Cyber defense
Download 2.54 Mb. View original pdf
|
| CIBERDEFENSA ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR 74 511. Reaction is based on the resilience to keep operating, in standard or degraded mode, despite the cyber attack action, being able to restore essential functions after suffering the effects of a cyber attack (by establishing an operations continuity plan) and based on an offensive response that may destroy or impair the adversary’s cyber defense capabilities. 512. Surprise consists of carrying out cyber defense actions (TTPs) in the place, time and form that is unknown or unexpected by the adversary or for which the adversary is not prepared. 513. Surprise is an inherent characteristic of cyber threats, so that not only the place and time chosen by cyber attackers are, in many cases, unknown by the defender, but also the nature of the attack itself, the type, form and tactics employed change very quickly. 514. Ambushes (honeypots, honey nets, cyber deception platforms or weaponized decoys) and zero-day cyber attacks are examples of defensive and offensive cyber tactics based on the surprise principle. 515. Simplicity consists of preparing clear and uncomplicated plans and issuing clear, precise and concise orders to avoid misunderstandings and confusion, facilitate understanding of plans and orders and execution as intended. 516. Keeping the principle of simplicity in mind, at all times, is essential in cyber defense due to the complexity of planning and conducting cyber operations and the speed and dynamism of its execution that requires continuous changes of course. 517. Restraint refers to limitation of collateral damages and avoidance of unnecessary use of force. 518. The restraint principle acquires special relevance in cyberspace due to the difficulty of controlling the extent of the effects of a cyber attack, the difficulty of attribution, and the possible use of false flag cyber attacks that could cause a reaction on a compromised third party or that has been wrongly accused instead of on the true cyber attacker. 519. Perseverance refers to the aptitude to secure the commitment necessary to reach the final strategic situation. 520. Perseverance in cyber defense does not mean continuing an activity permanently, but keeping the conditions to ensure success, which, at times, could combine periods of activity with periods of inactivity. APTs are an example of the use of the principle of perseverance. 521. Perseverance implies unity of command to secure the commitment of all actors involved to strategic objectives. 522. In the cyber defense environment, where full protection is known to be unachievable in advance, persistence against robust defenses is a determining factor to discover vulnerabilities that will come to light sooner or later. 523. All doctrinal principles area guide for all domain of operations (land, sea, air and cyberspace, but they gain special relevance in the joint domain. |