Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Attribution Concerns Raised Over Cyber Sanctions Program

The recent executive order signed by President Obama establishing a sanctions program for overseas cyber-attackers gives the government a new tool to deter malicious attacks. The challenge lies in knowing who to punish, security experts warned.

The recent executive order signed by President Obama establishing a sanctions program for overseas cyber-attackers gives the government a new tool to deter malicious attacks. The challenge lies in knowing who to punish, security experts warned.

The sanctions program, announced by the White House on Wednesday, targets individuals and groups outside the United States that use cyber-attacks to threaten U.S. foreign policy, national security or economic stability.

The U.S. Department of Treasury will be able to freeze assets and bar other financial transactions of entities engaged in destructive cyber-attacks.

“From now on, we have the power to freeze their assets, make it harder for them to do business with U.S. companies, and limit their ability to profit from their misdeeds,” Obama said.

Cyber Attack Attribution: SanctionsThe executive order itself just claimed the authority to impose sanctions on cyber-attackers. No new sanctions were announced.

While the sanctions program would be one of the many tools the government can use to curtail and deter malicious activity, the program won’t succeed if the government doesn’t figure out how to handle attribution, Mike Brown, vice-president and general manager of the global public sector at RSA, told SecurityWeek. “We need to ensure there is some transparency around attribution,” he said.

Attribution is a thorny problem. Take last winter’s cyber-attack against Sony, for example. The Federal Bureau of Investigation (FBI) said the attack was the work of North Korea. In response, the White House imposed sanctions on North Korea. It turned out to be not as simple as that, since many security experts remained skeptical of the FBI claims without any evidence. Some details the FBI did eventually release seemed circumstantial, or not definitive enough, to really link the attack to North Korea. A few weeks later, Norse claimed to have uncovered evidence the attack was the work of an angry ex-employee. And just last February, Taia Global came out with its own analysis linking the attack to a Russian group.

Attribution within the information security space is not nearly as easy as it sounds,” Greg Foss, a senior security engineer at LogRhythm, told SecurityWeek. Attackers can “pivot through other countries” and make it seem as if attacks originated from a different location. Malware can contain false data to shift culpability, Foss said. It’s important to understand the specifics of how the government plans to address attribution and define methods used to identify attack origins.

Knowing who actually did the attack is a hard problem to solve, and when sanctions are involved, it’s a question no one wants to get wrong. “While the idea is novel, mistakenly placing sanctions on a country based on the actions of one potentially separate entity could have serious consequences,” Foss said.

Advertisement. Scroll to continue reading.

There is also the human factor. In some cases, as sanctions will only harm the civilian population without doing anything to address the problem directly, Foss said.

Companies are investing a lot of money to improve their security defenses, but the private sector can’t solve the problem alone, Stephen Cobb, a senior security researcher at ESET, told SecurityWeek. There are “elements of the global cybercrime infrastructure that only persist due to the complicity of corrupt officials and unscrupulous businesses that turn a blind eye to cybercrime,” Cobb said. Coordinated government action—both nationally and internationally—is necessary to shut those elements down, he said.

Until recently, it seemed a lion’s share of cyber-attacks against the United States could somehow be traced back to China, which has consistently denied its involvement. The new program could be used to combat economic espionage by China, James A. Lewis, a cyberpolicy expert at the Center for Strategic and International Studies, told the Washington Post. “You have to create a process to change the behavior of people who do cyber-economic espionage,” Lewis told the Post. “Some of that is to create a way to say it’s not penalty free. This is an effective penalty. So it moves them in the right direction.”

A Chinese government official criticized the sanctions program, reiterating that China does not endorse cyber-attacks and remain committed to fighting cyber-attacks in any form.

“Cyber security concerns the common interests of all countries. The international community should jointly solve the issue of cyber-attacks through dialogue and cooperation, and based on mutual respect and trust,” Chinese Foreign Ministry spokesperson Hua Chunying said during a regular press briefing, China Daily reported.

In its daily roundup, iSIGHT Partners expressed concern the program would not be “a significant deterrent for organizations and states that would seek to benefit from cyber espionage.”

The company also remained “uncertain whether the US can reasonably expect to demonstrate the attribution and intent that seem to be required to trigger these new sanctions.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.