The Washington Foreign Law Society
presents
The Technical Characteristics of Attribution: How Do You Know Who Did It?
Thursday, November 17, 2022
From 11:30 AM to 12:30 PM Eastern Time
– This webinar is jointly organized with the Stimson Center –
As more and more malicious cyber incidents occur, governments, C-suite executives and insurers increasingly want to know who should be held responsible for the event and the extent of any harms. The first step in that process, before you get to legal and political attribution, is a technical one – knowing that an incident has occurred and then identifying the actors responsible. Join the Stimson Center and WFLS in this webinar featuring Microsoft, MITRE and the CyberPeace Institute as they discuss this challenge with former senior US Government executive the Hon. Christopher Ford.
Moderator:
-- The Hon. Christopher A. Ford, Director, Center for Strategic Competition, MITRE Corporation
Featured Speakers:
-- John Hering, Senior Government Affairs Manager for the Digital Diplomacy team, Microsoft
-- Emma Raffray, Chief Research and Analysis Officer, CyberPeace Institute
-- Richard Harris, Principal Cybersecurity Policy and Privacy Engineer, MITRE Corporation
Michael Teodori, President of the Washington Foreign Law Society, will host the session.
Dr. Christopher Ford was named in May 2022 to be a MITRE Fellow and the first Director of MITRE’s Center for Strategic Competition. In this capacity, he runs MITRE’s effort to apply interdisciplinary, cross-functional, “systems”-informed analyses to challenges of strategic competition. Dr. Ford is one of only 12 MITRE Fellows in the corporation’s history, and the first with a primarily policy background. Dr. Ford served previously in government as U.S. Assistant Secretary of State for International Security and Nonproliferation, also fulfilling the responsibilities of the Under Secretary for Arms Control and International Security. Prior the State Department, he served as Special Assistant to the President and Senior Director for WMD and Counterproliferation at the National Security Council. A former intelligence officer in the U.S. Navy Reserve and senior staffer on five different U.S. Senate committees, Dr. Ford has also served as U.S. Special Representative for Nuclear Nonproliferation and as a Principal Deputy Assistant Secretary of State. A graduate of Harvard College (summa cum laude), Oxford University (as a Rhodes Scholar), and the Yale Law School, Dr. Ford is a Visiting Fellow at Stanford University’s Hoover Institution, as well as a Distinguished Fellow at the National Security Institute at George Mason University’s Scalia Law School. A prolific scholar, he is the author of the books China Looks at the West: Identity, Global Ambitions, and the Future of Sino-American Relations (2015), The Mind of Empire: China’s History and Modern Foreign Relations(2010), and The Admirals’ Advantage: U.S. Navy Operational Intelligence in World War II and the Cold War (2005), as well as a great many articles and monographs. (His personal website is https://newparadigmsforum.com.) Dr. Ford is a member of the Council on Foreign Relations, the International Institute for Strategic Studies, the Royal Institute of International Affairs, and the American Society of International Law.
Emma Raffray leads the CyberPeace Institute’s analytical activities including the delivery of data-driven platforms, strategic analysis reports and cyber investigations. She has spent over 10 years working as an intelligence analyst across multiple sectors including national and international law enforcement (Metropolitan Police Service, London, UK and INTERPOL), financial sector, defense and the humanitarian sector. A recognized expert providing operational and strategic analysis for intelligence units, investigations and projects. Ms. Raffray holds a BSc in Criminology and Social Policy, Loughborough University. The CyberPeace Institute is an independent and neutral non-governmental organization (NGO) whose mission is to ensure the rights of people to security, dignity and equity in cyberspace. The Institute works in close collaboration with relevant partners to reduce the harms from cyberattacks on people’s lives worldwide. By analyzing cyberattacks, the Institute exposes their societal impact, how international laws and norms are being violated, and advances responsible behavior to enforce cyberpeace. Since the beginning of the year, the CyberPeace Institute has been documenting ‘Cyberattacks in Times of Conflict Platform #Ukraine’ and the hidden impact of these attacks on society. In 2021, the Institute published Cyber Incident Tracer (CIT) #Health, a platform that bridges the information gap about cyberattacks on the healthcare sector and their impact on people. Data on the platform is updated on a quarterly basis.
John Hering is a Senior Government Affairs Manager for the Digital Diplomacy team at Microsoft. He analyzes the global cybersecurity landscape, drives engagement with regional government teams and contributes to Microsoft’s efforts to promote peace and security in cyberspace through various multi-stakeholder initiatives. He leverages prior experiences working in and across the U.S. Government to support Microsoft teams as well as policymakers to improve cybersecurity strategies and policies. Prior to joining Microsoft, Mr. Hering served as a White House Defense Fellow in the Obama administration at the Department of Defense, in the Office of the Secretary of Defense for Policy. He has also previously led humanitarian aid research in northeast Nigeria with the Danish Refugee Council and worked as a math and science teacher through Teach For America. Mr. Hering holds a bachelor’s degree in Political Science from Boston College and a Master of Arts in Law and Diplomacy from The Fletcher School of Law and Diplomacy.
Richard “Rick” Harris is Principal Cybersecurity Policy and Privacy Engineer at the MITRE Corporation. Mr. Harris has spent over three decades in the security field working at the tactical, operational, strategic, and national policy levels. For the last 18 years, Mr. Harris has been focused on building U.S. and international cybersecurity capacity and developing foundational national cyber policies. After 26 years in the US Marine Corps, retiring as a Colonel, Mr. Harris joined the Department of Homeland Security (DHS) where he led efforts to develop and implement cyber risk prevention and mitigation, cybersecurity protection, incident response, information sharing, awareness and public/private partnership policies and programs. His early DHS work included increasing and improving the capabilities of the U.S. Computer Emergency Readiness Team (US-CERT) where he created a planning staff to coordinate and support the development of inter-governmental coordination of cybersecurity policies, plans and operations. Additionally, Mr. Harris was the lead in developing and implementing a successful public/private partnership program, and instrumental in developing and implementing the seminal Comprehensive National Cyber Initiative (CNCI) as well as numerous Presidential Directives on cybersecurity information sharing, operations and inter-agency coordination including developing situational awareness and incident response procedures between US-CERT and six major U.S. cyber centers in the Department of Defense, Federal Bureau of Investigation, and the Intelligence Community, as well as the private sector. Mr. Harris also served as the chief of planning and coordination for the National Cybersecurity and Communications Integration Center (NCCIC) where he worked with private sector, U.S. government agencies, and White House staff to improve whole-of-government approaches to cybersecurity. While serving as the Deputy Director, US-CERT, the NCCIC and as a senior advisor to the Assistant Secretary of Cybersecurity and Communications, Mr. Harris provided consultations to over 30 nations in multi-lateral and bi-lateral forums on building computer emergency response support capabilities and national cyber strategies including nations in the Asia Pacific, European, Middle Eastern, African and South American regions. Since joining MITRE in 2017, Mr. Harris has worked on cyber information sharing and capacity building efforts for the U.S. Department of State in Africa, Asia and Europe, and programs dealing with cybersecurity information sharing and the Internet of Things. Mr. Harris also serves as Co-Chair of Advisory Board and a member of the Research Committee for the Global Forum on Cyber Expertise and is active in working groups addressing cyber incident response, critical infrastructure protection, and awareness and education. Mr. Harris is a graduate of Cornell College, Mount Vernon, IA where he earned a B.A. degree in History and Political Science. He possesses an M.A. degree in International Affairs from American University, and an M.A. in National Security and Strategic Studies from the Naval War College. Mr. Harris has served as an Adjunct Professor at Georgetown University teaching a masters level class on homeland security.
Michael Teodori is the President of the Washington Foreign Law Society since October 2021. He is a US Policy and Advocacy Specialist at Eni SpA, Italy’s largest energy company, where he focuses on energy policy and congressional affairs. Prior to joining Eni, Mr. Teodori was a Congressional Liaison Officer at the US politics and Congressional affairs office of the Italian Embassy in Washington DC, where he worked to advance relations between the Italy and the US. Mr. Teodori was also a Schuman trainee at the European Parliament, with experience at the European Parliament Liaison Office in Washington, DC as well as at the European Parliament Legal Service in Brussels. Mr. Teodori holds a law degree from the University of Pavia (Italy) and a joint M.A. in transatlantic affairs from the College of Europe (Bruges) and the Fletcher School of Law and Diplomacy at Tufts University (Medford, MA).
Further resources:
Microsoft: New Digital Defense Report 2022: https://blogs.microsoft.com/on-the-issues/2022/11/04/microsoft-digital-defense-report-2022-ukraine/
Attribution of an attack:?https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/
Technical attributes of an attack:?https://www.microsoft.com/en-us/security/blog/?p=99621
MITRE ATT&CK Framework: https://attack.mitre.org/
CyberPeace Institute’s work:?https://cyberpeaceinstitute.org/
Cyber Attacks in?Times of Conflict?Platform #Ukrainehttps://cyberconflicts.cyberpeaceinstitute.org/
Cyber Incident Tracer #Health?https://cit.cyberpeaceinstitute.org/
CyberPeace Builders Program?https://cyberpeaceinstitute.org/cyberpeacebuilders/
United Nations Institute for Disarmament Research
UNIDIR Framework: https://unidir.org/publication/taxonomy-malicious-ict-incidents
Non-Escalatory Attribution of International Cyber Incidents: Facts, International Law and Politics http://unidir.org/attribution
Some of Dr. Ford’s writing on cyber attribution and accountability:
A think-piece on cyber attribution diplomacy published in the?Cyber Defense Review:?https://cyberdefensereview.army.mil/Portals/6/Documents/2022_spring/03_Ford_CDR_V7N2.pdf?ver=jPNxXAqiUZX7kFHLgxwpUw%3d%3d
A MITRE piece on ransomware and cyber insurance:?https://irp.cdn-website.com/ce29b4c3/files/uploaded/Ransomware%20Insurance%20Paper.pdf
Cyberspace security:?https://irp-cdn.multiscreensite.com/ce29b4c3/files/uploaded/ACIS%20Paper%2020%20--%20Cyberspace.pdf
CyberPeace Institute’s work: https://cyberpeaceinstitute.org/
Cyber Attacks in Times of Conflict Platform #Ukraine https://cyberconflicts.cyberpeaceinstitute.org/
Cyber Incident Tracer #Health https://cit.cyberpeaceinstitute.org/
CyberPeace Builders Program https://cyberpeaceinstitute.org/cyberpeacebuilders/