Taking a Systematic Approach to Cyber Deception - Part 1 by@jym

Taking a Systematic Approach to Cyber Deception - Part 1

image
Jym Cheong HackerNoon profile picture

Jym Cheong

https://jym.sg

Introduction

This series is about:

Knowing ourselves, our enemy & plan in a way to conjure "grounds" & "weather" to our advantage.

This approach is adapted from a joint paper by Mohammed H. Almeshekah and Eugene H. Spafford, published by Springer International Publishing (Switzerland 2016). I will share practical pointers through a series of questions related to Industrial Internet-of-Things & Operational Technology networks.

What is Cyber Deception?

Cyber refers not just to typical Informations & Communications Technology, but also Cyber-Physical Systems that, when compromised, will incur safety & availability consequences. Deception is about faking it to achieve both early warning & deterrence but also diversions (from real assets) for the undeterred. But how is that achieved?

It always involves two basic steps, hiding the real (dissimulation) and showing the false (simulation).

What are the Specific Considerations Related to Industrial Networks?

  1. Safety Risks
  2. Availability Risks
  3. Realism to attackers
  4. Secrecy

The first 3 Primary Considerations (or PCs in short) are self-explanatory. The 4th point depends on the overall objective. For instance, honeynets are meant to lure & collect intelligence; a lack of secrecy could ruin the entire effort. But for deterrence, secrecy may not be a PC since attackers may back off knowing that it is a trap.

What are the Phases of a Cyber Deception Campaign?

A campaign is divided into 3 phases: Planning > Implementation & Integration > Monitoring & Evaluating. We need to be mindful of the earlier considerations; Safety, Availability, Realism & depending on strategic goal(s), secrecy throughout the phases:

A further break-down of the 3 Phases is as follow:

image

The 1st two considerations of Safety & Availability are related to step 6 of identifying risks & countermeasures. I will explain the remaining steps along the way. An astute reader may ask: Why bother with all these, isn't there Deception 2.0 Commercial-Off-The-Shelf solutions?

I will further explain how a combination of COTS together with custom deception to deal with Advanced Threat Actors by exploiting inherent mental biases that they may hold.

Why combined? We must assume Advanced Threat Actors to have the resources to figure out COTS Deception solutions & getting into our networks through routes we least expect.

In the next part of this series, I will cover How to plan & measure success?.


Also Published Here

Tags