Cyber deterrence has been thrown out in the public, governmental, and military sectors for the better part of the first half of the decade, stretching into discussions currently in organizations like NATO, and governments worldwide. The theory is simple: “deter someone from doing something out of fear of repercussion or retaliation.” Theory and concept however, are very different premises and conclusions. Everyone in the information warfare area knows that attribution is a slippery slope, and with the quick typing of a few characters on a keyboard, an attacker can choose to be anyone they want to appear to be. Officials pounding any “attribution” on any pulpit, continue to learn nothing, and attackers will continue with their cyber-shenanigans. These discussions (cyber deterrence) are not scaring, nor deterring anyone.
Attribution is a rather mystical thing when it comes to cyber-attacks. “Cyber related” companies offering response based services - incident response, investigations - know this very well and play up the fear to continue to sell their services. As an offensive penetration tester, I have many tricks up my sleeve that …show more content…
Proof via way of an attacker caught red-handed, with data on their machine. What level of proof would we be willing to offer if all we did is state: “Dmitri Russianov was caught in the act. He has a personal website that lists him as a cyber expert in Russian government.” Would we be willing to investigate this Dmitri without blinders. “What exactly did he do, how, and why.” Are we willing to make sure that perhaps his machine was not compromised and used as a proxy? The answer is: “Probably not.” We would be so content with pointing the finger, we would just settle. But what if for a moment, someone in China compromised Dmitri’s machine, and leveraged his credentials to pull off other attacks? Another country skates away scott-free. See the
Attribution is a rather mystical thing when it comes to cyber-attacks. “Cyber related” companies offering response based services - incident response, investigations - know this very well and play up the fear to continue to sell their services. As an offensive penetration tester, I have many tricks up my sleeve that …show more content…
Proof via way of an attacker caught red-handed, with data on their machine. What level of proof would we be willing to offer if all we did is state: “Dmitri Russianov was caught in the act. He has a personal website that lists him as a cyber expert in Russian government.” Would we be willing to investigate this Dmitri without blinders. “What exactly did he do, how, and why.” Are we willing to make sure that perhaps his machine was not compromised and used as a proxy? The answer is: “Probably not.” We would be so content with pointing the finger, we would just settle. But what if for a moment, someone in China compromised Dmitri’s machine, and leveraged his credentials to pull off other attacks? Another country skates away scott-free. See the