Reverse Deception: Organized Cyber Threat Counter-Exploitation Read Online Free PDF Page B
Author: Sean Bodmer
sort useful information from everything else. The intelligence collectors must rely on decision makers to tell them what is wanted or, at least, interact with them enough to allow the collectors to inform themselves.
As a process, intelligence requires prioritization. Resources are never sufficient to gather everything—all that might be useful or interesting. Prioritization exacerbates the uncertainty of intelligence gathered to support competitive activity. That is what defending networks is about by definition. That which makes items of information attractive to adversary collectors makes them attractive to defenders.
Intelligence is of two kinds:
Positive intelligence (PI) is information gathered to facilitate one’s own side achieving its ends.
Counterintelligence (CI) is information gathered to prevent adversaries from compromising network defenses or defenders. A subset of CI called offensive CI seeks out and tries to penetrate hostile elements for the purpose of compromising or destroying at least the effectiveness of the adversary himself.
The effort required to gather, process, distribute, and use intelligence must be related to the degree that hostile activity does or may interfere with the operation of protected networks.
To do so requires that defenders gather a good deal of information about those who are trying to penetrate or disable their networks: who they are, how they work, what they have to work with, how well they do their work, where they get their information, and so on. The list of questions CI is concerned with is long and detailed, as is the list for PI. When these lists are formalized for the purpose of managing intelligence gatherers, they are called essential elements of information (EEI).
Only the most primitive of threats to networks have no explicit EEI. Whether explicit or implied, adversary EEIs are targets of intelligence interest because such lists can be analyzed to divine what adversaries know or are still looking for, and, by implication, what they are trying to protect or intend to do.
The discussion thus far has brought us to a major conundrum at the center of the subject of this book. From whom are we defending networks and from what? On the one hand, defenders know pretty well what technical techniques are used to penetrate networks. That is constrained by the nature of the technology that others may know as well as we do. On the other hand, we have only very general ideas about who is behind attacks because the potential cast of characters is huge, ranging from precocious schoolboys to major foreign governments and organized crime. The ephemeral nature of networks, even protected networks, and their content does not help focus.
And yet, computer networks are created and operated by human beings for human purposes. At the center of it all are human beings with all their foibles and vulnerabilities. The better those are understood on both the PI and CI sides, the more effective defenses and defensive deceptions may be.
Defenders are hungry for data. The more data they have about the nature of networks, their contents, and the humans who operate and maintain them, the better the networks can be defended. But where do potential deceivers get the needed information? The technology is a large part of the answer. Networks must be stable and predictable. To get information out of a network, an adversary must be able to use the protocols designed into the network, or he must gain the cooperation of someone who can provide, so to speak, the keys to it.
Intelligence and deception are like the chicken and egg.
As a process, intelligence requires prioritization. Gathering intelligence involves defining which elements of information are required and how the means to collect them are to be allocated. This is always done under conditions of uncertainty, because that which makes items of information attractive to collectors makes them attractive to defenders.
Deception inevitably
As a process, intelligence requires prioritization. Resources are never sufficient to gather everything—all that might be useful or interesting. Prioritization exacerbates the uncertainty of intelligence gathered to support competitive activity. That is what defending networks is about by definition. That which makes items of information attractive to adversary collectors makes them attractive to defenders.
Intelligence is of two kinds:
Positive intelligence (PI) is information gathered to facilitate one’s own side achieving its ends.
Counterintelligence (CI) is information gathered to prevent adversaries from compromising network defenses or defenders. A subset of CI called offensive CI seeks out and tries to penetrate hostile elements for the purpose of compromising or destroying at least the effectiveness of the adversary himself.
The effort required to gather, process, distribute, and use intelligence must be related to the degree that hostile activity does or may interfere with the operation of protected networks.
To do so requires that defenders gather a good deal of information about those who are trying to penetrate or disable their networks: who they are, how they work, what they have to work with, how well they do their work, where they get their information, and so on. The list of questions CI is concerned with is long and detailed, as is the list for PI. When these lists are formalized for the purpose of managing intelligence gatherers, they are called essential elements of information (EEI).
Only the most primitive of threats to networks have no explicit EEI. Whether explicit or implied, adversary EEIs are targets of intelligence interest because such lists can be analyzed to divine what adversaries know or are still looking for, and, by implication, what they are trying to protect or intend to do.
The discussion thus far has brought us to a major conundrum at the center of the subject of this book. From whom are we defending networks and from what? On the one hand, defenders know pretty well what technical techniques are used to penetrate networks. That is constrained by the nature of the technology that others may know as well as we do. On the other hand, we have only very general ideas about who is behind attacks because the potential cast of characters is huge, ranging from precocious schoolboys to major foreign governments and organized crime. The ephemeral nature of networks, even protected networks, and their content does not help focus.
And yet, computer networks are created and operated by human beings for human purposes. At the center of it all are human beings with all their foibles and vulnerabilities. The better those are understood on both the PI and CI sides, the more effective defenses and defensive deceptions may be.
Defenders are hungry for data. The more data they have about the nature of networks, their contents, and the humans who operate and maintain them, the better the networks can be defended. But where do potential deceivers get the needed information? The technology is a large part of the answer. Networks must be stable and predictable. To get information out of a network, an adversary must be able to use the protocols designed into the network, or he must gain the cooperation of someone who can provide, so to speak, the keys to it.
Intelligence and deception are like the chicken and egg.
As a process, intelligence requires prioritization. Gathering intelligence involves defining which elements of information are required and how the means to collect them are to be allocated. This is always done under conditions of uncertainty, because that which makes items of information attractive to collectors makes them attractive to defenders.
Deception inevitably
Similar Books
The Ever Breath
Julianna Baggott
Nasty
Dr. Xyz
Russian Spring
Norman Spinrad
Escape From Home
Avi
A Little Ray of Sunshine
Lani Diane Rich
Silk Stalkings: Episode 1
Cate Troyer
Whirlwind Reunion
Debra Cowan
Warriors of Camlann
N. M. Browne
Tycoon Takedown
Ruth Cardello