Cyber defense
Download 2.54 Mb. View original pdf
|
- Navigate this page:
- FIGURE 20. OPTIONS IN COMBAT GUÍA DECIBERDEFENSA
| Asymmetry in combat 183. Asymmetry in combat in cyberspace is the disparity or disproportion between the resources necessary to cyber attack and those necessary for cyber defense, which means that, in many cases, the resources necessary to plan and conduct a cyber attack are less than those necessary to defend against that cyber attack. 184. Asymmetry in combat is graver in cyberspace than in the other domains due to reasons related to exposure surface, resources, legal framework, technology, personnel and identity. 185. The defender’s exposure surface is greater than the surface used in the attack. Defenders must prepare their defense against any type of attack on any part or component of their networks, while attackers will limit their activity to those components that make the attack possible by focusing on exploiting a reduced number of vulnerabilities. 186. In most cases, an organization invests more resources (financial, material, technical, and human) in defending its networks and systems than attackers do to intrude upon or cause them to malfunction. Although this is usually the case, it is not so in all cases. For example, to develop a STUXNET-type cyberattack requires the investment of an enormous amount of resources, only available to States or large corporations. FIGURE 20. OPTIONS IN COMBAT GUÍA DE CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 36 187. Legal framework favors attackers. Cyber attackers can evade national legislation by conducting cyber attacks from compromised networks located in third countries, while defenders are subject to compliance with the national legislation where the infrastructure is located. 188. The lack of international and bilateral agreements and the lack of a consensual and binding international legal framework on cyber defense makes it difficult to prosecute cyber attackers. 189. The defender, inmost cases, cannot make use of cutting-edge technology, either for reasons of budget constraints or for technical reasons, since an organization cannot expose its defenses with technologies that have not yet been extensively tested. On the other hand, the attacker may risk using an unproven emerging technology and discard it if it does not produce the desired effects (trial and error). 190. Defense technologies and tools are often better known to the attacker than attack technologies and tools by a defender, because defense technologies and tools tend to last overtime to payoff the economic investment, while an attacker continually tests new technologies and tools to surprise the defender. 191. The defense of networks and systems usually requires specially qualified personnel in many cybersecurity aspects. On the contrary, in many cyber attacks, a limited group of experts is needed to develop instructions and coordinate the action of a larger group of individuals with little qualification in cyber defense. 192. The attacker generally knows the identity of the defender and the defender’s environment organization, system, activity, functions, location, etc) while the defender usually does not know the attacker. 193. In the cyber operation planning process, it must betaken into account that the profitability of an offensive action maybe greater than that of a defensive action, as the saying goes, in some sports an attack is the best form of defense.” |