| 来源类型 | Research Reports
|
| 规范类型 | 报告
|
| DOI | https://doi.org/10.7249/RR2081
|
| ISBN | 9780833098405
|
| 来源ID | RR-2081-MS
|
| Stateless Attribution: Toward International Accountability in Cyberspace |
| John S. Davis II; Benjamin Boudreaux; Jonathan William Welburn; Jair Aguirre; Cordaye Ogletree; Geoffrey McGovern; Michael S. Chase
|
| 发表日期 | 2017
|
| 出版年 | 2017
|
| 页码 | 64
|
| 语种 | 英语
|
| 结论 |
Cyber Attribution Efforts Lack Uniformity and Credibility - Analysis of recent cases indicates that the practice of attribution has been diffuse and discordant, with no standard methodology used in the investigations to assess evidence, nor a universal confidence metric for reaching a finding.
- In several cases, investigations were performed but no formal attribution finding was made public by the investigative entity or victim. Further, public statements of attribution have been met with suspicion, confusion, and a request for greater transparency about the investigation and the evidential basis.
Challenges in Cyber Attribution- The first challenge concerns the difficulty of reaching a cyber attribution finding. Technical, political, and all-source indicators are all tools used in determining attribution, and usually are used in some combination.
- A second cyber attribution challenge concerns the issue of persuasively communicating a finding to an intended audience. Credibility hinges on several factors: strong evidence, demonstration of the requisite knowledge and skills for reaching a correct conclusion, a track record of accuracy and precision, a reputation for objective and unbiased analysis, and a transparent methodology that includes an independent review process.
- Effective cyber attribution investigations will reflect these considerations and achieve credibility in the eyes of the of the target audience.
|
| 摘要 |
- In light of the aforementioned challenges and insights, the authors propose and explore the nature of an international organization for cyber attribution, which this report refers to as the Global Cyber Attribution Consortium (the Consortium).
- This broad team of international experts would provide independent investigation of major cyber incidents for the purpose of attribution. Membership should include representatives from two sectors: (1) technical experts from cybersecurity and information technology companies, as well as academia, and (2) cyberspace policy experts, legal scholars, and international policy experts from a diversity of academia and research organizations. A credible and transparent attribution organization should not include the formal representation of nation-states, to avoid an appearance of bias and to protect transparency.
- The Consortium would work with victims or their advocates upon their request and with their cooperation to investigate cyber incidents using a diverse set of methodologies and would publish its findings for public review.
- In addition to providing a credible and transparent judgment of attribution, the Consortium's investigations would help standardize diffuse methodological approaches, naming conventions, and confidence metrics that would advance shared understanding in cyberspace and promote global cybersecurity.
- The international community could use the Consortium's findings to bolster network defenses, thwart future attacks, and pursue follow-on enforcement actions to hold the perpetrator(s) accountable.
|
| 主题 | Critical Infrastructure Protection
; Cyber and Data Sciences
; Cyber Warfare
; Cybercrime
; Global Security
; The Internet
|
| URL | https://www.rand.org/pubs/research_reports/RR2081.html
|
| 来源智库 | RAND Corporation (United States)
|
| 引用统计 |
|
| 资源类型 | 智库出版物
|
| 条目标识符 | http://119.78.100.153/handle/2XGU8XDN/108688
|
推荐引用方式
GB/T 7714 |
John S. Davis II,Benjamin Boudreaux,Jonathan William Welburn,et al. Stateless Attribution: Toward International Accountability in Cyberspace. 2017.
|
