Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/653616
C CYBer SECURITY 22 FEBRUARY/MARCH 2016 www.vanguardcanada.com (exfiltration and sustainment), the attack (assault) and then the clean-up (obfusca- tion) or sometimes a calling card. Under- standing this process, allows for layered countermeasures for prevention, response, circumvention and enabling of in-depth threat assessment and analysis. Many organizations have relied on threat reports (advice, bulletins, etc.) and threat risk assessments to analyse and internally communicate cyber threats, with limited success. The problem with these tools? One-way communication tool often lack sufficient background information and are generally ineffective in influencing imme- diate, informed action and most threat- risk assessment methodologies, such as the Harmonized Threat Risk Assessment, tend to emphasize risk more than the ac- tual threat, which abbreviates analysis and intelligence formulation. Threat risk assessment approaches are still relevant, especially where threat, risk, asset and vulnerability are still central to analysis activities. However, threat defini- tion, overall degree of harm, single and all-hazard approaches, pre- and post-event analysis and classification of event data to develop useful intelligence need to be bet- ter elaborated in these assessments. More importantly, threat risk assessments need to be a viewed as a recurring program activity, not a one-time event that is initi- ated only when an environment changes or when a breach occurs. In the context of threat risk assessments, the following sections examine three of the above six areas - threat definition, overall degree of harm and single and all-hazard approaches. As well, cross-sector, cross- departmental communication will be refer- enced as a horizontal activity. threat definition: battles define the war In the Art of War, Sun Tzu said, "... if you know your enemies and know yourself, you can win a hundred battles without a single loss." He also made the distinction between war and battles, as should military and government executives when strat- egizing against cyber threats. Along with this, it is important to acknowledge that behind every piece of code there is a hu- man (for now) and technology is not the actual threat, nor is it the only measure in devising the solution. By moving away from risk-based ap- proaches, where technology and its im- plications constitute the tactical threat, to adopting a strategic approach in threat- based analysis, the focus shifts to profiling actor characteristics and understanding their capabilities and means (knowledge and information, skills and technology to exploit a vulnerability), intent (interest in the target and its assets) and degrees of harm. The benefit in the detailed profil- ing of threat actors and the rejection of homogenized terms, such as "hacker" or "espionage", allows for the collection of in- formation that can be analysed into usable intelligence and epistemological contexts. Having a communication and collabora- tion strategy with stakeholders allows for compounding historical intelligence to im- proves prevention, detection and response processes that will rapidly close "command and control" of active threats. Incorporat- ing communication and collaboration with stakeholders as a horizontal process, is anal- ogous to strategically immunizing against disease to eradicate it in an entire commu- nity compared to handing out vaccines to just one neighbourhood. Canadian army Cpl. Scott Hutchi- son works on his computer during Combined Endeavor Aug. 31, 2010, in Grafenwoehr, Germany. Combined En- deavor, a communications interoper- ability exercise, prepares international forces' command, control, commu- nications and computer systems for multinational operations