Root Cause Analysis

The defense and intelligence community is getting better at tracing and attributing long-term repetitious cyber attacks, but is less capable of pinpointing spontaneous attacks in a timely manner, said James Jaeger, director of defense and commercial cyber systems for General Dynamics Advanced Information Systems. “Attribution over a long-term effort we’re getting pretty good at. . . . We can start to pattern the hackers and we can get to them,” he explained Thursday during an industry panel discussion at AFA’s CyberFutures Conference in National Harbor, Md. “Where we really fall short today is what you’d call ‘real-time attribution’ to support cyber operations—identify the attacker quickly enough so that we can respond and take action,” he added. Today, hackers easily operate anonymously due to the way the Internet is structured. Until that changes, “the attribution problem is going to be tough,” said Jaeger. When it comes to state-level actors using cyber warfare as part of a coordinated, multi-domain assault, however, “we have pretty reasonable confidence of attribution for those kind of attacks,” said Defense Science Board Chairman Paul Kaminski, who moderated the panel.