Challenge: Understanding cyber intent

Challenge Statement

The Department of National Defence (DND) is looking for innovative approaches to access, interpret, and compare all available evidence (e.g. technical, all-source intelligence) on how current cyberspace activities get attributed. This will assist in assessing the current cyberspace environment to improve methods on how to obtain secure cyberspace attribution in a timely manner.

Background and Context

Attribution is one of the most challenging problems in cyberspace. The internet was not designed with the goal of attribution in mind. The decentralized, dynamic, and open architecture of the internet enables a perpetrator to easily hide his or her tracks and operate with varying degrees of anonymity. Perpetrators may also operate on spatial scales ranging from local targets in close physical proximity to global targets connected by telecommunication technology over great distances. Consequently, perpetrators can be anywhere in the world and conduct their activities through compromised innocent third parties and obfuscate their origins.

Privacy rights are constantly being challenged, and government initiatives and legislation, such as those in the United Kingdom and Australia, increasingly request that application providers have mechanisms to attribute content and communications to users for lawful access. At the same time, application level encryption further complicates attribution as computing and micro segmentation are being used more frequently.

The ability to identify the source of a malicious cyber activity is the basis for taking action against a perpetrator. If one cannot convincingly show whether a perpetrator is a nation state or a criminal organization or a terrorist organization, one cannot establish the conflict’s legal status or the internationally authorized response options. Legal and policy frameworks for responding to malicious cyber activities cannot work unless there is adequate attribution.

Outcomes and Considerations

The desired outcome of this research effort is to demonstrate methodological approaches and confidence metrics as well as identify challenges and issues (for e.g. technical, regulatory, etc.) with cyber activity attribution that would advance shared understanding of cyberspace and promote national cybersecurity. How these approaches can vary and be adapted for different levels of engagement (e.g. conflicts, aid to civil powers, response to national and continental threats) should be part of the solution.