Can the FBI Crack the Attribution Nut?Bureau Unveils its Next Generation Cyber Initiative
Attribution - the ability to identify those who hack into a computer system - is among the hardest cybersecurity nuts to crack. But that isn't deterring the FBI, which says it has initiated a program to uncover and investigate web-based intrusion attacks.
See Also: A Toolkit for CISOs
Known as the Next Generation Cyber Initiative, the nearly year-long program unveiled this past week has been developing a cadre of specially trained computer scientists able to extract hackers' digital signatures from mountains of malicious code. The initiative involves FBI agents cultivating what the bureau characterizes as "cyber-oriented relationships" with the technical leads at financial, business, transportation and other critical infrastructures.
We've got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions.
What makes attribution so hard to determine is that the Internet from its beginning has been architected to allow anonymity. "We have an enormous number of bad actors who are able to be completely anonymous," Michael Dell, chief executive officer of computer maker Dell, once portrayed the Internet [see Idolizing Attribution]. "Can you think of any secure system where people can operate anonymously?"
DoD's Attribution Challenge
The challenges surrounding anonymity aren't thwarting the FBI and other federal agencies from trying to develop ways to spot those breaching computer systems. A few weeks ago, Defense Secretary Leon Panetta said the Defense Department has made significant advances in solving a problem that makes deterring cyber adversaries more complex: the difficulty of identifying the origins of that attack [see In His Own Words: Panetta on Cyberthreats].
"Over the last two years, DoD has made significant investments in forensics to address this problem of attribution, and we're seeing the returns on that investment," Panetta said in a speech delivered Oct. 11 to the Business Executives for National Security. "Potential aggressors should be aware that the United States has the capacity to locate them and to hold them accountable for their actions that may try to harm America."
Indeed, as the then- deputy assistant director of the FBI's Cyber Division said in an interview [see The Need for New IT Security Strategy], successfully identifying the culprits could stop many cyberattacks. "What it ultimately is about is deterrence," Steve Chabinsky said. "If the bad guys know that you can catch them, it stops most of them."
Inner Workings of the Initiative
How does the FBI's Next Generation Cyber Initiative work?
According to the FBI, field investigators send their findings to specialists in the FBI Cyber Division's Cyber Watch command, who look for patterns or similarities in cases. The around-the-clock post shares the information with the FBI-led National Cyber Investigative Joint Task Force, a partnership of intelligence and law enforcement agencies such as the departments of Defense and Homeland Security and the National Security Agency.
A key aim of the initiative has been to expand the bureau's ability to quickly define "the attribution piece" of a cyberattack to help determine an appropriate response, an FBI blog quotes Richard McFeely, executive assistant director of the bureau's criminal, cyber, response and services branch.
"The attribution piece is: who is conducting the attack or the exploitation and what is their motive," McFeely said. "In order to get to that, we've got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions."
Solving the attribution piece remains a daunting challenge, but combining information sharing and advances in data analysis with traditional gum-shoe methods, the FBI might just succeed in cracking that nut.