Other answers:
| Be careful in future |
| Reach out to other private sector experts in the field to request their technical analysis as well as to the national cybersecurity authorities and intelligence services of partner countries and allies to see if they can verify this information. Make a public statement that you are working with partners to establish attribution of the attack. You cannot rely only on one company’s assessment to make a political attribution without risking further escalation. |
| First of all, I would advise considering all relevant information, before jumping to conclusions and potentially wrongly attribute the attack a certain state. I would suggest first to adequately respond, stop the attack, save information that can be saved, manage the crisis, reaching out to partners to exchange information. If after a while the evidence builds up, I would go through diplomatic channels and discuss the potential involvement with the state in question (if possible) and if not (after doing a thorough research) consider attributing the attack, while being aware of the risks. |
| Use Point of Contact to share information and reduce misunderstanding |
| Use cyber norm related to taking into account all possible information |
