Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security -- an elusive code that once cracked, will make fighting back against such attacks far easier -- may finally be coming within reach of Defense Department cyber warriors.
"That's an area that the department in particular, but I think the country in general, has made a lot of progress," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps in an exclusive interview on Sept. 4. "Conventional wisdom in cyber security nowadays is, ‘attribution is impossible and that's one of the reasons that you're more likely to have big attacks is because the perpetrator believes they can get away with it and you'll never figure out who it is.' That's one of the major advantages some people see in cyber if you're a rogue actor or a bad nation state."
However, in recent years, "we've made a lot of progress on attribution and that's something that is very helpful because we have a much clearer idea of who is attacking us in certain spaces and what to look for," said Rosenbach.
"It's definitely not perfect and it's definitely not a silver bullet, but it's an area that we're making progress in," he added.
Rosenbach wouldn't discuss what specifically has increased DoD's ability to identify attackers in time to respond, only saying that the Pentagon's progress on attribution is due to an improvement in malware forensic skills and intelligence abilities.
Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says that the Pentagon is much better at tracing cyber attacks than it was only five years ago, when it could only trace a third of cyber attacks quickly.
"The numbers are open to debate but five years ago, DoD told me they could succeed [at tracing an attack] in one out of three cases, in really short order," Lewis told Killer Apps. "About a year ago, Cyber Command told me that they had significantly improved that batting average."
Like Rosenbach, Lewis wouldn't discuss the specifics of how the United States has improved its ability to detect the source of cyber attacks. All he would say is, "If you know who your opponent is, there are things you can do to make it easier to figure out when they're responsible, figuring out when it's the Chinese might not be as hard as when it's a random attack out of the blue; its hard but the difficulty is going down."
"Unless people put more resources into covering their tracks, attribution will be a declining problem, it's going to be harder to hide in the future," added Lewis. Of course, there's the rub. This is cyber, where technology evolves in weeks and days; people are constantly pouring energy and resources into covering their online tracks.
U.S. Air Force