cyber domain. These capabilities include tools that would allow U.S. cyber forces to deceive, deny, disrupt, degrade, and destroy information and information systems and more!

All these capabilities are necessary. But, the biggest challenge Cyber Command, and the rest of those working in cyber security and warfare and intelligence face, is the ability to attribute acts of cyber aggression back to the real originating source.

General Keith Alexander, head of U.S. Cyber Command said, “We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.’’

In a recent cyber warfare working group, I was involved in a conversation with several lawyers. They were all quick to point out the absence of case law that is frequently used for framing decisions, and retaliatory actions is basically non-existent when it comes to the cyber domain. The debate continued about what evidence would be required and in what form the evidence would have to exist before military leaders or the White House would feel comfortable enough to initiate an aggressive response (cyber or conventional).

One individual felt the current state of attribution capabilities fell far short of what is needed before action could be taken. If that is true, what should be done?

  • J M

    “We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.”

    Won’t happen until you make systems self-aware, i.e., artificial intelligence. As long as you don’t, you’ll need a human in the chain somewhere, thus rendering the attribution process inherently slow – and late. Time of the essence, as we try to protect our data and infrastructure on ever speedier networks connecting ever more powerful computers.

    After self-aware networks become more popular, the issue of how much awareness is too much arises. Terminator 3 anyone? SkyNet goes live! :)

  • Mike Thomas

    If the attribution process involves attorneys, all is lost in the cyber warfare arena. If we are to protect and respond, we need automated system responses before massive damage is done and not while our systems are not responding until they have gathered enough “evidence” to justify a response – at that point we have probably lost the battle. Let’s face it, if someone has made it past our formidable security measures, these intruders are not innocents and are very sophisticated technologists and are not there accidentally and intent is assumptive. Sounds like the attorneys (and politicians) are trying to treat cyber warfare much like they have terrorism and combat operations as “crimes”.

  • Uncle Bill

    “We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.”

    I’m not really sure what it means to shut somebody down in real time. Real time response will be code vs code, system vs system. Block the attack, stop the attack, counter attack. The attribution will be based on rules from lawyers but encoded into weapons. Along with the cyber response I see the need for a SOF/CIA campaign that takes out somebody in human time, much like in Pakistan.

  • Doug Webster

    If the current state of attribution capability falls far short of what is needed before action can be taken is true, what should be done?

    1. Until attribution capability is “what it needs to be”, establish International and national laws and regulations that address the specific conditions (including specific acts and effects of attack) under which various specific “actions” are justified and authorized.

    2. Continue to aggressively pursue the challenge of attribution capability.

    One component of the solution to the attribution challenge should be the study of individual and group, psychological and sociological, profiles and demographics including their various “styles” of coding and attack “modui operandi”. (stylometry)

  • Seymour

    “General Keith Alexander, head of U.S. Cyber Command said, “We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us.’’”

    Okay…I hate sounding like a lawyer, but we need some definitions here. Define “real time”. Define “shut down”. Is a ‘Denial of Services” attack enough, or a smoking hole in the ground?

    Do we want to trust a computer, programmed by human beings, to dtermine if we are under attack, or have some bleary eyed, tired because he/she was up all night playing Stracraft II, technician monitoring systems as a fail safe. Me, personally, I like that human link in the decision chain.

  • Bob

    Thankfully lawyers are our secret weapon. We have some of the shiftiest, meanest, downright dirty lawyers in the world. Whats more, we have more of them than any other country.

  • Rick Bennett

    Sounds like Mutual Assured Destruction all over again; no commentary on whether we defended ourselves effectively but rather that we responded. The problem is, without foreknowledge of the parties with the capabilities whom we seek to deter, we have no idea whether deterrence will be effective.