Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2015 | Buch

Introduction Kapitel lesen Erstes Kapitel lesen

Cyber Denial, Deception and Counter Deception

A Framework for Supporting Active Cyber Defense

verfasst von: Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow

Verlag: Springer International Publishing

Buchreihe : Advances in Information Security

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

This book presents the first reference exposition of the Cyber-Deception Chain: a flexible planning and execution framework for creating tactical, operational, or strategic deceptions. This methodology bridges the gap between the current uncoordinated patchwork of tactical denial and deception (D&D) techniques and their orchestration in service of an organization’s mission. Concepts for cyber- D&D planning operations and management are detailed within the larger organizational, business, and cyber defense context. It examines the necessity of a comprehensive, active cyber denial scheme.

The authors explain the organizational implications of integrating D&D with a legacy cyber strategy, and discuss trade-offs, maturity models, and lifecycle management. Chapters present the primary challenges in using deception as part of a security strategy, and guides users through the steps to overcome common obstacles. Both revealing and concealing fact and fiction have a critical role in securing private information. Detailed case studies are included.

Cyber Denial, Deception and Counter Deception is designed as a reference for professionals, researchers and government employees working in cybersecurity. Advanced-level students in computer science focused on security will also find this book useful as a reference or secondary text book.

Inhaltsverzeichnis

Frontmatter
Chapter 1. Introduction
Abstract
The world has become ever more reliant on computers for critical infrastructure, communications, and commercial operations. The security of computer systems now affects billions of lives, yet architectural and legacy decisions and consequent vulnerabilities allow malicious actors to compromise sensitive information and deny access to legitimate users. In addition, intrusions by dedicated actor groups appear to have become more persistent, threatening, and global (Jajodia et al. 2011).
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 2. Bridging the Classical D&D and Cyber Security Domains
Abstract
This chapter uses a traditional framework called the D&D methods matrix as a foundation for describing the basics of D&D in the physical world, extends the D&D matrix to cyber security, and then outlines a set of techniques for applying D&D in the cyber security context. These descriptions can be combined with the cyber-D&D TTP taxonomy in Appendix A to guide understanding of how D&D is used in the cyber domain. We examine the organizational requirements for planning and executing successful defensive cyber-D&D operations, introducing both physical and virtual D&D tactics relevant to each quadrant of the D&D methods matrix.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 3. Intrusions, Deception, and Campaigns
Abstract
Cyber intrusions consist of cyber attack campaigns, composed of cyber kill chains, which include various cyber attacks, composed of multiple attacks steps. The defender aiming to defeat such cyber intrusions, or reduce their impacts, can use cyber D&D against the attacker. Our analysis reveals opportunities for cyber-D&D at each phase of this cyber intrusion model. In this chapter we examine cyber-D&D options for the various phases of the cyber kill chain, and propose a model for planning, preparing, and executing active defense cyber-D&D operations. The chapter concludes with an examination of how to advance mission goals across intrusion campaigns by developing deception campaigns.Cyber intrusion tactics and strategies have advanced considerably over the last two decades. Analysts have drawn on empirical observations to formulate high-level models of cyber intrusions. The four-tiered pyramidal model of intrusions in Fig. 3.1 depicts various granularities of abstractions in such models.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 4. Cyber-D&D Case Studies
Abstract
To highlight the benefits and challenges associated with cyber-D&D and explore aspects of operational implementation, we present two case studies: one based on accounts of the Stuxnet intrusion that damaged Iran’s uranium enrichment facilities and the other a notional depiction of an espionage-motivated intrusion. The Stuxnet cyber-sabotage case showcases extensive use of offensive cyber-D&D at the technique, tactical, operational, and strategic levels. The fictional case study illustrates how elements of cyber-D&D can be used defensively against APT attempts at cyber espionage.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 5. Exercising Cyber-D&D
Abstract
This chapter examines the components necessary to conduct operational Red/Blue team exercises that incorporate cyber-D&D. As an example, we describe a research experiment referred to as SLX II in which Blue network defense personnel used cyber-D&D against a Red threat actor. This experiment demonstrated the value of adding D&D TTPs to traditional CND and the importance of cyber intelligence. The inclusion of D&D TTPs led to the successful neutralization of the attacker’s compromise of the defender’s operational planning communications.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 6. Considerations, Adaptation, and Sharing
Abstract
Adaptability and agility are essential in planning, preparing, and executing deception operations. Deception planners must be prepared to respond so that they can still achieve their goals even when it seems that everything is going wrong. This chapter brings together considerations for the cyber-D&D planner, covering the realities of utilizing cyber-D&D. Applying cyber-D&D poses risk and has the potential for unintended consequences. Cyber-D&D operations can be compromised, and even the best-laid plans can fail. Although the defender can gain advantages by using D&D in each phase of the kill chain, utilizing cyber-D&D TTPs always involves challenges and potential drawbacks. We review some of these to inform and encourage cyber-D&D cadres to explore these considerations early in the planning phases of cyber-D&D operations.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 7. Countering Denial and Deception
Abstract
In this chapter we explore cyber-counterdeception (cyber-CD), what it is, how it works, and how to incorporate it into cyber defenses. We review existing theories and techniques of counterdeception and adapt them for usage by cyber defenders in conjunction with their deception chains and deception campaigns. In so doing we present a cyber-CD process model, then apply it to the Mandiant APT1 case. Our goal is to suggest how cyber defenders can use cyber-CD, in conjunction with defensive cyber-D&D campaigns, to detect and counter cyber attackers.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 8. Capability Maturity Model
Abstract
As cyber-D&D becomes a well-recognized, mainstream technique in cyber defense operations, a capability maturity model (CMM) can enable organizations to assess their readiness to conduct cyber-D&D operations. The systematic framework provided by a CMM enables organizations to implement a strategic cyber-D&D capability, assess the maturity of that capability over time, and estimate the capabilities of cyber adversaries.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 9. Cyber-D&D Lifecycle Management
Abstract
Like any other capability to be introduced into an organization, cyber-D&D must be carefully coordinated and managed to achieve the desired results. Figure 9.1 shows the most significant facets of lifecycle management.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Chapter 10. Looking to the Future
Abstract
This book has built on the existing body of research in classical D&D and provided a theoretical framework to adapt classical D&D for cyber security, but the field of cyber-D&D has barely begun to develop. This chapter outlines promising areas for advanced research and development.
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Erratum
Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow
Backmatter
Metadaten
Titel
Cyber Denial, Deception and Counter Deception
verfasst von
Kristin E. Heckman
Frank J. Stech
Roshan K. Thomas
Ben Schmoker
Alexander W. Tsow
Copyright-Jahr
2015
Electronic ISBN
978-3-319-25133-2
Print ISBN
978-3-319-25131-8
DOI
https://doi.org/10.1007/978-3-319-25133-2