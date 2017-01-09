Figuring out who’s behind cyberattacks is always difficult, and responsible security analysts are reluctant to point fingers without a smoking gun, which seems to be the case with recent disruptions of the power system in Turkey.

News sources here and here say the Turkish Energy Ministry blames storms and sabotage of underground power lines for outages around the country. It also says coordinated cyberattacks originating in the United States have been thwarted but also been keeping security teams busy. It doesn’t like the outages directly to the cyberattacks, the sources say.

When the reports say the attacks are coming from the United States, they refer to the geographic area, not the government of the U.S. – an assertion that could conceivably be backed up at least partly in fact. The Turks may have proof of direct links to the United States, but it’s notoriously difficult to trace attacks back through all the hops they take en route. There may be a different original source.

Contrast this with U.S. intelligence agencies attributing the hack of the Democratic National Committee (DNC) emails to Russia. The agencies unambiguously point the finger not only at Russia, but at Russian President Vladimir Putin.

Cybersecurity experts find shortcomings in the evidence the government presents in a report made public last week because it sets forth conclusions without setting down the facts on which the conclusions are based. This is frustrating, but understandable; these same intelligence agencies will want to reuse the same sources and techniques and so don’t want to reveal them, which would make them useless.

Release of this type of report should be carefully limited. Blaming a head of state with interfering in another country’s elections is an enormous step that needs to be decided carefully in the political arena. Politicians and intelligence-gathering agencies have different standards for drawing these conclusions than the standards of purely technical cyber forensics.

Cybersecurity pros, for example, might note that tactics, techniques and procedures used to hack DNC emails are similar to those used by known Russian hackers. But they would hold off stating definitively that Putin was behind them. Gathering information needed to draw such a conclusion lies outside their realm.

Where does that leave the general public, which does not closely follow the details of cyber investigations but that is trying to sort this all out? It hears intelligence agencies drawing conclusions largely without disclosing how they reached them. That’s followed by technical security experts outside government saying they see no hard evidence to back up the conclusions.

The result is that releasing the report, which is intended to back up the government’s assertions, comes up short. Predictably enough, this weakens the government’s argument. And since this is a predictable outcome, it is one that ought to be avoided from the standpoint of trying to make a political point.

Transparency around these issues is impossible no matter how desirable. A relatively few with top security clearances have been briefed on details missing from the public, declassified report. They may agree with its conclusions. But the vast majority of people following the issue don’t have all the facts, and that’s a problem for how credibly the report is viewed.