Attribution – finding the identity of the actors behind an attack – is of primary importance in order to be able to classify an attack as a criminal act, an act of war, or an act of terrorism. For cyber attacks, three assumptions prevail in the literature: attribution is a technical problem; it is unsolvable; and it is unique. The thesis seeks to examine these assumptions more closely by asking the following two research questions: What constrains attribution? And what does the attribution process entail? It argues that the three prevailing assumptions are misleading. Approaching attribution as a problem forces us to consider it either as solved or unsolved. Yet attribution is far more nuanced than that would suggest: it is better approached as a process in constant evolution, driven by judicial and political pressures. The thesis methodology of detailed examination and comparison of case studies, in addition to interviews with experts, provides evidence to support the arguments. The attribution process arises in two different contexts, with two distinct sets of constraints and goals. In the criminal context, courts must assess the guilt of criminals, mainly based on technical evidence. In the national security context, decision-makers must analyse unreliable and mainly non-technical information in order to identify an enemy of the state. Attribution in both contexts is political: in criminal cases, laws reflect prevailing norms and power in society; in national security cases, attribution is the reflection of a state’s will to maintain, increase or assert its power. However, both processes differ on many levels, which are examined in turn throughout the thesis. The constraints, which reflect common aspects of many other political issues, constitute the structure of the thesis: the need for judgement calls, the role of private companies, the standards of evidence, the role of time, and the plausible deniability of attacks.
|Date of Award||1 Oct 2014|
|Supervisor||Thomas Rid (Supervisor)|