Dailydave mailing list archives

Re: Attribution

From: Shane <shane () security-objectives com>
Date: Wed, 14 Apr 2010 12:45:43 -0700

Dave: This seems to be somewhat paradoxical, given the definition of
"know" itself is not black&white.  How can you know?  Even the size of
cyberspace.  A necessary first step towards knowing anything about the
actors within.  Given the expansive set of data sources of your
cyberspace, it does not seem possible to derive any meaningful
metric/statistics (or at a minimum some proportional grain of salt has
to be weighted).

Essentially arbitrary (personal preferences & it seems typically
grandiose) constraints on the cyberuniverse are imposed by whomever is
interpreting it, predisposing any analysis.

Perhaps this is the distinction, cyberuniverse is everything, as you
described (people's heads and such), cyberspace is the contrived/well
defined set of constrained space which you are familiar/known to.
Shane


On 4/14/2010 9:20 AM, dave wrote:

In an interesting presentation I saw recently someone mentioned that Attribution is
hard in cyberspace (f.e. [1]), which generally is discussed in the context of
"Deterrence"[2]. I really like the term "cyberspace", although I know people hate it.

First of all cyberspace is not "the Internet". It's (imho) a collection of networks,
information systems, databases, phone networks, people's heads, and other
"information entities" that together make up the world's set of data and data
processing. They call it "Information Operations" for a reason, but the term
"InformationSpace" is terrible. Plus, William Gibson is a genius, so Cyberspace it is.

Secondly if you are doing your information operations correctly, then Attribution is
a solved problem. You can even use it as a metric: "Percent of incoming attacks that
I can tie to a known actor == amount I have 'dominance over the information
battlespace'". Aka, Attribution is a simple metric for 'Am I winning?'. If you have
no attribution, you are not winning.

Dave Aitel
Immunity, Inc.

[1] http://www.nap.edu/openbook.php?record_id=11925&page=113
[2] http://www.networkworld.com/news/2010/040710-think-tank-in-estonia-ponders.html

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Attribution dave (Apr 14)
- Re: Attribution Shane (Apr 14)
  - Re: Attribution Jordan Frank (Apr 15)
- Re: Attribution Josh Saxe (Apr 15)
  - Re: Attribution dan (Apr 15)
- Re: Attribution Yvan Boily (Apr 15)