Attribution of malicious cyber activities is a deep issue about which confusion is found in abundance. Much other work cover one or more aspects of attribution; this paper integrates these different perspectives and adds analysis that flows from such integration. Attribution is multi-dimensional and draws on all sources of information available, including technical forensics, human intelligence, signals intelligence, history, and geopolitics, among others and attribution to an ultimately responsible party implicates to legal, policy, and political questions. Some degree of uncertainty attaches to attribution judgment, but adversaries also run some risk of their identities being discovered. Such risk underpins the possibility of deterring hostile actions in cyberspace.
ESSAY PREVIEW