« 米国GAO が「国家サイバー戦略」の完全実施のためにリーダーシップを明確にするために議会がリーダーを指名するように提案していますね。 | Main | NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices »

2020.09.30

サイバー攻撃者がどのような者で、どのような意図でそれを行っているかを決めていくというのは、これからますます重要となっていくんでしょうね。。。

こんにちは、丸山満彦です。

Oxford AcademicがJournal of Cybersecurityを公開しているのですが、今回の号で、サイバー攻撃者の属性がどのようなものであるかを決めていくことについての検討があります。考えてみれば難しい問題ですが、こういうことを粛々とやっている米国や英国というのはやはりすごいところがあると思います。。。

こういう研究は日本でももっとされて良いかもですね。。。日本なら、NISCやでこういう議論がされるとよいのでしょうね。。。

Oxford Academic - Journal of Cybersecurity, Volume 6, Issue 1, 2020,

・2020.09.14 Public attribution of cyber intrusions [PDF]


Abstract

Attribution is central to the debate on how to respond to cyber intrusions. The policy challenge is increasingly moving from identifying who is behind a cyber intrusion to finding the adequate policy response, including whether to publicly attribute. The article examines the use of public attribution as a political strategy for attaining specific political effects beyond the dyadic attacker–victim relationship, including shaping the operational and normative environment of cyber operations, with the potential to exert an independent deterrent effect. My analysis unfolds in three parts. The first part introduces two core concepts—sense-making and meaning-making—to capture different parts of the attribution process. I then introduce a theoretical understanding of public attribution drawing on the literature on revealing covert activity and argue that public attribution can serve the function of defining a particular interaction order, i.e. shape the rules of the ‘game’. In part two and three I discuss two empirical examples of both concepts. I bring to the fore three observations: First, some states have shifted their policy responses from dealing with individual cyber intrusions to responding in a broader political framework of relations with a specific adversary leading to campaign-like responses. Second, the political decision whether to attribute publicly is not only a signal to the adversary, but also aims at shaping the future political and normative operational environment. Third, such norm shaping has the potential to exert an independent—though limited—deterrent effect, particularly on potential adversaries. The analysis demonstrates the importance of the meaning-making process to understanding the politics of attribution and the rewards of theoretically integrating it into the politics of secrecy and exposure of covert activities of states.


Article Contents

 

Issue Cover

|

« 米国GAO が「国家サイバー戦略」の完全実施のためにリーダーシップを明確にするために議会がリーダーを指名するように提案していますね。 | Main | NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices »

Comments

Post a comment



(Not displayed with comment.)




« 米国GAO が「国家サイバー戦略」の完全実施のためにリーダーシップを明確にするために議会がリーダーを指名するように提案していますね。 | Main | NIST NISTIR 8235 (Draft) Security Guidance for First Responder Mobile and Wearable Devices »