Identifying the source of cyber attacks

One of the biggest challenges confronting the Cyber command and others involved in cybersecurity is the ability to attribute acts of cyber aggression back to the real originating source.

The U.S. Cyber Command has stated that it is developing a wide range of cyber weapons. These weapons will give cyber commanders a wide range of options when it comes to offensive and defensive retaliation.

The capabilities include tools that would allow U.S. cyber forces to deceive, deny, disrupt, degrade, and destroy information and information systems and more. All these capabilities are necessary, yet the biggest challenge Cyber Command, and the rest of those working in cybersecurity, cyberwarfare and intelligence face, is the ability to attribute acts of cyber aggression back to the real originating source.

In a recent cyberwarfare working group, I was involved in a conversation with several lawyers. They were all quick to point out the absence of case law that is frequently used for framing decisions, and retaliatory actions is basically nonexistent when it comes to the cyber domain. The debate continued about what evidence would be required and in what form the evidence would have to exist before military leaders or the White House would feel comfortable enough to initiate an aggressive response, whether cyber or conventional.

One individual felt the current state of attribution capabilities fell far short of what is needed before action to be taken. If that is true what should be done? Do we need to enhance our cyber intelligence collection capabilities?