A Model to Facilitate Discussions About Cyber Attacks
The evolution of the Internet and digital systems is making it increasingly difficult to understand cyber attacks. Politicians, ethicists, lawyers, business owners and other stakeholders are all affected by them, yet many lack necessary technical background to make correct decisions in dealing with them. Conversely, cyber-security analysts have a better understanding about the technical aspects of cyber attacks, but many do not understand the repercussions of decisions made from their perspective alone. Both contextual (e.g. societal, political, legal, financial, reputational aspects etc.) as well as technical considerations must be taken into account in making decisions that relate to a cyber attack. A plethora of cyber-attack models exist today that aid (to some degree) understanding of attacks. Most of these however focus on delivering insight from a single perspective: technical detail or understanding of human-centric factors. These approaches do not outline how a discussion among expert-domain people of different backgrounds should be conducted to establish a basic situational awareness understanding, from which to make collective decisions. In this chapter, we present our efforts towards establishing such a model to enable a collective approach in discussing cyber attacks. In this paper, we propose a first version, but believe extensions should be made. We also acknowledge that testing and assessment in real environments is necessary.
KeywordsAttack models Mental models Cyber attacks
- Alberts, D.S., J.J. Garstka, R.E. Hayes, and D.A. Signori, 2001. Understanding information age warfare. Assistant secretary of defense (c3i/command control research program).Google Scholar
- Bishop, M. 1995. A taxonomy of Unix system and network vulnerabilities. Technical Report CSE-95-10, Department of Computer Science, University of California at Davis.Google Scholar
- Booz. Allen. Hamilton. 2012. Cybersecurity: Mission integration to protect your assets. https://www.boozallen.com/media/file/ Cybersecurity-Mission-integration-to-protect-your-assets-fs.pdf. Accessed 8 Sept 2014.
- Cohen, F. 1997. Information system attacks: A preliminary classification scheme. Computers & Security 16(1): 29–46. Elsevier.Google Scholar
- CPNI, Centre for Protection of National Infrastructure. http://www.cpni.gov.uk/advice/Personnel-security1/homer/ Accessed 7 Sept 2014.
- Dervin, B. 1992. From the mind’s eye of the user: The sense-making qualitative-quantitative methodology. In Qualitative research in information management, ed. J. Glazier and R.R. Powell, 61–84. Englewood: Libraries Unlimited.Google Scholar
- DSTL Centre for Defence Enterprise (CDE) Cyber Situational Awareness Launch Presentation 2012. http://webarchive.nationalarchives.gov.uk/20140410091116/http://www.science.mod.uk/events/event_detail.aspx?eventID=184 Accessed 7 Sept 2014.
- Duffy, M. 1995. Sensemaking in classroom conversations. In Openness in research: The tension between self and other, ed. I. Maso, 119–132. Assen: Van Gorcum.Google Scholar
- Greitzer, F.L., and T.A. Ferryman, 2013. Methods and metrics for evaluating analytic insider threat tools. In Proceedings of the 2013 IEEE Security and Privacy Workshops (SPW’13), California, USA, 90–97. IEEE, May 2013.Google Scholar
- Greitzer, F.L., P. Paulson, L. Kangas, T. Edgar, M.M. Zabriskie, L. Franklin, and D.A. Frincke, 2009. Predictive modelling for insider threat mitigation, Technical report PNNL-60737. Pacific Northwest National Laboratory.Google Scholar
- Hadnagy, C. 2011. Social engineering: The art of human hacking. Indianapolis: Wiley.Google Scholar
- Healey, J. 2013. A fierce domain: Conflict in cyber space. Cyber Conflict Studies Association.Google Scholar
- Howard, J.D., and T.A. Longstaff. 1998. A common language for computer security incidents. Sandia National Laboratories.Google Scholar
- Hutchins, E.M., M.J. Cloppert, and R.M. Amin. 2011. Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. Leading Issues in Information Warfare and Security Research.Google Scholar
- Hutton, R., G. Klein, and S. Wiggins. 2008. Designing for sensemaking: A macrocognitive approach. In Sensemaking Workshop.Google Scholar
- Intelligence National Security Alliance. 2012. Cyber Intelligence: setting the landscape for an emerging discipline. Air and Space Power Journal.Google Scholar
- Legg, P., N. Moffat, J.R. Nurse, J. Happa, I. Agrafiotis, M. Goldsmith, and S. Creese. 2013. Towards a conceptual model and reasoning structure for insider threat detection. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications. 4: 20–37.Google Scholar
- Lough, D.L. 2001. A taxonomy of computer attacks with applications to wireless networks. Blacksburg: University Libraries, Virginia Polytechnic Institute and State University.Google Scholar
- MITRE Corporation. 2012. Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org Accessed 7 Sept 2014.
- NATO. 2012a. NATO policy on cyber defence. NATO Cooperative Cyber Defence Centre of Excellence. https://web.archive.org/web/20120310083820/http://www.nato.int/nato_static/assets/pdf/pdf_2011_09/20111004_110914-policy-cyberdefence.pdf Accessed 7 Sept 2014.
- NATO. 2012b. NATO cyber security framework manual. NATO Cooperative Cyber Defence Centre of Excellence. https://www.ccdcoe.org/publications/books/NationalCyberSecurityFrameworkManual.pdf Accessed 7 Sept 2014.
- Norman, D.A. 1983. Some observations on mental models. In Mental models, ed. D. Gentner and A.L. Stevens, 7–14. Hillsdale: Lawrence Erlbaum Associates Inc.Google Scholar
- Nye, J. 2011. The future of power. New York: Public Affairs.Google Scholar
- Pirolli, P., and S. Card. 2005. The sensemaking process and leverage points for analyst technology as identified through cognitive task analysis. In Proceedings of International conference on intelligence analysis.Google Scholar
- Simmons, C., C. Ellis, S. Shiva, D. Dasgupta, and Q. Wu. 2009. AVOIDIT: A cyber attack taxonomy, Technical report: CS-09-003. University of Memphis (August 2009).Google Scholar
- Weick, K. 1979. The social psychology of organizing. New York: McGraw-Hill.Google Scholar
- Weick, K.E. 1988. Enacted sensemaking in crisis situations. Journal of Management Studies 25(4): 305–317. Wiley.Google Scholar
- Xiao, L., J. Gerth, and P. Hanrahan, 2006. Enhancing visual analysis of network traffic using a knowledge representation. In Proceedings of the IEEE Symposium on Visual Analytics Science and Technology. IEEE.Google Scholar