from TaoSecurity
In January I posted Why a War Studies PhD? I recently decided to revise my title and abstract to include attention to both offensive and defensive aspects of intrusion campaigns.
I thought some readers might be interested in reading about my current plans for the thesis, which I plan to finish and defend in early 2018.
The following offers the title and abstract for the thesis.
Network Intrusion Campaigns: Operational Art in Cyberspace
Intruders appear to have the upper hand in cyberspace, eroding users' trust in networked organizations and the data that is their lifeblood. Three assumptions prevail in the literature and mainstream discussion of digital intrusions. Distilled, these assumptions are that attacks occur at blinding speed with immediate consequences, that victims are essentially negligent, and that offensive initiative dominates defensive reaction.
This thesis examines these assumptions through two research questions. First, what characterizes network intrusions at different levels of war? Second, what role does operational art play in network intrusion campaigns?
By analyzing incident reports and public cases, the thesis refutes the assumptions and leverages the results to improve strategy.
The thesis reveals that strategically significant attacks are generally not "speed-of-light" events, offering little chance for recovery. Digital defenders are hampered by a range of constraints that reduce their effectiveness while simultaneously confronting intruders who lack such restrictions. Offense does not necessarily overpower defense, constraints notwithstanding, so long as the defenders conduct proper counter-intrusion campaigns.
The thesis structure offers an introduction to the subject, and an understanding of cybersecurity challenges and trade-offs. It reviews the nature of digital intrusions and the levels of war, analyzing the interactions at the levels of tools/tactics/technical details, operations and campaigns, and strategy and policy. The thesis continues by introducing historical operational art, applying lessons from operational art to network intrusions, and applying lessons from network intrusions to operational art. The thesis concludes by analyzing the limitations of operational art in evolving digital environments.
Copyright 2003-2015 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)