30 September 2012

State Sponsored Cyber Threats – The Long View


Strategic Penetration for Future Exploitation
So, what is “strategic penetration or future exploitation”? It is an attack strategy that hedges long-term bets on two potential future worldviews, namely PROSPERITY and CONFLICT that allows for the pursuit of PROSPERITY while seeking out strategic advantage in the event of CONFLICT.
During these types of attacks, critical infrastructure and high-value targets are compromised not for the purpose of stealing intellectual property or engaging in traditional espionage and intelligence activity, but rather to establish a foothold to diminish the operation of those infrastructures in the event of future hostilities.

........................

Key components of a strategic compromise include:

  • Initial compromise....
  • Narrowly focused scope .....
  • Time-shifted intent .....
  • Long-term stealth and patience ....
  • A Team only......
......

Strategic Penetrations have Strategic Implications
In an environment where existing security models are already broken, addressing this type of threat will be a persistent challenge. It requires us to think not only about how we are vulnerable now, but how we will be vulnerable in ten years or how today’s vulnerabilities could be time shifted for future strategic advantage. It requires new detection techniques focused on host security, supply chain integrity,and implementation and infrastructure management controls. It also requires a vibrant cyber intelligence capability that is not dependent exclusively on technical collection.
Most importantly, it requires a shift in our mindset of how we view the current threat space and breaking our cultural disposition to only think about these issues in a short-term context.




No comments:

Post a Comment