Understanding transnational attribution: moving from “whodunit” to who did it
Brenden Kuerbis, Farzaneh Badiei, Ishan Mehta, and Milton Mueller (Georgia Institute of Technology)
Attribution — identifying with an understood degree of confidence who is responsible for a cyberattack — is important because it contributes to the accountability of actors in cyberspace and has increasing geopolitical significance. (Millet, et al, 2017) Several cyber incidents with geopolitical implications and the attribution findings associated with those incidents have received high-profile press coverage. But performing attribution is as much an artful, nuanced and multi-layered process as a science. (Rid and Buchanan, 2015) Moreover, actors’ decision to publicly attribute depends on the political stakes, and their behavior can be strategic and even deceitful. Successful attribution involves explaining a finding and the evidential basis to the public. (Davis, et al., 2017) Nonstate actors produce technical evidence that plays an important role in understanding attacks and identifying perpetrators, yet they do not necessarily have the incentive to make public attributions or the power to enforce consequences. States’ attribution claims are often based on intelligence that they are not willing to publicly share, which engender persistent questions about how their findings were reached and whether they are credible.