Re: Country of Origin for Malicious Attacks

[sgorman1 () gmu edu]

"I'd be interested in knowing how linking aggregated attack information to country of origin is actually valuable 
relative to our ability to respond to it." 


The simulations we have been running are at the AS level, but country level information is useful for running some of 
the scenarios we are interested in.  Currently we have been starting attacks on the AS graph from randomly selected 
networks, but thought it would be interesting to start attacks from frequent bad actors.  The country level part comes 
in since we are doing this from an economic/policy perspective.  If you are going to invest money in cybersecurity what 
are the most important networks to protect.  If there needs to be cross country cooperation, which countries are the 
most important to get to sign on.  Still not sure how effective of a way this is to look at the problem, but it is one 
of the scenarios we are running through along with market forces, best practices, insurance, liability etc etc.

If anyone is intersted we'll be posting the general approach and models on the xxx.lanl.gov site in the next day or so. 
 I can post the link if folks are intersted, any feedback would be greatly appreciated.

thanks,

sean