By David D. Clark* and Susan Landau** —
As a result of increasing Internet insecurity — DDoS attacks, spam, cybercrime, and data theft — there have been calls for an Internet architecture that would link people to packets (the fundamental communications unit used in the Internet). The notion is that this technical “fix” would enable better investigations and thus deterrence of attacks. However, in the context in which the most serious national-security cybersecurity threat the US faces is data exfiltration from corporate and government sites by other jurisdictions, such a solution would be a mistake. Cyberattacks and cyberexploitations are more different than they are the same, and multi-jurisdictional, multi-stage attacks (in which machine A penetrates and “takes over” machine B) are the critical cybersecurity threat. Meanwhile IP addresses are more useful as a basis for various kinds of attribution than has been sometimes thought, and the occasions when attribution at the level of an individual person is useful are very limited. We consider how cyberexploitations and cyberattacks might be traced, and discuss how technical contributions can only be contemplated in the larger regulatory context of various legal jurisdictions.
* David Clark, Senior Research Scientist, MIT. Clark’s effort on this work was funded by the Office of Naval Research under award number N00014-08-1-0898. Any opinions, findings, and conclusions or recommendations expressed in this Essay are those of the authors and do not necessarily reflect the views of the Office of Naval Research.
** Susan Landau, Fellow, Radcliffe Institute for Advanced Study, Harvard University. An earlier version of this Essay appeared in COMM. ON DETERRING CYBERATTACKS, NAT’L RESEARCH COUNCIL, PROCEEDINGS OF A WORKSHOP ON DETERRING CYBERATTACKS: INFORMING STRATEGIES AND DEVELOPING OPTIONS FOR U.S. POLICY, 25–40 (2010), available at http://www.nap.edu/catalog/12997.html.