Enhance cybersecurity awareness and survivability for DoD, industry partners, and academia in the face of the ever-increasing threat of cyber attacks. Cybersecurity (CS) includes managing risks related to the use, processing, storage, and transmission of information and the systems and processes used for those purposes, including analog and physical form. CS includes information availability, identification and authentication, confidentiality, integrity, and non-repudiation as well as the economic considerations with respect to selection of CS techniques, CS processes, and industry trends.
Adversary emulation
- This topic has 3 replies, 4 voices, and was last updated 3 years, 2 months ago by
.
-
Topic
-
In my experience, the level of understanding of an adversaries perspective has been severely lacking. In special operations we couldn’t simply assume an adversary was ‘crazy’ to want to fight or even become a suicide bomber. All of the truly good threat analysts had to know or at least consider and seek to understand their motivations in order to conceptualize scenarios that may be faced. In the cyber domain this is even more critical since much is designed into a complex architecture that is fixed, while threats can probe endlessly and evolve constantly. Has anyone seen an effective use of design basis threats in system/network design?
-
Replies
-
-
I don’t have any personal experience in working on motivational based cyber threat scenarios and would also be interested on how an organization would develop a response to a threat that could come from almost any direction. My limited experience in the non-cyber world generally focused on predicting attacks by one adversary based upon a limited number of known threat possibilities. When the number of threat actors increased or when a new type of threat was used, responders quickly went into a defensive mode. I would be interested in how to plan for the type of attack that you discussed as well as any successful outcomes from design based threat planning,
-
Identifying Threat actors is a critical area of your defense. The threat depends on your area of industry or government and the evaluation of its potential for an attack. Don’t forget that most threats are from insiders and not external. As for developing a response look to NIST (www.nist.gov) for guidance.
-
I completely agree with you that deep understanding of the adversary perspective in the cyber realm is lacking. As an Analyst, I’ve had an opportunity to study some interesting perspectives on Cyber Jihad motivations and methodologies, but nothing has presented itself as truly valuable as compared to some of the dossier type development in the other intelligence realms, namely human, signals collection. Understanding of the mindset and factors of design based threats for cyber actors or organizations would really help to develop robust profiles. I’ve linked an article that I recall from the past year regarding FBI capture of an ISIS-related recruiter. I’m wondering if in your work with SOCOM, you’ve engaged your FBI Liaison and requested reporting from the outcome of the collection effort. I know some of the Cyber or CT folks over there are doing really great work, and perhaps they’re sitting on some really good insight. If you do have any luck tracking some valuable and relevant support material down, please let the forum know if and how it helps.
swordhand
-
You must be logged in to reply to this topic.
