2017
DOI: 10.1073/pnas.1700442114
|View full text |Cite
|
Sign up to set email alerts
|

Strategic aspects of cyberattack, attribution, and blame

Abstract: Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame ga… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
24
0

Year Published

2017
2017
2025
2025

Publication Types

Select...
7
2
1

Relationship

0
10

Authors

Journals

citations
Cited by 43 publications
(24 citation statements)
references
References 13 publications
0
24
0
Order By: Relevance
“…Central among these is the attribution problem: the potential difficulty in determining who is responsible for an attack or even if an attack occurred at all. 1 Attribution problems weaken deterrence: multiplying a penalty by the probability of correct attribution reduces the expected penalty (Clark and Landau 2010;Edwards et al 2017;Goldsmith 2013;Kello 2017;Lindsay 2015;Nye 2011). But the implications of imperfect attribution for deterrence are much richer than this, and the precise effects-as well as how a state can optimally deter attacks under imperfect attributionhave yet to be studied.…”
mentioning
confidence: 99%
“…Central among these is the attribution problem: the potential difficulty in determining who is responsible for an attack or even if an attack occurred at all. 1 Attribution problems weaken deterrence: multiplying a penalty by the probability of correct attribution reduces the expected penalty (Clark and Landau 2010;Edwards et al 2017;Goldsmith 2013;Kello 2017;Lindsay 2015;Nye 2011). But the implications of imperfect attribution for deterrence are much richer than this, and the precise effects-as well as how a state can optimally deter attacks under imperfect attributionhave yet to be studied.…”
mentioning
confidence: 99%
“…Then they proved the existence of several Bayesian-Nash Equilibriums and huieventually derive optimal strategies for both sides. Edwards et al [21] presented a game-theoretic model, where the attacker's vulnerability, the knowledge level of the victim, payoffs for different outcomes, and the beliefs about their opponent are taken into account to obtain the best strategic choice.…”
Section: Related Workmentioning
confidence: 99%
“…8 Since the first rigorous threat intelligence report in 2013 which sought to attribute a collection of cyber intrusions of U.S. companies to the Chinese military, there has been a growing body of literature concerning the technical challenges of attributing a cyber incident to an individual or government entity (Rid and Buchanan, 2015;Lin, 2016). In addition, other scholarship has addressed particular strategic, legal and ethical issues that arise when entities seek to attribute cyber events (Anderson, 2018;Eichensehr, 2017;Guerrero-Saade, 2015;Edwards et al 2017). The current state of affairs is complicated enough that there have even been numerous proposals to standardize attribution reports or even create new international or private-sector led organizations whose mission is to attribute malicious cyber activity (Davis et al, 2017;Microsoft's Cyber IAEA 9 ; Atlantic Council Attribution Council 10 ).…”
Section: What Is Attribution Of Cyber Incidents?mentioning
confidence: 99%