Bugs, Trojans, and Rootkits: Fighting Back Against Things that Go Bump in the Network
Cyber Denial, Deception and Counter Deception: A Framework for Supporting Active Cyber Defense, by Kristin Heckman, Frank Stech, Roshan Thomas, Ben Schmoker and Alexander Tsow, examines how using denial and deception (D&D) techniques can prevent cyber attackers from accessing information and data. The team won MITRE’s 2016 Knowledge Advantage Award for their work.—Editor
Author: Marilyn Kupetz
If you ever have the pleasure of a face-to-face conversation with MITRE’s Frank Stech, you’ll surely discuss the mythological Trojan Horse. Why did the Greeks make the thing so big, heavy, and hard to move?
Their goal was to better deceive the Trojans. The Greeks rightly assumed that if the Trojans believed they were acquiring a highly desirable prize, transporting the trophy inside the city walls would feel like that much more of a triumph.
Deception has a long history—the nobility of which depends on the side you’re on—and today’s coded Trojans come bearing gifts that violate more than the walls of one city. Cyber Denial, Deception and Counter Deception: A Framework for Supporting Active Cyber Defense presents a first-of-its-kind framework to educate the next generation of cyber security professionals—the Cassandras that we need to listen to. According to author Kristin Heckman, denial and deception (or D&D) tools should be in every defender’s tool box. By engaging cyber-D&D researchers in rich conversation about the merits of such tools and how to use them, this book bridges a gap between what practitioners know about cyber security and what they understand about classical D&D theory.
As the team worked on the book, they pooled their reviews of cyber security research literature. En route, they found that “the use of denial, deception, and counter deception in the cyber domain is in its infancy when compared to D&D use in the physical world and kinetic warfare” (p. vi). Because cyber professionals in government and academic settings are rarely trained to see connections between classical deception theory and cyber security, “many computer network defenders have limited familiarity with D&D theory or approaches, let alone how to apply them. This, coupled with disjoint terminology, theory, and lack of a cohesive framework, may have contributed to fewer empirical and operational applications of D&D in cyber security” (p. vi).
The authors do not intend their book to serve as “a technical manual for crafting cyber-D&D techniques.” Instead, they want their community of interest to share knowledge and build awareness “within the larger organizational, business, and cyber defense context” (p. vi). In other words—and borrowing from a different mythology—they want to help fill the holy grail of any mature domain—the cup of interoperability—with a point of departure, a lexicon, and a blueprint for sharing collective intelligence through the lifecycle of a cyber-D&D operation.
Big takeaways? Heckman says that cyber defenders are more likely to use D&D successfully in an operation if they plan how to use it from the beginning of the operation rather than pulling it in as an afterthought. For one thing, good D&D enterprise tools are an investment. Chapter 8 discusses what different capability maturity levels look like, and Chapter 9 presents a lifecycle model illustrating how an enterprise can increase its maturity level.
The work earned Heckman, Stech and co-authors Roshan Thomas, Ben Schmoker, and Alex Tsow MITRE’s 2016 Knowledge Advantage Award. MITRE Security Architecture Principal Mindy Rudell told us that the book “reflects deep insight on cyber denial and deception and provides a pragmatic guide for our sponsors”—and for you, as a cyber professional.