Untangling Attribution

"As a result of increasing Internet insecurity — DDoS attacks, spam, cybercrime, and data theft — there have been calls for an Internet architecture that would link people to packets (the fundamental communications unit used in the Internet). The notion is that this technical “fix” would enable better investigations and thus deterrence of attacks. However, in the context in which the most serious national-security cybersecurity threat the US faces is data exfiltration from corporate and government sites by other jurisdictions, such a solution would be a mistake. Cyberattacks and cyberexploitations are more different than they are the same, and multi-jurisdictional, multi-stage attacks (in which machine A penetrates and “takes over” machine B) are the critical cybersecurity threat. Meanwhile IP addresses are more useful as a basis for various kinds of attribution than has been sometimes thought, and the occasions when attribution at the level of an individual person is useful are very limited. We consider how cyberexploitations and cyberattacks might be traced, and discuss how technical contributions can only be contemplated in the larger regulatory context of various legal jurisdictions."