Attribution Problems Hinder U.S. Cyberwar Strategy

Tuesday, June 07, 2011



The Pentagon is in the process of developing a comprehensive cyber strategy that will outline the circumstances in which a cyber-based attack against U.S. computer networks could be considered an act of war and potentially elicit an armed military response.

The report is meant to outline how to properly classify cyber attacks from a national security standpoint, as well as provide a warning that will hopefully cause potential adversaries to think twice before instigating an attack against U.S. networks.

The measure of a cyber attack and the corresponding response would be determined by evaluating the level of "death, damage, destruction or high-level disruption" caused by an attack.

Under this strategy, a sizable event could prompt a significant military response given the level of damage incurred.

"It's clear we need greater clarity between cyber attacks and the laws of armed conflict," said Andy Purdy, former director of the national cyber security division of the Department of Homeland Security.

A recently released Obama administration report, titled the International Strategy for Cyberspace, hints that cyber aggression against the networks of one NATO nation could trigger a unified response from other member nations similar to that of a military threat response.

But one of the biggest obstacles to standardization of military response to cyber-based attacks is in reliably determining attribution.

In many cases, it is nearly impossible to clearly determine the origin of an attack, and even more difficult to ascertain if the event was state-sponsored or instigated by individual actors.

"If we can source an attack, we could take appropriate action. This would set a framework for the level of activity we might take. What a measured response would look like might be a bomb," says John Pironti, president of IP Architects security consulting.

Many security experts believe the problem of accurate attribution may be the strategy's Achilles heel. Proxies, routing tricks, compromised machines, and spoofed IP addresses can be easily coordinated to give the appearance that an attack is originating far from the actual source.

"The U.S. military is setting itself up for failure because attribution is difficult, and it's easy to spoof your identity thereby falsely implicating the wrong government or group. A military attack could be misplaced, as a result, but at the same time not responding will now be seen as a sign of weakness," said Jay Bavisi, president of EC-Council.

So is the U.S. government's stance regarding a conventional military response to a cyber-based attack merely empty rhetoric? Is the tough-talk capable of being backed up by swift and decisive action based on credible analysis of an attack? Most likely it is not.

"In the realm of the Internet (cyber realm), you will fail miserably if you think that you can pinpoint an opponent via an IP address or even collection of addresses, a signature, a comment in an application and so forth," wrote security guru J. Oquendo.

"Imagine for a moment that I compromised a machine on [a] subnet... who would you investigate or retaliate against if you were in a cyberwar where you had to launch an offensive? This lack of pinpointing an attacker is, and will continue to be, the problem: attribution. Who do you place the blame on," Oquendo said.

Possibly Related Articles:
Security Strategy Military Attacks Headlines IP Address Pentagon Cyber Warfare Spoofing Attribution
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked