The Fallacy of Attribution to Achieve Deterrence in Cyberspace

Abstract

The ability to determine the responsible party of a military attack and convince a would-be attacker that one has the ability to determine this culpability constitutes a key capability for nations wishing to deter aggression. However, within domain of cyberspace, a belligerent state, non-state and/or criminal actor can manipulate elements of the domain to shroud and/or maliciously redirect culpability elsewhere. In such an environment, is the basic premise of deterrence (threat of retaliation or denial of benefits to the attacker) still viable? This research paper will look at the problem of attribution from both a technical and national policy standpoint. Specifically, the research will briefly describe the technical problems challenging attribution and review some of the proposed solutions. Further, the research will examine the problem of attribution from a national policy standpoint to outline the potential policy solutions that could provide alternate solutions outside or in addition to the purely technical ones as well as highlight consequences of some of the proposed solutions.This paper argues that a central focus on attack attribution to enable a retaliatory response as a means to accomplish deterrence presents an untenable, unsustainable strategy. Cyberspace, unlike other domains of air, space, land and sea, provide the ability to recreate the domain at will to complicate an attackers ability to penetrate. This paper argues that old ideas of centralization and hardening for defense should give way to ideas of randomly moving cyber attack surfaces (logically defined vice physically defined) in order to rebalance the current asymmetry between attacker and defender. Transformative security in cyberspace can only take place when industrial age ideas are supplanted by modern information age ideas that exploit the strengths of the malleable cyber domain to ensure security. Defenders should turn the advantages that favor the offense on its head.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 2015
Accession Number
AD1012766

Entities

People

  • Robert J. Johnson

Organizations

  • Air Command and Staff College

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Command And Control
  • Computers
  • Computing System Architectures
  • Cyberattacks
  • Cybersecurity
  • Cyberspace
  • Governments
  • Internet
  • Law
  • Moving Target Defense
  • National Security
  • Network Architecture
  • Network Protocols
  • Public Policy
  • Supply Chain
  • United States

Readers

  • Cybersecurity.
  • Strategic Security Studies
  • Systems Analysis and Design

Technology Areas

  • Cyber
  • Cyber - Legality in Cyberspace
  • Space