Cyber Primer

Recommendations

Info

Cyber threats • damaging industrial control systems (ICS) such as supervisory control and data acquisition systems (SCADA); distributed control systems (DCS) and programmable logic controls (PLC). 19 2.3. Evidence of cyber activity and an actor’s will to use it against the UK can be challenging to source and even harder to attribute. Attribution is difficult not only due to the disparate and anonymous nature of cyberspace, but because it is not solely a technical problem – the problem spans technical/tactical (how), operational (what) and strategic levels (why). 2.4. Assessing the level of threat from and through cyberspace can be achieved by understanding the sum of the following three factors. a. Intent. Intent is the most critical component as it provides ‘intelligence-in-depth’ or context as to ‘why’ an adversary may act. An adversary’s intent can either be declared, demonstrated or a combination of both. In some cases, intent may be unknown so understanding will be based on observed activity. b. Capability. Intelligence analysis focuses primarily on understanding the adversary’s strengths and their ability to generate and sustain them. However, whilst a capability may exist, there may be no intent or opportunity to use it. c. Opportunity. Opportunity is the key variable in assessing threat as the opportunity to act can present itself in many guises and at any time. An adversary may also actively seek to generate their own opportunity to act, through a variety of influencing or shaping activities. Opportunities will be available through changes or variances in the environment, providing potential advantage to the adversary. An adversary could also drive friendly forces along a specific operational path resulting in potentially higher, repeatable risk. There may also be opportunities provided by friendly force activity more widely – their vulnerabilities provide avenues that threat actors can exploit to achieve their aims. 19 Similar functionality to that of dedicated industrial control systems (ICS) can be provided through the use of embedded controllers or control software. 22 Cyber Primer (2nd Edition)
Cyber threats 2.5. Cyber attacks can appear in many guises, without necessarily inflicting visible or tangible material damage and are more easily deniable by the perpetrator. All of this significantly increases the likelihood that an adversary may seek to create effects through cyberspace. Cyber attacks currently have a lower political and public perception of aggression when compared with more traditional and visibly damaging attacks where lives or property are obviously and physically threatened. 20 This is largely based on the fact that there have been no publicised, large-scale events (including the loss of life) that have been positively attributed to a cyber attack. Should such an event happen, this would likely change the public’s perception to the potential ‘aggressive’ nature of cyber attacks; it is the effect that is important not the means of delivery. Threat actors 2.6. The term ‘threat actor’ is used to identify those who pose a threat. Threats to security in, and through, cyberspace include state-sponsored attacks, ideological and political extremism, serious organised crime, lower-level/individual crime, cyber protest, cyber espionage and cyber terrorism. Threat actors fall into six broad categories: nation states; terrorists; criminals; patriotic hackers; hacktivists; and insiders. 21 To some degree each category of threat actor is supported by the actions of hackers, who use their skills to adapt and exploit computer software and systems for purposes unintended by the original creators. 22 Each group’s membership can vary greatly in terms of sophistication, scale and motive and may pose differing types of threat. At all levels, the actor’s motivation is key, whether it is to: • support national goals (either on behalf of, or directly for, a governmental body); • generate income (either legitimately or through crime); • improve personal technical skills; or • support political ideals (hacktivisim). 20 The majority of cyber ‘attacks’ are actually criminal acts. 21 More information on these categories can be found from paragraph 2.8 onwards. 22 Some hackers, such as the notorious hacker Kevin Mitnick, claim they are motivated by the challenge of hacking alone and do not seek financial gain or ideological advancement from their activities. Cyber Primer (2nd Edition) 23
Page 1 and 2: Cyber Primer Second Edition Develop
Page 3 and 4: Cyber Primer The Cyber Primer (2nd
Page 5 and 6: Preface ‘The Government will ensu
Page 7 and 8: Contents Preface . . . . . . . . .
Page 9 and 10: “In the information age almost al
Page 11 and 12: Fundamentals of cyber Chapter 1 - F
Page 13 and 14: Fundamentals of cyber • are ready
Page 15 and 16: Fundamentals of cyber cyber and cyb
Page 17 and 18: Fundamentals of cyber • details o
Page 19 and 20: Mainstreaming, competencies, unders
Page 21 and 22: Fundamentals of cyber 1.27. Cyber b
Page 23 and 24: 1A.5. Armed attack. Armed attack is
Page 25 and 26: Fundamentals of cyber Notes Cyber P
Page 27 and 28: “In the “We information reserve
Page 29: Cyber threats Chapter 2 - Cyber thr
Page 33 and 34: Cyber threats 2.9. Terrorists. Terr
Page 35 and 36: Cyber threats b. Payload. Payload i
Page 37 and 38: Cyber threats The process of attrib
Page 39 and 40: Phishing Spear phishing Whaling Fak
Page 41 and 42: Cyber threats Malware types Viruses
Page 43 and 44: Cyber threats and/or securely. Such
Page 45 and 46: How Against whom Why Theft of perso
Page 47 and 48: Cyber threats Using Twitter to mani
Page 49 and 50: Cyber threats Cyber attacks against
Page 51 and 52: Cyber threats State use of cyber op
Page 53 and 54: Cyber threats Case study 6 - The im
Page 55 and 56: Cyber threats Impact of malware on
Page 57 and 58: Cyber threats Social engineering ag
Page 59 and 60: “In the information age almost al
Page 61 and 62: Chapter 3 - Cyber functions Cyber f
Page 63 and 64: Cyber functions levels, they protec
Page 65 and 66: Cyber functions • command and con
Page 67 and 68: Cyber functions 3.16. Indicators an
Page 69 and 70: Cyber functions Maritime Land Air a
Page 71 and 72: Cyber functions 3.27. Electromagnet
Page 73 and 74: “In the information “It is impo
Page 75 and 76: Integrating cyber operations Chapte
Page 77 and 78: Integrating cyber operations Cyber
Page 79 and 80: Integrating cyber operations archit
Page 81 and 82:
Integrating cyber operations physic
Page 83 and 84:
Integrating cyber operations NATO a
Page 85 and 86:
Integrating cyber operations Cyber
Page 87 and 88:
Integrating cyber operations Israel
Page 89 and 90:
Integrating cyber operations Cyber
Page 91 and 92:
Lexicon Lexicon Part 1 - Acronyms a
Page 93 and 94:
Part 2 - Additional terms and defin
Page 95 and 96:
Lexicon information operations Info
Page 97 and 98:
Lexicon TEMPEST TEMPEST refers to t
Page 99 and 100:
Lexicon Cyber Security Information
show all

Cyber Primer

Create successful ePaper yourself

Delete template?

Save as template?