nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

2. Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence

verfasst von : Frank J. Stech, Kristin E. Heckman

Erschienen in: Cyber Weaponry

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

With the increase use of cyber weapons for Internet-based cyber espionage, the need for cyber counterintelligence has become apparent, but counterintelligence remains more art than science because of its focus on tricking human nature—the way people think, feel, and behave. Nevertheless, counterintelligence theory and practice have been extended to domains such as industry and finance, and can be applied to cyber security and active cyber defense. Nonetheless, there are relatively few explicit counterintelligence applications to cyber security reported in the open literature. This chapter describes the mechanisms of cyber denial and deception operations, using a cyber deception methods matrix and a cyber deception chain to build a tailored active cyber defense system for cyber counterintelligence. Cyber counterintelligence with cyber deception can mitigate cyber spy actions within the cyber espionage “kill chain.” The chapter describes how defenders can apply cyber denial and deception in their cyber counterintelligence operations to mitigate a cyber espionage threat and thwart cyber spies. The chapter provides a hypothetical case, based on real cyber espionage operations by a state actor.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Weaponization of Computers

Nächstes Kapitel The Human Element: The “Trigger” on Cyber Weapons

In 2009, the United States published the Comprehensive National Cybersecurity Initiative (CNCI). The initiative outlined US cybersecurity goals that spanned multiple agencies, including the Department of Homeland Security, the Office of Management and Budget, and the National Security Agency. The 2009 CNCI included the goal (among others) of “…enhancing US counterintelligence capabilities and increasing the security of the supply chain for key information technologies.” Specifically, the CNCI announced “Initiative #6. Develop and implement a government-wide cyber counterintelligence plan.” The Initiative stated: “Initiative #6. Develop and implement a government-wide cyber counterintelligence plan. A government-wide cyber counterintelligence plan is necessary to coordinate activities across all Federal Agencies to detect, deter, and mitigate the foreign-sponsored cyber intelligence threat to US and private sector information systems. To accomplish these goals, the plan established and expanded cyber counterintelligence education and awareness programs and workforce development to integrate counterintelligence into all cyber operations and analysis, increase employee awareness of the cyber counterintelligence threat, and increase counterintelligence collaboration across the government. The Cyber CI Plan is aligned with the National Counterintelligence Strategy of the United States of America (2007) and supports the other programmatic elements of the CNCI.”

These two threat agents have been code named by different cyber threat intelligence organizations. APT28 and APT29 are the code names used by FireEye and other organizations, and are used in this report for convenience.

For example, Duvenage et al. (2016) describe the organizational requirements for strategic, operational, and tactical/technical cyber counterintelligence operations; Victor Jaquire and Sebastiaan von Solms (2017) outline a capability maturity model for cyber counterintelligence organizations; Duvenage, Sebastian von Solms, and Manuel Corregedor (2015) describe a cyber counterintelligence process model; and Johan Sigholm and Martin Bang (2013) propose a interorganizational information exchange model for cyber counterintelligence.

It is interesting that Lowenthal’s 1992 overview of U.S. intelligence mentions counterintelligence only briefly, as a defensive FBI function, c.f., Mark M. Lowenthal (1992) U.S. Intelligence: Evolution and Anatomy, Second Edition. London: Praeger.

The term mole was applied to spies in the book Historie of the Reign of King Henry VII written in 1626 by Sir Francis Bacon; W. Thomas Smith (2003). Encyclopedia of the Central Intelligence Agency. New York: Infobase Publishing, p. 171.

This section relies on material from Frank J. Stech, Kristin E. Heckman, and Blake E. Strom (2016), “Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense,” in Sushil Jajodia, V.S. Subrahmanian, Vipin Swarup, & Cliff Wang eds. (2016), Cyber Deception: Building the Scientific Foundation. Switzerland: Springer.

See also, Neil C. Rowe & Julian Rrushi (2016) Introduction to Cyberdeception. Switzerland: Springer; and Sushil Jajodia, V.S. Subrahmanian, Vipin Swarup, Cliff Wang, eds. (2016) Cyber Deception: Building the Scientific Foundation. Switzerland: Springer.

Further description of the cyber deception chain and its applications in active cyber defenses are in Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow (2015) Cyber Denial, Deception and Counter Deception: A Framework for Supporting Active Cyber Defense. Switzerland: Springer.

ATT&CK™ (2017) Adversarial tactics, techniques & common knowledge. Viewed 23 Sept 2017. https://attack.mitre.org/

Coleman R (2014) Combating economic espionage and trade secret theft: May 13 statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Viewed 22 May 2017. https://www.fbi.gov/news/testimony/combating-economic-espionage-and-trade-secret-theft

Defense Security Service (2015) Counterintelligence best practices for cleared industry. Viewed 22 May 2017. http://www.dss.mil/documents/ci/CIBooklet.pdf

Duvenage P, von Solms S (2014) Putting counterintelligence in cyber counterintelligence: back to the future. In: Liaropoulos A, George T (eds) Proceedings of the 13th European conference on cyber warfare and security ECCWS-2014. Piraeus, Greece, 3–4 July 2014

Duvenage P, Jaquire V, von Solms S (2016) Conceptualising cyber counterintelligence—two tentative building blocks. In: Proceedings of the 15th European conference on cyber warfare and security, Munich, Germany, 7–8 July 2016, pp 93–102

Ehrman J (2009) Toward a theory of CI: what are we talking about when we talk about counterintelligence? Stud Intell 53(2):5–20

FireEye (2014) APT28: a window into Russia’s cyber espionage operations? 27 Oct 2014. Viewed 22 May 2017

French G, Kim J (2009) Acknowledging the revolution: the urgent need for cyber counterintelligence. Nat Intell J 1(1):71–90

Geers K, Kindlund D, Moran D, Rachwald R (2014) FireEye Report. WORLD WAR C: understanding nation-state motives behind today’s advanced cyber-attacks, FireEye, Inc. Viewed 22 May 2017. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-wwc-report.pdf

Giles K (2014) The next phase in Russian information warfare: report by the NATO Strategic Communications Centre of Excellence. Viewed 22 May 2017. http://www.stratcomcoe.org/download/file/fid/5134

Giles K (2016) Russia’s ‘New’ tools for confronting the west continuity and innovation in Moscow’s exercise of power: report by Chatham house. Royal Institute of International Affairs. Viewed 22 May 2017. https://www.chathamhouse.org/publication/russias-new-tools-confronting-west

Heckman K, Stech F, Thomas R, Schmoker B, Tsow A (2015) Cyber denial, deception and counter deception: a framework for supporting active cyber defense. Springer, ChamCrossRef

Intelligence and National Security Alliance (2017) Counterintelligence for the 21st century. Viewed 22 May 2017. https://obamawhitehouse.archives.gov/the-press-office/2015/02/25/fact-sheet-cyber-threat-intelligence-integration-center

Kahn D (1967) The code breakers. Macmillan, New York

Lowenthal M (1992) U.S. intelligence: evolution and anatomy, 2nd edn. Praeger, London

Lowenthal M (2009) Intelligence: from secrets to policy. CQ Press, Washington, DC

O’Connell E (1994) Countering the threat of espionage. Security Management 38(5). Viewed 22 May 2017. https://www.questia.com/magazine/1G1-15501611/countering-the-threat-of-espionage

Office of the National Counterintelligence Executive (2013) Protecting key assets: a corporate counterintelligence guide. Viewed 22 May 2017. https://www.dni.gov/files/NCSC/documents/Regulations/ProtectingKeyAssets_CorporateCIGuide.pdf

Prunckun H (2014) Extending the theoretical structure of intelligence to counterintelligence. Salus J 2(2). Viewed 22 May 2017. http://www.salusjournal.com/wp-content/uploads/sites/29/2013/03/Prunckun_Salus_Journal_Issue_2_Number_2_2014_pp_31-49.pdf

Schmoker B (2015a) MITRE corporation briefing. Deception in the wild: a case study of APT28. MITRE. Viewed 22 May 2017

Schmoker B (2015b) MITRE corporation white paper. Denial and deception in a targeted espionage operation. MITRE. Viewed 22 May 2017

Sims J (2009) Defending adaptive realism: Intelligence theory comes of age. In: Gill P, Marrin S, Phythian M (eds) Intelligence theory: key questions and debates, United States. Routledge, New York, p 154

Sims J, Gerber B (eds) (2009) Vaults, mirrors, and masks: rediscovering US counterintelligence. Georgetown University Press, Washington, DC

Skerry M (2013) Financial counterintelligence: how changes to the U.S. anti-money laundering regime can assist U.S. counterintelligence efforts. Santa Clara Law Rev 53(205):217

Stech F (2016) MITRE corporation technical report MTR 160057. Cyber Counterintelligence, MITRE. Viewed 22 May 2017

Stech F, Heckman K, Strom B (2016) Integrating cyber-D&D into adversary modeling for active cyber defense. In: Jajodia S, Subrahmanian VS, Swarup V, Wang C (eds) Cyber deception: building the scientific foundation. Springer, Cham

Stone J (2016) Meet fancy bear and cozy bear, Russian groups blamed for DNC hack. Christian Science Monitor, 15 June. Viewed 22 May 2017. http://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack

Weedon J (2015) Beyond “Cyber War”: Russia’s use of strategic cyber espionage and information operations in Ukraine. In: Geers K (ed) Cyber war in perspective: Russian aggression against Ukraine. NATO CCD COE Publications, Tallinn

Titel: Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence
verfasst von: Frank J. Stech
Kristin E. Heckman
Verlag: Springer International Publishing
Buch: Cyber Weaponry
Print ISBN: 978-3-319-74106-2

Electronic ISBN: 978-3-319-74107-9

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-74107-9_2

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"