The Great Cybersecurity Attribution Problem

Jessica Smith

Security, Americas

Rawls's theory of justice as fairness is the most well-balanced in acounting for social justice and security culture needs.

Unlike your creative writing professor, an entreaty for a suspension of disbelief is not a term of endearment to a cybersecurity practitioner.

In fact, such language in this social clique is downright indecent. But to cyber constructivists like former Director of National Intelligence and the National Security Agency, Mike McConnell, attribution systems prove an exception to the rule.

In a 2010 Washington Post article, McConnell boldly asserted that: “[W]e need to reengineer the Internet to make attribution . . . who did it, from where, why and what was the result – more manageable. The technologies are already available from public and private sources and can be further developed if we have the will to build them into our systems and to work with our allies.” Thus, if a new attribution system could indeed be readily implemented, how might it look from a security culture and social justice standpoint?

Because constructivism focuses on understanding the impact of ideas and how actors define their interests and identities in a social system, the article identifies the archetypal interests of six cyber stakeholders against the backdrop of several attribution frameworks. The utility of this approach, as derived from political constructivist philosopher, John Rawls, is that by first understanding the conflicting attribution preferences at both the individual and state level, and then treating all stakeholders as “rational and mutually disinterested” – behind a veil of ignorance – we can arrive at design principles that are predicated on notions of both justice and security.

So, Which Cyber Stakeholder Are You?