Cyber attribution isn’t so important, even for nation states

Australia can pinpoint the individual humans responsible for a cyber attack, according to foreign minister Julie Bishop. You can assume that the other Five Eyes nations — the US, UK, Canada, and New Zealand — have access to that same capability.
“Depending on the seriousness and nature of an incident, Australia has the capability to attribute malicious cyber activity in a timely manner to several levels of granularity — ranging from the broad category of adversary through to specific states and individuals,” Bishop said at the launch of Australia’s International Cyber Engagement Strategy last Wednesday.
“Australia has developed offensive cyber capabilities,” Bishop said. “Having established a firm foundation of international law and norms, we must now ensure that there are consequences that flow for those who flout the rules.”
With such assertive cyber diplomacy, being able to attribute malicious activity is important, of course.
网络安全实战精兵需身怀哪些“必杀技”
“It’s well and good to have a cyber offensive capability, but you need to know who hit you,” said Peter Coroneos, founder of Coroneos Cyber Intelligence, at the strategy launch. But it may not be as important as we think.
For businesses and other non-government organisations, attribution can even be a distraction, as then Telstra chief information security officer Mike Burgess said in 2015. Time spent on attributing the source of a cyber attack is time not spent on fixing the problem.
According to Australia’s Ambassador for Cyber Affairs Dr Tobias Feakin, precise attribution may not even be needed for a diplomatic or even a stronger response. The question of attribution often “stunts any response”, he said, but maybe “certain paradigm shifts in attribution” could work within a “normative framework”.
That framework would include the 11 international norms for behaviour in cyberspace set out by the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UN GGE) in their 2015 report [PDF].

“States should not knowingly allow their territory to be used for internationally wrongful acts using ICTs,” the report said. “States must not use proxies to commit internationally wrongful acts using ICTs, and should seek to ensure that their territory is not used by non-State actors to commit such acts.”
In others words, states need to have “their own backyard in order”, as Feakin put it.
“If attacks are emanating from within your own borders, then you have a prerequisite to tidy those up. Now if you could begin looking at forms of attribution which weren’t quite so specific as to an individual user, [or] an individual IP address, but you understand geographically where that might be, then you can begin to look at what ways that you could respond,” Feakin said.
“It wouldn’t necessarily always be, if you like, deterrence by punishment. There might be ways that you can assist if that country can’t clean up their own mess, if you will.”
Many of the problems could be sorted out through international cooperation, according to David Koh Tee Hian, chief executive of Singapore’s Cyber Security Agency, and Defence Cyber Chief in the Ministry of Defence.
The first step, even before attributing attacks to specific individuals, is determining whether an attack originates from actors in a specific state, or from elsewhere but using that state’s infrastructure.
“In my view, it’s not particularly difficult. It’s just making sure that [each] individual country has basic competency to, as you put it, clean up its own backyard,” Koh said.
In the nine months since Feakin was appointed as an ambassador, Australia’s diplomatic wins have included a cybercrime agreement with Thailand, and even a cybersecurity agreement with China that includes the UN GGE norms, as well as an agreement not to “conduct or support cyber-enabled theft of intellectual property, trade secrets, or confidential business information with the intent of obtaining competitive advantage”.
But on a wider front, progress may slow as the UN GGE process stalls.
“On June 23, after years of slow yet meaningful progress in developing State consensus regarding the application of international law norms to cyberspace, the [UN GGE] collapsed,” reported Just Security.
The problem? Three additions to the list of 11 norms: the right to respond to internationally wrongful acts, which is reportedly a veiled reference to countermeasures; the right to self-defence; and the applicability of international humanitarian law.
“Since no international lawyer can, in 2017, deny their applicability to cyber activities, the failure of the GGE can only be interpreted as the intentional politicisation in the cyber context of well-accepted international law norms,” Just Security wrote.
There is diplomatic progress, but it’s clear to this writer that it’s far, far too slow to keep pace with the technological advances. The Cyber Cold War is moving much faster than the original.
Tech Pro Research
IT leader’s guide to the threat of fileless malware
Network security policy
据权威统计,大多数的安全事故源于人员的疏忽,所以加强员工的信息安全意识培训,并且将安全意识有效地转化为安全行为对于降低大多数安全事故有显著作用。
Lunch and learn: BYOD rules and responsibilities
Guidelines for building security policies
Security awareness and training policy
要实现完整的云安全,除了加强云计算服务基础架构和应用平台的安全之外,更重要的将安全整合进业务应用链条的各个环节,客户端方面,终端设备的安全和用户的安全意识同样重要,在通讯方面,对敏感数据,需提供端到端的加密。

猜您喜欢

秦皇岛机场持续完善安全管理制度
保障信息安全策略的设计开发和有效执行
网络安全法普法宣传 004《网络安全法》的突出亮点
中国首次环球海洋综合科考起航大西洋
ADIR AFTERLIFEOFBILLYFINGERS
网络安全公益短片小心披露您的地理位置信息