The Politics of Attributing Blame for Cyberattacks and the Costs of Uncertainty

Schulzke, Marcus

doi:10.1017/s153759271800110x

Cited by 36 publications

(19 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As noted by Harknett and Stever (2011, 455–456), the “cyber security problem does not fit conventional or traditional security categories based on individual security responsibilities, economic or corporate security issues, military security problems, as well as domestic versus international problems.” The struggle, in determining the origins and impacts of a cyber attack, is “generally approached as a technical challenge for security professionals and politicians” (Schulzke 2018, 954). Schulzke (2018) argues that attributional challenges can affect a citizen's ability to cognize security challenges as well as evaluate government actions; this ambiguity often leaves citizens repeatedly missing the required information to ascertain dependably the attack perpetrators. Schulzke (2018, 954) presents that “attributional uncertainty immediately following cyber attacks encourages dependence on a narrow range of elite frames and the assignment of blame to familiar enemies.”…”

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

“…Citing the paradox in the current policy‐making environment (de Bruijn and Janssen 2017), as well as other authors suggesting the murky pitfalls of attribution (Schulzke 2018), recent scholars have called for the framing of cyber security dialogue. Some have raised concerns about the apparent responsibilization of individuals for cyber security, comparing it with stances related to similar societal contagion‐type risks such as disease and fire (Renaud et al 2018).…”

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

See 1 more Smart Citation

Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China

Renaud

Orgeron²,

Warkentin

et al. 2020

Public Administration Review

View full text Add to dashboard Cite

Governments can intervene to a greater or lesser extent in managing the risks that citizens face. They can adopt a maximal intervention approach (e.g., COVID‐19) or a hands‐off approach (e.g., unemployment), effectively “responsibilizing” their citizens. To manage the cyber risk, governments publish cyber‐related policies. This article examines the intervention stances the governments adopt in supporting individual citizens managing their personal cyber risk. The authors pinpoint the cyber‐related responsibilities that several governments espouse, applying a “responsibilization” analysis. Those applying to citizens are identified, thereby revealing the governments' cyber‐related intervention stances. The analysis reveals that most governments adopt a minimal cyber‐related intervention stance in supporting their citizens. Given the increasing number of successful cyber attacks on individuals, it seems time for the consequences of this stance to be acknowledged and reconsidered. The authors argue that governments should support individual citizens more effectively in dealing with cyber threats.

show abstract

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

Section: Cyber Policy In Public Administrationmentioning

confidence: 99%

Cyber Security Responsibilization: An Evaluation of the Intervention Approaches Adopted by the Five Eyes Countries and China

Renaud

Orgeron²,

Warkentin

et al. 2020

Public Administration Review

View full text Add to dashboard Cite

show abstract

“…More recently, scholars are focusing on public attribution, including whether and how to build an international organization aiding attribution processes (Eichensehr, 2019(Eichensehr, , 2020Finnemore & Hollis, 2017, pp. 475-476, 2019Grindal, Kuerbis, Badiei, & Mueller, 2018;Schulzke, 2018;Solomon, 2018). Reflections on the legal, and naming and shaming aspects of public attribution help to clarify the international normative function of public attribution (Eichensehr, 2020;Finnemore & Hollis, 2019), whilst analysis of institutional policy proposals shows potential ways towards improving transparency and credibility problems (Egloff & Wenger, 2019;Eichensehr, 2019Eichensehr, , 2020Grindal et al, 2018;Solomon, 2018).…”

Section: Situating Public Attribution In the Literature On Attributiomentioning

confidence: 99%

“…This article focuses mainly on this second part of the process, namely, what happens after an incident is publicly attributed. Schulzke (2018) has suggested some theoretical reasons why we should pay careful attention to the effects of public attribution of cyber incidents. Drawing on psychological research, he argued that people do not like ambiguity when searching for explanations of unexpected threatening events (p. 957).…”

Section: Situating Public Attribution In the Literature On Attributiomentioning

confidence: 99%

“…In addition, because cybersecurity as policy issue is distributed amongst different stakeholders, responsibility is diffused and susceptibility to partisanship increases. From these four mechanisms, Schulzke (2018) concludes, the public should be sensitized to the problem and to a security context in which blame takes time to establish. It would be prudent for policymakers and journalists to avoid a rush to judge who is responsible for an attack, regardless of how obvious the answer may initially seem.…”

Section: Situating Public Attribution In the Literature On Attributiomentioning

confidence: 99%

See 1 more Smart Citation

Contested public attributions of cyber incidents and the role of academia

Egloff

2019

Contemporary Security Policy

View full text Add to dashboard Cite

Public attributions of cyber incidents by governments and private industry have become prevalent in recent years. This article argues that they display a skewed version of cyber conflict for several operational and structural reasons, including political, commercial, and legal constraints. In addition, public attribution of cyber incidents takes place in a heavily contested information environment, creating fractured narratives of a shared past. The article uses three cyber incidents (Sony Pictures, DNC, and NotPetya) to show how actors cope with this contested information environment and proposes a changed role of academia to address some of the problems that emerge. To become competent in contesting public attribution discourses, universities would have to work more across physical, disciplinary, and academic boundaries. The main implications for democracies are to be more transparent about how attribution is performed, enable other civilian actors to study cyber conflict, and thereby broaden the discourse on cybersecurity politics.

show abstract