Proactive cyber defence


Proactive cyber defence means acting in anticipation to oppose an attack involving computers and networks. It represents the thermocline between purely offensive and defensive action; interdicting and disrupting an attack or a threat's preparation to attack, either pre-emptively or in self-defence. The mission of the pre-emptive proactive operations is to conduct aggressive interdiction and disruption activities against an adversary using: Psychological operations, Managed Information Dissemination, Precision Targeting, Information Warfare Operations and computer network exploitation and other active threat reduction measures. The proactive defense strategy is meant to improves information collection by stimulating reactions of the threat agents, provide strike options and to enhance operational preparation of the real or virtual battlespace. A measure for detecting or obtaining information as to a cyber attack, or impending cyber operation or for determining the origin of an operation that involves launching a pre-emptive, preventive, or cyber counter-operation against the source. Proactive cyber defence operations pre-emptively engage the adversary
The offensive capacity includes the manipulation or disruption of networks and systems with the purpose of limiting or eliminating the adversary's operational capability. This capability can be required to guarantee one's freedom of action in the cyber domain. Cyber-attacks can be launched to repel an attack or to support the operational action. The distinction between active cyber defence and offensive cyber operations is that the later requires legislative exceptions or executive prerogative to undertake. Hence, offensive cyber capabilities may be developed in collaboration with industry, or facilitated by private sector but operations are led by nation states. There are some exceptions, notably in self-defence or with judicial authority or assisting law enforcement.
CyberISR focuses a powerful lens onto the Internet-of-Everything. The capability provides strategic listening, enhanced situational understanding, precision and mission-confidence though a keen awareness of both adversary dynamics and one's attack surface, thus facilitating anticipatory threat reduction, accelerated evidence-based decision support, contextualization, targeting, the ability to mount an defence against.
Cyber threat hunting is the process of proactively and iteratively searching through networks to detect and isolate advanced threats that evade existing security solutions.
Offensive, proactive cyber activities and active cyber defence facilitate anticipatory threat reduction while informing protection, detection and incident response given its ability to engage the adversary at distance and time.
An active defence:
Strategically, cyber defence refers to operations that are conducted in the cyber domain in support of mission objectives. To help understand the practical difference between cyber security and cyber defence, is to recognize that cyber defence requires a shift from network assurance to mission assurance where cyber defence is fully integrated into operational planning across the Joint Functions. Cyber defence focuses on sensing, detecting, orienting, and engaging adversaries in order to assure mission success and to out-manoeuver that adversary. This shift from security to defence requires a strong emphasis on intelligence,and reconnaissance, and the integration of staff activities to include intelligence, operations, communications, and planning. Defensive cyber operations refer to activities on or through the global information infrastructure to help protect and institutions' electronic information and information infrastructures as a matter of mission assurance. Does not normally involve direct engagement with the adversary.
The distinction between cyber defence, active cyber defence, proactive cyber defence and offensive cyber operations has been influenced by doctrine, pragmatics of technology or tradecraft and legal thresholds.
Active cyber operations refers to activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security. Active cyber defence decisively engages the adversary and includes hunt and adversarial pursuit activities.

History

In the fifth century, B.C., Sun Tzu advocated foreknowledge as part of a winning strategy. He warned that planners must have a precise understanding of the active threat and not "remain ignorant of the enemy's condition". The thread of proactive defense is spun throughout his teachings.
Psychiatrist Viktor Frankl was likely the first to use of the term proactive in his 1946 book Man's Search for Meaning to distinguish the act of taking responsibility for one's own circumstances rather than attributing one's condition to external factors.
Later in 1982, the United States Department of Defense used "proactive" as a contrary concept to "reactive" in assessing risk. In the framework of risk management "proactive" meant taking initiative by acting rather than reacting to threat events. Conversely "reactive" measures respond to a stimulus or past events rather than predicting the event. Military science then and now considers defense as the science-art of thwarting an attack. Furthermore, doctrine poses that if a party attacks an enemy who is about to attack this could be called active-defense. Defense is also a euphemism for war but does not carry the negative connotation of an offensive war. Usage in this way has broadened the term to include most military issues including offensive, which is implicitly referred to as active-defense. Politically, the concept of national self-defense to counter a war of aggression refers to a defensive war involving pre-emptive offensive strikes and is one possible criterion in the 'Just War Theory'. Proactive defense has moved beyond theory. It has been put into practice in theatres of operation.
In 1989 Stephen Covey's The Seven Habits of Highly Effective People, published by Free Press, transformed the meaning "to act before a situation becomes a source of confrontation or crisis". Since then, "proactive" has been placed in opposition to the words "reactive" or "passive".

Origins

Cyber is derived from "cybernetics", a word originally coined by a group of scientists led by Norbert Wiener and made popular by Wiener's book of 1948, Cybernetics or Control and Communication in the Animal and the Machine. Cyberspace typically refers to the vast and growing logical domain composed of public and private networks; independently managed networks linked together through the lingua franca of the Internet, the Internet Protocol. The definition of Cyberspace has been extended to include all network-space which at some point, through some path, may have eventual access to the public internet. Under this definition, cyberspace becomes virtually every networked device in the world, which is not devoid of a network interface entirely. There is no air-gap anymore between networks.
The origins of cyber defense undoubtedly evolved from the original purpose of the Internet which was to harden military networks against the threat of a nuclear strike. Later cyber defense was coveted by the tenets of information warfare and information operations.
The rapid evolution of information warfare operations doctrine in the 1990s embraced a proactive preemptive cyber defense strategy.

Current status

The National Strategy to Secure Cyberspace was published in February 2003 to outline an initial framework for both organizing and prioritizing efforts to secure the cyberspace. It highlighted the necessity for public-private partnerships. Proactive threads include the call to deter malicious activity and prevent cyber attacks against America's critical infrastructures.
The notion of "proactive defense" has a rich history. The hype of "proactive cyber defence" reached its zenith around 1994. This period was marked by intense "hype" discussions under the auspices of Information Warfare. Much of the current doctrine related to proactive cyber defense was fully developed by 1995. A number of programs were initiated then, and advanced to full operation by 2005 including those of hostile states. Meanwhile, the public discussions diminished until the most recent resurgence in proactive cyber defense 2004–2008. Now most of the discussions around proactive defence in the literature are much less "proactive" than the earlier discussions in 1994 or existing operational programs. 'Proactive' is often used to hype marketing of security products or programs, in much the same way that "extreme" or "quality" adjectives have been misused.
The hype-cycle of discussion reached its peak in 1994. Present-day proactive cyber defense strategy was conceived within the context of the rich discussion that preceded it, existing doctrine and real proactive cyber defense programs that have evolved globally over the past decade. Dr. Robert John Garigue, a computational epistemologist and father of information warfare in Canada, published Information Warfare, Developing a Conceptual Framework. This was a landmark document in 1994 and genesis for proactive cyber defensive theory in Canada.
Founding members of the interdepartmental committee on Information Warfare, Dr. Robert Garigue and Dave McMahon wrote: Strategic listening, core intelligence and a proactive defence provide time and precision. Conversely, reacting in surprise is ineffective, costly and leaves few options. Strategic deterrence needs a credible offensive, proactive defence and information peacekeeping capability in which to project power and influence globally through Cyberspace in the defence of the nation. Similarly, Deterrence and diplomacy are required in the right dosage to dissuade purposeful interference with the national critical cyber infrastructures in influence in the democratic process by foreign states.

Vulnerabilities equities

Intelligence agencies such as the NSA were criticized for buying up and stockpiling zero-day vulnerabilities, keeping them secret and developing mainly offensive capabilities instead of defensive measures and helping patch vulnerabilities.
This criticism was widely reiterated and recognized after the May 2017 WannaCry ransomware attack.

Proactive pre-emptive operations

The notion of a proactive pre-emptive operations group emerged from a report of the Defense Science Board, 2002 briefing. The briefing was reported by Dan Dupont in Inside the Pentagon on September 26, 2002, and was also discussed by William M. Arkin in the Los Angeles Times on October 27, 2002. The Los Angeles Times has subsequently quoted U.S. Secretary of Defense Donald Rumsfeld revealing the creation of the "Proactive, Pre-emptive Operations Group". The mission of the P2OG is reportedly to conduct Aggressive, Proactive, Pre-emptive Operations to interdiction and disruption the threat using: Psychological operations, Managed Information Dissemination, Precision Targeting, Information Warfare Operations, and SIGINT... The proactive defense strategy is meant to improves information collection by stimulating reactions of the threat agents, provide strike options and to enhance operational preparation of the real or virtual battle space. The P2OG has been recommended to be constituted of "one hundred 'highly specialized people with unique technical and intelligence skills such as information operations, PSYOPS, network attack, covert activities, SIGINT, HUMINT, SOF, influence warfare/deception operations and to report to the National Security Council with an annual budget of $100 million". The group would be overseen by the White House's deputy national security adviser and would carry out missions coordinated by the secretary of defense or the CIA director. "The proposal is the latest sign of a new assertiveness by the Defense Department in intelligence matters, and an indication that the cutting edge of intelligence reform is not to be found in Congress but behind closed doors in the Pentagon." - Steven Aftergood of the Federation of American Scientists. DoD doctrinally would initiate a 'pre-emptive' attack on the basis of evidence that an enemy attack is imminent. Proactive measures, according to DoD are those actions taken directly against the preventive stage of an attack by the enemy.