Cyber Primer

Recommendations

Info

Cyber functions 3.8. Computer Emergency Response Teams. Most governments, many universities and industries run CERTs. 39 In the main, these teams collaborate internationally on a voluntary basis to manage security aspects of cyberspace in near-real time. Most teams are members of the Forum for Incident Response and Security Teams (FIRST). Within Defence, cyber protection teams (CPTs) protect mission-critical assets including networks, data, information and systems. Offensive cyber operations 3.9. Offensive cyber operations include activities that project force to create, deny, disrupt, degrade and destroy effects in and through cyberspace. These operations may transcend the virtual domain into effects in the physical and cognitive domains. offensive cyber operations (OCO) Activities that project power to achieve military objectives in, or through, cyberspace. 3.10. Offensive cyber activity can be used to inflict temporary or permanent effects, thus reducing an adversary’s confidence in networks or capabilities. Such action can support deterrence by communicating intent or threats. At the operational/tactical level there is a need to coordinate between offensive cyber operations and information operations/activities. 3.11. Offensive cyber activity can be simply categorised into seven phases, known as the cyber attack chain. These are commonly identified as: • understanding; • payload development; • delivery; • exploitation; • installation; 39 Computer Emergency Response Team is now a registered service mark of Carnegie Mellon University that is licensed to other teams around the world. www.cert.org. 56 Cyber Primer (2nd Edition)
Cyber functions • command and control; and • effect achieved. 3.12. The phases are not discrete events, instead they interact and overlap with each other and may vary in duration. They are equally applicable to the actions of a state or criminal. They are also dependent upon an attacker’s intent and availability of offensive cyber and intelligence capabilities. A representative cyber attack chain is depicted at Figure 3.1 below. 40 Cyber attack chain 2 Payload development: Development of computer code (for example, malware) that will create the desired effect by exploiting the identified vulnerabilities of the target system. 4 Exploitation: After the payload is delivered to the target system, exploitation triggers the payload – exploiting an application or operating system vulnerability. 6 Command and control: Adversary establishes communication channels to facilitate the transmission of commands. Payload development Exploitation Command and control 2 4 6 1 Understanding 3 Delivery 5 Installation 1 Understanding: Information and intelligence gained by an adversary on a target’s cyber environment and the identification of specific targets. 3 Delivery: Transmission of the payload to the target system using vectors like email attachments, websites and removable media (for example, USBs). 5 Installation: Installation of a remote access or backdoor on the target system allowing the adversary to maintain a presence/persistence inside the target system. 7 Desired effect created 7 Desired effects created: After progressing through the first six phases, an adversary can take actions to create the desired effects. Figure 3.1 – Cyber attack chain 40 Developed from Lockheed Martin’s cyber kill chain framework. Cyber Primer (2nd Edition) 57
Page 1 and 2:
Cyber Primer Second Edition Develop
Page 3 and 4:
Cyber Primer The Cyber Primer (2nd
Page 5 and 6:
Preface ‘The Government will ensu
Page 7 and 8:
Contents Preface . . . . . . . . .
Page 9 and 10:
“In the information age almost al
Page 11 and 12:
Fundamentals of cyber Chapter 1 - F
Page 13 and 14: Fundamentals of cyber • are ready
Page 15 and 16: Fundamentals of cyber cyber and cyb
Page 17 and 18: Fundamentals of cyber • details o
Page 19 and 20: Mainstreaming, competencies, unders
Page 21 and 22: Fundamentals of cyber 1.27. Cyber b
Page 23 and 24: 1A.5. Armed attack. Armed attack is
Page 25 and 26: Fundamentals of cyber Notes Cyber P
Page 27 and 28: “In the “We information reserve
Page 29 and 30: Cyber threats Chapter 2 - Cyber thr
Page 31 and 32: Cyber threats 2.5. Cyber attacks ca
Page 33 and 34: Cyber threats 2.9. Terrorists. Terr
Page 35 and 36: Cyber threats b. Payload. Payload i
Page 37 and 38: Cyber threats The process of attrib
Page 39 and 40: Phishing Spear phishing Whaling Fak
Page 41 and 42: Cyber threats Malware types Viruses
Page 43 and 44: Cyber threats and/or securely. Such
Page 45 and 46: How Against whom Why Theft of perso
Page 47 and 48: Cyber threats Using Twitter to mani
Page 49 and 50: Cyber threats Cyber attacks against
Page 51 and 52: Cyber threats State use of cyber op
Page 53 and 54: Cyber threats Case study 6 - The im
Page 55 and 56: Cyber threats Impact of malware on
Page 57 and 58: Cyber threats Social engineering ag
Page 59 and 60: “In the information age almost al
Page 61 and 62: Chapter 3 - Cyber functions Cyber f
Page 63: Cyber functions levels, they protec
Page 67 and 68: Cyber functions 3.16. Indicators an
Page 69 and 70: Cyber functions Maritime Land Air a
Page 71 and 72: Cyber functions 3.27. Electromagnet
Page 73 and 74: “In the information “It is impo
Page 75 and 76: Integrating cyber operations Chapte
Page 77 and 78: Integrating cyber operations Cyber
Page 79 and 80: Integrating cyber operations archit
Page 81 and 82: Integrating cyber operations physic
Page 83 and 84: Integrating cyber operations NATO a
Page 87 and 88: Integrating cyber operations Israel
Page 91 and 92: Lexicon Lexicon Part 1 - Acronyms a
Page 93 and 94: Part 2 - Additional terms and defin
Page 95 and 96: Lexicon information operations Info
Page 97 and 98: Lexicon TEMPEST TEMPEST refers to t
Page 99 and 100: Lexicon Cyber Security Information
show all

Cyber Primer

Create successful ePaper yourself

Delete template?

Save as template?