Abstract
Abstract Attribution is central to the debate on how to respond to cyber intrusions. The policy challenge is increasingly moving from identifying who is behind a cyber intrusion to finding the adequate policy response, including whether to publicly attribute. The article examines the use of public attribution as a political strategy for attaining specific political effects beyond the dyadic attacker–victim relationship, including shaping the operational and normative environment of cyber operations, with the potential to exert an independent deterrent effect. My analysis unfolds in three parts. The first part introduces two core concepts—sense-making and meaning-making—to capture different parts of the attribution process. I then introduce a theoretical understanding of public attribution drawing on the literature on revealing covert activity and argue that public attribution can serve the function of defining a particular interaction order, i.e. shape the rules of the ‘game’. In part two and three I discuss two empirical examples of both concepts. I bring to the fore three observations: First, some states have shifted their policy responses from dealing with individual cyber intrusions to responding in a broader political framework of relations with a specific adversary leading to campaign-like responses. Second, the political decision whether to attribute publicly is not only a signal to the adversary, but also aims at shaping the future political and normative operational environment. Third, such norm shaping has the potential to exert an independent—though limited—deterrent effect, particularly on potential adversaries. The analysis demonstrates the importance of the meaning-making process to understanding the politics of attribution and the rewards of theoretically integrating it into the politics of secrecy and exposure of covert activities of states.
Highlights
Attribution has been central to the debate on how to respond to cyber intrusions
I introduce a theoretical understanding of public attribution drawing on the literature on revealing covert activity and argue that public attribution can serve the function of defining a particular interaction order, i.e. shape the rules of the ‘game’
The analysis demonstrates the importance of the meaning-making process to understanding the politics of attribution and the rewards of theoretically integrating it into the politics of secrecy and exposure of covert activities of states
Summary
Attribution has been central to the debate on how to respond to cyber intrusions. Identifying who did it, and the uncertainty thereof, is one of the most discussed questions in the literature on cyber operations [1,2,3,4,5,6,7,8,9,10,11]. The second part argues that at the strategic level, the process governing attribution of cyber intrusions is not unique It observes that at least for some states, relatively rapid sense-making capabilities are at play, leading to questions on what to do when you have a mediumto high-level of confidence in your attribution judgements. The article considers deliberate public attributions by national security policymakers as a political strategy, and observes their potential longer-term effects, with regard to shaping the operational environment for future adversaries It highlights this strategic approach to public attribution by examining two public attribution campaigns (WannaCry and NotPetya) and discusses their function in establishing the rules of the ‘game’. The conclusion summarizes the arguments, assesses their durability and limitations, identifies areas of further research and offers an outlook on the anticipated future developments of public attribution
Sign-in/Register to view highlights & summary 
Published Version (
Free)
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call