135 reads

Taking a Systematic Approach to Cyber Deception - Part 1

by Jym CheongJanuary 12th, 2022

Too Long; Didn't Read

Cyber Deception is about faking it to achieve both early warning & deterrence but also diversions (from real assets) Deception involves two basic steps, hiding the real (dissimulation) and showing the false (simulation) A campaign is divided into 3 phases: `Planning Implementation & Integration Monitoring & Evaluating` The next part of this series will cover `How to plan & measure success?`I will further explain how a combination of COTS together with custom deception to deal with Advanced Threat Actors by exploiting inherent mental biases that they may hold.

Company Mentioned

featured image - Taking a Systematic Approach to Cyber Deception - Part 1

Introduction

This series is about:

Knowing ourselves, our enemy & plan in a way to conjure "grounds" & "weather" to our advantage.

This approach is adapted from a joint paper by Mohammed H. Almeshekah and Eugene H. Spafford, published by Springer International Publishing (Switzerland 2016). I will share practical pointers through a series of questions related to Industrial Internet-of-Things & Operational Technology networks.

What is Cyber Deception?

Cyber refers not just to typical Informations & Communications Technology, but also Cyber-Physical Systems that, when compromised, will incur safety & availability consequences. Deception is about faking it to achieve both early warning & deterrence but also diversions (from real assets) for the undeterred. But how is that achieved?

It always involves two basic steps, hiding the real (dissimulation) and showing the false (simulation).

What are the Specific Considerations Related to Industrial Networks?

Safety Risks
Availability Risks
Realism to attackers
Secrecy

The first 3 Primary Considerations (or PCs in short) are self-explanatory. The 4th point depends on the overall objective. For instance, honeynets are meant to lure & collect intelligence; a lack of secrecy could ruin the entire effort. But for deterrence, secrecy may not be a PC since attackers may back off knowing that it is a trap.

What are the Phases of a Cyber Deception Campaign?

A campaign is divided into 3 phases: Planning > Implementation & Integration > Monitoring & Evaluating. We need to be mindful of the earlier considerations; Safety, Availability, Realism & depending on strategic goal(s), secrecy throughout the phases:

A further break-down of the 3 Phases is as follow:

The 1st two considerations of Safety & Availability are related to step 6 of identifying risks & countermeasures. I will explain the remaining steps along the way. An astute reader may ask: Why bother with all these, isn't there Deception 2.0 Commercial-Off-The-Shelf solutions?

I will further explain how a combination of COTS together with custom deception to deal with Advanced Threat Actors by exploiting inherent mental biases that they may hold.

Why combined? We must assume Advanced Threat Actors to have the resources to figure out COTS Deception solutions & getting into our networks through routes we least expect.

In the next part of this series, I will cover How to plan & measure success?.

Also Published Here