In the last five years, public attribution of cyber incidents has gone from an incredibly rare event to a regular occurrence. Just in October 2018, the UK’s National Cyber Security Centre publicized its assessment of cyber activities conducted by the Russian military intelligence service (also known by its old acronym, the GRU). Clearly, publicizing activities that other political actors like to keep secret is a political act – but what kind of political act is it and what happens when a government publicly attributes?
For research on governmental public attribution, one can split the public attribution process into two phases: mechanisms that lead to public attribution and what happens after an incident is publicly attributed. Little research exists on either phase with regard to attribution of cyber incidents. This is problematic as our understanding of contemporary security policy rests on knowledge about what drives threat narratives, how and why particular attributions are introduced publicly, and how contestation of threat narratives takes place in the public sphere.
[…]
Source: Contested Public Attributions of Cyber Incidents and the Role of Academia « CSS, ETH Zurich