Counterintelligence Attack Theory

Presented at AppSec USA 2012, Oct. 26, 2012, 4 p.m. (45 minutes)

This presentation is centered on a new theory of attack prevention known as the Counterintelligence Attack Theory. The NSA has developed and published an approach to cyber security known as Defense In Depth. It is a practical strategy for achieving Information Assurance in today's highly networked environments, yet it is used as more of a catch phase than a realistic approach. Best practices and defense simply cannot prevent the attacks which have not been predefined or previously observed. The Defense In Depth stratagem will be reviewed and the procedure of Counterintelligence Attack Theory is presented as the missing element. The presentation concludes that Cyber Intelligence Analysts are missing from corporate organizations and are needed to develop the ability to understand cyber-attacks through a more holistic approach. Further Info: Public entities and private corporations incur considerable expenditures to prevent, mitigate, or remediate cyber-attacks. The current strategy employed is known as Defense In Depth. This is a practical strategy for achieving Information Assurance in today's highly networked environments. It is a "best practices" strategy in that it relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between the protection capability and cost, performance, and operational considerations. Unfortunately, the techniques that are used today are mostly based on deploying software and hardware technologies that provide an ability to restrict known attacks (or the proverbial low-hanging-fruit) and are at best reactive in nature. Best practices simply cannot prevent the attacks which have not been predefined or previously observed. This talk will present a new theory on attack prevention known as the Counterintelligence Attack Theory. It is not from a military perspective and is meant to address those with corporate responsibility for cyber security. Without addressing the legal framework or possible complications of a covert cyber action, this theory is designed to be an additional method of collection for the cyber intelligence analyst.

Presenters:

  • Fred Donovan
    Fred is a Professor and an application security researcher.

Links: