Cryptome
links (.pdf) to a copy of a presolicitation (
original source)
by the US Air Force for “capabilities for cyber resiliency”
(BAA-RIK-14-07, dated August 1st 2014). That presolicitation mentions
“cyber deception” (MILDEC) as a specific focus area for FY15-FY16:
FY15 – FY16 SPECIFIC FOCUS AREA: CYBER DECEPTION
Background: Deception is a deliberate act to conceal
activity on our networks, create uncertainty and confusion against the
adversary’s efforts to establish situational awareness and to influence
and misdirect adversary perceptions and decision processes. Military
deception is defined as “those actions executed to deliberately mislead
adversary decision makers as to friendly military capabilities,
intentions, and operations, thereby causing the adversary to take
specific actions (or inactions) that will contribute to the
accomplishment of the friendly mission.” Military forces have
historically used techniques such as camouflage, feints, chaff, jammers,
fake equipment, false messages or traffic to alter an enemy’s
perception of reality. Modern day military planners need a capability
that goes beyond the current state-of-the-art in cyber deception to
provide a system or systems that can be employed by a commander when
needed to enable deception to be inserted into defensive cyber
operations.
Relevance and realism are the grand technical challenges to cyber
deception. The application of the proposed technology must be relevant
to operational and support systems within the DoD. The DoD operates
within a highly standardized environment. Any technology that
significantly disrupts or increases the cost to the standard of practice
will not be adopted. If the technology is adopted, the defense system
must appear legitimate to the adversary trying to exploit it.
Objective: To provide cyber-deception capabilities
that could be employed by commanders to provide false information,
confuse, delay, or otherwise impede cyber attackers to the benefit of
friendly forces. Deception mechanisms must be incorporated in such a way
that they are transparent to authorized users, and must introduce
minimal functional and performance impacts, in order to disrupt our
adversaries and not ourselves. As such, proposed techniques must
consider how challenges relating to transparency and impact will be
addressed. The security of such mechanisms is also paramount, so that
their power is not co-opted by attackers against us for their own
purposes. These techniques are intended to be employed for defensive
purposes only on networks and systems controlled by the DoD.
Advanced techniques are needed with a focus on introducing varying
deception dynamics in network protocols and services which can severely
impede, confound, and degrade an attacker’s methods of exploitation and
attack, thereby increasing the costs and limiting the benefits gained
from the attack. The emphasis is on techniques that delay the attacker
in the reconnaissance through weaponization stages of an attack and also
aid defenses by forcing an attacker to move and act in a more
observable manner. Techniques across the host and network layers or a
hybrid thereof are of interest in order to provide AF cyber operations
with effective, flexible, and rapid deployment options.
This focus area is currently envisioned to consist of two phases
running approximately 12 months each. The first phase (Concept
Development) will consist of one to three study efforts that will
examine potential deception technologies that could be developed. This
will focus on the description, design and development of techniques and
technologies that could be employed in an Air Force network. These
efforts will be brought to a proof-of-concept level, and the
implementations will be evaluated at the end of this phase. In the
second phase (Prototyping), also lasting approximately 12 months, one or
more of the concepts that show promise will be further developed to
produce a prototype system capable of demonstration in a relevant
environment. The system(s) developed by the end of this phase will be
evaluated. At the end of this second phase, a “go/no-go” decision will
be made to determine if the prototype(s) will undergo further
refinement, evaluation, and potential integration with an eye toward
transition.
Questions regarding this focus area can be directed to:
Anthony Macera
(315) 330-4480
anthony.macera.1@us.af.mil
As an indication of what it’s all about, I cite the following from
Deception for Defense of Information Systems: Analogies from Conventional Warfare (Neil C. Rowe and Hy S. Rothstein):
- Six general principles for effective tactical deception (Fowler and Nesbitt, 1995)
- Deception should reinforce enemy expectations
- Deception should have realistic timing and duration
- Deception should be integrated with operations
- Deception should be coordinated with concealment of true intentions
- Deception realism should be tailored to needs of the setting
- Deception should be imaginative and creative
- Taxonomy of kinds of deception (Dunnigan and Nofi, 2001)
- Concealment (“hiding your forces from the enemy”)
- Camouflage (“hiding your troops and movements from the enemy by artificial means”)
- False and planted information (disinformation, “letting the enemy get his hands on information that will hurt him and help you”)
- Lies (“when communicating with the enemy”)
- Displays (“techniques to make the enemy see what isn’t there”)
- Ruses (“tricks, such as displays that use enemy equipment and procedures”)
- Demonstrations (“making a move with your forces that implies imminent action, but is not followed through”)
- Feints (“like a demonstration, but you actually make an attack”)
- Insight (“deceive the opponent by outthinking him”)
Related (partially thanks to Jim Henderson / Raytheon):
EOF
No comments:
Post a Comment