From the Executive Summary: "Malicious cyber actors exploit gaps in technology and international cybersecurity cooperation to launch multistage, multi-jurisdictional attacks. Rather than consider technical attribution the challenge, a more accurate argument would be that 'solutions to preventing the attacks of most concern, multi-stage multi-jurisdictional ones, will require not only technical methods, but legal/policy solutions as well.' Deep understanding of the social, cultural, economic, and political dynamics of the nation-states where cyber threat actors operate is currently lacking. This project aims to develop a qualitative framework to guide US policy responses to states that are either origin or transit countries of cyber attacks. [...] Identifying the gaps in international cooperation and their socioeconomic and political bases will provide the knowledge required to support our partners' cybersecurity and contribute to building a cyber environment less hospitable to misuse. It will also help US policy makers to determine the appropriate escalation of diplomatic and defensive responses to irresponsible countries in cyberspace. Further research and discussion will likely enable the timely development of the response frame-work for US sponsorship of sound global norms to guide global cybersecurity. This will also assist the US defense, diplomatic, and development communities in building consensus, leveraging resources to enhance global cybersecurity, and coordinating US global outreach to those countries most beset by cyber crime and conflict."
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/