Sony: A Game Changer for Cyber Attribution

Thomas Rid of Kings College London says that attributing cyber attacks is a difficult, multi-disciplinary problem that few have mastered.
Thomas Rid of Kings College London says that attributing cyber attacks is a difficult, multi-disciplinary problem that few have mastered.

We’ve been writing a lot about the issue of cyber attribution in recent weeks, following the attack on Sony Pictures Entertainment in November. That incident has become something of a Rorschach Test for those in the information security field: revealing as much about the individual attempting to explain the Sony hack as about the attack itself.

Rid and a Ph.D student, Ben Buchanan, have authored a paper in the Journal of Strategic Studies. In their paper, Rid and Buchanan note that one of the biggest challenges of cyber attribution: bridging the technical and political or cultural issues that often surround cyber attribution. As Rid notes: the individuals doing the basic forensic work on the incident may not have a grasp of the larger cultural or political issues at play. That’s a dynamic we’ve seen at play (in spades) in recent news about the hack of Sony Pictures.

In this podcast, Rid and I talk about his paper and (of course) about the case of Sony Pictures Entertainment. While Rid is inclined to believe the U.S. government has a case against the North Korean government, he also thinks that the government needs to make more of its evidence public.

“A lot of governments are watching this space closely. (The FBI and DoJ) need to step up to the plate. They need to do more to convince some of the skeptics,” he said.

Check out my conversation with Thomas Rid in our latest Security Ledger podcast!

Listen on Security Ledger
Listen on Soundcloud.com