on cyber attack attribution

Whenever an attack is traced back to Russia (like this one) or China, the attribution decay is very fast. One cannot be very sure of whether this is an attack that was initiated from “within” these countries, or whether they were used as hops conveniently pointing to the usual suspect. Another interesting observation is that although

“states that deny involvement in a cyberattack, but refuse to open their investigative records to the victim-state, end up casting doubt on their willingness to stop cyberattacks and cannot expect to be treated as a state living up to its international duties. In effect, host-states that refuse to cooperate with victim-states are unwilling to prevent cyberattacks and have declared themselves a sanctuary state“†

this does not seem to (openly) apply to super-powers.

Update: It seems that this specific incident of critical infrastructure failure was not a cyber attack:

The failure was due to a faulty command inputted by a contractor several months ago who accessed the system remotely while travelling through Russia on personal business. Over time, his mistake caused greater and greater errors until, several months later, the pump failed.”

We should never attribute to malice what can be attributed to a mistake.

[†] – Solving the Dilemma of State Responses to Cyberattacks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s