Cyber attribution is, at its core, the process of discovering the individual, organization, entity or nation-state — the threat actor — responsible for a cyber incident. Assigning an attribution can often be a complex process that leads to opaque conclusions that are challenging to communicate to the public. While entities making attribution judgments can (and sometimes do) take their conclusions directly to the public, the press plays a critical role in two ways: first, by evaluating the newsworthiness of attribution judgments and deciding which to amplify; and second, by helping readers understand the process and the meaning of the attribution judgments.
How to use this site
This website provides accessible background explanations to assist with attribution reporting. The GLOSSARY defines over 50 relevant terms commonly used in attribution research, and which reporters may encounter in attribution judgments. TIPS are our recommendations for how journalists can cover complex attribution. UNDERSTANDING ATTRIBUTION sheds light on some of the methods used by analysts in making attributions that journalists then cover. CASE STUDIES is our blog, providing examples of recent press coverage on attribution judgments.