Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/822642
22 APRIL/MAY 2017 www.vanguardcanada.com cYBersecurItY c Source: Cytelligence Inc. vestment worth the outcome? In order to answer this question, Cy- telligence has developed advanced threat models based on the follow- ing factors that are used to project realistic and usable threat intelli- gence for weapons platforms and deployed operations. These assess- ments can be used to inform secu- rity, investments, and operational decisions for systems that are under development and in operations. Opportunity: In order to at- tack a given system, an adversary must have an opportunity that al- lows him or her to identify a target, understand the target, weaponeer the most feasible form attack, and execute the attack in some useful fashion. Having a weaponeered at- tack without the ability to deploy it is useless. Consideration: Non-technical safeguards or operational choices can have a significant effect on the level of effort re- quired by an adversary to create opportu- nities. Increasing effort reduces adversary ROI. Complexity: Weapons systems are often highly complex machines. This complex- ity becomes an increased cost and level of effort for potential attackers. Although it is true that complex system can also, con- sequently, have more of an attack surface, leveraging that attack surface in a useful and predictable way requires the attacker to invest in overcoming a large percentage of that complexity. Consideration: Com- plexity directly relates to all other factors. Complex actions are often less repeatable, require more development time, are hard- er to synchronize and can vary on how long they may be effective. Repeatability: Cyber attacks that can be repeated are significantly more useful than those that can only be executed a single time. Technically, it may be possible to repeat an attack, although practically, a military entity that suffers a cyber attack is very likely to take immediate action to prevent that attack from achieving success in the future. Once defences are in place against a given attack, there are potential- ly large components of the development effort that will not be reusable. Consid- eration: The degree of perceived repeat- ability will directly influence an adversary's willingness to invest in developing and ex- ecuting a cyber attack. There is little ROI if an attack takes many years to develop and can only be used once. Duration of Effect and Defender Recoverability: The likely duration of any effect caused by a cyber attack is central to adversary ROI calculation. Everyday, the world sees thousands of denial-of-ser- vice attacks, yet only a few are significant enough to be mentioned in the media. Most of these events are insignificant be- cause they are only active for very short periods of time. Effects that can be main- tained indefinitely are rare within the cyber environment. Similarly, if a defender can recover from the effect quickly, the value of executing the attack is greatly reduced. Consideration: Making design choices that reduce an attacker's ability to sustain an ef- fect over time reduces their ROI and there- fore the threat to that system. Ability to Synchronize Effects: The ability to synchronize effects is the most significant planning consideration for an adversary. It is rare that a random effect is useful. Without the ability to synchro- nize an effect and therefore leverage the effect efficiently, ROI is greatly reduced, often in favour of other tools that produce near term and consistent results. Consid- eration: When looking at potential cyber threats, the examination of non-cyber means of effecting the same outcome is critical. In many cases, guaranteed kinetic kills are more effective to synchronize than some forms of disabling cyber attacks. Attack Development Time: There is a direct correlation between the speed at which an attack tool can be developed and the tactical utility of any adversary activ- ity. Development time reduces operational flexibility by creating a delay between when an adversary wishes to cause an ef- fect and when that effect can be realized. Consideration: Safeguards that force an adversary to continually invest in development efforts for an attack tool can greatly reduce adversary ROI. Scale of Targets: Multi-nation- al battlefields possess significant di- versity and complexity in terms of deployed systems. The challenge that this presents an adversary is that they must choose where to allocate finite efforts. That choice must allow them to execute an ef- fect that hits a useful target, for a useful duration, and at a definable time. This choice must have an ac- ceptable degree of complexity and require an acceptable degree of ac- cess. There must also be opportu- nities. Consideration: Adversaries cannot target all systems all the time. Their choice will be dictated by their desired operational outcome and the fac- tors listed above. Threat assessments must consider other systems that have a higher ROI for a given attacker. The development of future capabilities for the CAF is an activity of tremendous na- tional significance. Although cyber threats are real and can have an effect on capabili- ties in development and in operation, the key factors listed above must be understood if those threats are to be properly contextu- alized. Cyber threats on the battlefield will have similarities with what is commonly seen on the Internet but they are likely to mani- fest differently in conflict and therefore de- mand different solutions. Security decisions must be informed by contextually accurate threat assessment in order to avoid increas- ing costs, maximize operational freedom of action and enable capability delivery. There are few organizations or resources who have the experience and capabilities to perform threat assessments for the de- fence environment. Traditional IT threat assessments don't have the contextual knowledge and experience within the defence industry to build a strategy that yields meaningful results. Addressing the skill gap needs to be a focus for govern- ment, defence contractors, and industry. nicholas scheurkogel is the Director of Cyber Intelligence at Cytelligence Inc. Prior to joining Cytelligence Nicholas led key cyber intelligence capabilities for the Department of National Defence (DND) including strategic cyber assessment, tactical support to cyber defence teams, and intelligence operations. seven Factors that InFLuence adversarY motIvatIon