Shane McGee, chief privacy officer at FireEye, says the global role that threat intelligence and information sharing in cyber security now plays has created a rapidly changing environment that demands dedicated attention to privacy issues. The goal is to reduce attacks and breaches, and potentially even aid in attribution, but McGee says we need to establish and promote clear standards with policymakers, customers, partners and the general public to ensure responsible business practices align with this goal across the industry.

To say that attribution is pivotal because it allows us to punish bad actors is the obvious answer. The ability to identify these actors with regularity should also foster an environment that will deter would-be cyber attackers. Deterrence is essential in today’s cyber world, and Mandia asserts that deterrence will simply not be effective without attribution—without finding those responsible.

“Nations are already expressing their determination to take these kinds of steps,” Mandia says. “If a country says it will respond proportionately to cyber attacks against its infrastructure, and that it would consider non-cyber means to deter cyber attacks, then a declaration has been made and it needs to be backed up. Therefore, attribution better be right.”

Getting attribution right is no simple task, Mandia admits. He says threat actors are particularly tough to identify because most attacks are coming from outside the country—or through countries with poorly regulated infrastructures— and in those instances it is up to the respective government to identify the cyber criminals.