Chapter 7: Cyber Attribution

To hide the attackers' identity

To gain a complete picture of the attack

To promote cyber attacks

To ignore cyber attacks

Unlimited jurisdictional power

Lack of resources & expertise

Abundance of resources & expertise

Easy identification of intruders

Analyzing metadata connected to the attack

Ignoring metadata

Avoiding forensic investigation

Not examining tactics and procedures

Incident Severity

Lack of intelligence

Minimal attribution information

Geopolitical Situation

To have serious consequences

To promote cyber attacks

To conduct investigations

To hide cyber attacks

Only Intent and Indicators from external sources

Tradecraft, Infrastructure, Malware, Intent, and Indicators from external sources

Only Tradecraft and Infrastructure

Only Malware and Intent

Ignoring human error

Avoiding collaboration and information sharing

Looking for machine error

Rigorous analytic tradecraft

To avoid sanctions

To ignore adversaries

To enforce a set of standards for appropriate behavior

To encourage malicious activities

The attacker's identity

The attacker's motivation

The attacker's intention

The attacker's location

The absence of geopolitical factors

The spectrum of responsibility

The level of state irresponsibility

The lack of state involvement