In a little under two weeks, at the upcoming Internet Governance Forum-Berlin, the Internet Governance Project (IGP) and ICT4Peace Foundation will be holding an open work meeting about the ongoing effort to form a global network of cybersecurity researchers who want to cooperate to develop attribution capabilities and perform cyber-attributions of state-sponsored cyber-attacks.

Date: November 29, 2019
Time: 12:00 – 13:00
Location: Convention Hall I – C Sonnenallee 225
Program: https://igf2019.sched.com/event/WWCm/meeting-on-cyber-accountability-building-attribution-capability

This meeting is organized as an informational and discussion session amongst any researchers and businesses who are engaged in or interested in cyber-attribution. Discussion will be led and moderated by participants from an initial meeting held at the University of Toronto as well as a multi-stakeholder attribution workshop conducted at ETH-Zurich this summer. There will also be input about the newly announced Cyber Peace Institute, updating attendees on the formation of the network and how it intends to facilitate the engagement of new people and organizations in its process to increase accountability.

Accountability for cyber-attacks has increasing geopolitical significance. For example, a recent report by New Zealand’s National Cyber Security Centre notes 38% of cyber incidents recorded by them contained indicators linking them to state-sponsored cyber actors. While some incidents have notably been publicly attributed by nation-states, these attributions are unlikely to be accepted as neutral and authoritative by other states, especially if those states are rivals or hostile. Various commentators on this issue have proposed that a transnational attribution organization exclude governments and be led by experts in academia and business. The Internet Governance Project (IGP), ICT4Peace, and several other organizations are forming the nucleus of an informal network of universities and civil society organizations who want to become involved in cyber-attribution and attribution research. The goal is to achieve attributions that are considered scientific and credible by the community.