The cyber attribution challenge: Identifying and deterring cyber attacks

Big Data, Analytics & Cyber Solution Leader, IBM

A degree in political science is not what comes to mind when you think of cybersecurity professionals, but these days I find myself recalling what I picked up in my Introduction to Philosophy class in trying to understand why cyber criminals, spies and terrorists feel so invincible.

Specifically, in book 2 of The Republic by Plato, Socrates describes the legend of the Ring of Gyges, a magical artifact that made its wearers invisible. The central question Socrates poses is this: Would ordinary people, given the opportunity, behave morally knowing their actions could not be seen by others, without fearing the consequences of these actions?  

It’s an interesting question, and quite relevant, given the anonymity the virtual world offers ordinary and treacherous people alike. Looking at recent headlines, anyone can see cyber crime is out of control, from the US Office of Personnel Management, Sony and Anthem, to the US State Department and American Airlines. Last year alone, developers created more than 300 million new variants of malware, viruses and other nefarious code translating into nearly a million new threats a day; the number right now is probably even higher.

What motivates these troublemakers? Factors range from greed, ideology and nationalism to curiosity and bragging rights. What deters them? Not much, unfortunately, as the Internet fosters anonymity a lot more than security—which gives bad actors a cloak of near-invisibility, and a feeling of invulnerability as if they had their very own Ring of Gyges. Near-invisibility, however, is not complete invisibility, and analysts and investigators do have options.

The emergence of powerful new intelligence analysis solutions that combine multidimensional analysis and analytics-based cyber attribution technologies bridge the digital and physical data realms. These solutions reduce static and improve the signal-to-noise ratio, helping cyber defenders expose those responsible by uncovering the subtle trail of breadcrumbs connecting the attack to the attacker. us for an interactive Google hangout on 22 October at 1:00 PM ET when noted authors and industry experts will examine the following questions:

  • Why do you think there are more headlines about cyber attacks today? Is it because there are more breaches or are we just becoming more aware of them?
  • It's been reported that on average, a breach can go unnoticed for eight months before an organization becomes aware of it. How is that possible?
  • What are some practices organizations can put in place to more quickly discover and efficiently mitigate breaches?
  • Cyber threat analysis, also referred to simply as cyber analysis, is a new and trending practice in the field of security. How does it work? How does it complement current security strategies?
  • One of the critical outcomes of cyber analysis is attribution. What capabilities or strategies do you think are required to identify your threat actors?
  • Do you think attribution is needed at private companies? How they can do this?

There will be a focused discussion on what governments, companies and individuals can do to address the cyber attribution challenge, and ways to deter and punish those with reprehensible intentions without infringing on the rights of ordinary people who rely on the Internet to enhance their everyday life.

For announcements and knowledge-sharing around cybersecurity, be sure to attend IBM Insight 2015.