White Paper

file

Visible to the public George Washington's Teachings on Cyberwar

George Washington called West Point, "the key to the continent." The reasoning that Washington employed in establishing the fortifications at West Point is instructive to modern cyber warriors.

file

Visible to the public Improving Cybersecurity Through Human Systems Integration 29 June 2016

Advanced Persistent Threat (APT) attackers accomplish their attack objectives by co-opting users' credentials. Traditional cyber defenses leave users vulnerable to APT attacks which employ spearphishing. The success of spearphishing attacks is not a data processing failure, but is the result of defenders failing to apply the principles of Human System Integration to the problem of spearphishing. We discuss an alternative defensive strategy which addresses human performance capabilities and limitations to disrupt spearphishing attacks.

page

Visible to the public C3E 2015 Mid-Year Event

2015 Mid-Year Event
C3E 1-Day Event | 19 June 2015 | Arlington, Virginia

file

Visible to the public Spearphishing Defense Using Deception Countermeasures

Technical defenses (such as email filtering, malware detection, firewalls, limited user privileges, and system monitoring) leave systems unnecessarily exposed to phishing attacks because the human attack surface remains easily accessible and subject to successful attacks based on principles of psychology which are exploited using military deception. The authors propose deception countermeasures which modify the email interface, thereby making the user less susceptible to email-based deception.