The Complex

Is the 'holy grail' of cyber security within reach?

Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security -- an elusive code that once cracked, will make fighting back against such attacks far easier -- may finally be coming within reach of Defense Department cyber warriors.

"That's an area that the department in particular, but I think the country in general, has made a lot of progress," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps in an exclusive interview on Sept. 4. "Conventional wisdom in cyber security nowadays is, ‘attribution is impossible and that's one of the reasons that you're more likely to have big attacks is because the perpetrator believes they can get away with it and you'll never figure out who it is.' That's one of the major advantages some people see in cyber if you're a rogue actor or a bad nation state."

However, in recent years, "we've made a lot of progress on attribution and that's something that is very helpful because we have a much clearer idea of who is attacking us in certain spaces and what to look for," said Rosenbach.

"It's definitely not perfect and it's definitely not a silver bullet, but it's an area that we're making progress in," he added.

Rosenbach wouldn't discuss what specifically has increased DoD's ability to identify attackers in time to respond, only saying that the Pentagon's progress on attribution is due to an improvement in malware forensic skills and intelligence abilities.

Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says that the Pentagon is much better at tracing cyber attacks than it was only five years ago, when it could only trace a third of cyber attacks quickly.

"The numbers are open to debate but five years ago, DoD told me they could succeed [at tracing an attack] in one out of three cases, in really short order," Lewis told Killer Apps. "About a year ago, Cyber Command told me that they had significantly improved that batting average."

Like Rosenbach, Lewis wouldn't discuss the specifics of how the United States has improved its ability to detect the source of cyber attacks. All he would say is, "If you know who your opponent is, there are things you can do to make it easier to figure out when they're responsible, figuring out when it's the Chinese might not be as hard as when it's a random attack out of the blue; its hard but the difficulty is going down."

"Unless people put more resources into covering their tracks, attribution will be a declining problem, it's going to be harder to hide in the future," added Lewis. Of course, there's the rub. This is cyber, where technology evolves in weeks and days; people are constantly pouring energy and resources into covering their online tracks.

U.S. Air Force

National Security

Navy SEAL Foundation won't accept money from No Easy Day author

The Navy SEAL Foundation, a charitable group that provides "immediate and ongoing support" to Navy SEALs and their families, will not accept donations from the proceeds of No Easy Day, the newly released account of the May 2011 raid that killed Osama bin Laden written by a former SEAL who participated in that mission.

Here's the statement that the foundation sent to Killer Apps in response to questions about the matter.

The Navy SEAL Foundation has received numerous inquiries regarding receiving potential proceeds from the sale of the book No Easy Day: The Firsthand Account of the Mission That Killed Osama Bin Laden. The Navy SEAL Foundation is committed to providing immediate and ongoing support and assistance to the Naval Special Warfare community and their families. With this principled mission in mind, the Foundation will not be accepting any donations that are generated from the book or any related activities. The Department of Defense (DOD) is considering pursuing legal remedies against the author. As a 501(c)(3) charitable organization, the Foundation is not involved with any of the actions taken by the DOD. The Navy SEAL Foundation honors our warriors and protects their families.

The book's author has been under fire for not submitting the book to Defense Department officials to ensure that it did not disclose classified information before publication. Pentagon officials say they believe the book contains classified material, despite the author's claims to the contrary.