![CrossMark Logo]({"type":"image" , "src":"/templates/jsp/images/CROSSMARK_Color_horizontal.svg"})
Abstract
Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? — This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution. Matching an offender to an offence is an exercise in minimising uncertainty on three levels: tactically, attribution is an art as well as a science; operationally, attribution is a nuanced process not a black-and-white problem; and strategically, attribution is a function of what is at stake politically. Successful attribution requires a range of skills on all levels, careful management, time, leadership, stress-testing, prudent communication, and recognising limitations and challenges.
Acknowledgements
The authors wish to thank Dmitri Alperovitch, Ross Anderson, James Allen, Richard Bejtlich, Kurt Baumgartner, Kristen Dennesen, Brandon Dixon, Vicente Diaz, Alexander Gostev, Mike Goodman, Bob Gourley, Clement Guitton, Nathaniel Hartley, Jason Healey, Eli Jellenc, Robert Lee, Joe Maiolo, Sergei Mineev, Daniel Moore, Ned Moran, David Omand, Costin Raiu, Marcus Sachs, Igor Soumenkov, Jen Weedon, two anonymous reviewers, and members of the intelligence and security community in the United Kingdom and the United States who have to remain unnamed. Several companies provided valuable insights, especially CrowdStrike, FireEye, Kaspersky Lab, and Booz Allen Hamilton. The views expressed in this paper are solely those of the authors; potential mistakes are their responsibility alone.
![Sample our Politics & International Relations journals, sign in here to start your FREE access for 14 days]({"type":"image" , "src" : "/sda/5947/JournalAd-Sample-Our-Politics-Relations-PB.gif"})
![Your research. Your choice. How-to guide for authors.]({"type":"image" , "src" : "/sda/110304/JournalAd-reach-more-readers-SW.gif"})
![Banner ad for Taylor & Francis journal suggester]({"type":"image" , "src" : "/sda/110531/JournalAd_Announce_Journal_Suggester_English.jpg"})
![Format-free submission]({"type":"image" , "src" : "/sda/110123/JournalAd-Resources-FormatFree-Submission-PB.jpg"})