Dailydave mailing list archives
Re: Attribution
From: Shane <shane () security-objectives com>
Date: Wed, 14 Apr 2010 12:45:43 -0700
Dave: This seems to be somewhat paradoxical, given the definition of "know" itself is not black&white. How can you know? Even the size of cyberspace. A necessary first step towards knowing anything about the actors within. Given the expansive set of data sources of your cyberspace, it does not seem possible to derive any meaningful metric/statistics (or at a minimum some proportional grain of salt has to be weighted). Essentially arbitrary (personal preferences & it seems typically grandiose) constraints on the cyberuniverse are imposed by whomever is interpreting it, predisposing any analysis. Perhaps this is the distinction, cyberuniverse is everything, as you described (people's heads and such), cyberspace is the contrived/well defined set of constrained space which you are familiar/known to. Shane On 4/14/2010 9:20 AM, dave wrote:
In an interesting presentation I saw recently someone mentioned that Attribution is hard in cyberspace (f.e. [1]), which generally is discussed in the context of "Deterrence"[2]. I really like the term "cyberspace", although I know people hate it. First of all cyberspace is not "the Internet". It's (imho) a collection of networks, information systems, databases, phone networks, people's heads, and other "information entities" that together make up the world's set of data and data processing. They call it "Information Operations" for a reason, but the term "InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is. Secondly if you are doing your information operations correctly, then Attribution is a solved problem. You can even use it as a metric: "Percent of incoming attacks that I can tie to a known actor == amount I have 'dominance over the information battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have no attribution, you are not winning. Dave Aitel Immunity, Inc. [1] http://www.nap.edu/openbook.php?record_id=11925&page=113 [2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Attribution dave (Apr 14)
- Re: Attribution Shane (Apr 14)
- Re: Attribution Jordan Frank (Apr 15)
- Re: Attribution Josh Saxe (Apr 15)
- Re: Attribution dan (Apr 15)
- Re: Attribution Yvan Boily (Apr 15)
- Re: Attribution Shane (Apr 14)