Publicly attributing cyber attacks: a framework

@article{Egloff2021PubliclyAC,
  title={Publicly attributing cyber attacks: a framework},
  author={Florian J. Egloff and Max Smeets},
  journal={Journal of Strategic Studies},
  year={2021},
  pages={1-32}
}
When should states publicly attribute cyber intrusions? Whilst this is a question governments increasingly grapple with, academia has hardly helped in providing answers. This article describes the ... 
Attribution Across Cyber Attack Types: Network Intrusions and Information Operations
TLDR
The state of the art regarding attribution abilities across both types of attack is discussed, recommendations for improved attribution are provided, and future research directions are laid out.
Understanding public reactions to cybersecurity incidents
It is fair to say that our understanding of how public opinion reacts to an incident in cyberspace has progressed significantly in the past few years. Contrary to previous assumptions, in which
Third-Party Countries in Cyber Conflict: Understanding the Dynamics of Public Opinion Following Offensive Cyber Operations
The transnational nature of cyberspace alters the role of third-party countries (TPCs) in international conflict. In the conventional environment, military operations are primarily confined to the
Governments and the Net: Defense, Control, and Trust in the Fifth Domain
TLDR
This dissertation underscores the need to analyze the use of the Internet by governments not only in terms of political content, but also to shed light on the deeper issues of cybersecurity, censorship, and information control.
Attacker Attribution of Audio Deepfakes
TLDR
It is shown that speech signal features are inadequate for characterizing attacker signatures, however, it is also demonstrated that embeddings from a recurrent neural network can successfully char-acterize attacks from both known and unknown attackers.
Concluding comments
This final commentary seeks to reflect on the articles comprising this special issue. As such, it does not attempt to discuss in detail any particular period, theme, or geographical area, but serves
Macht im Cyberspace: Eine Übersicht der bisherigen Forschung und künftiger Perspektiven anhand des Proxy-Konzepts
Entgegen seiner ursprunglichen Grundungshistorie erscheint das Internet zunehmend seitens staatlicher Akteure instrumentalisiert zu werden. Vor allem Autokratien nutzen dabei verstarkt den Cyberspace
Contractors or robots? Future warfare between privatization and automation
  • A. Calcara
  • Computer Science, Political Science
    Small Wars & Insurgencies
  • 2021
TLDR
An original analysis on the interplay between the privatization of security tasks and technologically driven automation is provided and their impact on the defence industry and the armed forces is investigated.
Cyber Intelligence: Strategic Warning Is Possible
  • John A. Gentry
  • Computer Science
    International Journal of Intelligence and CounterIntelligence
  • 2022
TLDR
Technical characteristics of cyberspace and the rapidly evolving nature of cyber-related conflict make cyber warning more difficult than traditional strategic warning, and new warning skills and institutions are needed.
Identifying Key Relationships between Nation-State Cyberattacks and Geopolitical and Economic Factors: A Model
TLDR
The results show that there is a likely cause-effect relationship between IRs (particularly GPE relevant indicators) and APTs, and from the CTI perspective, this work could be a steppingstone for an enhanced cyberthreat intelligence (CTI).
...
...

References

SHOWING 1-10 OF 43 REFERENCES
Hack-and-leak operations: intrusion and influence in the Gulf
TLDR
The leaking of hacked emails from the US Democratic National Committee before the 2016 presidential election sit between two paradigms of cybersecurity, according to a report by cybersecurity firm CrowdStrike.
Attributing Cyber Attacks
TLDR
It is argued that attribution is what states make of it and to show how, the Q Model is introduced: designed to explain, guide, and improve the making of attribution.
How Probable is Cyber War? Bringing IR Theory Back In to the Cyber Conflict Debate
Abstract Many well-established explanations for war suggest that cyber weapons have a greater chance of being used offensively than other kinds of military technologies. This response article
The Politics of Attributing Blame for Cyberattacks and the Costs of Uncertainty
TLDR
It is shown that attributional uncertainty immediately following cyberattacks encourages dependence on a narrow range of elite frames and the assignment of blame to familiar enemies, which promotes conspiratorial thinking and poses a risk to democratic accountability.
Cyber campaigns and strategic outcomes
ABSTRACT While much focus has remained on the concept of cyberwar, what we have been observing in actual cyber behaviour are campaigns comprised of linked cyber operations, with the specific
A tale of two cybers - how threat reporting by cybersecurity firms systematically underrepresents threats to civil society
ABSTRACT Public and academic knowledge of cyber conflict relies heavily on data from commercial threat reporting. There are reasons to be concerned that these data provide a distorted view of cyber
Constructing Norms for Global Cybersecurity
TLDR
The San Bernardino incident sparked a wide-ranging debate over the appropriate standards of behavior for companies like Apple and for their customers in constructing and using information and communication technologies (ICTs).
The Cornell commission: on Morris and the worm
After careful examination of the evidence, the Cornell commission publishes its findings in a detailed report that sheds new light and dispels some myths about Robert T. Morris and the Internet worm.
Attribution of Malicious Cyber Incidents: From Soup to Nuts
TLDR
This paper distinguishes between attribution of malicious cyber activity to a machine, to a specific human being pressing the keys that initiate that activity, and to a party that is deemed ultimately responsible for that activity.
The U.S. Vulnerabilities Equities Process: An Economic Perspective
TLDR
A model is presented that shows how the criteria could be combined to determine the optimal time for the government to disclose a vulnerability, with the aim of providing insight into how a more formal, repeatable decision-making process might be achieved.
...
...