This paper reexamines the Lockheed-Martin Cyber Attack Kill Chain from the perspective of counterterrorism tradecraft. The Cyber Attack Kill Chain and the Terrorism Kill Chain are nearly identical; therefore, information gained from cyber campaign analysis and counterterrorism intelligence are likely functionally analogous, and therefore should be behaviorally equivalent in the intelligence cycle. Applying counterterrorism intelligence techniques to the Lockheed-Martin Cyber Attack Kill Chain will close a considerable functional gap in cybersecurity, providing cyberresilience and allowing decision makers to incorporate tailored and predictive cyberresistance into enterprise-wide risk-management and governance processes.
The only step missing
…show more content…
As a result of this, terrorists sometimes forgo rehearsal altogether for fear of discovery. An unrehearsed act of terrorism, while more likely to be seen through to fruition (Actions on the Objective), stands a greatly reduced chance of success.
Some modern cybersecurity analysts disparage the Lockheed-Martin Cyber Attack Kill Chain model, claiming that it is intrusion-centric and does not account for many current and emerging threats including insider threats, social engineering, and remote access.2 Intrusions are now a much broader problem class than they were when the Lockheed-Martin paper was written. However, if hackers tend to use trend-focused approaches, then that functional gap closes considerably with an application of strategic-level counterterrorism techniques.
Current intrusion detection systems focus on system vulnerability, and therefore determine immediate threats and not strategic patterns. The cyberthreat environment requires strategic-level analysis of the broader threat, including emerging tactics, techniques, and procedures (TTPs). For strategic-level data collection, vulnerability-focused systems are
…show more content…
The intelligence officer then presents these questions, called intelligence gaps, to the collection manager, who coordinates operations that task intelligence assets (collectors) with finding the answers to the intelligence gaps. As intelligence gaps are filled, analysts determine new gaps, and the process begins anew.
This “peeling of an onion” can be a difficult concept for civilian analysts – and particularly “business intelligence analysts” whose jobs revolve around quantifiable and incontestable data – to grasp. It is likely even harder for many executive-level consumers to appreciate and may create a point of contention. However, gap analysis drives the counterterrorism intelligence cycle, and it must do so in a Strategic Intrusion Analysis Cell.
By understanding the aggressor’s kill chain, particulary in reference to an APT, the defender can not only thwart the current attack but also detect future attacks earlier and build resiliency into the defensive posture. This is the purpose of intelligence in counterterrorism, and it is directly analogous to APT.
In addition to employing the intelligence cycle, other counterterrorism intelligence practices
The pros of electronic surveillance are extensive. The ability for agents of the United States Intelligence Community (IC) to intercept and process communications and information from foreign powers, agents of foreign powers, international terrorist organizations, and others who seek to engage in activities with such groups, provides the ...
Anonymous. "Strategic Warning: If Surprise Is Inevitable, What Role for Analysis?" Www.cia.gov. Central Intelligence Agency, 21 Apr. 2007. Web. 11 Nov. 2013.
At this juncture, it may be somewhat difficult to accept the proposition that a threat to the telecommunications grid, both wired and wireless, in the United States could potentially be subject to a catastrophic cyber attack. After careful research on the subject, it appears the potentiality of an event of such magnitude, which either disrupts one or the other grids for a long period or destroys either, is both theoretically and realistically impossible. It may be that proponents—those who advance such theories—equate such “doomsday” scenarios as if a cyber attack would or could be of the same magnitude as a conventional or nuclear military strike. Terms such as “cyber Pearl Harbor,” “cyber 9/11” and “cyber Vietnam” have been used to describes potential catastrophic cyber attacks and yet, “Though many have posited notions on what a ‘real’ cyber war would be like, we lack the understanding of how such conflicts will be conducted and evolve.” (Rattray & Healey, 2010, p. 77). Yet, the U.S. government continues to focus on such events, as if the plausibility of small-scale cyber attacks were not as pressing.
The United States has endured numerous security breaches and high security threats over the past two decades. After the attacks on 9/11, the office of Intelligence became a vital source in retrieving sensitive data and tracking down potential terrorists and their networks which could pose a threat to the American people and then forwarding that vital information to the Department of Homeland Security and other government agencies. Intelligence became a key role in “assessing threats to critical American infrastructures, bio-and nuclear terrorism, pandemic diseases, threats to the borders to the nation, and radicalization within American society” (Randol, 2009, p. 7). The sharing of homeland security intelligence has become a precedence for Congress and the government. Our nation must be one step ahead of any potential terrorists that want to harm our turf. Within this text the capabilities and limitations of both domestic and foreign intelligence in supporting homeland security efforts will be explained;
Founded by the Monterey Group (Terrorism Committee for the U.S. Legislature), the United States adopted a three-level categorization for cyber-terror including simple-unstructured, advanced-structures, and complex-coordinated (Findlay, 2014). At the first level of cyber-terror is a simple unstructured attack. Under this category, a simple-unstructured attack involves very diminutive target analysis, command and control, or learning skills. This type of attack is normally planned within a matter of months and targets a general organization. Next is the level of an advanced-structured attack, which requires a straightforward target analysis, command and control, learning skills, and a high amount of planning in order to cause extensive damage. For example, in 2007, there was a three-week period of cyber-attacks on Estonia (located in Northern Europe), which targeted the country’s government, financial, and security divisions. Due to the extensive planning of this sophisticated attack, Estonia’s government was thrown into chaos and was unable to operate at full capacity. Finally, at the last level of cyber terrorism is the complex-coordinated attack (Extremely rare). At the highest level of terror, these attacks require substantial time, specialized skills, resources, and a highly capable target analysis. One of these substantially rare attacks
In 1980, James Anderson’s paper, Computer Security Threat Monitoring and Surveillance, bore the notion of intrusion detection. Through government funding and serious corporate interest allowed for intrusion detection systems(IDS) to develope into their current state. So what exactly is IDS? An IDS is used to detect malicious network traffic and computer usage through attack signatures. The IDS watches for attacks not only from incoming internet traffic but also for attacks that originate in the system. When a potential attack is detected the IDS logs the information and sends an alert to the console. How the alert is detected and handled at is dependent on the type of IDS in place. Through this paper we will discuss the different types of IDS and how they detect and handle the alerts, the difference between a passive and a reactive system and some general IDS intrusion invasion techniques.
In this week’s assignment we will be looking at a number of significant issues that are or have confronted the intelligence community in a post 9-11 environment. We will quickly touch on the role the Global War on Terrorism has had on changes to the intelligence community’s position, procedures, and policies along with assessing how the intelligence community has directed it efforts when it comes to dealing with traditional military threats from other countries. It is inarguable that for the large majority of times, change is instituted to make a situation better, or to prevent a bad situation from arising. So too can be said about the countless changes in policy and practices that have affected the intelligence community since 9-11. Retrospectively assessing a few of these polices it can become difficult to see in its totality if they have helped the intelligence community or in a way weakened it.
Due to their complexity and importance to information security, two security systems, Network Intrusion Detection/Prevention Systems (NIDPS) and Security Information and Event Management systems (SIEM), will be explored in this paper. Both have multiple functionalities, including threat-detecting capabilities, and are widely considered essential tools for adequate network defense, particularly in the goal of fortifying valuable assets in the face of an advanced threat. Understanding these systems is vital for any security operation tasked with defending significant networks.
Many nations in the world - the United States, China, Russia, Iran, Germany, and more- use cyber warfare as a method of conducting sabotage and espionage. Nations, such as China and Russia, use espionage in order to prevent their economy and their military technology from falling behind by stealing advanced nations’ technology. Other nations, including Israel and Iran, focus on sabotaging other nations to cripple them, by sending malwares that destroy important data on the system, from advancing their technology and costing them a decent amount of money due to repairs. Another popular cyber attack used, mainly with hacktivist, government- sympathetic groups not owned by the government, and nations less advanced in technology, is Denial-of-service, or DoS. DoS is used to hinder the target’s website and other things that are maintained by computers by making it unavailable to intended users. People argue there are no benefits for cyber warfare due to its potential destructive powers and instant process of destruction. While other people-looking from a different view find that cyber warfare does have its benefits. They argue that an important benefit is that cyber warfare takes place in cyber space meaning that it does not physically harm people. They also argue that cyber warfare draws the awareness of the nation on the ever increasing dangers of cyber warfare and forces the government to set up stronger cyber security to fend off international attacks, which also help protect the government from internal hackers. It also creates more jobs for hackers, who use their knowledge to increase the security instead of harm it. Although cyber warfare produces damaging effects on a nation, in the long run, it crea...
Society has become ever-increasingly dependent upon technology, more specifically, computers to conduct personal and business transactions and communications. Consequently, criminals have targeted these systems to conduct information and cyber warfare, which can include politically motivated attacks and to profit through ill-gotten means. In an article written by Koblentz and Mazanec (2013), cyber warfare is the act of disabling an enemy’s ability to use or obtain information, degrade its ability to make decisions, and to command its military forces. Additionally, information warfare is composed of cyber warfare and related to the protection, disruption, destruction, denial, or manipulation of information in order to gain a benefit through the technologies (Taddeo, 2012). Accordingly, as technology becomes readily available to various entities, the ability to conduct or perform warfare through technological means is multiplying.
National and International Security is a sum of the actions taken by countries and other organizations that can guarantee the safety and well being of their population. It is vital for a nation to pre-emptively discover what issues could affect their security, and take action to prevent any detrimental or harmful events from happening. With the development of technology and the transition into a more technologically savvy society, cyber security has become one of the most prevalent and important economic and national security issues that the United States will come to face.
It is asserted in an article the battlefield of cyber space: the inevitable new military branch-the cyber force by Natasha Solce. In this article she has analyzed cyberspace as future battlefield she stressed on the need of plans which include amendments in constitution, establishing a cyber-force and strictked security measures to tackle cyber terrorism. She points out different events which held only because of the mismanagement by security institutions. She investigated that 8th US Air force was designed as the most modern operational force against the cyber terrorist. She concludes that terrorist may instigate more vulnerable attacks in future if they are not dealt with priority (Solce, 2008).
Unequivocally speaking, the threat of a cyber-attack has become one of the most critical domestic and national security challenges we face as a nation today. Infrastructures supporting government operations are ...
Olender, Michael. “Keeping Pace with Cyber Power, Defense, and Warfare.” Journal of International and Global Studies 6.2 (2015): 55+. Academic OneFile. Web. 5 Oct. 2015.
“We deliver fact-based, actionable solutions grounded in rigorous analysis” (About, 2016). The Transportation Security Administration (TSA) and Boeing developed a terrorism risk modeling tool in which the RAND organization helped evaluate. “The Risk Management Analysis Tool, or RMAT, simulates terrorist behavior and success in attacking vulnerabilities in the domestic commercial air transportation system, drawing on estimates of terrorist resources, capabilities, preferences, decision processes, intelligence collection, and operational planning” (Aviation, 2012). The RMAT is an important tool in simulating many different attacks and describing just how well the layers of aviation security are likely to perform. It produces particular data allowing analyst to understand the possible damage produced by the different attacks and calculates expected losses and