A New Attribution Problem: Cyber Attack or Malfunction?

“The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence.” – Architect of Stuxnet Cyber Attack.

According to an article by JustSecurity, confusion about whether an incident is an accident or a cyber attack may be a common problem going forward.  The article opens with a reference to a Bloomberg news report which publicly revealed that hackers caused a 2008 explosion on the Baku-Tbilisi-Ceyhan (BTC) oil pipeline in Turkey.  According to the article, the issue is that it took six years for analysts to identify this incident as a cyber attack rather than a simple malfunction.  While attributing who is responsible for an attack continues to be a significant concern in cybersecurity, the JustSecurity article focuses on the equally troubling issue of attributing what caused an incident: a cyber attack or a simple malfunction?

The Importance of Determining the “What” Attribution Question:

Cybersecurity has become a top concern worldwide.  Both international and state leaders have placed great efforts into forming rules of law and cyber norms to provide a strong enforcement arm in the worldwide cybersecurity battle.  However, before these laws can be applied to the attacker and victim states, a cyber attack must be identified (and then of course attributed to an attacker).  The difficulty attributing whether a cyber attack or malfunction occurred creates an additional barrier between states and international responsibility for their actions, according to the articleJustSecurity sets out three additional consequences of this problem:

(1)   The increased fear that a cyber attacks has occurred whenever anything malfunctions in the future.

(2)   The ambiguity may allow states to get away with aggressive actions that they could not undertake through conventional means without provoking a response.

(3)   States may be more likely to undertake aggressive actions in the first place if they “. . . perceive that cyber actions will be recognized only after a delay or not at all and that (in part because of the delayed recognition) the consequences for the attacking state are minimal.”

How Attackers Take Advantage of the “What” Attribution Problem:

Sometimes the attacker makes the answer clear, like when the Shamoon virus was accompanied by an image of a burning American flag or when the Sony attack displayed a neon red skull on computers with the hacker group’s name.  However, other times the attackers take advantage of the difficulty in attributing whether problems are from cyber attacks or simple malfunctions.  A prime example is the Stuxnet worm.  According to a 2012 New York Times article discussing the Stuxnet worm’s design:

The first attacks were small . . . “The thinking was that the Iranians would blame bad parts, or bad engineering, or just incompetence,” one of the architects of the early attack said. The Iranians were confused partly because no two attacks were exactly alike. Moreover, the code would lurk inside the plant for weeks, recording normal operations; when it attacked, it sent signals to the Natanz control room indicating that everything downstairs was operating normally.

According to the JustSecurity article, the BTC oil pipeline explosion provides an additional example of the “what” attribution problem at play.  The article again cited to the Bloomberg report , which suggests that there was similar confusion about the cause of the BTC oil pipeline explosion:

. . . the Turkish government “blamed a malfunction,” and BP, the majority owner of the pipeline, noted in its annual report that the pipeline was shutdown because of a fire.

Potential Solutions

According to JustSecurity, the focus on mitigation will be a technical one rather than a legal one.  Simply put, there needs to be faster recognition of cyber attacks as cyber attacks and malfunctions as malfunctions.  The article places this responsibility on the numerous private cybersecurity firms with substantial forensic capabilities and government investigators.


Please follow and like us:

Tags: , , , ,

Leave a Reply

You must be logged in to post a comment.


Untitled Document
Professor William Snyder

Professor William C. Snyderis a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.

Ryan D. White

Ryan D. WhiteRyan is currently a third year law student at Syracuse University College of Law, and is also pursuing a Master of Public Administration degree from Syracuse’s Maxwell School of Citizenship and Public Affairs. Ryan spent time with Homeland Security Investigations while pursuing his undergraduate degree at Wesleyan University, and spent his first summer of law school as clerk for the U.S. Attorney’s Office in the Western District of New York. He is a member of Syracuse Law Review, the Journal on Terrorism and Security Analysis, and participates in the Veteran’s Legal Clinic. Full biography

Shelby E. Mann

Ryan D. WhiteShelby is a second year law student at the Syracuse University College of Law. She is the 2018-9 Editor in Chief of the Syracuse Law Review, as well as a member of the Journal on Terrorism and Security Analysis, and the senior editor for the Syrian Accountability Project. During her final year at the University of Missouri, she served as a full-time news producer for ABC 17 News. Shelby spent her first summer of law school at the Shelby County District Attorney General's Office in Memphis, Tenn., in the Public Corruption and Economic Crimes Unit. Full biography

Christopher w. FolkChristopher W. Folk

is a 2017 graduate of SU College of Law. A non-traditional student, Christopher returned to academia after spending nearly twenty years in the high tech industry. Christopher served in the Marine Corps, graduated from Cornell University with a B.S. In Applied Economics and Business Management, attended Northeastern University’s High-Tech MBA Program and received a M.S. In Computer Information Systems. Christopher previously worked in Software Engineering. Christopher is currently serving his second term as Town Justice for the Town of Waterloo. Christopher externed with a Cybersecurity firm in the Washington, D.C. area between his first and second year at SU College of Law. Full biography

Anna Maria Castillo

Anna Maria Castillois 2016 graduate of Syracuse College of Law. She also holds a Master of Arts in International Relations from Syracuse University's Maxwell School of Citizenship and Public Affairs. She has interned at a London-based think-tank that specializes in transnational terrorism and global security and at the legal department of a defense contractor. She served as an executive editor in the Syracuse Law Review. Full biography

Jennifer A. CamilloJennifer A. Camillo

is a 2015 graduate of Syracuse College of Law and is a prosecutor. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She was a member of the Syracuse National Trial Team and was awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.

Tara J. PistoreseTara J. Pistorese

holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She wrote for this blog when a student. She is now a member of the U.S. Army Judge Advocate General's Corps.

Benjamin Zaiser

is both a scholar and a Federal Agent of the Federal Criminal Police Office of Germany. (Opinions expressed here are his own and not any part of official duty.) Full biography


Follow by Email