bookmark_border

Attack Attribution with John Davis

Software Engineering Daily,

Originally posted on Software Engineering Daily

When a cyber attack occurs, how do we identify who committed it? There is no straightforward answer to that question.

Even if we know Chinese hackers have infiltrated our power grid with logic bombs, we might not be able to say with certainty whether those hackers were state actors or rogue Chinese hackers looking for an offensive asset to sell to their government.

Even if we know someone in Russia launched an attack on the banking system in Ukraine, we might not know whether that attack came from the government or from aggressive non-governmental forces.

Accurate cyberattack attribution is key to preventing diplomatic mistakes in the modern battleground of the Internet.

Today’s guest John Davis is one of the authors of the report called “Stateless Attribution: Toward International Accountability in Cyberspace”.

John is a senior information scientist with RAND Corporation, a non-profit institution that helps improve policy and decisionmaking through research and analysis. This report was commissioned by Microsoft, and it provides a deep assessment of our current ability to attribute a cyberattack to the perpetrator of that attack.

If you like this episode, we have done many other shows about security, with guests like Bruce Schneier and Samy Kamkar. You can check out our back catalog by downloading the Software Engineering Daily app for iOS, where you can listen to all of our old episodes, and easily discover new topics that might interest you. You can upvote the episodes you like and get recommendations based on your listening history. With 600 episodes, it is hard to find the episodes that appeal to you, and we hope the app helps with that.

Sponsors


Cloudflare runs 10% of the Internet, providing performance and security to millions of websites. Many of you probably already use Cloudflare on your sites. We’re not talking about using Cloudflare today though, we’re here to talk about building on top of it. If you’re a developer you can build apps which can be installed by the the millions of sites which rely on Cloudflare. You can even sell your apps; they can make you money every month. Visit cloudflare.com/sedaily to watch how you can build and deploy an app in less than 3 minutes.


Toptal is the best place to find reasonably priced, extremely talented software engineers to build your projects from scratch or scale your workforce. Get a free pair of Apple Airpods when you use Toptal.com/sedaily to work with an engineer for at least 20 hours.


GrammaTech CodeSonar helps development teams improve code quality with static analysis. It helps flag issues early in the development process, allowing developers to release better code faster. CodeSonar can easily be integrated into any development process. CodeSonar performs advanced static analysis of C, C++, Java, and even raw binary code. CodeSonar performs unique dataflow and symbolic execution analysis to aggressively scan for problems in your code. Just like battleships use sonar to detect objects deep underwater, engineers use CodeSonar to detect subtle problems deep within their code. Go to go.grammatech.com/sedaily to get your free 30-day trial, exclusively for Software Engineering Daily listeners and unleash the power of advanced static analysis.


If you want to start a podcast, check out Podsheets. Podsheets is a product we built to create and manage podcasts. We are podcasters ourselves–and we understand the difficulties of getting started. Podsheets makes it easy to post your episodes and distribute them to iTunes and Google Play with a single click. If you are curious about podcasting, but have no idea where to start, Podsheets will guide you through the process. With Software Engineering Daily, we have been producing 5 shows a week for 2 years. We understand recording, we understand how to produce your show and we understand how to get advertisers. We want to help you with this process. Check out Podsheets today. We will give you everything you need to create and manage your podcast–and if you have any questions or you get confused, you can always contact us directly for help. Podcasting is as easy as blogging–let us show you how to podcast, with Podsheets.


security

About the Podcast