The Complex

Is the ‘holy grail’ of cyber security within reach?

Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security — an elusive code that once cracked, will make fighting back against such attacks far easier — may finally be coming within reach of Defense Department cyber warriors. "That’s an area that ...

U.S. Air Force
U.S. Air Force

Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security -- an elusive code that once cracked, will make fighting back against such attacks far easier -- may finally be coming within reach of Defense Department cyber warriors.

"That's an area that the department in particular, but I think the country in general, has made a lot of progress," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps in an exclusive interview on Sept. 4. "Conventional wisdom in cyber security nowadays is, ‘attribution is impossible and that's one of the reasons that you're more likely to have big attacks is because the perpetrator believes they can get away with it and you'll never figure out who it is.' That's one of the major advantages some people see in cyber if you're a rogue actor or a bad nation state."

Attribution, the ability to quickly identify the source of a cyber attack has long been touted as "the holy grail" of cyber security — an elusive code that once cracked, will make fighting back against such attacks far easier — may finally be coming within reach of Defense Department cyber warriors.

"That’s an area that the department in particular, but I think the country in general, has made a lot of progress," Eric Rosenbach, deputy assistant secretary of defense for cyber policy told Killer Apps in an exclusive interview on Sept. 4. "Conventional wisdom in cyber security nowadays is, ‘attribution is impossible and that’s one of the reasons that you’re more likely to have big attacks is because the perpetrator believes they can get away with it and you’ll never figure out who it is.’ That’s one of the major advantages some people see in cyber if you’re a rogue actor or a bad nation state."

However, in recent years, "we’ve made a lot of progress on attribution and that’s something that is very helpful because we have a much clearer idea of who is attacking us in certain spaces and what to look for," said Rosenbach.

"It’s definitely not perfect and it’s definitely not a silver bullet, but it’s an area that we’re making progress in," he added.

Rosenbach wouldn’t discuss what specifically has increased DoD’s ability to identify attackers in time to respond, only saying that the Pentagon’s progress on attribution is due to an improvement in malware forensic skills and intelligence abilities.

Jim Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, says that the Pentagon is much better at tracing cyber attacks than it was only five years ago, when it could only trace a third of cyber attacks quickly.

"The numbers are open to debate but five years ago, DoD told me they could succeed [at tracing an attack] in one out of three cases, in really short order," Lewis told Killer Apps. "About a year ago, Cyber Command told me that they had significantly improved that batting average."

Like Rosenbach, Lewis wouldn’t discuss the specifics of how the United States has improved its ability to detect the source of cyber attacks. All he would say is, "If you know who your opponent is, there are things you can do to make it easier to figure out when they’re responsible, figuring out when it’s the Chinese might not be as hard as when it’s a random attack out of the blue; its hard but the difficulty is going down."

"Unless people put more resources into covering their tracks, attribution will be a declining problem, it’s going to be harder to hide in the future," added Lewis. Of course, there’s the rub. This is cyber, where technology evolves in weeks and days; people are constantly pouring energy and resources into covering their online tracks.

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

The Taliban delegation leaves the hotel after meeting with representatives of Russia, China, the United States, Pakistan, Afghanistan, and Qatar in Moscow on March 19.

China and the Taliban Begin Their Romance

Beijing has its eyes set on using Afghanistan as a strategic corridor once U.S. troops are out of the way.

An Afghan security member pours gasoline over a pile of seized drugs and alcoholic drinks

The Taliban Are Breaking Bad

Meth is even more profitable than heroin—and is turbocharging the insurgency.

Sviatlana Tsikhanouskaya addresses the U.N. Security Council from her office in Vilnius, Lithuania, on Sept. 4, 2020.

Belarus’s Unlikely New Leader

Sviatlana Tsikhanouskaya didn’t set out to challenge a brutal dictatorship.

Taliban spokesperson Zabihullah Mujahid

What the Taliban Takeover Means for India

Kabul’s swift collapse leaves New Delhi with significant security concerns.