Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence

  • Frank J. Stech
  • Kristin E. Heckman
Part of the Advanced Sciences and Technologies for Security Applications book series (ASTSA)


With the increase use of cyber weapons for Internet-based cyber espionage, the need for cyber counterintelligence has become apparent, but counterintelligence remains more art than science because of its focus on tricking human nature—the way people think, feel, and behave. Nevertheless, counterintelligence theory and practice have been extended to domains such as industry and finance, and can be applied to cyber security and active cyber defense. Nonetheless, there are relatively few explicit counterintelligence applications to cyber security reported in the open literature. This chapter describes the mechanisms of cyber denial and deception operations, using a cyber deception methods matrix and a cyber deception chain to build a tailored active cyber defense system for cyber counterintelligence. Cyber counterintelligence with cyber deception can mitigate cyber spy actions within the cyber espionage “kill chain.” The chapter describes how defenders can apply cyber denial and deception in their cyber counterintelligence operations to mitigate a cyber espionage threat and thwart cyber spies. The chapter provides a hypothetical case, based on real cyber espionage operations by a state actor.


Active cyber defense Active and passive defense Counterintelligence Cyber counterintelligence Cyber denial and deception Cyber espionage Offensive and defensive operations 


  1. ATT&CK™ (2017) Adversarial tactics, techniques & common knowledge. Viewed 23 Sept 2017.
  2. Coleman R (2014) Combating economic espionage and trade secret theft: May 13 statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Viewed 22 May 2017.
  3. Defense Security Service (2015) Counterintelligence best practices for cleared industry. Viewed 22 May 2017.
  4. Duvenage P, von Solms S (2014) Putting counterintelligence in cyber counterintelligence: back to the future. In: Liaropoulos A, George T (eds) Proceedings of the 13th European conference on cyber warfare and security ECCWS-2014. Piraeus, Greece, 3–4 July 2014Google Scholar
  5. Duvenage P, Jaquire V, von Solms S (2016) Conceptualising cyber counterintelligence—two tentative building blocks. In: Proceedings of the 15th European conference on cyber warfare and security, Munich, Germany, 7–8 July 2016, pp 93–102Google Scholar
  6. Ehrman J (2009) Toward a theory of CI: what are we talking about when we talk about counterintelligence? Stud Intell 53(2):5–20Google Scholar
  7. FireEye (2014) APT28: a window into Russia’s cyber espionage operations? 27 Oct 2014. Viewed 22 May 2017Google Scholar
  8. French G, Kim J (2009) Acknowledging the revolution: the urgent need for cyber counterintelligence. Nat Intell J 1(1):71–90Google Scholar
  9. Geers K, Kindlund D, Moran D, Rachwald R (2014) FireEye Report. WORLD WAR C: understanding nation-state motives behind today’s advanced cyber-attacks, FireEye, Inc. Viewed 22 May 2017.
  10. Giles K (2014) The next phase in Russian information warfare: report by the NATO Strategic Communications Centre of Excellence. Viewed 22 May 2017.
  11. Giles K (2016) Russia’s ‘New’ tools for confronting the west continuity and innovation in Moscow’s exercise of power: report by Chatham house. Royal Institute of International Affairs. Viewed 22 May 2017.
  12. Heckman K, Stech F, Thomas R, Schmoker B, Tsow A (2015) Cyber denial, deception and counter deception: a framework for supporting active cyber defense. Springer, ChamCrossRefGoogle Scholar
  13. Intelligence and National Security Alliance (2017) Counterintelligence for the 21st century. Viewed 22 May 2017.
  14. Kahn D (1967) The code breakers. Macmillan, New YorkGoogle Scholar
  15. Lowenthal M (1992) U.S. intelligence: evolution and anatomy, 2nd edn. Praeger, LondonGoogle Scholar
  16. Lowenthal M (2009) Intelligence: from secrets to policy. CQ Press, Washington, DCGoogle Scholar
  17. O’Connell E (1994) Countering the threat of espionage. Security Management 38(5). Viewed 22 May 2017.
  18. Office of the National Counterintelligence Executive (2013) Protecting key assets: a corporate counterintelligence guide. Viewed 22 May 2017.
  19. Prunckun H (2014) Extending the theoretical structure of intelligence to counterintelligence. Salus J 2(2). Viewed 22 May 2017.
  20. Schmoker B (2015a) MITRE corporation briefing. Deception in the wild: a case study of APT28. MITRE. Viewed 22 May 2017Google Scholar
  21. Schmoker B (2015b) MITRE corporation white paper. Denial and deception in a targeted espionage operation. MITRE. Viewed 22 May 2017Google Scholar
  22. Sims J (2009) Defending adaptive realism: Intelligence theory comes of age. In: Gill P, Marrin S, Phythian M (eds) Intelligence theory: key questions and debates, United States. Routledge, New York, p 154Google Scholar
  23. Sims J, Gerber B (eds) (2009) Vaults, mirrors, and masks: rediscovering US counterintelligence. Georgetown University Press, Washington, DCGoogle Scholar
  24. Skerry M (2013) Financial counterintelligence: how changes to the U.S. anti-money laundering regime can assist U.S. counterintelligence efforts. Santa Clara Law Rev 53(205):217Google Scholar
  25. Stech F (2016) MITRE corporation technical report MTR 160057. Cyber Counterintelligence, MITRE. Viewed 22 May 2017Google Scholar
  26. Stech F, Heckman K, Strom B (2016) Integrating cyber-D&D into adversary modeling for active cyber defense. In: Jajodia S, Subrahmanian VS, Swarup V, Wang C (eds) Cyber deception: building the scientific foundation. Springer, ChamGoogle Scholar
  27. Stone J (2016) Meet fancy bear and cozy bear, Russian groups blamed for DNC hack. Christian Science Monitor, 15 June. Viewed 22 May 2017.
  28. Weedon J (2015) Beyond “Cyber War”: Russia’s use of strategic cyber espionage and information operations in Ukraine. In: Geers K (ed) Cyber war in perspective: Russian aggression against Ukraine. NATO CCD COE Publications, TallinnGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.MITRE CorporationMcLeanUSA

Personalised recommendations