Visible to the public The deployment of attribution agnostic cyberdefense constructs and internally based cyberthreat countermeasures

TitleThe deployment of attribution agnostic cyberdefense constructs and internally based cyberthreat countermeasures
Publication TypeConference Paper
Year of Publication2014
AuthorsRivera, J., Hare, F.
Conference NameCyber Conflict (CyCon 2014), 2014 6th International Conference On
Date PublishedJune
Keywordsactive cyberdefense, active defense, anonymity protection, attribution agnostic cyberdefense construct, attribution agnostic cyberdefense constructs, computer security, cyber domain, cyberdefenders, Cyberspace, cyberweapons, Educational institutions, Government, government personnel, internally based cyberthreat countermeasures, international constructs, international norms, Internet, Law, malicious actor, physical weapons, private business, proactive framework, security of data, threat identification framework

Conducting active cyberdefense requires the acceptance of a proactive framework that acknowledges the lack of predictable symmetries between malicious actors and their capabilities and intent. Unlike physical weapons such as firearms, naval vessels, and piloted aircraft-all of which risk physical exposure when engaged in direct combat-cyberweapons can be deployed (often without their victims' awareness) under the protection of the anonymity inherent in cyberspace. Furthermore, it is difficult in the cyber domain to determine with accuracy what a malicious actor may target and what type of cyberweapon the actor may wield. These aspects imply an advantage for malicious actors in cyberspace that is greater than for those in any other domain, as the malicious cyberactor, under current international constructs and norms, has the ability to choose the time, place, and weapon of engagement. This being said, if defenders are to successfully repel attempted intrusions, then they must conduct an active cyberdefense within a framework that proactively engages threatening actions independent of a requirement to achieve attribution. This paper proposes that private business, government personnel, and cyberdefenders must develop a threat identification framework that does not depend upon attribution of the malicious actor, i.e., an attribution agnostic cyberdefense construct. Furthermore, upon developing this framework, network defenders must deploy internally based cyberthreat countermeasures that take advantage of defensive network environmental variables and alter the calculus of nefarious individuals in cyberspace. Only by accomplishing these two objectives can the defenders of cyberspace actively combat malicious agents within the virtual realm.

Citation Key6916398