Content area
Cyber operations denote the response of governments and organisations to cyber crime, terrorism, and warfare. To date, cyber operations have been primarily defensive, with the attackers seemingly having the initiative. Over the past three years, several nations (e.g. USA, UK, France, The Netherlands) and NATO have published cyber security strategies emphasising national and international collaboration. Many strategies call for the establishment of a Cyber Security Operations Centre, as well as for a better understanding of attacks. In the scientific literature, Lin (2009) and Denning and Denning (2010) have argued that offensive cyber operations deserve a more open discussion than they have received to date. Research into cyber attacks would improve the scientific understanding of how attackers work, why they choose particular targets, and what tools and technologies they employ. This improved understanding could then be used to implement better defences. Moreover, research would enable governments and other organizations to take offensive action where justified against adversaries, whether these be criminals, terrorists, or enemies. This could include responding to an (impending) attack by counter-attacking or by proactively neutralizing the source of an impending attack. A good starting point to improving understanding would be to model the offensive cyber operations process. The purpose of this paper is to find, formalise, and compare models of the offensive cyber operations process available in the open scientific literature. Seven models were sufficiently well described for formalisation using Structured Analysis and Design Technique (SADT) notation. Finally, a canonical model has been constructed by rational reconstruction. Although the model has not yet been tested, it has been reviewed by subject matter experts. The paper describes the search methodology, the SADT analysis, the shortcomings of each model, rational reconstruction, and the canonical model. Further work will include elaborating the canonical model to identify the resources needed to set up a Cyber Security Operations Centre with offensive capabilities and to cross-compare the model with the literature on attack ontologies. [PUBLICATION ABSTRACT]
Abstract: Cyber operations denote the response of governments and organisations to cyber crime, terrorism, and warfare. To date, cyber operations have been primarily defensive, with the attackers seemingly having the initiative. Over the past three years, several nations (e.g. USA, UK, France, The Netherlands) and NATO have published cyber security strategies emphasising national and international collaboration. Many strategies call for the establishment of a Cyber Security Operations Centre, as well as for a better understanding of attacks. In the scientific literature, Lin (2009) and Denning and Denning (2010) have argued that offensive cyber operations deserve a more open discussion than they have received to date. Research into cyber attacks would improve the scientific understanding of how attackers work, why they choose particular targets, and what tools and technologies they employ. This improved understanding could then be used to implement better defences. Moreover, research would enable governments and other organizations to take offensive action where justified against adversaries, whether these be criminals, terrorists, or enemies. This could include responding to an (impending) attack by counter-attacking or by proactively neutralizing the source of an impending attack. A good starting point to improving understanding would be to model the offensive cyber operations process. The purpose of this paper is to find, formalise, and compare models of the offensive cyber operations process available in the open scientific literature. Seven models were sufficiently well described for formalisation using Structured Analysis and Design Technique (SADT) notation. Finally, a canonical model has been constructed by rational reconstruction. Although the model has not yet been tested, it has been reviewed by subject matter experts. The paper describes the search methodology, the SADT analysis, the shortcomings of each model, rational reconstruction, and the canonical model. Further work will include elaborating the canonical model to identify the resources needed to set up a Cyber Security Operations Centre with offensive capabilities and to cross-compare the model with the literature on attack ontologies.
Keywords: offensive cyber operations; process model; rational reconstruction; canonical model; formalisation; SADT
Tim Grant1, Ivan Burke2 and Renier van Heerden2
1Faculty of Military Sciences, Netherlands Defence Academy (NLDA), Breda, The Netherlands
2Defence Peace Safety and Security department, Council for Scientific and Industrial Research (CSIR), Pretoria, South Africa
Ivan Burke is a Msc student in the department of Computer Science at the University of Pretoria, South Africa. He also works full time at the Council of Scientific and Industrial Research South Africa in the department of Defense Peace Safety and Security,where he works within the Command, Control and Information Warfare research group
Tim Grant is the Professor in Operational ICT & Communications at the Netherlands Defence Academy. Tim has a BSc in Aeronautical Engineering (Bristol University), a Masters-level Defence Fellowship (Brunel University), and a PhD in Artificial Intelligence (Maastricht University). Tim's research spans the interplay between operational needs and ICT capabilities in network-enabled Command & Control systems.
Renier van Heerden is a senior researcher at Council for Scientific and Industrial Research (CSIR) in Pretoria, South Africa in the field of Information Warfare and Cyber Defence. Prior to joining the CSIR he worked as a software engineer in advanced optics applications for South African based Denel Optronics and as a Lecturer at the University of Pretoria.Holds a degree in Electronic Engineering and a Masters in Computer Engi
Copyright Academic Conferences International Limited Mar 2012