Cognitive Engagement in Active CyberDefense

Cybersecurity is traditionally seen as an asymmetrical relationship between adversaries and defenders, however recent research has attempted to reverse this trend by operationalizing cognitive engagement for the purpose of enhancing adversary attribution. In a traditional networked environment, adversaries have low risk (low chance of getting caught) and potentially high reward (getting high-level access to privileged information), while defenders have a large attack surface to cover (all internal and external network access) and limited resources (computing and manpower) with which to defend their resources. Using deceptive techniques within networks allows defenders to better attribute attack behavior, which allows for increased data gathering and more targeted interventions. We discuss attribution techniques including the use of game theory and deception to maximize adversary interaction in a safer networked environment.

Cognitive Engagement in Active CyberDefense

Sort by Article Category

PUBLICATIONS

Data Privacy and Security as a National Security Imperative
October 30, 2023 —

Though some may see data privacy as a purely consumer issue, data in the hands of malicious actors and foreign adversaries who seek to exploit Americans’ personal information can present cybersecurity and national security risks. Key strategy documents like the 2023 National Cybersecurity Strategy and Annual Threat Assessment of the U.S. Intelligence Community illuminate the need to safeguard our data. They highlight how adversaries can use this data against us—whether collected through commercial data aggregation or cyber breaches, which can increase the success of their espionage, influence, kinetic and cyberattack operations, or disinformation campaigns.

Join the R Street Institute for a special virtual event exploring the nexus between data privacy and security. Panelists will explore threats and risks; responsible and practical approaches to protect Americans’ data while allowing responsible use; and possible paths forward, such as a federal comprehensive data privacy and security law and other legislative and non-legislative options.

... MORE

Command by intent can ensure command post survivability
August 29, 2023 —

In a changing operational environment, where command posts are increasingly vulnerable, intent can serve as a stealth enabler.

A communicated commander’s intent can serve as a way to limit electronic signatures and radio traffic, seeking to obfuscate the existence of a command post. In a mission command-driven environment, communication between command post and units can be reduced. The limited radio and network traffic increases command post survivability.

... MORE

The Tipping Point for Army Distributed Command and Control
August 1, 2023 —

For more than a year, the U.S. Army’s I Corps has been advancing a key initiative called distributed command and control (C2), allowing the service to communicate and fight with joint and allied partners across the vast Indo-Pacific region. The Corps is putting pieces into place, operationalizing their vision of a nodal-based C2 system, a resilient transport layer, hybrid cloud and data warriors, corps technology leaders report.

... MORE

Acknowledging the Realities of the Cyber Workforce
July 20, 2023 —

The Department of Defense is failing to keep pace with current cyber domain demands, with a 25% vacancy rate across the department.

Though recruiters often target science, technology, engineering and math (STEM) students, panelists at the Homeland Security Conference proclaimed most everyday citizens can be trained in the field.

“I would argue that I can take anyone that has a passion and interest and good character and work ethic, and teach them the basic fundamentals of cybersecurity,” said Eric Scott, Information and Cybersecurity Department director at Georgia Tech Research Institute.

Metro Atlanta Representative Sebastian Barron spoke on behalf of the office of Gov. Brian Kemp to inform conference attendees of the vast shortage in cyber professionals in the state of Georgia. Nevertheless, there are more than 1.2 million kids in K-12 in Georgia who could take over as the next generation of cyber professionals.

... MORE

The Buzz About Electromagnetic Pulse Weapons
July 19, 2023 —

An electromagnetic pulse (EMP) may be naturally occurring or can be created from the detonation of a nuclear weapon high above the Earth’s surface. Various presidential administrations have grappled with how to best manage risks around EMP threats. As this paper explains, the nuclear EMP debate is unfortunately often framed between two extremes. Some administrations have focused on naturally occurring EMP threats, such as space weather events, whereas others have focused predominately on the nuclear EMP threat, or even taken a hybrid approach here. Despite this contretemps, protecting against one form of an EMP threat thankfully also serves to protect against the other. Thus, this paper recommends that the United States Government and private sector work together to harden the electric grid from both natural and man-made EMP incidents, and establish an EMP Manhattan Project to develop national contingency plans for such scenarios.

... MORE

Book review: ‘On Disinformation’ by Lee McIntyre
July 19, 2023 —

A few years ago, the US Army Cyber Institute stated that one of the biggest security threats came in the form of disinformation. So keen were they to press their point, they commissioned a graphic novel to outline the scenarios in which military capability and communication could be degraded by enemy disinformation. The idea was that everyone – particularly soldiers – would read a comic, while the serious messages on topics such as ‘microtargeting’ and ‘post truth’ were tucked away as articles between the pictures.

... MORE

IRREGULAR WARFARE PODCAST: EXPLORING CYBER POLICY IN THE DEPARTMENT OF DEFENSE
June 20, 2023 —

Is it possible to deter adversaries in the cyber domain—and if so, how? What should the US Department of Defense be learning from the role of cyber in the war in Ukraine? How do activities in the cyber domain overlay on—and influence—irregular warfare?

In Episode 81 of the Irregular Warfare Podcast, our guests tackle these, and other vexing questions presented by the increasing prominence of cyberspace as a warfighting domain. This is third episode produces as part of the IWI Project on Cyber. It features a rich and insightful discussion with Ms. Mieke Eoyang, deputy assistant secretary of defense for cyber policy, and Dr. Erica Lonergan, an assistant professor at the Army Cyber Institute at West Point and coauthor of the book Escalation Dynamics in Cyberspace.

... MORE

ARE WE ASKING TOO MUCH OF CYBER?
May 3, 2023 —

The U.S. intelligence community’s 2023 Annual Threat Assessment contains some alarming estimates, especially as it relates to the cyber capabilities of the People’s Republic of China. It states that Beijing would “almost certainly consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure and military assets worldwide” if they thought war was “imminent.” These operations “would be designed to deter U.S. military action by impeding U.S. decisionmaking, inducing societal panic, and interfering with the deployment of U.S. forces.” Such warnings are particularly concerning considering we may be in the midst of what some experts call “the decade of maximum danger.”

... MORE

West Point hosts Joint Service Academy Cybersecurity Summit as industry, government collaborate to defend against cyber threats
April 13, 2023 —

The date was May 8, 2021, and the Colonial Pipeline Company announced it halted its operations due to a ransomware attack, which disrupted critical supplies of gasoline and other refined products throughout the east coast of the United States – most notably, the southeast part of the U.S.

In the previous three years from 2018-20, similar ransomware attacks shutdown pipelines and customer communications systems were interrupted at four of the nation’s largest natural gas pipeline companies.

These incidents, and specifically the Colonial Pipeline Company cyberattack, have elevated the concern of security of the nation’s energy pipelines and government programs to protect critical infrastructure.

It is incidents like these that provided Palo Alto Networks, Inc., the world’s largest and leader in cybersecurity protection and software, the inspiration to bring industry and government entities together to collaborate to defend against current and future cyber threats by leveraging the unique communities of the service academies.

... MORE

Soldiers innovating technology, refining tactical concepts, and strengthening partnerships
April 11, 2023 —

SCHOFIELD BARRACKS, Hawaii – Soldiers from the 11th Cyber Battalion, 780th Military Intelligence (MI) Brigade (Cyber), U.S. Army Cyber Command (ARCYBER) refined tactical Cyber-Electromagnetic Activities (CEMA) concepts for the Army during an Operational Readiness Assessment here in late March 2023.

For the event the 11th Expeditionary CEMA Teams (ECTs) employed innovative technology with assistance from experts from the Army Cyber Institute (ACI) at the U.S. Military Academy at West Point, the Army Program Executive Office – Intelligence, Electronic Warfare and Sensors (PEO IEW&S) and industry partners, along with training with the Combat Mission Team, Detachment-Hawaii, 782nd MI Battalion (Cyber).

... MORE