Rough and Ready: Frameworks to Measure Persistent Engagement and Deterrence
Conference: BlackHat USA 2019
2019-08-08
Summary
The presentation discusses the need for a framework to measure the effectiveness of disruptive cyber operations and calls for the cybersecurity community to use and develop these frameworks.
- A three-year disruption operation was conducted to stop the spread of malware, but the authors of the malware quickly responded with new versions that bypassed defensive mitigations.
- The lack of delay from the other side suggests that a new offensive posture is making it more difficult for network defenders to protect their systems.
- The presentation proposes a framework to measure the effectiveness of disruptive cyber operations and calls for the cybersecurity community to use and develop these frameworks.
- The framework has some shortcomings, such as the effects of technical developments and geopolitical events, but the direction of the trend is more important than the exact numbers.
- The community needs to start measuring and sharing results openly to show evidence of the outcomes of their work and to convince policymakers and executives to take action.
Abstract
The US is in the midst of its most dramatic shift in policy, emphasizing forward defense and deterrence and to "intercept and halt" adversary cyber operations. Supporters believe these actions should significantly reduce attacks against the United States, while critics worry they may incite more adversary activity. There is no standard methodology to measure which is the case. This talk details recent research to introduce transparent frameworks to better assess whether the new U.S. policy and actions are suppressing or encouraging attacks.
Tags: