A Strategy for Cyber Defense Strategy John C. Mallery ([email protected]) [email protected] Computer Science & Artificial Intelligence Laboratory Massachusetts Institute.

A Strategy for Cyber Defense StrategyA Strategy for Cyber Defense Strategy

John C. Mallery (John C. Mallery ([email protected])Computer Science & Artificial Intelligence LaboratoryComputer Science & Artificial Intelligence Laboratory

Massachusetts Institute of TechnologyMassachusetts Institute of Technology

Presentation at the 2010 Workshop on Cyber Security and Global Affairs & Security Confabulation IV, Zurich, July 7-9, 2010.

04/21/23 11:33 AM

John C. Mallery MIT CSAIL2

MessageMessage Decompose the cyber elephant!Decompose the cyber elephant!

Identify attacker business modelsIdentify attacker business models Make prioritized architectural moves to disrupt Make prioritized architectural moves to disrupt

attacker business modelsattacker business models Increase the work factor for attackersIncrease the work factor for attackers Lower the work factor for defendersLower the work factor for defenders

Plan defensive campaigns across life cycles of Plan defensive campaigns across life cycles of attack and defenseattack and defense Disrupt the attacker business model at choke pointsDisrupt the attacker business model at choke points Channel the attacker to more defensible attack Channel the attacker to more defensible attack

surfacessurfaces Seize the initiative Seize the initiative

Change the game to the advantage of defenseChange the game to the advantage of defense Change the incentive structures -> virtuous cyclesChange the incentive structures -> virtuous cycles Align security and mission incentivesAlign security and mission incentives


Threat Actors And CapabilitiesThreat Actors And CapabilitiesThreat Actors Motive Targets Means Resources

Nation StatesDuring War Time

PoliticalMilitary, intelligence, infrastructure, espionage, reconnaissance, influence operations

Intelligence, military, broad private sector

Fully mobilized, multi-spectrum

Nation StatesDuring Peace Time

PoliticalEspionage, reconnaissance, influence operations

Intelligence, military, leverages criminal enterprises or black markets

High, multi-spectrum, variable skill sets below major cyber powers

Terrorists, Insurgents

Political Infrastructure, extortion Leverage black markets? Limited, low expertise

Political Activists or Parties

Political Political outcomes Outsourcing? Limited, low expertise

Black Markets ForCyber Crime

Financial

Hijacked resources, fraud, theft, IP theft, illicit content, scams, crime for hire

Tools, exploits, platforms, data, expertise, planning

Mobilizes cyber crime networks

Criminal Enterprises

Financial

Reconnaissance, planning, diverse expertise

Professional, low end multi-spectrum, leverage of black markets

Small Scale Criminals

Financial

Leverages black marketsLow, mostly reliant on black markets

Rogue EnterprisesFinancial

IP theft, influence on sectoral issues

Outsourcing to criminal enterprises?

Sectoral expertise, funding, organization


Integration of Technical and Economic PerspectivesIntegration of Technical and Economic Perspectives

Security Engineering defends and attributes

Security Economics analyzes incentives and risks

Value at Risk

ThreatActors

AttackVectors

Value Monetization

Political Return


Asymmetries of Asymmetries of Cyber Attack and DefenseCyber Attack and Defense

Mode Attacker Defender

InitiativeChooses the best place, time and means of attack

Must defend everywhere, all the time, against any attack

CommunicationsOrganized around attack

-> GoodOrganized around product ->

Poor

Coordination Small group -> high Non-scalable -> low

Situational Awareness

HighAfter-market bolt-on

-> Low

Software Control HighDepends on supply chain ->

Low

Decision cycle FastMany stake holders

-> Slow

Agility High (apparent) Low

Knowledge Low, narrow High, broad but diffuse

Architectural Control Low High, but slow

Legal/LE Systems Low High, but slow


Laws of Information AssuranceLaws of Information Assurance Centralization Risk: Centralization Risk: Concentration of value attracts better Concentration of value attracts better

resourced attackers whenever the attacker work factor does not resourced attackers whenever the attacker work factor does not increase faster than the value at risk.increase faster than the value at risk. Corollary: Attackers can gain economies of scale through common Corollary: Attackers can gain economies of scale through common

mode vulnerability (low diversity)mode vulnerability (low diversity) Corollary: Multiplexing functionality on the same platform aggregates Corollary: Multiplexing functionality on the same platform aggregates

the individual threat modelsthe individual threat models Markowitz’s Law: Markowitz’s Law: A minimal complexity system has fewer attack A minimal complexity system has fewer attack

surfaces.surfaces. Corollary: Eliminate unnecessary functionalityCorollary: Eliminate unnecessary functionality

Gosler’s Law: Gosler’s Law: Architectural change displaces preferred attack Architectural change displaces preferred attack points.points. Corollary: Move attack points to where they can be best defended.Corollary: Move attack points to where they can be best defended.

Architectural Leverage: Architectural Leverage: Effective security can be achieved Effective security can be achieved through synergistic architectural moves targeting attacker work through synergistic architectural moves targeting attacker work factorsfactors Success is achieved by raising attacker work factor across attack Success is achieved by raising attacker work factor across attack

surfaces beyond the resources available to the attacker, or worthy of surfaces beyond the resources available to the attacker, or worthy of the target.the target.


Defensive Complexity AnalysisDefensive Complexity Analysis Meta-metric for security focuses on difficulty of tasks an attacker Meta-metric for security focuses on difficulty of tasks an attacker

or defender must performor defender must perform Work factor is the difficulty of executing tasksWork factor is the difficulty of executing tasks Analogous to computational difficulty in cryptoAnalogous to computational difficulty in crypto Extends beyond the technical designs to domain embeddingsExtends beyond the technical designs to domain embeddings

Dimensions of work factorsDimensions of work factors ResourcesResources

Computational complexityComputational complexity CostCost Expertise and KnowledgeExpertise and Knowledge

Planning, execution and information managementPlanning, execution and information management Cognitive difficulty (non-linear planning)Cognitive difficulty (non-linear planning) Learning difficultyLearning difficulty Organizational effectiveness/dysfunctionOrganizational effectiveness/dysfunction

RiskRisk UncertaintyUncertainty CultureCulture

Make technical or policy moves that cumulativelyMake technical or policy moves that cumulatively Impose hard problems on attackers Impose hard problems on attackers Facilitate coordinated defense Facilitate coordinated defense


High Leverage Solutions:High Leverage Solutions:Eliminate Whole Classes Of Vulnerability By DesignEliminate Whole Classes Of Vulnerability By Design

Example: Runtime type checking and array bounds checking eliminates 99% of penetration exploits on COTS operating systems. – Source: Alexander Sotirov (Solved in the 1970s – use it!)

Fixing security vulnerabilities at their source retires an entire attack surface, and its consequences.

Failure to fix the cause results in multiplicative vulnerabilities and multiplicative impacts on defender work factors.

Leverage means fixing the cause rather than the symptoms.

Example: Lack of separation in COTs operating systems means one Trojan in the supply chain can subvert downstream products and systems. (See separation kernels)

Example: Ubiquitous input validation eliminates code injection attacks (e.g., SQL injection) (see CLIM)

Tree Descent Is Exponential


Cyber Security Leverage is highest at Cyber Security Leverage is highest at base of IT Innovation Hierarchybase of IT Innovation Hierarchy


Attack/Defense Work Factors atAttack/Defense Work Factors atEvery Stage In System Life Cycles Every Stage In System Life Cycles

Evolving Technology Landscape

Requirements

Design

Implementation

Accreditation

Integration

Manufacturing

Shipping

Deployment

Operation

Training

Maintenance

Evolution

The attacker can choose to attack the weakest surface at the most inopportune time for the defender.

The sophisticated attacker can deploy multi-spectrum techniques in a well-resourced coordinated plan.

The sophisticated attacker can attack anywhere along the supply chain.

The defender must protect all attack surfaces at all times, including those in the supply chain


Attacker Work Factors at Every Stage in Attacker Work Factors at Every Stage in the Offensive Life Cycle (days)the Offensive Life Cycle (days)

Mode ActionResearch

Target

Conceptualize

Probe

Map networks, apps, files, info

Plan

Penetrate, Develop Persistence

& Collect

Camouflage

Penetrate

Camouflage

Execute

Exfiltrate

Obfuscate

Analysis Data Mine

Analyze

Disseminate& Act

Integrate

Distribute


Defender Work Factors at Every Stage Defender Work Factors at Every Stage in The Defensive Life Cycle (years)in The Defensive Life Cycle (years)

Mode ActionModel Anticipate

Attack

Attack Sensing, Warning and Response (ASW&R)

Sense, Warn, Respond

Identify Threat Diagnose

Design Mitigation

Adapt/remediate

Regenerate

Investigate

Develop & Deploy

Develop

Deploy Maintenance Or Upgrade


Today’s COTs: Even Partial Solutions Today’s COTs: Even Partial Solutions Can Impact The Attacker Work FactorCan Impact The Attacker Work Factor

Microsoft introduced a series of partial moves Microsoft introduced a series of partial moves against penetration over past 10 yearsagainst penetration over past 10 years Penetration is when the attacker gets his first Penetration is when the attacker gets his first

function to run before he escalates privilegefunction to run before he escalates privilege None of MS counter measures are fully effectiveNone of MS counter measures are fully effective Some break existing code and are not turned on Some break existing code and are not turned on

Yet, the impact on the attacker work factor Yet, the impact on the attacker work factor increased the time to develop an exploit from 3 increased the time to develop an exploit from 3 days in the late 1990s to 3 weeks in 2010days in the late 1990s to 3 weeks in 2010 Assumes exploit development (but not packaging) Assumes exploit development (but not packaging)

must be done by a single personmust be done by a single person Source: Alexander Sotirov, February, 2010Source: Alexander Sotirov, February, 2010

Still not outside the 4 week patch cycle? Still not outside the 4 week patch cycle?


Medium-term (3-5 yrs): Medium-term (3-5 yrs): Enhancing Power Grid SecurityEnhancing Power Grid Security

Create secure SCADA cyber infrastructure based on:Create secure SCADA cyber infrastructure based on: Minimal complexity hosts with high assuranceMinimal complexity hosts with high assurance Minimal connectivity overlay networksMinimal connectivity overlay networks

ApproachApproach Separation: Separation: Build on existing platforms like separation kernelsBuild on existing platforms like separation kernels Safety: Safety: Use safe programming languagesUse safe programming languages

Type checking & buffer bounds checkingType checking & buffer bounds checking Correctness: Correctness: Verify critical code, including compilerVerify critical code, including compiler Input Checking: Input Checking: Use comprehensive syntactic input Use comprehensive syntactic input

validationvalidation Example: CLIM presentation systemExample: CLIM presentation system

Model Checking: Model Checking: Build semantic model to validate inputBuild semantic model to validate input Massoud Amin (U. Minn.) claims that 60% of parameter input sets Massoud Amin (U. Minn.) claims that 60% of parameter input sets

could be checked for safetycould be checked for safety Resilience: Resilience: Build in via strong adaptive capacityBuild in via strong adaptive capacity Redundancy: Redundancy: Use physically redundant networking with out Use physically redundant networking with out

of band controlof band control Adapt approach to other critical infrastructuresAdapt approach to other critical infrastructures WF Impact: Major, state of the art security, push the WF Impact: Major, state of the art security, push the

attacks into the supply chain and insidersattacks into the supply chain and insiders


Mid-term (3-5 yrs): Prophylactic Mid-term (3-5 yrs): Prophylactic Networking Strategy (HTTP and SMTP) Networking Strategy (HTTP and SMTP)

Eliminate exploitable vulnerabilities from the network Eliminate exploitable vulnerabilities from the network application stack so as to deny botnets and bad actors a application stack so as to deny botnets and bad actors a vector through which to subvert COTs OSes.vector through which to subvert COTs OSes. Reimplement the TCP/IP and SSL stacks in a safe language. Reimplement the TCP/IP and SSL stacks in a safe language. Reimplement HTTP and SMTP servers and clients in safe languages. Reimplement HTTP and SMTP servers and clients in safe languages. Provide a competent security model and sandboxing for mobile code Provide a competent security model and sandboxing for mobile code

(e.g., JavaScript). (e.g., JavaScript). Use virtualized COTS OS + app (e.g. word, multimedia code) in a Use virtualized COTS OS + app (e.g. word, multimedia code) in a

one-shot-then-reset mode to view embedded media or attachments. one-shot-then-reset mode to view embedded media or attachments. Parse and rewrite any media or attachments that are returned to the Parse and rewrite any media or attachments that are returned to the

primary host environment.primary host environment. Industry knows how to implement these systemsIndustry knows how to implement these systems For probably $1B, the HTTP and SMTP range of software could For probably $1B, the HTTP and SMTP range of software could

be reimplemented within 2-3 years.be reimplemented within 2-3 years. Some legal requirements for “network safety” would incentivize Some legal requirements for “network safety” would incentivize

the development and update.the development and update. Spear phishing eliminated by design (maybe spam too)Spear phishing eliminated by design (maybe spam too) Drive-by Web site attacks eliminated by designDrive-by Web site attacks eliminated by design

WF Impact: Significant, push attacker on to other penetration WF Impact: Significant, push attacker on to other penetration vectors, make him do R&Dvectors, make him do R&D


Long-term (5-10 yrs): Long-term (5-10 yrs): Transformational ArchitecturesTransformational Architectures

Eliminate single point failures leading to collapse of Eliminate single point failures leading to collapse of security in:security in: System architectures (e.g., monolithic privileged kernel)System architectures (e.g., monolithic privileged kernel) Crypto (e.g., secret key leakage)Crypto (e.g., secret key leakage) ID management (e.g., insider)ID management (e.g., insider) Application architecturesApplication architectures

Principles:Principles: Bake in securityBake in security

Eliminate vulnerabilities by designEliminate vulnerabilities by design Enforce strong fine-grained separationEnforce strong fine-grained separation Factor componentsFactor components

Ground trust in multiple separate ways forcing an attack to Ground trust in multiple separate ways forcing an attack to compromise all simultaneouslycompromise all simultaneously

Enhance resilience through adaptive software forcing an Enhance resilience through adaptive software forcing an attacker to impair all functional variants simultaneouslyattacker to impair all functional variants simultaneously

Raise productivity dramatically based on semi-automatic Raise productivity dramatically based on semi-automatic program synthesis using verified and composable componentsprogram synthesis using verified and composable components

WF Impact: Dramatic, over the horizon, push attacks WF Impact: Dramatic, over the horizon, push attacks into the supply chaininto the supply chain


Work Factor Analysis Work Factor Analysis Can Help Guide Policy FormationCan Help Guide Policy Formation

Non-technical architectures have an impact on attacker Non-technical architectures have an impact on attacker and defender work factorsand defender work factors International Law: International Law: Distinguish attack rising to “armed force” Distinguish attack rising to “armed force”

from espionagefrom espionage Separate exploitation targets from CSeparate exploitation targets from C22 architecturally to enable architecturally to enable

clear response?clear response? Design component sourcing so that supply chain attacks must Design component sourcing so that supply chain attacks must

compromise multiple branches to succeed.compromise multiple branches to succeed. Eliminate single point supply chain vulnerabilitiesEliminate single point supply chain vulnerabilities Multiply suppliers and randomize component sourcingMultiply suppliers and randomize component sourcing

Technical architectures interact with policy choicesTechnical architectures interact with policy choices Isolation: Isolation: Separate functions across systems so that Separate functions across systems so that

compromise of a single system does not compromise multiple compromise of a single system does not compromise multiple systemssystems

Costs more moneyCosts more money Self-knowledge: Self-knowledge: Map systems to build situational awareness Map systems to build situational awareness

of functions at risk to infer attacker goals and business modelof functions at risk to infer attacker goals and business model Layout systems so they can be used to instrument attacker objectivesLayout systems so they can be used to instrument attacker objectives

Work factors can clarify leverage to help prioritize Work factors can clarify leverage to help prioritize policy movespolicy moves


Legal Moves: Legal Moves: Black Markets For Cyber CrimeBlack Markets For Cyber Crime

Black markets provide:Black markets provide: Scalable cyber crimeScalable cyber crime Empower low-end state actors (over 100)Empower low-end state actors (over 100)

A number of activities may not be illegal!A number of activities may not be illegal! Target reconnaissanceTarget reconnaissance Attack toolsAttack tools Cryptographic supportCryptographic support

Extend legal system to cover support activities for Extend legal system to cover support activities for cyber crimecyber crime Outlaw activities without non-criminal applicationsOutlaw activities without non-criminal applications Control “dual use” activities with high criminal leverageControl “dual use” activities with high criminal leverage

WF Impact: Increase work factor by raising legal riskWF Impact: Increase work factor by raising legal risk LE focus on high leverage supply activitiesLE focus on high leverage supply activities Increase scarcity & price of high leverage ingredientsIncrease scarcity & price of high leverage ingredients


Legal Moves: Legal Moves: Separate Cyber Crime From TerroristsSeparate Cyber Crime From Terrorists

Terrorist may seek cyber attack capabilities in criminal Terrorist may seek cyber attack capabilities in criminal black marketsblack markets

Cyber criminals are economic actorsCyber criminals are economic actors Pursue a business modelPursue a business model Seek to reduce risk to continuity of operationsSeek to reduce risk to continuity of operations

Make legal moves against transfer of cyber attack Make legal moves against transfer of cyber attack data, tools or expertise to terrorist organizationsdata, tools or expertise to terrorist organizations Raise response to national security level using military and Raise response to national security level using military and

intelligence resourcesintelligence resources Institute exceptionally severe penalties, especially for critical Institute exceptionally severe penalties, especially for critical

infrastructure attacksinfrastructure attacks Channel activity away from terrorismChannel activity away from terrorism

Make the risk reward calculus uneconomicMake the risk reward calculus uneconomic WF Impact: Reinforce incentives against aid to WF Impact: Reinforce incentives against aid to

terroriststerrorists


Economics: Monetizing Cyber Security Economics: Monetizing Cyber Security & Modernizing the IT Sector& Modernizing the IT Sector

Success: Success: Market forces spread reasonably high assurance throughout society and Market forces spread reasonably high assurance throughout society and

continue to innovate (continue to innovate (Precedent: 1990s build out of civilian Internet)Precedent: 1990s build out of civilian Internet) Requirements:Requirements:

Ability to accurately measure and compare system security characteristicsAbility to accurately measure and compare system security characteristics Predictive metricsPredictive metrics Historical data seriesHistorical data series

Ability of buyers of IT to reliably understand & measure riskAbility of buyers of IT to reliably understand & measure risk Anticipate and measure threat levelsAnticipate and measure threat levels Estimate losses due to potential cyber attacks Estimate losses due to potential cyber attacks Determine commensurate levels of investment in securityDetermine commensurate levels of investment in security

Transformation of the IT technology plane for security and agilityTransformation of the IT technology plane for security and agility Strongly bias work factors in favor of defender against attackerStrongly bias work factors in favor of defender against attacker Dramatically harden systems Dramatically harden systems Architect for adaptive resilience and rapid recoveryArchitect for adaptive resilience and rapid recovery Radically increase productivity of secure system development, certification, Radically increase productivity of secure system development, certification,

accreditation, and operationaccreditation, and operation Align security with functionality by making it inherent and largely transparentAlign security with functionality by making it inherent and largely transparent Deliver faster development cycles and superior total ownership cost than current Deliver faster development cycles and superior total ownership cost than current

generation COTSgeneration COTS Alignment of market incentives for uptake – ultimately next gen COTSAlignment of market incentives for uptake – ultimately next gen COTS

Stratify markets according to assurance needs to provide a learning curve Stratify markets according to assurance needs to provide a learning curve and a path to scaleand a path to scale

Phased introduction of safety regulations, liability and meaningful cyber insurance Phased introduction of safety regulations, liability and meaningful cyber insurance as industry is genuinely able to respond based on transformational technologiesas industry is genuinely able to respond based on transformational technologies

Attenuate rigidities in IT capital goods ecosystem that impede technical evolutionAttenuate rigidities in IT capital goods ecosystem that impede technical evolution


MessageMessage Decompose the cyber elephant!Decompose the cyber elephant!

Identify attacker business modelsIdentify attacker business models Make prioritized architectural moves to disrupt Make prioritized architectural moves to disrupt

attacker business modelsattacker business models Increase the work factor for attackersIncrease the work factor for attackers Lower the work factor for defendersLower the work factor for defenders

Plan defensive campaigns across life cycles of Plan defensive campaigns across life cycles of attack and defenseattack and defense Disrupt the attacker business model at choke pointsDisrupt the attacker business model at choke points Channel the attacker to more defensible attack Channel the attacker to more defensible attack

surfacessurfaces Seize the initiative Seize the initiative

Change the game to the advantage of defenseChange the game to the advantage of defense Change the incentive structures -> virtuous cyclesChange the incentive structures -> virtuous cycles Align security and mission incentivesAlign security and mission incentives

AppendixAppendix


Received Notions Of SustainabilityReceived Notions Of Sustainability Developmental Economics: Developmental Economics: Growth based on resources Growth based on resources

available in sufficient supply in the futureavailable in sufficient supply in the future Foreign exchange bottleneckForeign exchange bottleneck Environmental degradationEnvironmental degradation Sustainable development -> appropriate resource usageSustainable development -> appropriate resource usage

Green Technology: Green Technology: Reduced impact on environment (output) Reduced impact on environment (output) and improved utilization of depletable resources (input)and improved utilization of depletable resources (input) Renewable resources -> sustainabilityRenewable resources -> sustainability Clean energy sources to reduce COClean energy sources to reduce CO22 emissions and climate impact emissions and climate impact Efficient resource utilization (inputs & outputs/externalities)Efficient resource utilization (inputs & outputs/externalities)

Computational Sustainability: Computational Sustainability: Use of computation to improve Use of computation to improve resource utilization (e.g., resource utilization (e.g., Smart Grid)Smart Grid)

Core notion is Core notion is continuity of dissipative systemscontinuity of dissipative systems Non-equilibrium thermodynamics Non-equilibrium thermodynamics (Prigogine) looks at how living (Prigogine) looks at how living

systems maintain themselves in the face of entropy via matter energy systems maintain themselves in the face of entropy via matter energy exchange with their environmentsexchange with their environments

Living System Living System (autopoesis): a network of component producing (autopoesis): a network of component producing processes that recreate the network over timeprocesses that recreate the network over time


Cyber As A Cyber As A Computational Sustainability ConundrumComputational Sustainability Conundrum

Cyber refers to the embedding or integration of computation and Cyber refers to the embedding or integration of computation and communication within human organizations and social systemscommunication within human organizations and social systems Human systems are understood as living systemsHuman systems are understood as living systems Dissipative structures face Dissipative structures face perpetual challenge of continuityperpetual challenge of continuity

Must repair internal failures of essential componentsMust repair internal failures of essential components Must adapt to changing environmentsMust adapt to changing environments Usually face intelligent competitorsUsually face intelligent competitors

Cyber impacts continuityCyber impacts continuity Benefits: Benefits: Greater adaptive potential through better information and Greater adaptive potential through better information and

computationcomputation Challenges: Challenges: Environmental change driven by cyber Environmental change driven by cyber

Requires internal and external adaptationRequires internal and external adaptation Entropy: Entropy: Cyber attack/exploitation consume resourcesCyber attack/exploitation consume resources

Direct impact Direct impact of lost information or degraded operationof lost information or degraded operation Indirect cost Indirect cost of recovery or investment in cyber securityof recovery or investment in cyber security Social costs Social costs of cyber pollution - export of risk, externalitiesof cyber pollution - export of risk, externalities

Cyber sustainability involves:Cyber sustainability involves: Designing for reliability Designing for reliability to manage complexity to manage complexity Adapting to changes Adapting to changes in the environment, often cyber fueledin the environment, often cyber fueled Resisting cyber attack and exploitationResisting cyber attack and exploitation

Dialectic of computation: benefits come with vulnerabilitiesDialectic of computation: benefits come with vulnerabilities


Focus: Cyber Focus: Cyber Attack/ExploitationAttack/Exploitation

Cyber attack/exploitation undermines organizational Cyber attack/exploitation undermines organizational autonomyautonomy Computers become disloyal to owners, working against themComputers become disloyal to owners, working against them Reduced organizational integrity impairs goal seeking Reduced organizational integrity impairs goal seeking

behavior and weakens adaptive capacitybehavior and weakens adaptive capacity Everyday cyber impacts – death by 1000 cutsEveryday cyber impacts – death by 1000 cuts

Economic: Economic: Drag on GNP of cyber crime, recovery, cyber Drag on GNP of cyber crime, recovery, cyber security investmentsecurity investment

Innovation: Innovation: Loss of intellectual property, trade secrets, know-Loss of intellectual property, trade secrets, know-how, planshow, plans

National security: National security: Degraded systems, loss of classified Degraded systems, loss of classified informationinformation

Potential existential threats via cyberPotential existential threats via cyber Industrial espionage: Industrial espionage: Loss of commercial or national Loss of commercial or national

advantageadvantage Economic disruption: Economic disruption: Degradation of critical infrastructuresDegradation of critical infrastructures Cyber war: Cyber war: Impairment of national security functionsImpairment of national security functions


Moderate Frequency

High Frequency

Low Frequency Low Frequency

Attacker ResourcesHighLow

High

Low

Espionage

Cyber War with Peers

Cyber Terrorism?

Interdiction of Global Communication

Industrial Espionage

Cyber War

Major Critical Infrastructure Attacks

Cyber Crime

Interception of Global Communication

Attacker Resources Attacker Resources Required for Cyber ImpactsRequired for Cyber Impacts

MostCyber Data


Strategy DecompositionStrategy Decomposition Cyber technology baseCyber technology base

IT capital goods industryIT capital goods industry Computers, embedded, mobileComputers, embedded, mobile NetworkingNetworking

Telecommunications operatorsTelecommunications operators Identity management & crypto industriesIdentity management & crypto industries

Defense domainsDefense domains Military & intelligence systemsMilitary & intelligence systems Defense industrial baseDefense industrial base Critical infrastructureCritical infrastructure Government systemsGovernment systems Research infrastructureResearch infrastructure Supply ChainSupply Chain

Major enterpriseMajor enterprise EnterpriseEnterprise

ConsumerConsumer International cooperationInternational cooperation

AlliesAllies Trading partnersTrading partners GlobalGlobal

A Strategy for Cyber Defense Strategy John C. Mallery ([email protected]) [email protected] Computer Science & Artificial Intelligence Laboratory Massachusetts Institute.

Documents

mallerymit csail

cyber security

asymmetries of cyber

attacker work factor

cyber elephant

black marketshigh

attacker business modelsmake

major cyber powersterrorists