Cyber Strategy Evolves

Cyber strategies continually evolve as the state of the art changes rapidly. Long ago and far away, the attackers just wanted to deface web pages, but that is no longer true. From Advanced Persistent Threats (APT) to Stuxnet, the attackers are now far more organized, experienced and sophisticated. Our defensive strategies must evolve to match the attacks, but in most cases are excluded from offensive attack strategies themselves.

Creating an Effective Cyber Espionage Operation – [infosecisland.com]

The means and tools of cyber espionage are well known and used widely in practice. But has the United States intelligence community put into practice a structured operation to gather both open source and private intelligence and properly analyze and distribute it?

This post proposes one such operational structure.

The tools and methods are described including the use of custom Trojans, back hacking, infiltration, exfiltration, recruitment, IP signal intelligence, seeding, and poisoning. It describes the scope of the data handling and analysis problem and suggests best practices for sharing and analyzing cyber intelligence.

A Strategy for Combating Cyber Terror – [infosecisland.com]

[a condensed list of bullets from the article]

1) The first part of my proposed cyber security strategy is to adopt a single continuum of threat vectors, people and communications channels, whatever and wherever they are.
2) The second part of my strategy regards means of reducing the cyber terror threat surface.
3) This part of the cyber security strategy mandates spending less money on reactive countermeasures like anti-virus software and reduce vulnerabilities by reducing the number of Windows machines by 10% a year and using Linux and FOSS technologies instead that are cheaper and more secure.
4) The fourth part of the cyber security strategy is a to use offensive measures proactively against attackers before the fact and not after an event.
5) The fifth part of my proposed cyber security strategy suggests a demand-side strategy to reduce the social value of being a hacker.

SEE ALSO:
Agile Defense With NIST Controls
Security Controls – Tools for Your Gameplan
Malware Evolution
Advanced Persistent Threat
Stuxnet Advanced Attack
Attack Methodology
Attack vs Defense on an Organizational Scale

Categories: News
Tags: , , , , , , ,

By on July 8th, 2011

Comments are closed.

« »