How can we develop an institutional framework that can facilitate the provision of authoritative public attributions on a global scale?
In cybersecurity cases, we want to know not only who did it (i.e., which individuals were responsible for an intrusion, exploit or attack), but also who is responsible or who they were working for. Ideally, the attribution should satisfy not only ourselves, but many others. That is, we want the forms and methods of attribution to produce inter-subjective legitimacy and validity, even among parties who might be antagonistic or have radically different interests and perspectives.
In our view, the achievement of inter-subjectivity in cyber attributions would be an institutional accomplishment, not just a forensic or technological accomplishment. This presentation explores some of the issues and problems raised by authoritative public attribution in the international arena.
https://mediaspace.gatech.edu/media/mueller/1_d9jwut7x