“Master the battlefield of cyber threats with tactical attack path analysis”
As I discussed last week, tabletop exercises are an essential part of any organization’s cybersecurity preparedness strategy. These exercises simulate cyberattack scenarios to test the organization’s response to such incidents. To further this effort, let’s discuss how battlefield tactics can be combined with attack path analysis to enhance cyber survivability.
Battlefield vs. Cyber
There are many parallels between battlefield tactics and cyber-attacks. In fact, the language used to describe cyberattacks is often derived from military terminologies, such as “cyber warfare,” “cyber espionage,” and “cyber terrorism.” Here are a few ways in which battlefield tactics have been observed in cyberattacks:
- Reconnaissance: In both the tangible battlefield of kinetic warfare and the virtual battlefield of cyberattacks, reconnaissance is the critical step in gathering intelligence about your opponent. In a military context, this might involve scouting the enemy’s position, identifying weaknesses, and gathering information about troop movements. In a cyberattack, reconnaissance may involve identifying vulnerabilities in a target network, collecting information about that target’s security protocols, and identifying potential points of entry into the opponent’s system.
- Attack vectors: In military operations, the term “tactics” is used to refer to the approach to combat, the use of troops and various arms, as well as the execution of movement. In a cyberattack, an attack vector is analogous to tactics. It is the method that an attacker uses to gain access to a target system or network. Common attack vectors in cyber-attacks include phishing emails, malware, and exploiting software vulnerabilities.
- Deception: In both kinetic warfare and cyberattacks, deception is a crucial tactic. In military operations, deception might involve creating false information about placement or capabilities; or it might be planting fake troop movements to mislead the enemy about our intentions. In a cyberattack, deception may take the form of fake login screens or bogus email messages that attempt to trick users into revealing sensitive information.
- Offensive and defensive strategies: Just as in kinetic warfare, there are offensive and defensive strategies in cyberattacks. Offensive strategies involve using advanced persistent threats (APTs) or other sophisticated methods to gain access to a target network. Defensive strategies involve implementing firewalls, intrusion detection systems, and other security measures to warn of and protect against cyberattacks.
- Collateral damage: In both kinetic warfare and cyber-attacks, there is always the potential for collateral damage. In a military context, collateral damage often involves civilian casualties or damage to non-military infrastructure. In a cyberattack, collateral damage is experienced in disruption to normal business operations, organizational turmoil and uncertainty, and effects that are passed on to your customers and your suppliers.
Overall, there are many parallels between battlefield tactics and cyberattacks. By understanding these parallels, organizations can develop more effective cybersecurity strategies that incorporate the principles of military strategy and tactics.
Attack Path Analysis
Attack path analysis is a valuable tool for tabletop exercises that provides a way to identify and evaluate potential paths of attack. Participants gain an understanding of the ways an attacker might move through a network to reach their target. Attack path analysis can be combined with an understanding of battlefield tactics to improve cyber survivability:
- Identifying vulnerabilities: By using attack path analysis to map out the potential attack paths in a network, organizations can identify vulnerabilities and potential weaknesses in their security infrastructure. This information can be used to develop defensive strategies that are informed by military tactics, such as identifying choke points, fortifying key positions, and establishing defensive perimeters.
- Developing offensive strategies: Military tactics can also be applied in the development of offensive cyber strategies evaluated by a tabletop “red team,” such as using reconnaissance tactics to gather intelligence on targets, identifying potential attack vectors, and creating diversionary attacks to distract defenders. Attack path analysis can help to identify where these tactics may be effective and to develop a proactive strategy in response.
- Improving situational awareness: Military commanders rely on situational awareness to make informed decisions in the heat of battle. Similarly, cyber defenders can use attack path analysis to gain a better understanding of the threat landscape and attack vectors that are most likely to be used by an attacker. A better understanding of the potential attack paths and the likelihood of different types of attacks empowers defenders to make more informed decisions about resource allocations and the prioritization of defensive measures.
- Developing contingency plans: Military planners are trained to develop contingency plans for each scenario that they face. Cyber defenders also need to have viable contingency plans in place. Attack path analysis is a key capability in the development of contingency plans for potential cyberattacks. A better understanding of potential attack paths and the vulnerabilities they may lead to allows defenders to develop plans for responding to different types of attacks and mitigating the impact of any successful attack.
Attack path analysis is an excellent tool for tabletop exercises; it provides a visual representation of the potential attack paths and vulnerabilities in the network, which allows participants to identify vulnerabilities, test different scenarios, improve communication, and enhance planning and decision-making. Organizations can be better prepared for cyber threats and can act to improve their responses to cyberattacks.
The combination of battlefield tactics, drawn from military combat experience, with attack path analysis can significantly improve cyber survivability. By applying military principles to the cyber threat landscape, organizations can develop more effective defensive and offensive strategies, improve situational awareness, and develop contingency plans for a range of potential scenarios.