Attribution

[dave <dave () immunityinc com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In an interesting presentation I saw recently someone mentioned that Attribution is
hard in cyberspace (f.e. [1]), which generally is discussed in the context of
"Deterrence"[2]. I really like the term "cyberspace", although I know people hate it.

First of all cyberspace is not "the Internet". It's (imho) a collection of networks,
information systems, databases, phone networks, people's heads, and other
"information entities" that together make up the world's set of data and data
processing. They call it "Information Operations" for a reason, but the term
"InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is.

Secondly if you are doing your information operations correctly, then Attribution is
a solved problem. You can even use it as a metric: "Percent of incoming attacks that
I can tie to a known actor == amount I have 'dominance over the information
battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have
no attribution, you are not winning.

Dave Aitel
Immunity, Inc.

[1] http://www.nap.edu/openbook.php?record_id=11925&page=113
[2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkvF60gACgkQtehAhL0gheoPYwCfXqcikgKlZ8pumPlYVAG7Jq5c
WcAAnjCbY9K4iLfk2XVK7m3+81GauKVH
=HRBy
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave