Proactive Cyber Defence
Encyclopedia
Proactive Cyber Defence means acting in anticipation to oppose an attack against computers and networks. Proactive cyber defence will most often require additional security from internet service provider
s.
Some of the reasons for a proactive defence strategy are about cost and choice. Making choices after an attack are difficult and costly. Proactive defence is key to mitigating operational risk
.
advocated “foreknowledge” or predictive analysis as part of a winning strategy. He warned that planners must have a precise understanding of the active threat and not “remain ignorant of the enemy’s condition.” The thread of proactive defence is spun throughout his teachings.
Psychiatrist Viktor Frankl
was likely the first to use of the term proactive in his 1946 book Man's Search for Meaning
to distinguish the act of taking responsibility for one’s own circumstances rather than attributing one’s condition to external factors.
Later in 1982, the United States Department of Defense
(DoD) used “proactive” as a contrary concept to “reactive’ in assessing risk. In the framework of risk management ‘proactive” meant taking initiative by acting rather than reacting to threat events. Conversely “reactive” measures respond to a stimulus or past events rather than predicting the event. In military science, then and now considers defence is the science-art of thwarting an attack. Furthermore doctrine poses that if a party attacks an enemy who is about to attack this could be called active-defence. Defence is also a euphemism for war but does not carry the negative connotation of an offensive war. Usage in this way has broadened the term to include most military issues including offensive, which is implicitly referred to as active-defence. Politically the concept of national self-defence to counter a war of aggression refers to a defensive war involving pre-emptive offensive strikes and is one possible criterion in the ‘Just War Theory’. Proactive defence has moved beyond theory. It has been put into practice in theatres of operation.
In 1989, Stephen Covey
's The Seven Habits of Highly Effective People
, published by Free Press, transformed the meaning "to act before a situation becomes a source of confrontation or crisis.” From that day “proactive” has been placed in opposition to the words "reactive" or "passive."
Cyber is derived from “Cybernetics”, a word originally coined by a group of scientists led by Norbert Wiener
and made popular by Wiener's book of 1948, Cybernetics or Control and Communication in the Animal and the Machine. Cyberspace typically refers to the vast and growing logical domain composed of public and private networks; independently managed networks linked together through the lingua franca of the Internet, the Internet Protocol
(IP). The definition of Cyberspace has been extended to include all network-space which at some point, through some path, may have eventual access to the public internet. Under this definition, cyberspace becomes virtually every networked device in the world, which is not devoid of a network interface entirely. There is no air-gap anymore between networks.
The origins of cyber defence undoubtedly evolved from the original purpose of the Internet which was to harden military networks against the threat of a nuclear strike. Later cyber defence was coveted by the tenets of information warfare and information operations.
The rapid evolution of information warfare operations doctrine in the 1990’s embraced a proactive pre-emptive cyber defence strategy.
“Information Warfare is an emergent reality that comes from a self-organization process that has never seen before. The problem is that we talk about it using terms that have well known connotations. And it is difficult to talk about something completely new using words that bring with them specific understanding and expectancies. The early period of the automobile faced a similar situation. At one time it was called a "horseless carriage" as this was the only way to define its essential quality. The car is more than a carriage without a horse. This is the dilemma we face when we discuss Information Warfare. The danger is that the uses of familiar words misrepresent and mask the true extend of the revolution that will have to take place if we are to be able to retain a military capacity in a new physical, social and cognitive space.” - Dr. Garigue, 1994.
The National Strategy to Secure Cyberspace was published in February 2003 to outline an initial framework for both organizing and prioritizing efforts to secure the cyberspace. It highlighted the necessity for public private partnerships. Proactive threads include the call to deter malicious activity and prevent cyber attacks against America’s critical infrastructures.
The hype-cycle of discussion reached its peak in 1994. Present-day proactive cyber defence strategy was conceived within the context of the rich discussion that preceded it, existing doctrine and real proactive cyber defence programs that have evolved globally over the past decade. Dr. Robert John Garigue, a computational epistemologist and father of information warfare in Canada, published Information Warfare, Developing a Conceptual Framework. This was a landmark document in 1994 and genesis for proactive cyber defensive theory in Canada.
“Effective cyber defenses ideally prevent an incident from taking place. Any other approach is simply reactive. FedCIRC, the NIPC, the NSIRC, the Department of Defense and industry components realize that the best [action] is a pre-emptive and proactive approach.” - Sallie McDonald, the Assistant Commissioner for the Office Of Information Assurance and Critical Infrastructure Protection, Federal Technology Service and General Services Administration; in offering testimony with regard to the National Infrastructure Protection Center (NIPC) and the Federal Computer Incident Response Center or FedCIRC; before The Subcommittee on Terrorism Technology and Government Information Committee on Judiciary and the United States Senate July 25, 2001.
The notion of a Proactive Pre-emptive Operations Group (P2OG) emerged from a report of the Defense Science Board
(DSB), 2002 briefing. The briefing was reported by Dan Dupont in Inside the Pentagon on September 26, 2002 and was also discussed by William M. Arkin in the Los Angeles Times on October 27, 2002. The Los Angeles Times has subsequently quoted US Secretary of Defence Donald Rumsfeld revealing the creation of the 'Proactive, Pre-emptive Operations Group.' The mission of the P2OG is reportedly to conduct Aggressive, Proactive, Pre-emptive Operations to interdiction and disruption the threat using: Psychological operations, Managed Information Dissemination, Precision Targeting, Information Warfare Operations, and SIGINT... The proactive defence strategy is meant to improves information collection by stimulating reactions of the threat agents, provide strike options and to enhance operational preparation of the real or virtual battle space. The P2OG has been recommended to be constituted of "one hundred 'highly specialized people with unique technical and intelligence skills such as information operations, PSYOPS
, network attack, covert activities, SIGINT, HUMINT, SOF, influence warfare/deception operations and to report to the National Security Council
with an annual budget of $100 million.” The group would be overseen by the White House's deputy national security adviser and would carry out missions coordinated by the secretary of defense or the CIA
director. "The proposal is the latest sign of a new assertiveness by the Defense Department in intelligence matters, and an indication that the cutting edge of intelligence reform is not to be found in Congress but behind closed doors in the Pentagon." - Steven Aftergood of the Federation of American Scientists. DoD doctrinally would initiate a ‘pre-emptive’ attack on the basis of evidence that an enemy attack is imminent. Proactive measures, according to DoD are those actions taken directly against the preventive stage of an attack by the enemy.
Strike back doctrine aligns with pre-emptive and counter-attack tactics of a proactive cyber defence strategy.
The notion of ‘proactive defence’ has a rich history. The hype of ‘Proactive cyber defence’ reached its zenith around 1994. This period was marked by intense ‘hype’ discussions under the auspices of Information Warfare. Much of the current doctrine related to proactive cyber defence was fully developed by 1995. A number of programs were initiated then, and advanced to full operation by 2005 including those of hostile states. Meanwhile the public discussions diminished until the most recent resurgence in proactive cyber defence 2004-2008. Now most of the discussions around proactive defence in the literature are much less ‘proactive’ than the earlier discussions in 1994 or existing operational programs. 'Proactive' is often used to hype marketing of security products or programs, in much the same way that 'extreme' or 'quality' adjectives have been misused.
RedShield Association
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
s.
Some of the reasons for a proactive defence strategy are about cost and choice. Making choices after an attack are difficult and costly. Proactive defence is key to mitigating operational risk
Operational risk
An operational risk is, as the name suggests, a risk arising from execution of a company's business functions. It is a very broad concept which focuses on the risks arising from the people, systems and processes through which a company operates...
.
Background
In the Fifth century, B.C., Sun TzuSun Tzu
Sun Wu , style name Changqing , better known as Sun Tzu or Sunzi , was an ancient Chinese military general, strategist and philosopher who is traditionally believed, and who is most likely, to have authored The Art of War, an influential ancient Chinese book on military strategy...
advocated “foreknowledge” or predictive analysis as part of a winning strategy. He warned that planners must have a precise understanding of the active threat and not “remain ignorant of the enemy’s condition.” The thread of proactive defence is spun throughout his teachings.
Psychiatrist Viktor Frankl
Viktor Frankl
Viktor Emil Frankl M.D., Ph.D. was an Austrian neurologist and psychiatrist as well as a Holocaust survivor. Frankl was the founder of logotherapy, which is a form of Existential Analysis, the "Third Viennese School of Psychotherapy"...
was likely the first to use of the term proactive in his 1946 book Man's Search for Meaning
Man's Search for Meaning
Man's Search for Meaning is a 1946 book by Viktor Frankl chronicling his experiences as a concentration camp inmate and describing his psychotherapeutic method of finding a reason to live...
to distinguish the act of taking responsibility for one’s own circumstances rather than attributing one’s condition to external factors.
Later in 1982, the United States Department of Defense
United States Department of Defense
The United States Department of Defense is the U.S...
(DoD) used “proactive” as a contrary concept to “reactive’ in assessing risk. In the framework of risk management ‘proactive” meant taking initiative by acting rather than reacting to threat events. Conversely “reactive” measures respond to a stimulus or past events rather than predicting the event. In military science, then and now considers defence is the science-art of thwarting an attack. Furthermore doctrine poses that if a party attacks an enemy who is about to attack this could be called active-defence. Defence is also a euphemism for war but does not carry the negative connotation of an offensive war. Usage in this way has broadened the term to include most military issues including offensive, which is implicitly referred to as active-defence. Politically the concept of national self-defence to counter a war of aggression refers to a defensive war involving pre-emptive offensive strikes and is one possible criterion in the ‘Just War Theory’. Proactive defence has moved beyond theory. It has been put into practice in theatres of operation.
In 1989, Stephen Covey
Stephen Covey
Stephen Richards Covey is the author of the best-selling book, The Seven Habits of Highly Effective People. Other books he has written include First Things First, Principle-Centered Leadership, and The Seven Habits of Highly Effective Families. In 2004, Covey released The 8th Habit...
's The Seven Habits of Highly Effective People
The Seven Habits of Highly Effective People
The Seven Habits of Highly Effective People, first published in 1989, is a self-help book written by Stephen R. Covey. It has sold more than 15 million copies in 38 languages since first publication, which was marked by the release of a 15th anniversary edition in 2004...
, published by Free Press, transformed the meaning "to act before a situation becomes a source of confrontation or crisis.” From that day “proactive” has been placed in opposition to the words "reactive" or "passive."
Cyber is derived from “Cybernetics”, a word originally coined by a group of scientists led by Norbert Wiener
Norbert Wiener
Norbert Wiener was an American mathematician.A famous child prodigy, Wiener later became an early researcher in stochastic and noise processes, contributing work relevant to electronic engineering, electronic communication, and control systems.Wiener is regarded as the originator of cybernetics, a...
and made popular by Wiener's book of 1948, Cybernetics or Control and Communication in the Animal and the Machine. Cyberspace typically refers to the vast and growing logical domain composed of public and private networks; independently managed networks linked together through the lingua franca of the Internet, the Internet Protocol
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
(IP). The definition of Cyberspace has been extended to include all network-space which at some point, through some path, may have eventual access to the public internet. Under this definition, cyberspace becomes virtually every networked device in the world, which is not devoid of a network interface entirely. There is no air-gap anymore between networks.
The origins of cyber defence undoubtedly evolved from the original purpose of the Internet which was to harden military networks against the threat of a nuclear strike. Later cyber defence was coveted by the tenets of information warfare and information operations.
The rapid evolution of information warfare operations doctrine in the 1990’s embraced a proactive pre-emptive cyber defence strategy.
“Information Warfare is an emergent reality that comes from a self-organization process that has never seen before. The problem is that we talk about it using terms that have well known connotations. And it is difficult to talk about something completely new using words that bring with them specific understanding and expectancies. The early period of the automobile faced a similar situation. At one time it was called a "horseless carriage" as this was the only way to define its essential quality. The car is more than a carriage without a horse. This is the dilemma we face when we discuss Information Warfare. The danger is that the uses of familiar words misrepresent and mask the true extend of the revolution that will have to take place if we are to be able to retain a military capacity in a new physical, social and cognitive space.” - Dr. Garigue, 1994.
The National Strategy to Secure Cyberspace was published in February 2003 to outline an initial framework for both organizing and prioritizing efforts to secure the cyberspace. It highlighted the necessity for public private partnerships. Proactive threads include the call to deter malicious activity and prevent cyber attacks against America’s critical infrastructures.
The hype-cycle of discussion reached its peak in 1994. Present-day proactive cyber defence strategy was conceived within the context of the rich discussion that preceded it, existing doctrine and real proactive cyber defence programs that have evolved globally over the past decade. Dr. Robert John Garigue, a computational epistemologist and father of information warfare in Canada, published Information Warfare, Developing a Conceptual Framework. This was a landmark document in 1994 and genesis for proactive cyber defensive theory in Canada.
“Effective cyber defenses ideally prevent an incident from taking place. Any other approach is simply reactive. FedCIRC, the NIPC, the NSIRC, the Department of Defense and industry components realize that the best [action] is a pre-emptive and proactive approach.” - Sallie McDonald, the Assistant Commissioner for the Office Of Information Assurance and Critical Infrastructure Protection, Federal Technology Service and General Services Administration; in offering testimony with regard to the National Infrastructure Protection Center (NIPC) and the Federal Computer Incident Response Center or FedCIRC; before The Subcommittee on Terrorism Technology and Government Information Committee on Judiciary and the United States Senate July 25, 2001.
The notion of a Proactive Pre-emptive Operations Group (P2OG) emerged from a report of the Defense Science Board
Defense Science Board
The Defense Science Board is a committee of civilian experts appointed to advise the U.S. Department of Defense on scientific and technical matters...
(DSB), 2002 briefing. The briefing was reported by Dan Dupont in Inside the Pentagon on September 26, 2002 and was also discussed by William M. Arkin in the Los Angeles Times on October 27, 2002. The Los Angeles Times has subsequently quoted US Secretary of Defence Donald Rumsfeld revealing the creation of the 'Proactive, Pre-emptive Operations Group.' The mission of the P2OG is reportedly to conduct Aggressive, Proactive, Pre-emptive Operations to interdiction and disruption the threat using: Psychological operations, Managed Information Dissemination, Precision Targeting, Information Warfare Operations, and SIGINT... The proactive defence strategy is meant to improves information collection by stimulating reactions of the threat agents, provide strike options and to enhance operational preparation of the real or virtual battle space. The P2OG has been recommended to be constituted of "one hundred 'highly specialized people with unique technical and intelligence skills such as information operations, PSYOPS
Psychological warfare
Psychological warfare , or the basic aspects of modern psychological operations , have been known by many other names or terms, including Psy Ops, Political Warfare, “Hearts and Minds,” and Propaganda...
, network attack, covert activities, SIGINT, HUMINT, SOF, influence warfare/deception operations and to report to the National Security Council
National Security Council
A National Security Council is usually an executive branch governmental body responsible for coordinating policy on national security issues and advising chief executives on matters related to national security...
with an annual budget of $100 million.” The group would be overseen by the White House's deputy national security adviser and would carry out missions coordinated by the secretary of defense or the CIA
Central Intelligence Agency
The Central Intelligence Agency is a civilian intelligence agency of the United States government. It is an executive agency and reports directly to the Director of National Intelligence, responsible for providing national security intelligence assessment to senior United States policymakers...
director. "The proposal is the latest sign of a new assertiveness by the Defense Department in intelligence matters, and an indication that the cutting edge of intelligence reform is not to be found in Congress but behind closed doors in the Pentagon." - Steven Aftergood of the Federation of American Scientists. DoD doctrinally would initiate a ‘pre-emptive’ attack on the basis of evidence that an enemy attack is imminent. Proactive measures, according to DoD are those actions taken directly against the preventive stage of an attack by the enemy.
Strike back doctrine aligns with pre-emptive and counter-attack tactics of a proactive cyber defence strategy.
The notion of ‘proactive defence’ has a rich history. The hype of ‘Proactive cyber defence’ reached its zenith around 1994. This period was marked by intense ‘hype’ discussions under the auspices of Information Warfare. Much of the current doctrine related to proactive cyber defence was fully developed by 1995. A number of programs were initiated then, and advanced to full operation by 2005 including those of hostile states. Meanwhile the public discussions diminished until the most recent resurgence in proactive cyber defence 2004-2008. Now most of the discussions around proactive defence in the literature are much less ‘proactive’ than the earlier discussions in 1994 or existing operational programs. 'Proactive' is often used to hype marketing of security products or programs, in much the same way that 'extreme' or 'quality' adjectives have been misused.
See also
- US National Strategy to Secure CyberspaceNational Strategy to Secure CyberspaceIn the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 terrorist attacks...
- ITU Global Cybersecurity Agenda
RedShield Association
External links
- Anderson, K. "Intelligence-Based Threat Assessments for Information Networks and Infrastructures: A White Paper".
- "Critical Infrastructure: Homeland Security and Emergency Preparedness"
- Infracritical
- Centre for the Protection of National Infrastructure (United Kingdom)
- National Infrastructure Institute (NI2) Center for Infrastructure Expertise
- "Water Infrastructure Security Enhancements" draft national standards
- Operational Continuity and Additivity of Operational Risk, Tyson Macaulay 2008
- Metrics and Operational Continuity, Tyson Macaulay 2008