Attributing the Russian Cyberattack: No Alternative Explanations

Posted: December 16th, 2016

By Chris Porter

Christopher Porter is the Manager of FireEye's Horizons team, which conducts strategic forecasting to anticipate risks posed by emerging technologies and geopolitical developments. Prior to joining FireEye, Christopher served nearly nine years in operations and analysis at the Central Intelligence Agency, where he won the National Intelligence Analysis Award medal, coauthored a National Intelligence Estimate, and was the first analyst to win the Cyber Threats Group Director's Award for Innovation. Christopher's work at CIA included assignments as the White House National Security Council and West Wing briefer for cyber threat intelligence, as the Directorate of Operations representative to the Scientific and Technical Intelligence Committee, to numerous public-private intelligence cooperation organizations, and in warzones.

When it comes to attribution—especially when foreign intelligence agencies are involved—plausible deniability is easy. However, the public has come to expect courtroom-quality evidence before believing attribution for cyber operations—a difficult task when the kind of cross-border cooperation you need to get to the bottom of the case is not likely to be forthcoming, for obvious reasons.

Alternatively, probabilistic, intelligence-based reasoning is the most honest and useful way to go about attribution. Once reasonable theories are established, they can then be compared to available evidence and eliminated. Those explanations that survive this scientific method-inspired attribution process are then thought to be more reliable and likely explanations.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.