Cyber defense

GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
69 The execution phase begins when a sufficiently high degree of control and persistence is achieved to ensure the attack on the strategic objectives without being discovered. In this phase, the selection, collection, encryption and exfiltration of information of interest to the APT associated organization is done cautiously.
470.
In the anonymization phase, as the specific objectives are achieved, the APT proceeds to cover its tracks to eliminate any potential evidence of the activity and TTPs to hinder detection and potential future attribution.
471.
A main premise in APT cyber attacks is to keep control of the network without being detected as long as possible, therefore, in all phases, the APT pays maximum attention to implementing measures aimed at covering its tracks and keeping an activity that can be perceived as usual on the network, including long periods of inactivity if necessary.
472.
APT cyber attacks are of such magnitude, sophistication and complexity and their objectives are of such criticality that action to combat them must be planned, coordinated and developed on a specific military cyber operation.
473.
Combating APTs that threaten military objectives requires action led by the cyber force and coordination and collaboration with the network operations center (NOC) and police cybercrime units.
474.
Collaboration with the network operations center is necessary because many defensive measures have to be implemented by it and, on some occasions, the measures will affect the operation of the network, including temporary interruptions of critical services.
475.
In cases affecting the operation of the network, the operational authority of the affected systems must make decisions considering the arguments of the cyber force (security authority) focused on the eradication of the APT and the arguments of the NOC manager technical authority) focused on keeping the network operational.
476.
Collaboration with police cybercrime units is necessary in the cases that it is considered that the action of the APT may, in addition, constitute a crime and the pertinent court proceedings could be initiated.
477.
The great danger of APTs is that they produce silent effects, which do not attract attention and do not affect the operation and functionality of network’s services and systems, creating a false perception of security in senior leaders that are not directly involved in cyber defense but are who, ultimately, make the decisions about resources and measures necessary to cope with them.

Download 2.54 Mb.

Share with your friends: