绘制网络归因共识之路

Rachel Anne Carter,Director Cyber, The Geneva AssociationJulian Enoizi,Pool Reinsurance Company Limited, and Secretariat,International Forum of Terrorism Risk (Re)Insurance PoolsMapping a Path toCyber Attribution Consensus 2The Geneva AssociationThe Geneva Association was founded in 1973 and is the only global association of insurance companies; ourmembers are insurance and reinsurance Chief Executive Officers (CEOs). Based on rigorous research conductedin collaboration with our members, academic institutions and multilateral organisations, our mission is toidentify and investigate key trends that are likely to shape or impact the insurance industry, highlighting whatis at stake for the industry; develop recommendations for the industry and for policymakers; provide a platformto our members, policymakers, academics, multilateral and non-governmental organisations to discuss thesetrends and recommendations; reach out to global opinion leaders and influential organisations to highlightthe positive contributions of insurance to better understanding risks and to building resilient and prosperouseconomies and societies, and thus a more sustainable world.International Forum of Terrorism Risk (Re)Insurance PoolsThe International Forum of Terrorism Risk (Re)Insurance Pools (IFTRIP) is a collaboration between global terrorism (re)insurance pools. It was formally ratified at the National Terrorism Reinsurance Pools Congress organised by the AustralianReinsurance Pool Corporation (ARPC) in Canberra in October 2016. The organisation was founded with the goal ofpromoting initiatives for closer international collaboration and sharing expertise and experience to combat the threat ofpotential major economic loss resulting from terrorism. The activities of IFTRIP include facilitating a range of internationalcross-organisational working groups, collective impact initiatives and international events, including an annual conferencewhere a community of experts from the industry alongside business decision-makers ensure delegates stay up to date withthe latest thinking and discussions around the risks posed by extreme events. IFTRIP is governed by the IFTRIP charter and isbound by local and international regulations.Geneva Association publications:Pamela Corn, Director CommunicationsHannah Dean, Editor and Content ManagerPetr Neugebauer, Digital Media ManagerSuggested citation:The Geneva Association. 2021.Mapping a Path to Cyber AttributionConsensus. Authors: Rachel Anne Carter and Julian Enoizi. March.© The Geneva Association, 2021 All rights reservedwww.genevaassociation.orgPhoto credits:Cover page – Titima Ongkantong / Shutterstock - ContentsForeword1.Executive summary2.Introduction3.Attribution: More than just semantics4.Technical, political and legal factors affecting attribution5.An illustrative framework for attribution6.The way forward: Towards an international consensusConclusionAnnex:Certification under Cyber Terrorism Pools – Lessons for commercial insurersengaged in cyber attributionReferences 3Mapping a Path to Cyber Attribution Consensus6811131922252628 4AcknowledgementsThe authors (Rachel Anne Carter and Julian Enoizi) first wish to thank Chuck Jainchill, CyberProduct Development Leader, AIG for leading the expert group on attribution. The authorsalso extend their gratitude to the members of the cyber terrorism and cyber war (CTCW)task force and the external contributors to this project, especially Kaja Ciglic (Microsoft)and Yuval Porat (KAZUAR), who provided technical guidance, and to external reviewers,including Kai-Uwe Schanz, Matt Harrison, Lawrence Winter, Richard Ifft, Francisco EspejoGil and others who provided guidance on the report.Leadership team:Chuck Jainchill, AIG; Daniel Mesfin, Allianz; Dennis Sno, Hannover Re;Philipp Lienau, HDI Global; Christopher Wallace, ARPC and President of IFTRIP; FrancoisVilnet, GAREAT and IFTRIP; Christian Wells, Pool Re and IFTRIP; Tony Ellwood, Lloyd’sMarket Association; Cyrus Delarami, Munich Re; Franz Gromotka, Munich Re.CTCW experts:Jannice Koch, Allianz; Neil Arklie, Aviva; Alexandra Maunie, AXA; MathieuCousin, AXA; Peter Zimmerli, Axis Capital; Matthew Webb, Hiscox; Anna Fenech, ARPCand IFTRIP; Daniel Largacha Lamela, MAPFRE; Rory Egan, Munich Re; Chris McEvoy,Partner Re; Chris Yeates, Pool Re and IFTRIP; Szymon Mitoraj, PZU; Sie Liang Lau, SCOR;Alexander Bosch, SCOR; Kei Kato, Tokio Marine; Masashi Yamashita, Sompo Japan InsuranceIncorporated. ForewordMapping a Path to Cyber Attribution Consensus Cybercriminals are known to exploit society’s vulnerabilities during times of crisis. That iswhy authorities were quick to sound the alarm on cyber threats in early 2020, when thepandemic emerged.The warning was justified. In mid-2020, the United States Federal Bureau of Investigation(FBI) reported a 400% increase in the number of cybercrime incidents. In a July 2020survey of 1,000 global IT leaders, 90% of them indicated an increase in cyberattacks dueto the pandemic