Who did it? Attributing computer network intrusions is commonly seen as one of the most intractable technical problems, solvable (or not) depending mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution?
Ben Buchanan shows that attribution is what companies—and governments—make of it. Matching an intruder to an intrusion is an exercise in minimizing uncertainty on three levels: technically, attribution is an art as well as a science; operationally, attribution is a nuanced process, not a black-and-white problem; and strategically, attribution is a function of what is at stake in terms of loss, reputation, or politics. Benjamin explains why successful attribution requires a range of skills on all levels—careful management, time, leadership, stress testing, prudent communication, and recognizing limitations and challenges.
Ben Buchanan is a fellow at the Belfer Center Cybersecurity Project, where he conducts research on the intersection of cybersecurity and statecraft. Ben has written on attributing cyberattacks, deterrence in cyber operations, cryptography, and the spread of malicious code between nations and nonstate actors. His first book, The Cybersecurity Dilemma, will be published by Oxford University Press and Hurst this year. Ben holds a PhD in war studies from King’s College London, where he was a Marshall Scholar, as well as master’s and undergraduate degrees from Georgetown University.
©2016, O’Reilly UK Ltd • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org