Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Introduction Kapitel lesen Erstes Kapitel lesen

2015 | OriginalPaper | Buchkapitel

5. Exercising Cyber-D&D

verfasst von : Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow

Erschienen in: Cyber Denial, Deception and Counter Deception

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

This chapter examines the components necessary to conduct operational Red/Blue team exercises that incorporate cyber-D&D. As an example, we describe a research experiment referred to as SLX II in which Blue network defense personnel used cyber-D&D against a Red threat actor. This experiment demonstrated the value of adding D&D TTPs to traditional CND and the importance of cyber intelligence. The inclusion of D&D TTPs led to the successful neutralization of the attacker’s compromise of the defender’s operational planning communications.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Cyber-D&D Case Studies
Nächstes Kapitel Considerations, Adaptation, and Sharing
Fußnoten
1
For simplicity, we will refer to all such exercises as wargames.
 
2
Some recent wargame examples are described in David S. Alberts, Reiner K. Huber, and James Moffat (2010) NATO NEC C2 Maturity Model, Washington, DC: DoD Command and Control Research Program. The Joint Chiefs of Staff (2006) Joint Publication 3-13 Information Operations, Washington, DC: Department of Defense, recommends wargaming plans and courses of action for information operations. Wargaming by DoD may be less frequent than suggested by doctrine and history, e.g., regarding the 2008 Russian invasion of Georgia a U.S. Army War College analysis concluded ”U.S. intelligence-gathering and analysis regarding the Russian threat to Georgia failed. … No scenarios of a Russian invasion were envisaged, wargamed, or seriously exercised;” p. 72, Ariel Cohen and Robert E. Hamilton (2011) The Russian Military and the Georgia War: Lessons and Implications. ERAP Monograph, June 2011, Carlisle Barracks PA: Strategic Studies Institute, U.S. Army War College.
 
3
In asynchronous play, Red and Blue are playing the equivalent of mail chess, but with many moves at a time.
 
4
See Rein, L. and Yoder, E. (2014). Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness, The Washington Post, March 13, 2014; and Jowers, K. (2008). Phishing scam turns out to be an inside job. Army Times, April 1, 2008.
 
5
This experiment was conducted with two MITRE Innovation Program (MIP) research teams: Strongarm and Countering Cyber-Deception. The authors of this book constitute the Countering Cyber-Deception MIP team; MIP team members Stech and Heckman participated in this exercise. For more information about MITRE, see http://​www.​mitre.​org
 
6
The reverse proxy was in place for all communication as a load balancer. Such a load balancing reverse proxy could make decisions about which backend content provider should be used based on several factors, such as geographic location, server load, network load, etc. In this experiment, the load balancing reverse proxy simply used userID as the decision criterion.
 
7
The “entirely independent content” approach operated like a secure compartmented back channel, or a special access program, with “need-to-know” access granted only to a very small number of essential users. Blue D&D hinted to Red at the existence of this back channel through compromised e-mail accounts, and used “leaks” via those accounts to reinforce elements of the Blue D&D cover story (e.g., actual covert infiltration of special forces into the terrorist country to lase the terrorist compound for what these forces believed would be a kidnap mission, part of the Red-compromised COAs), while communications within the backchannel allowed for real mission execution (e.g., tasking and execution orders to carrier-based aircraft carrying laser-guided munitions).
 
8
Blue D&D used a version of the “knight’s fork” chess move, when the knight threatens two pieces. Red had to react to the Cotton Dollar ruse and choose between two responses, both of which could benefit Blue. If Red chose to chase Cotton Dollar, Red exposed the accounts Red had compromised. If Red chose not to believe the Blue D&D ploy and not to ambush the Cotton Dollar locations, these locations would then be available to Blue for, e.g., real Blue forces extraction. Inasmuch as Red did not suspect Cotton Dollar was a deception, Red chose to cover the extraction points it knew about, thus exposing the accounts Red had compromised.
 
Literatur
Alberts, D. S., Huber, R. K., and Moffat, J. (2010) NATO NEC C2 Maturity Model, Washington, DC: DoD Command and Control Research Program.
Cohen, A. and Hamilton, R. E. (2011) The Russian Military and the Georgia War: Lessons and Implications. ERAP Monograph, June 2011. Carlisle Barracks PA: Strategic Studies Institute, U.S. Army War College.
Dacier, Marc, Corrado Leita, Olivier Thonnard, Van-Hau Pham, and Engin Kirda (2010) “Assessing Cybercrime Through the Eyes of the WOMBAT”, in Sushil Jajodia, Peng Liu, Vipin Swarup, Cliff Wang, eds. (2010) Cyber Situational Awareness: Issues and Research. New York: Springer.
Heckman, K. E., Walsh, M. J., Stech, F. J., O’Boyle, T. A., Dicato, S. R., & Herber, A. F. (2013). Active cyber defense with denial and deception: A cyber-wargame experiment. Computers and Security, 37, 72–77. doi: 10.1016/j.cose.2013.03.015.CrossRef
Joint Chiefs of Staff (2006) Joint Publication 3–13 Information Operations, Washington, DC: Department of Defense.
Jowers, K. (2008) “Phishing scam turns out to be an inside job”. Army Times, April 1, 2008.
Kott, Alexander & Gary Citrenbaum, eds. (2010) Estimating Impact: A Handbook of Computational Methods and Models for Anticipating Economic, Social, Political and Security Effects in International Interventions. New York: Springer, p. 8 ff.
Rein, L. and Yoder, E. (2014) “Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness”, The Washington Post, March 13, 2014.
Metadaten
Titel
Exercising Cyber-D&D
verfasst von
Kristin E. Heckman
Frank J. Stech
Roshan K. Thomas
Ben Schmoker
Alexander W. Tsow
Copyright-Jahr
2015
Buch
Cyber Denial, Deception and Counter Deception

Print ISBN: 978-3-319-25131-8

Electronic ISBN: 978-3-319-25133-2

Copyright-Jahr: 2015

DOI
https://doi.org/10.1007/978-3-319-25133-2_5