www.helpnetsecurity.com Open in urlscan Pro
44.229.159.16  Public Scan

Form analysis
1 forms found in the DOM

POST

<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
  <div class="mc4wp-form-fields">
    <div class="hns-newsletter">
      <div class="hns-newsletter__top">
        <div class="container">
          <div class="hns-newsletter__wrapper">
            <div class="hns-newsletter__title">
              <i>
                        <svg class="hic">
                            <use xlink:href="#hic-plus"></use>
                        </svg>
                    </i>
              <span>Cybersecurity news</span>
            </div>
          </div>
        </div>
      </div>
      <div class="hns-newsletter__bottom">
        <div class="container">
          <div class="hns-newsletter__wrapper">
            <div class="hns-newsletter__body">
              <div class="row">
                <div class="col">
                  <div class="form-check form-control-lg">
                    <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
                    <label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
                  </div>
                </div>
                <div class="col">
                  <div class="form-check form-control-lg">
                    <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
                    <label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
                  </div>
                </div>
              </div>
            </div>
            <div class="form-check form-control-lg mb-3">
              <input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
              <label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
            </div>
            <div class="input-group mb-3">
              <input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
              <button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
            </div>
            <div class="form-check">
              <input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
              <label class="form-check-label" for="mcs4">
                <span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms &amp; conditions</a>
                </span>
              </label>
            </div>
          </div>
        </div>
      </div>
    </div>
  </div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
    value="1697681571"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
  <div class="mc4wp-response"></div>
</form>

Text Content

searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle
upmagazine plus
 * News
 * Features
 * Expert analysis
 * Videos
 * Events
 * Whitepapers
 * Industry news
 * Product showcase
 * Newsletters

 * 
 * 
 * 


Mirko Zorz, Director of Content, Help Net Security
October 18, 2023
Share


THE EVOLUTION OF DECEPTION TACTICS FROM TRADITIONAL TO CYBER WARFARE



Admiral James A. Winnefeld, USN (Ret.), is the former vice chairman of the Joint
Chiefs of Staff and is an advisor to Acalvio Technologies.

In this Help Net Security interview, he compares the strategies of traditional
and cyber warfare, discusses the difficulty of determining the attack’s nature,
addresses ethical dilemmas, and promotes collaboration and cooperation with
allies, partners, and, in some cases, even adversaries.



ADMIRAL WINNEFELD, GIVEN YOUR VAST EXPERIENCE IN MILITARY STRATEGY AND
OPERATIONS, CAN YOU SHED LIGHT ON HOW THE PRINCIPLES OF TRADITIONAL WARFARE CAN
BE APPLIED TO THE EMERGING CYBER WARFARE DOMAIN?

Digital environments are the new battlefield in the 21st century. Cyber warfare
and cyber attackers are an ever-present threat, as state-sponsored bad actors
and individual cybercriminals alike continue to evolve their tactics.
Organizations attempting to strengthen their cybersecurity controls under this
mounting pressure will find that traditional and cyber warfare have unexpected
similarities and complementary solutions.

To ensure a nation’s protection, as well as the protection of private data held
by organizations across the globe, the implementation of robust defensive and
offensive strategies is vital. Drawing parallels to the tactics and methods
deployed to ward off adversaries on a physical battlefield in order to defend
against those on a digital one provides us with a clear path forward.

One specific area of convergence between traditional and cyber warfare tactics
is the art of deception. Throughout history, military forces have used deception
to confuse and deter attackers by disseminating false and misleading information
to throw adversaries off track.

In today’s digital landscape, this tried-and-true tactic has undergone a modern,
digital transformation. With the advancement of artificial intelligence,
deception technology has grown in both effectiveness to the point that it has
the potential to flip the advantage back to the defense. Similar to its
traditional use on battlefields, cyber deception technology creates false
information or locations through a variety of methods that lure threat actors
away from critical targets while giving defenders insight into their
adversaries’ tactics and motivations.

CYBERATTACKS ARE OFTEN AMBIGUOUS IN NATURE AND HARDER TO CLASSIFY THAN
TRADITIONAL MILITARY ATTACKS. WHAT ARE THE CHALLENGES FACED BY THE MILITARY IN
CLASSIFYING A CYBERATTACK AS AN ‘ARMED ATTACK’ OR ‘IMMINENT ARMED ATTACK’?

Due to the changing nature of cyber threats and attack methods, defense
strategists often struggle to discern whether a cyberattack is classified as an
“armed attack” or an “imminent armed attack.” Unlike traditional military
attacks, cyberattacks can originate from anywhere, and attackers often leverage
sophisticated tactics to obscure the perpetrator’s identity. They also occur at
light speed.

Attackers range from an individual, a group, a state-sponsored attacker, to some
combination of the three. This obfuscation of identity creates complexities in
associating an attack with a specific nation-state or entity, which is a crucial
factor in determining the attack’s nature. Moreover, these attacks can originate
from physical servers located in friendly or neutral countries, further
complicating our readiness to respond.

Another complexity in classifying attacks arises from the ever-evolving tactics
used by attackers. What was once considered a lone cyber incident may evolve
into an ‘armed attack’ as the attacker’s intentions and capabilities shift when
a network is breached, and they take advantage of their foothold. Additionally,
deployment in certain cyber actions can be instantaneous, posing an immediate
threat to national security, while others may unfold gradually, eluding
detection for extended periods. This subtlety, combined with the constant
evolution of cyber operations and capability, blurs the boundaries between
random attacks, espionage, sabotage, and acts of warfare.

AS THE INTERNATIONAL COMMUNITY GRAPPLES WITH CLASSIFYING CYBERATTACKS UNDER
INTERNATIONAL LAW, HOW CRUCIAL IS IT FOR NATIONS TO REACH A CONSENSUS? AND WHAT
MIGHT THE IMPLICATIONS BE IF A UNIVERSAL CLASSIFICATION ISN’T ESTABLISHED?

Because the digital landscape and the caliber of threats are constantly
evolving, it’s crucial that we quickly establish governance and regulations that
can mitigate potential catastrophic consequences. International laws bounding
these attacks could help organizations worldwide better prepare to prevent
attack escalation and have a clear response to threats.

Although not all countries or groups or individuals will adhere to international
laws, having a clear understanding of the legal dimensions of cyber warfare will
help clarify unacceptable parameters of attacks, including, for example, the
loss of critical infrastructure systems that could harm large numbers of
civilians. Moreover, the risk of misinterpreting cyber incidents as malicious
attacks can inadvertently signal hostility, transitioning a digital conflict
into traditional warfare. It is crucial to promptly address this issue and
develop a framework that manages the complexities of modern cyber conflicts.

CAN YOU DISCUSS THE ETHICAL DILEMMAS FACED BY MILITARY AND STATE CYBER OPERATORS
WHEN CONSIDERING “HACK BACK” OR “ATTACK BACK” OPTIONS, ESPECIALLY GIVEN THE
POTENTIAL RISKS OF MISIDENTIFYING THE ORIGINAL ATTACKER?

There are many concerns when determining the next steps in responding to a cyber
incident or attack that require careful navigation of ethics, further
underscoring the importance of international governance and regulations. An
escalatory response to a cyberattack, such as a “hack back” or “attack back,”
raises legal and ethical questions if such action could lead to a larger
conflict.

Because cyber attackers are becoming more skilled at hiding their true
identities, there is indeed cause for concern about whether a response could
lead to retaliatory actions and collateral damage against innocent parties.
Additionally, the intentions of the original attacker could be misidentified by
the victim, leading to disproportionate or unneeded attacks. It is also
important to consider the unintended consequences retaliation would have on the
nation’s citizens. For example, targeting critical infrastructure in a “hack
back” could lead to massive outages that would harm civilians. This necessitates
a cyber defense strategy that doesn’t just block or react, but one that is also
designed to seek out attackers’ motives and identities. It’s a tale as old as
time in the military world—if you understand your opponent’s motives, you have
the upper hand.

CYBERSECURITY REQUIRES GREAT COLLABORATION, BOTH INTERNALLY WITHIN A NATION AND
INTERNATIONALLY. HOW VITAL IS INTERNATIONAL COOPERATION IN THIS DOMAIN, AND HOW
CAN WE FOSTER IT?

Promoting collaboration and cooperation with allies and partners, and in some
cases even adversaries, means we can better address the complexities of a
changing cybersecurity landscape. By working together to create baseline
standards for cybersecurity, international cooperation will demonstrate a united
front to both state-sponsored and independent cyber attackers. Global
conversations are already happening with organizations like the United Nations
working to release cybersecurity initiatives over the misuse of technology by
malicious entities.

While many countries have organizations dedicated to creating national
regulations, like the United States’ Cybersecurity and Infrastructure Security
Agency (CISA), there needs to be stronger efforts put toward creating similar
organizations internationally. These organizations can then outline standards
and systems that create cybersecurity-focused tactics and requirements, like
information sharing, which foster cyber resiliency. This is another example of
traditional military strategy translating to digital warfare: allies are
important.

AUTOMATION IS BECOMING INCREASINGLY PREVALENT IN CYBER DEFENSE STRATEGIES. CAN
YOU PROVIDE INSIGHTS INTO THE RISKS AND REWARDS OF AUTOMATED RESPONSES IN
CYBERSECURITY?

Automation—particularly AI-powered automation—empowers cybersecurity teams to
implement cutting-edge security applications and use methods that used to
require too much manual labor to be effective. For example, applying automation
in Active Defense methods such as honey accounts or honey tokens makes the
previously time-consuming task of building those tools much simpler. Automating
information gathering and the deployment of these tools further increases their
effectiveness and efficiency. Adversaries will be automating their attacks to do
as much damage as possible, so defense strategies should follow suit.




More about
 * Acalvio
 * artificial intelligence
 * automation
 * CISA
 * cyber resilience
 * cybersecurity
 * cyberwarfare
 * data
 * deception
 * digital transformation
 * framework
 * government
 * opinion
 * regulation
 * strategy
 * USA

Share this

FEATURED NEWS

 * State-sponsored APTs are leveraging WinRAR bug
 * Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)
 * Jupyter Notebooks targeted by cryptojackers

Webinar: Tackle compiler-born vulnerabilities


SPONSORED


EBOOK: CYBERSECURITY CAREER HACKS FOR NEWCOMERS


GUIDE: SAAS OFFBOARDING CHECKLIST


WEBINAR: THE EXTERNAL ATTACK SURFACE & AI’S ROLE IN PROACTIVE SECURITY




DON'T MISS


STATE-SPONSORED APTS ARE LEVERAGING WINRAR BUG


CITRIX NETSCALER BUG EXPLOITED IN THE WILD SINCE AUGUST (CVE-2023-4966)


JUPYTER NOTEBOOKS TARGETED BY CRYPTOJACKERS


THE EVOLUTION OF DECEPTION TACTICS FROM TRADITIONAL TO CYBER WARFARE


10 ESSENTIAL CYBERSECURITY CHEAT SHEETS AVAILABLE FOR FREE




Cybersecurity news
Daily Newsletter
Weekly Newsletter
(IN)SECURE - monthly newsletter with top articles
Subscribe
I have read and agree to the terms & conditions
Leave this field empty if you're human:

© Copyright 1998-2023 by Help Net Security
Read our privacy policy | About us | Advertise
Follow us
×