On the two major political aspects that concern him related to attribution for cybercrime, Richard Bejtlich, chief security strategist for FireEye, said:
In the incidents at both Sony and the Office of Personnel Management, attribution was established "fairly early on. Maybe it wasn't handled very well in terms of delivery of the message, but the real hold-up was we don't know what to do next. And you'd think after years and years of intrusions some policy measures would come about, but clearly everyone's sort of making it up as they go along...
"The second part of attribution I worry about is, high levels of attribution and low levels of attribution. So in a case of say US and Russia, we both have really good attribution capabilities in the government and the private sector... Low attribution countries say like India and Pakistan, they could easily be fooled by a third party trying to make it look like there's a conflict between the two of them."