Welcome to ISSA KC

The Information Systems Security Association (ISSA)® is a not-for-profit, international organization of information security professionals and practitioners. Through its membership, ISSA -Kansas City helps security professionals in the Kansas City area learn of information security issues and trends, which promote education, collaboration, and leadership, and further the information security profession.

Attributing the Problem with Attribution in Cyberspace

Posted by VP ISSA Thursday, May 24, 2018


Author: Elliott Lillard, ISSA Member
Date: May, 2018

This article provides an opinion on the Attribution problem, especially concerning the conflict between the United States and foreign adversaries like China or Russia. Acting within cyberspace especially during hostile times and dealing with rival nation states adds a lot of complexity in terms of determining risk and appropriate action. Attribution deals with the ability to thoroughly understand who is behind an attack. Attribution can be deciphered based on evidence provided from the action, previous facts of various actors at play in terms of victim and perpetrator, as well as the reward of  understanding the who and why behind a cyber-attack.

Derek S. Reveron, the author of Cyberspace and National Security provides insights behind the problem of attribution, especially so in terms of cyberspace and cyberwar. “The increasing Internet accessibility of secrets, money, and industry creates significant incentives for individuals, groups, and states to find ways to use offensive cyber capabilities. This motivation is heightened by the fact that attributing attacks from cyberspace is often impossible and the laws and social norms relating to cyber espionage, crime, and warfare are often weak or nonexistent...As a result, those who profit from cyber-attacks are unlikely to be apprehended and if caught seldom face punishment,” (Reveron, 91).

The underlying fact behind why various nation states, hacktivists, internal actors and rogue individuals pursue hostile acts that conducted anywhere else besides the cyberspace domain would be considered an act of aggression comes down to the fact that malicious actors feel that they can get away with the crime without any sort of negative consequence. It is also very difficult to understand the full extent of the damage behind a cyber-attack. “The opaque nature of actions in cyberspace makes it difficult for the defender to know how far the attacker has penetrated and, therefore, exactly where they are on the policy slope,” (Hare, 132). Cyberwar is a far different battleground than traditional boots on the ground combat. It is much easier to understand who is behind missile strikes when the trajectory of artillery can be traced back to a hostile regime and thus be responded with equal or elevated kinetic action as well as to fully understand the damage done by such an attack.

At the time of this writing, the United States faces a few rival nations that could benefit from a successful and damaging cyber-attack. Those nation states include but are not limited to Russia, China, North Korea, and Iran. Russia has been under the microscope recently as it came to surface that they had direct impact on the last U.S. presidential election which threatens our democracy and outcome of a fair and just election process. China has gained economic benefits from conducting clandestine operations seeking intellectual property, trade secrets, and classified government documents. Iran and North Korea are increasingly interested in our nation secrets related to nuclear arms production and storage. These rival nations have made actions to infiltrate our nation and extract sensitive materials. However, these actions are not limited to passive actions and could be a more direct and crippling attack if focused on disrupting our critical infrastructure.

“A nation can suffer an existential threat from attacks and infiltrations through cyberspace by either state or organized non-state actors to degrade or disrupt critical infrastructure systems, both privately and publicly owned,” (Hare, 127). The issue of attributing these hostile actions from these attacks back to the original actor is paramount to responding, mitigating and preventing future cyber-attacks.

Rival nation states will continue to ramp up their sophistication and frequency of these cyber-attacks to avoid detection. If not fearful of the consequence of their actions, there would be no reason to hesitate to issue further attacks against our democracy and way of life. “Deterring attacks has depended on convincing opponents that the costs of attacking would be greater than any benefits they might obtain,” (Reveron, 92).  The United States must ramp up the ability to catch cyber-attacks in action before damaging effects can be done and determine who is behind these attacks through attribution. Once an attack has been traced back to an actor there should be standards in place to understand and respond appropriately through direct action or forming a coalition of allies to freeze trade agreements, economic sanctions or bolster together to issue a reciprocating cyber-attack far worse than their original. “Inaction is easy to justify in a deterrence situation, as a would-be adversary can always claim other reasons for not conducting an action for which a victim threatens retaliation,” (Hare, 131). By doing nothing after an attack also does nothing to deter future cyber-attacks.

Preventing future attacks is vital in successful deterrence strategy. “In most cases of cyber conflict confronting developed nations today, the more pressing issue is not deterring an actor from choosing to conduct hostile intrusions in cyberspace but compelling them to stop conducting intrusions that already have been highly successful,” (Hare, 126).

Foreign adversaries such as Russia or China will continue to push boundaries, infiltrate our networks for secrets and potentially wreak havoc on our critical infrastructure and vital systems. Thus, emphasis will need to be made to not only prevent future zero-day attacks but also prevent repetitive intrusion attacks that have already been proven to be successful. “Attribution is central to deterrence [...] [and] retaliation requires knowing with full certainty who the attackers are,” (Hare, 128).  Fixing the attribution problem in cyberspace will prevent future attacks because attackers will be caught in their tracks, responded to with appropriate action, and other nations will view this activity and think twice before conducting hostile actions.

References
Hare, F. (n.d.). The Signifi cance of Attribution to Cyberspace Coercion: A Political Perspective [Scholarly project]. Retrieved April 22, 2018, from https://ccdcoe.org/sites/default/files/multimedia/pdf/2_5_Hare_TheSignificanceOfAttribution.pdf
Reveron, D. S. (2012). Cyber challenges and national security: Threats, opportunities, and power in a virtual world. Washington, D.C.: Georgetown University Press.

Upcoming Events

July 26th - Chapter meeting @ Hereford House *** Register

Aug 23rd - Chapter Meeting @ Lidia's Restaurant

Sept 5th - SIG/WIS Meeting at Sprint

Past events:

June 28th, 2018 - Chapter Meeting

May 24th, 2018 - Chapter Meeting

May 17th, 2018 - Happy Hour

Questions about upcoming meetings? email VP

Join the ISSA Kansas City Chapter

ISSA KC Mentorship Program Program Details

Mentor form/Application Mentee form/Application


Join our mailing list to stay current on ISSA Kansas City!


For more information on how to join the Kansas City Chapter of ISSA click here. ** Join today! **


ISSA Member Login Page ISSA ** Login **


ISSA’s Special Interest Groups (SIG) and Webinars:SIG On-Demand Conf

SIG groups are:

Security Awareness

Women in Security

Healthcare

Financial

Social Media

Chapter meetings are a great way to get to know your peers here in KC. And, if you're currently looking to make a career change, it's an invaluable way to build relationships that can provide you with the "inside information" on open security positions.










Do you have any membership questions? email link


Sponsors





Cloud-Delivered Network Security and Threat Intelligence


Home





Image result for Synack

Image result for Forcepoint

Image result for Carbon Black

Image result for Zerto

Image result for Tenable

Related image


Image result for CyberArk

Image result for Critical Start

Image result for Securonix


Image result for OKTA


Image result for ProofPoint



Be a sponsor!!! Email us at president@kc.issa.org