Transparency, trust and intention: what dismantling the heart of cyberattack public attribution reveals about warring minds

Monica Lopez (LPNP)
partner message

ANY.RUN - Interactive malware analysis sandbox

http://any.run/

Get fast results in real-time! Intuitive interface. Convenient for any level analysts.

Join for free and start your malware hunting!

partner message

Avira Cloud Sandbox API. Completely private, unlimited-scale, automated malware analysis service

https://oem.avira.com/en/solutions/cloud-sandbox-api

Avira’s Cloud Sandbox API is built to ensure data privacy.

Receive detailed, file-specific threat intelligence reports containing actionable intelligence.

Supports MITRE ATT&CK™ framework.

partner message

Do APT Mercenary Groups Pose Real Threat to Companies?

https://businessresources.bitdefender.com/apt-as-a-service-webinar

Learn about the recent Bitdefender investigation of a new attack attributed to a sophisticated actor offering advanced-persistent-threats-as-a-service.

Access the investigation

partner message

Be a part of the cyber resilience story - explore careers at

https://careers.opentext.com/

Join the cybersecurity and data protection team at Carbonite + Webroot, OpenText companies.

partner message

We don’t just talk about sharing. We do it every day

https://www.cyberthreatalliance.org/our-sharing-model/

Find out more about how threat intelligence sharing and collaboration through the Cyber Threat Alliance can function as a force multiplier to improve defenses across the ecosystem.

partner message

Map Malicious Infrastructures with Pure Signal™ Intelligence

https://partners.team-cymru.com/pure-signal-trial

Elite analyst teams use Team Cymru’s Pure Signal platform to access 50+ data types, including global network flow, PDNS, malware and more.

Start your 2-week trial now!

partner message

What is cyber threat intelligence (CTI) and how is it used?

Join the VB2020 Threat Intelligence Practitioners’ Summit (TIPS)

Join the VB2020 Threat Intelligence Practitioners’ Summit, sponsored by the Cyber Threat Alliance,

to hear from leading industry voices on how CTI sharing can function as a force multiplier to strengthen defenses across the ecosystem.

partner message

Kaspersky Threat Intelligence Portal - find cyberthreats in files, URLs, IPs and domains

https://opentip.kaspersky.com/

Know which alerts or incidents pose real threats, and prioritize them fast and effectively based on impact and risk levels.

partner message

No-Cost Threat Detection for ISPs and Hosting Providers

https://partners.team-cymru.com/nimbus-threat-monitor

Partner with Team Cymru and get near-real-time threat detection, powered by our world-class IP Reputation data.

Join us now!

partner message

Outsource your Unwanted Software/PUA Work for Free

https://appesteem.com/avs

AppEsteem’s feeds sort out the good apps from the Deceptors.

Our criteria are widely accepted. We’ll help with your disputes.

All for Free. Giving you more time to fight real malware.

partner message

Do you want to know how IT security products score in independent tests?

https://www.av-comparatives.org/enterprise/latest-tests/

AV-Comparatives is an ISO certified independent organization offering systematic testing that checks whether security software lives up to its promises.

Results are available for free!

partner message

Defeating Application Fraud - Learn How

https://www.shapesecurity.com/solutions

We protect more accounts from fraud than everyone else in the world combined.

Shape Security is now part of F5 (www.f5.com)

partner message

30+ years of experience in the anti-malware industry

www.virusbulletin.com

Virus Bulletin is so much more than just a great conference.

Check out our website to see what more we have to offer.

partner message

DNSDB®: The DNS Super Power for Security Teams

https://www.farsightsecurity.com/get-started-guide/

Farsight Security DNSDB®: the world's largest real-time and historical database of DNS resolutions.

Get your free DNSDB API key and use it in our newly updated web GUI, DNSDB Scout and your own environments.

Contextualize everything DNS related with one API key - DNSDB.

partner message

Tired of home office and in urgent need of some networking?

https://www.amtso.org/newsletter/

Join the AMTSO community and meet security vendors, testers, journalists, and researchers to discuss cybersecurity trends, tests and standards!

While attribution of a cyberattack is the ultimate goal of threat intelligence, the public announcement of such is presumably the apex of cyber attack prevention and citizen engagement. Confirming a narrative of responsibility for an action or set of actions that have led to conflict and/or harm is a conscientious endeavour: the bad actors have been discovered and they can be punished and the crime with which they are charged has been stopped... until it is not.

In the world of malicious cyber events where attackers can achieve a high degree of digital anonymity and their origins and intentions are not simply reducible to lines of code, the process of attribution is a multi-layered web of hypotheses, technical and non-technical evidence, and interpretations upon interpretations. And when interpretations of culpability enter into open discourse with or without clear and overt evidence and complete with geopolitical consequences equally good, bad or unknown, public announcement is a hotbed of debate. A critical view of the problem from the perspective of the cognitive sciences, moreover, uncovers an unmentioned, yet glaring reality. The problem of attribution and its public announcement is so rightly problematic because it essentially asks and takes action upon the answering of a fundamental question of the 'black box' problem of the human mind/brain: how, why, and does actus reus or a pattern of actions result from and/or lead to mens rea or particular mental states.

In this paper I take a novel cognitive behavioural approach and make a parallel analysis between the 'black box' problem of the human mind/brain with the 'black box' problem of cyber attribution to explain why (i) transparency for setting attribution standards, (ii) trust for de-escalating tensions between nation states, and (iii) geopolitical intentions for dissipating into worthwhile agreement are not enough without clear mental models of the warring minds in conflict.
Monica Lopez
LPNP Dr Monica Lopez is a multilingual business executive, cognitive scientist, educator, entrepreneur, and public speaker. She is the CEO and CSO at La Petite Noiseuse Productions, a consulting firm that integrates human cognition and behavioural insights into machine intelligence development and competitive business solutions. Dr Lopez’s work in human intelligence has led to understanding human-human interactions in multi-sensory, multi-agent environments, resulting in theoretical and applicational insights for autonomous systems, digital healthcare, and data analytics for various industries. She is also teaching faculty at Johns Hopkins University (JHU) in several schools throughout the university.

Dr Lopez has been a keynote speaker for IS&T’s Human Vision & Electronic Imaging and Autonomous Vehicles & Machines international conferences in San Francisco, CA, and a plenary speaker and awards judge for AutoSens in Detroit, MI and Brussels, Belgium and other venues. She was recognized in 2016 as a 'particularly imaginative polymath' by the Imagination Institute, University of Pennsylvania and has been a fellow and guest speaker on the ethical and sustainable use of artificial intelligence at the Salzburg Global Seminar in Salzburg, Austria. Dr Lopez holds B.A.s in psychology and French and an M.A. and Ph.D. in cognitive science, all from JHU. She is completing a graduate certificate in international studies at the School of Advanced International Studies from JHU.
arrow left Back

Transparency, trust and intention: what dismantling the heart of cyberattack public attribution reveals about warring minds

Monica Lopez (LPNP)
While attribution of a cyberattack is the ultimate goal of threat intelligence, the public announcement of such is presumably the apex of cyber attack prevention and citizen engagement. Confirming a narrative of responsibility for an action or set of actions that have led to conflict and/or harm is a conscientious endeavour: the bad actors have been discovered and they can be punished and the crime with which they are charged has been stopped... until it is not.

In the world of malicious cyber events where attackers can achieve a high degree of digital anonymity and their origins and intentions are not simply reducible to lines of code, the process of attribution is a multi-layered web of hypotheses, technical and non-technical evidence, and interpretations upon interpretations. And when interpretations of culpability enter into open discourse with or without clear and overt evidence and complete with geopolitical consequences equally good, bad or unknown, public announcement is a hotbed of debate. A critical view of the problem from the perspective of the cognitive sciences, moreover, uncovers an unmentioned, yet glaring reality. The problem of attribution and its public announcement is so rightly problematic because it essentially asks and takes action upon the answering of a fundamental question of the 'black box' problem of the human mind/brain: how, why, and does actus reus or a pattern of actions result from and/or lead to mens rea or particular mental states.

In this paper I take a novel cognitive behavioural approach and make a parallel analysis between the 'black box' problem of the human mind/brain with the 'black box' problem of cyber attribution to explain why (i) transparency for setting attribution standards, (ii) trust for de-escalating tensions between nation states, and (iii) geopolitical intentions for dissipating into worthwhile agreement are not enough without clear mental models of the warring minds in conflict.
Monica Lopez
LPNP Dr Monica Lopez is a multilingual business executive, cognitive scientist, educator, entrepreneur, and public speaker. She is the CEO and CSO at La Petite Noiseuse Productions, a consulting firm that integrates human cognition and behavioural insights into machine intelligence development and competitive business solutions. Dr Lopez’s work in human intelligence has led to understanding human-human interactions in multi-sensory, multi-agent environments, resulting in theoretical and applicational insights for autonomous systems, digital healthcare, and data analytics for various industries. She is also teaching faculty at Johns Hopkins University (JHU) in several schools throughout the university.

Dr Lopez has been a keynote speaker for IS&T’s Human Vision & Electronic Imaging and Autonomous Vehicles & Machines international conferences in San Francisco, CA, and a plenary speaker and awards judge for AutoSens in Detroit, MI and Brussels, Belgium and other venues. She was recognized in 2016 as a 'particularly imaginative polymath' by the Imagination Institute, University of Pennsylvania and has been a fellow and guest speaker on the ethical and sustainable use of artificial intelligence at the Salzburg Global Seminar in Salzburg, Austria. Dr Lopez holds B.A.s in psychology and French and an M.A. and Ph.D. in cognitive science, all from JHU. She is completing a graduate certificate in international studies at the School of Advanced International Studies from JHU.