• PNAS Streamlines Submission
  • Sign-up for PNAS eTOC Alerts

Strategic aspects of cyberattack, attribution, and blame

  1. Robert Axelrode,1
  1. aInformation Security Group, IBM Research, Yorktown Heights, NY 10598;
  2. bDepartment of Political Science, University of Michigan, Ann Arbor, MI 48109;
  3. cDepartment of Computer Science, University of New Mexico, Albuquerque, NM 87131;
  4. dSanta Fe Institute, Santa Fe, NM 87501;
  5. eGerald R. Ford School of Public Policy, University of Michigan, Ann Arbor, MI 48109
  1. Contributed by Robert Axelrod, January 11, 2017 (sent for review October 14, 2016; reviewed by Ross Anderson, Matthew Bishop, and Bruce Schneier)


Attribution of cyberattacks has strategic and technical components. We provide a formal model that incorporates both elements and shows the conditions under which it is rational to tolerate an attack and when it is better to assign blame publicly. The model applies to a wide range of conflicts and provides guidance to policymakers about which parameters must be estimated to make a sound decision about attribution and blame. It also draws some surprising conclusions about the risks of asymmetric technical attribution capabilities.


Cyber conflict is now a common and potentially dangerous occurrence. The target typically faces a strategic choice based on its ability to attribute the attack to a specific perpetrator and whether it has a viable punishment at its disposal. We present a game-theoretic model, in which the best strategic choice for the victim depends on the vulnerability of the attacker, the knowledge level of the victim, payoffs for different outcomes, and the beliefs of each player about their opponent. The resulting blame game allows analysis of four policy-relevant questions: the conditions under which peace (i.e., no attacks) is stable, when attacks should be tolerated, the consequences of asymmetric technical attribution capabilities, and when a mischievous third party or an accident can undermine peace. Numerous historical examples illustrate how the theory applies to cases of cyber or kinetic conflict involving the United States, Russia, China, Japan, North Korea, Estonia, Israel, Iran, and Syria.


  • ?1To whom correspondence may be addressed. Email: benjamin.edwards{at}ibm.com or axe{at}umich.edu.

Online Impact

                                      1. 99132880 2018-01-23
                                      2. 802899879 2018-01-23
                                      3. 295573878 2018-01-23
                                      4. 352668877 2018-01-23
                                      5. 984633876 2018-01-23
                                      6. 545928875 2018-01-23
                                      7. 976569874 2018-01-23
                                      8. 871324873 2018-01-23
                                      9. 263462872 2018-01-23
                                      10. 577161871 2018-01-23
                                      11. 255603870 2018-01-23
                                      12. 117346869 2018-01-23
                                      13. 90982868 2018-01-23
                                      14. 663415867 2018-01-23
                                      15. 793874866 2018-01-23
                                      16. 843582865 2018-01-23
                                      17. 864971864 2018-01-22
                                      18. 258841863 2018-01-22
                                      19. 957295862 2018-01-22
                                      20. 553518861 2018-01-22