RUSI JournalVolume 158Issue 4members only

The Sophistication Criterion For Attribution

Attribution of cyber-attacks remains a difficult problem. Contrary to some suggestions, the sophistication of a cyber-attack may not be sufficient to determine its origin

In the wake of Stuxnet, there has been an increasing tendency on the part of politicians and analysts to see the sophistication of a cyber-attack as an indication of its perpetrator. Indeed, the more sophisticated the attack, the more sophisticated the attacker, thereby pointing to a state actor as the culprit – or so it is argued. However, Clement Guitton and Elaine Korzak note the lack of clarity and inconsistency around the term ‘sophistication’, contending that it is

lockmembers only content

Continue reading by joining RUSI

View membership options

Join the World’s Leading Defence and Security Community

  • A busy programme of members' only events
  • Access to a suite of RUSI publications
  • Access to experts, networks and research teams

Already have an account?


Explore our related content