Introduction This series is about: Knowing ourselves, our enemy & plan in a way to conjure "grounds" & "weather" to our advantage. This approach is adapted from a joint paper by and , published by (Switzerland 2016). I will share practical pointers through a series of questions related to ndustrial nternet- f- hings & perational echnology networks. Mohammed H. Almeshekah Eugene H. Spafford Springer International Publishing I I o T O T What is Cyber Deception? refers not just to typical Informations & Communications Technology, but also yber- hysical ystems that, when compromised, will incur safety & availability consequences. Deception is about faking it to achieve both early warning & deterrence but also diversions (from real assets) for the undeterred. But how is that achieved? Cyber C P S It always involves two basic steps, hiding the real (dissimulation) and showing the false (simulation). What are the Specific Considerations Related to Industrial Networks? Safety Risks Availability Risks Realism to attackers Secrecy The first 3 rimary onsiderations (or PCs in short) are self-explanatory. The 4th point depends on the overall objective. For instance, honeynets are meant to lure & collect intelligence; a lack of secrecy could ruin the entire effort. But for deterrence, secrecy may not be a PC since attackers may back off knowing that it is a trap. P C What are the Phases of a Cyber Deception Campaign? A campaign is divided into 3 phases: . We need to be mindful of the earlier considerations; Safety, Availability, Realism & depending on strategic goal(s), secrecy throughout the phases: Planning > Implementation & Integration > Monitoring & Evaluating A further break-down of the 3 Phases is as follow: The 1st two considerations of Safety & Availability are related to of identifying risks & countermeasures. I will explain the remaining steps along the way. An astute reader may ask: step 6 Why bother with all these, isn't there Deception 2.0 ommercial- ff- he- helf solutions? C O T S I will further explain how a combination of COTS together with custom deception to deal with Advanced Threat Actors by exploiting inherent mental biases that they may hold. Why combined? We assume Advanced Threat Actors to have the resources to figure out COTS Deception solutions & getting into our networks through routes we least expect. must In the next part of this series, I will cover . How to plan & measure success? Also Published Here
