Abstract
With the increase use of cyber weapons for Internet-based cyber espionage, the need for cyber counterintelligence has become apparent, but counterintelligence remains more art than science because of its focus on tricking human nature—the way people think, feel, and behave. Nevertheless, counterintelligence theory and practice have been extended to domains such as industry and finance, and can be applied to cyber security and active cyber defense. Nonetheless, there are relatively few explicit counterintelligence applications to cyber security reported in the open literature. This chapter describes the mechanisms of cyber denial and deception operations, using a cyber deception methods matrix and a cyber deception chain to build a tailored active cyber defense system for cyber counterintelligence. Cyber counterintelligence with cyber deception can mitigate cyber spy actions within the cyber espionage “kill chain.” The chapter describes how defenders can apply cyber denial and deception in their cyber counterintelligence operations to mitigate a cyber espionage threat and thwart cyber spies. The chapter provides a hypothetical case, based on real cyber espionage operations by a state actor.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
In 2009, the United States published the Comprehensive National Cybersecurity Initiative (CNCI). The initiative outlined US cybersecurity goals that spanned multiple agencies, including the Department of Homeland Security, the Office of Management and Budget, and the National Security Agency. The 2009 CNCI included the goal (among others) of “…enhancing US counterintelligence capabilities and increasing the security of the supply chain for key information technologies.” Specifically, the CNCI announced “Initiative #6. Develop and implement a government-wide cyber counterintelligence plan.” The Initiative stated: “Initiative #6. Develop and implement a government-wide cyber counterintelligence plan. A government-wide cyber counterintelligence plan is necessary to coordinate activities across all Federal Agencies to detect, deter, and mitigate the foreign-sponsored cyber intelligence threat to US and private sector information systems. To accomplish these goals, the plan established and expanded cyber counterintelligence education and awareness programs and workforce development to integrate counterintelligence into all cyber operations and analysis, increase employee awareness of the cyber counterintelligence threat, and increase counterintelligence collaboration across the government. The Cyber CI Plan is aligned with the National Counterintelligence Strategy of the United States of America (2007) and supports the other programmatic elements of the CNCI.”
- 2.
These two threat agents have been code named by different cyber threat intelligence organizations. APT28 and APT29 are the code names used by FireEye and other organizations, and are used in this report for convenience.
- 3.
For example, Duvenage et al. (2016) describe the organizational requirements for strategic, operational, and tactical/technical cyber counterintelligence operations; Victor Jaquire and Sebastiaan von Solms (2017) outline a capability maturity model for cyber counterintelligence organizations; Duvenage, Sebastian von Solms, and Manuel Corregedor (2015) describe a cyber counterintelligence process model; and Johan Sigholm and Martin Bang (2013) propose a interorganizational information exchange model for cyber counterintelligence.
- 4.
- 5.
The term mole was applied to spies in the book Historie of the Reign of King Henry VII written in 1626 by Sir Francis Bacon; W. Thomas Smith (2003). Encyclopedia of the Central Intelligence Agency. New York: Infobase Publishing, p. 171.
- 6.
This section relies on material from Frank J. Stech, Kristin E. Heckman, and Blake E. Strom (2016), “Integrating Cyber-D&D into Adversary Modeling for Active Cyber Defense,” in Sushil Jajodia, V.S. Subrahmanian, Vipin Swarup, & Cliff Wang eds. (2016), Cyber Deception: Building the Scientific Foundation. Switzerland: Springer.
- 7.
See also, Neil C. Rowe & Julian Rrushi (2016) Introduction to Cyberdeception. Switzerland: Springer; and Sushil Jajodia, V.S. Subrahmanian, Vipin Swarup, Cliff Wang, eds. (2016) Cyber Deception: Building the Scientific Foundation. Switzerland: Springer.
- 8.
Further description of the cyber deception chain and its applications in active cyber defenses are in Kristin E. Heckman, Frank J. Stech, Roshan K. Thomas, Ben Schmoker, Alexander W. Tsow (2015) Cyber Denial, Deception and Counter Deception: A Framework for Supporting Active Cyber Defense. Switzerland: Springer.
References
ATT&CK™ (2017) Adversarial tactics, techniques & common knowledge. Viewed 23 Sept 2017. https://attack.mitre.org/
Coleman R (2014) Combating economic espionage and trade secret theft: May 13 statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism. Viewed 22 May 2017. https://www.fbi.gov/news/testimony/combating-economic-espionage-and-trade-secret-theft
Defense Security Service (2015) Counterintelligence best practices for cleared industry. Viewed 22 May 2017. http://www.dss.mil/documents/ci/CIBooklet.pdf
Duvenage P, von Solms S (2014) Putting counterintelligence in cyber counterintelligence: back to the future. In: Liaropoulos A, George T (eds) Proceedings of the 13th European conference on cyber warfare and security ECCWS-2014. Piraeus, Greece, 3–4 July 2014
Duvenage P, Jaquire V, von Solms S (2016) Conceptualising cyber counterintelligence—two tentative building blocks. In: Proceedings of the 15th European conference on cyber warfare and security, Munich, Germany, 7–8 July 2016, pp 93–102
Ehrman J (2009) Toward a theory of CI: what are we talking about when we talk about counterintelligence? Stud Intell 53(2):5–20
FireEye (2014) APT28: a window into Russia’s cyber espionage operations? 27 Oct 2014. Viewed 22 May 2017
French G, Kim J (2009) Acknowledging the revolution: the urgent need for cyber counterintelligence. Nat Intell J 1(1):71–90
Geers K, Kindlund D, Moran D, Rachwald R (2014) FireEye Report. WORLD WAR C: understanding nation-state motives behind today’s advanced cyber-attacks, FireEye, Inc. Viewed 22 May 2017. https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/fireeye-wwc-report.pdf
Giles K (2014) The next phase in Russian information warfare: report by the NATO Strategic Communications Centre of Excellence. Viewed 22 May 2017. http://www.stratcomcoe.org/download/file/fid/5134
Giles K (2016) Russia’s ‘New’ tools for confronting the west continuity and innovation in Moscow’s exercise of power: report by Chatham house. Royal Institute of International Affairs. Viewed 22 May 2017. https://www.chathamhouse.org/publication/russias-new-tools-confronting-west
Heckman K, Stech F, Thomas R, Schmoker B, Tsow A (2015) Cyber denial, deception and counter deception: a framework for supporting active cyber defense. Springer, Cham
Intelligence and National Security Alliance (2017) Counterintelligence for the 21st century. Viewed 22 May 2017. https://obamawhitehouse.archives.gov/the-press-office/2015/02/25/fact-sheet-cyber-threat-intelligence-integration-center
Kahn D (1967) The code breakers. Macmillan, New York
Lowenthal M (1992) U.S. intelligence: evolution and anatomy, 2nd edn. Praeger, London
Lowenthal M (2009) Intelligence: from secrets to policy. CQ Press, Washington, DC
O’Connell E (1994) Countering the threat of espionage. Security Management 38(5). Viewed 22 May 2017. https://www.questia.com/magazine/1G1-15501611/countering-the-threat-of-espionage
Office of the National Counterintelligence Executive (2013) Protecting key assets: a corporate counterintelligence guide. Viewed 22 May 2017. https://www.dni.gov/files/NCSC/documents/Regulations/ProtectingKeyAssets_CorporateCIGuide.pdf
Prunckun H (2014) Extending the theoretical structure of intelligence to counterintelligence. Salus J 2(2). Viewed 22 May 2017. http://www.salusjournal.com/wp-content/uploads/sites/29/2013/03/Prunckun_Salus_Journal_Issue_2_Number_2_2014_pp_31-49.pdf
Schmoker B (2015a) MITRE corporation briefing. Deception in the wild: a case study of APT28. MITRE. Viewed 22 May 2017
Schmoker B (2015b) MITRE corporation white paper. Denial and deception in a targeted espionage operation. MITRE. Viewed 22 May 2017
Sims J (2009) Defending adaptive realism: Intelligence theory comes of age. In: Gill P, Marrin S, Phythian M (eds) Intelligence theory: key questions and debates, United States. Routledge, New York, p 154
Sims J, Gerber B (eds) (2009) Vaults, mirrors, and masks: rediscovering US counterintelligence. Georgetown University Press, Washington, DC
Skerry M (2013) Financial counterintelligence: how changes to the U.S. anti-money laundering regime can assist U.S. counterintelligence efforts. Santa Clara Law Rev 53(205):217
Stech F (2016) MITRE corporation technical report MTR 160057. Cyber Counterintelligence, MITRE. Viewed 22 May 2017
Stech F, Heckman K, Strom B (2016) Integrating cyber-D&D into adversary modeling for active cyber defense. In: Jajodia S, Subrahmanian VS, Swarup V, Wang C (eds) Cyber deception: building the scientific foundation. Springer, Cham
Stone J (2016) Meet fancy bear and cozy bear, Russian groups blamed for DNC hack. Christian Science Monitor, 15 June. Viewed 22 May 2017. http://www.csmonitor.com/World/Passcode/2016/0615/Meet-Fancy-Bear-and-Cozy-Bear-Russian-groups-blamed-for-DNC-hack
Weedon J (2015) Beyond “Cyber War”: Russia’s use of strategic cyber espionage and information operations in Ukraine. In: Geers K (ed) Cyber war in perspective: Russian aggression against Ukraine. NATO CCD COE Publications, Tallinn
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Stech, F.J., Heckman, K.E. (2018). Human Nature and Cyber Weaponry: Use of Denial and Deception in Cyber Counterintelligence. In: Prunckun, H. (eds) Cyber Weaponry. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-74107-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-74107-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74106-2
Online ISBN: 978-3-319-74107-9
eBook Packages: Law and CriminologyLaw and Criminology (R0)