Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

2. Bridging the Classical D&D and Cyber Security Domains

verfasst von : Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow

Erschienen in: Cyber Denial, Deception and Counter Deception

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter uses a traditional framework called the D&D methods matrix as a foundation for describing the basics of D&D in the physical world, extends the D&D matrix to cyber security, and then outlines a set of techniques for applying D&D in the cyber security context. These descriptions can be combined with the cyber-D&D TTP taxonomy in Appendix A to guide understanding of how D&D is used in the cyber domain. We examine the organizational requirements for planning and executing successful defensive cyber-D&D operations, introducing both physical and virtual D&D tactics relevant to each quadrant of the D&D methods matrix.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Introduction
Nächstes Kapitel Intrusions, Deception, and Campaigns
Fußnoten
1
Paltering is “less than lying … the widespread practice of fudging, twisting, shading, bending, stretching, slanting, exaggerating, distorting, whitewashing, and selective reporting. Such deceptive practices are occasionally designated by the uncommon word paltering.” Frederick Schauer and Richard Zeckhauser. “Paltering” in Brooke Harrington, ed. Deception: From Ancient Empires to Internet Dating. Stanford, CA: Stanford University Press, 2009, pp. 38–54.
 
2
Argo is a 2012 film distributed by Warner Bros. Pictures. This case was also adapted into a television movie in 1981, Escape from Iran: The Canadian Caper, directed by Lamont Johnson. Anthony (Tony) Mendez, the CIA officer involved in this case, has written about his experiences: “A Classic Case of Deception,” Studies in Intelligence, Winter 1999/2000, p. 1–16; and Argo: How the CIA and Hollywood Pulled off the Most Audacious Rescue in History, 2012 co-authored with Matt Baglio and published by Viking Adult.
 
3
Gribkov, A. I., Smith, W. Y., & Friendly, A. (1994). Operation ANADYR: U.S. and Soviet generals recount the Cuban missile crisis. Chicago: Edition q, p. 15.
 
4
Fursenko, A. A., & Naftali, T. J. (1997). One hell of a gamble: Khrushchev, Castro, and Kennedy, 1958–1964. New York: Norton, p. 191.
 
5
Gribkov and Smith (1994) p. 15.
 
6
Gerard, P. (2002) Secret Soldiers: The Story of World War II’s Heroic Army of Deception. New York: Penguin Group.
 
7
The 23rd Headquarters Special Troops was a group of U.S. Army artists and designers engaged in a variety of D&D activities against the Germans in World War II.
 
8
One month after the operation, headquarters staff concluded that “The results of this operation are uncertain…However, no movement of forces to counter the move of the Armored division was made by the enemy and captured documents indicated that the unit which was simulated was still considered to be the actual Armored division in its original location several days after the conclusion of the operation.” Despite doing just about everything wrong, the 23rd had gotten lucky. One week after the operation, Lt. Fox wrote a memo to Col. Reeder, the commanding officer of the 23rd, and his colonels about the lessons to be learned: “…The successful practice of military deception by the 23rd Hqs requires the proper amount of SHOWMANSHIP and ARMY PROCEDURE. [emphasis in original]” To Fox, the 23rd had a “…lack of appreciation of the Fine Art of the theatre.” Gerard, P. (2002) Secret Soldiers: The Story of World War II’s Heroic Army of Deception. New York: Penguin Group, pp. 153–155.
 
9
As shown in the D&D methods matrix, the deceiver also has to hide the false, that is, the NDDI, to protect the D&D plan, and show the real, that is, the NEFI, to enhance the D&D cover story.
 
10
Gerard, P. (2002) Secret Soldiers: The Story of World War II’s Heroic Army of Deception. New York: Penguin Group.
 
11
Macintyre, B. (2012) Double Cross: The true story of the D-Day spies. Great Britain: Bloomsbury Publishing. Also see: Andrew, C. M. (2009) Defend the realm: the authorized history of MI5. Alfred A. Knopf : New York.; Pujol, J. and N. West (1986) GARBO. Grafton Books: London.; McCamley, N.J. (2003) Secret Underground Cities: An account of some of Britain’s subterranean defence, factory and storage sites in the Second World War. Leo Cooper: London.
 
12
Hesketh, R. (2000) FORTITUDE: The D-Day Deception Campaign. Overlook: New York.
 
13
Howard, M. (1995) Strategic Deception in the Second World War. Norton: New York.
 
14
The offensive TTP entries include examples of how they would be used by a financially motivated actor as well as by an espionage-motivated actor. The defensive TTP entries include examples of how they would be used against a financially motivated actor and a targeted espionage actor.
 
15
As shown in Stech et al.’s 2011 paper “Scientometrics of Deception, Counter-deception, and Deception Detection in Cyber-space,” the absence of a clear set of conventional terminology suggests the immaturity of that domain.
 
16
James J. Yuill. Defensive Computer-Security Deception Operations: Processes, Principles and Techniques. Dissertation North Carolina State University, Raleigh NC, 2006, p. 200.
 
17
Phrases shown in boldface are techniques originally presented in Table 2.3.
 
18
Jim Aldridge, Targeted Intrusion Remediation: Lessons From The Front Lines, Blackhat 2012, https://​www.​blackhat.​com/​usa/​bh-us-12-briefings.​html#Aldridge
 
19
See Chap. 5 for an illustration.
 
29
Neil C. Rowe. “Deception in defense of computer systems from cyber-attack,” in A. Colarik and L. Janczewski eds. Cyber War and Cyber Terrorism. Hershey, PA: The Idea Group, 2007.
 
30
See Chap. 7 for an analysis of organizational capability for cyber-D&D.
 
31
The deception planner should prepare several cover stories that will be supported throughout a specific deception campaign. By sustaining more than one viable cover story, the deceivers have a fallback story if the principal cover story is compromised, or if the deception target does not seem to react to the principal cover story.
 
32
For ideas on identifying and exploiting blind spots in deception planning, see Van Hecke, M. L. (2007) Blind spots: Why smart people do dumb things. Prometheus Books: Amherst NY; and Sternberg, R. ed. (2002) Why Smart People Can Be So Stupid. Yale University Press: New Haven, CT.
 
33
Whaley uses “Blue” to refer to the friendly, deceiver organization and “Red” to refer to the adversary target.
 
Literatur
Amoroso, E. G. (2011). Cyber attacks : protecting national infrastructure. Burlington, MA: Butterworth-Heinemann.
Bennett, M., & Waltz, E. (2007). Counterdeception principles and applications for national security. Norwood, MA: Artech House.
Bodmer, S., M. Kilger, G. Carpenter, and J. Jones (2012) Reverse Deception: Organized Cyber Threat Counter-Exploitation. McGraw-Hill: New York.
Holt, T. (2007). The deceivers : Allied military deception in the Second World War. New York: Scribner.
Masterman, J.C. (2000) The Double-Cross System. Lyons Press: New York.
Provos, Niels and Thorsten Holz (2007) Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Boston MA: Pearson Education.
Rowe, N., & Rothstein, H. (2004). Two taxonomies of deception for attacks on information systems. Journal of Information Warfare, 3(2), 27-39.
Stech, F., Heckman, K. E., Hilliard, P., & Ballo, J. R. (2011). Scientometrics of deception, counter-deception, and deception detection in cyber-space. PsychNology Journal, 9(2), 79-112.
Whaley, B. (2007a). Stratagem: Deception and Surprise in War. Artech House: Norwood, MA.
Whaley, B. (2007c). Toward a General Theory of Deception. In J. Gooch & A. Perlmutter (Eds.), Military Deception and Strategic Surprise (pp. 188-190). New York: Routlege.
Metadaten
Titel
Bridging the Classical D&D and Cyber Security Domains
verfasst von
Kristin E. Heckman
Frank J. Stech
Roshan K. Thomas
Ben Schmoker
Alexander W. Tsow
Copyright-Jahr
2015
Buch
Cyber Denial, Deception and Counter Deception

Print ISBN: 978-3-319-25131-8

Electronic ISBN: 978-3-319-25133-2

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-25133-2_2

Premium Partner

    Bildnachweise