Lightning Talk: Why we need an International cyber-attribution organization?
The US recently made a public attribution of the NotPetya attack to the government of Russia. This lightning talk would discuss the problem of cyber attribution am …
Talk Title | Lightning Talk: Why we need an International cyber-attribution organization? |
Speakers | Milton Mueller |
Conference | NANOG72 |
Conf Tag | |
Location | Atlanta, GA |
Date | Feb 19 2018 - Feb 21 2018 |
URL | Talk Page |
Slides | Talk Slides |
Video | Talk Video |
The US recently made a public attribution of the NotPetya attack to the government of Russia. This lightning talk would discuss the problem of cyber attribution among state actors. We wish to discuss the possible benefits, drawbacks and practical feasibility of creating a new, International Attribution Organization (IAO) led by non-state actors. Currently, attributions lack credibility because they are not made in an organized and transparent way, and get drawn into geopolitical rivalries among governments. The key insight of this proposal is that the achievement of authoritative attributions is not just a product of forensics and computer science, but has social-psychological and institutional aspects as well. The science and technology of attribution must be supplemented by the creation of fair and independent processes that include key participants, and whose attribution decisions are widely perceived as unbiased, legitimate and valid, even among parties who might be antagonistic. This idea builds on the Microsoft proposal but we think the IAO should be a global, private sector initiative (similar to an RIR) rather than part of a formal intergovernmental treaty.