Abstract image of a woman sitting on books and studying on a laptop

Pdf lachow anu

T
theresa may

The document discusses the importance and implications of active cyber defense (ACD) for the private sector, highlighting that governments cannot solely protect it and companies must take proactive measures. It addresses the legal challenges and policy questions surrounding ACD, including the need for clarity and acceptable frameworks to empower companies while managing risks. Recommendations include defining acceptable actions, improving public-private cooperation, and developing international standards.

Technology
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
© 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
| 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
| 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
| 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
| 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
| 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
| 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
| 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
| 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
| 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
| 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
| 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
| 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
| 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
| 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
| 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
| 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
| 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
| 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom

More Related Content

PPTX
Toxicology investigation of a poison death
reiamameer
 
PDF
What it Takes to be a CISO in 2017
Doug Copley
 
PPT
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 
PDF
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
PPTX
Click here to agree managing intellectual property when crowdsourcing solutions
Ian McCarthy
 
PDF
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
diannepatricia
 
PPTX
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
PPTX
The Essentials of Cyber Insurance: A Panel of Industry Experts
Shawn Tuma
 
Toxicology investigation of a poison death
reiamameer
 
What it Takes to be a CISO in 2017
Doug Copley
 
What CIOs and CFOs Need to Know About Cyber Security
Phil Agcaoili
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Click here to agree managing intellectual property when crowdsourcing solutions
Ian McCarthy
 
“Fairness Cases as an Accelerant and Enabler for Cognitive Assistance Adoption”
diannepatricia
 
Ntxissacsc5 purple 3-cyber insurance essentials-shawn_tuma.pptx
North Texas Chapter of the ISSA
 
The Essentials of Cyber Insurance: A Panel of Industry Experts
Shawn Tuma
 

Similar to Pdf lachow anu (20)

PPTX
Security_Trends_-_Johnson.ppt pdf download
ashishsinghion85
 
PPTX
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
PPTX
An Inside-Out Approach to Security in Financial Services
Forcepoint LLC
 
PPTX
Fixing Intranet Search
Prescient Digital Media
 
PPTX
Gdpr action plan - ISSA
Ulf Mattsson
 
PPTX
Netwatcher Credit Union Tech Talk
NetWatcher
 
PDF
Potential Opportunities for Common Federal Biometric Services
Duane Blackburn
 
PDF
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
PDF
SIAM Annual Meeting - CTeixeira MITRE V4
Christopher Teixeira
 
ODP
Mass Collaboration [Policy]: What, Why, and Choices
Mike Linksvayer
 
PDF
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
PDF
Getting Started with GDPR Compliance
DATAVERSITY
 
PDF
Global Talent Management: 6 Keys to Unlocking Success
DDI | Development Dimensions International
 
PPT
Ethical, Social, and Political Issues in E-commerce
Nor Ayuzi Deraman
 
PDF
Battle the Dark Side of Data Governance
DATAVERSITY
 
PDF
RWISE Modeling and Simulation Presentation
levihumphrey
 
PDF
Protecting What Matters Most – Data
Fujitsu Middle East
 
PPT
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Investorideas.com
 
PPTX
Compliance to Enablement - SABSA & GDPR
SABSAcourses
 
PPTX
6-Ch04-Ethics regarding IS _15Ed.pptx
AliHamza541704
 
Security_Trends_-_Johnson.ppt pdf download
ashishsinghion85
 
Establishing an insider threat programme: Know your Snowden - Puneet Kukreja,...
Puneet Kukreja
 
An Inside-Out Approach to Security in Financial Services
Forcepoint LLC
 
Fixing Intranet Search
Prescient Digital Media
 
Gdpr action plan - ISSA
Ulf Mattsson
 
Netwatcher Credit Union Tech Talk
NetWatcher
 
Potential Opportunities for Common Federal Biometric Services
Duane Blackburn
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Stephanie McVitty
 
SIAM Annual Meeting - CTeixeira MITRE V4
Christopher Teixeira
 
Mass Collaboration [Policy]: What, Why, and Choices
Mike Linksvayer
 
Olaf Kolkman - FIRST Keynote on Collaborative Security
Internet Technology Matters (Internet Society)
 
Getting Started with GDPR Compliance
DATAVERSITY
 
Global Talent Management: 6 Keys to Unlocking Success
DDI | Development Dimensions International
 
Ethical, Social, and Political Issues in E-commerce
Nor Ayuzi Deraman
 
Battle the Dark Side of Data Governance
DATAVERSITY
 
RWISE Modeling and Simulation Presentation
levihumphrey
 
Protecting What Matters Most – Data
Fujitsu Middle East
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Investorideas.com
 
Compliance to Enablement - SABSA & GDPR
SABSAcourses
 
6-Ch04-Ethics regarding IS _15Ed.pptx
AliHamza541704
 
Ad

Recently uploaded (20)

PDF
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
PPTX
Chapter 5: Probability Theory and Statistics
RandyFin
 
PPTX
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Five Habits of High-Impact Board Members
OnBoard
 
PDF
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Enhancing plagiarism detection using data pre-processing and machine learning...
IAESIJAI
 
Chapter 5: Probability Theory and Statistics
RandyFin
 
Benefits of Physical activity for teenagers.pptx
Nokwanda Thabethe
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Five Habits of High-Impact Board Members
OnBoard
 
A proposed approach for plagiarism detection in Myanmar Unicode text
IAESIJAI
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Getting started with AI Agents and Multi-Agent Systems
Maxim Salnikov
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
The various Industrial Revolutions .pptx
bandileshozi3
 
Hybrid horned lizard optimization algorithm-aquila optimizer for DC motor
IAESIJAI
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Ad

Pdf lachow anu

  • 1. © 2017 The MITRE Corporation. All rights reserved. | 1 | Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Dr. Irv Lachow Portfolio Manager, International Cybersecurity, MITRE Visiting Fellow, The Hoover Institution, Stanford University July 13, 2017 The Promise and Peril of Active Cyber Defense
  • 2. | 2 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Disclaimer ▪ The author's affiliation with The MITRE Corporation is provided for identification purposes only, and is not intended to convey or imply MITRE's concurrence with, or support for, the positions, opinions, or viewpoints expressed by the author.
  • 3. | 3 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 4. | 4 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Why Is Active Cyber Defense Important? ▪ Governments alone cannot protect the private sector ▪ Companies are increasingly capable of taking active steps to defend themselves—and are doing so ▪ Current legal and policy guidance is "absent, vague or difficult to operationalize." – Governments are effectively blocking companies from taking action ▪ Two most likely outcomes are undesirable: – Companies do nothing – Wild West
  • 5. | 5 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 What Does “Active Cyber Defense” Mean? ▪ Center for Cyber and Homeland Security – Active defense is a term that captures a spectrum of proactive cybersecurity measures that fall between traditional passive defense and offensive….the term is NOT synonymous with “hacking back.” (Emphasis added.) ▪ Hoffman and Levite (from Robert Dewar) – An approach to achieving cybersecurity predicated upon the deployment of measures to detect, analyze, identify and mitigate threats…combined with the capability and resources to take proactive or offensive action against threats… ▪ DARPA – DARPA’s Active Cyber Defense (ACD) program is designed to…[provide] cyber defenders a “home field” advantage: the ability to perform defensive operations that involve direct engagement with sophisticated adversaries in DoD-controlled cyberspace.
  • 6. | 6 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Examples of ACD Actions Source: CCHS
  • 7. | 7 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Benefits and Risks of ACD Actions Source: Hoffman and Levite
  • 8. | 8 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Activities Involve Risk Tradeoffs Source: Hoffman and Levite
  • 9. | 9 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 In Theory ACD Risks Can be Quantified Source: Hoffman and Levite
  • 10. | 10 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 11. | 11 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key Policy and Legal Questions ▪ Who can do ACD? ▪ What can they do? ▪ When can they do ACD? ▪ Who is help responsible when…? ▪ How address int’l aspects? ▪ How address technical developments?
  • 12. | 12 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Legal Frameworks: Not Much Help ▪ National Laws vary considerably but most prevent the bulk of ACD activities – Example: United States' Computer Fraud and Abuse Act ▪ International Laws – "Formal international treaties have no apparent direct application to the [ACD] questions being considered." ▪ Which legal models are most applicable? ▪ This lack of guidance needs to be addressed… Source: Lachow, CCHS, Rosenzweig
  • 13. | 13 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Principles-Based Approach (Market Driven) ▪ The Concept – Create normative principles for ACD behaviors ▪ Risk-based ▪ Formalized via industry-driven code of conduct – Use market-based mechanisms to enforce desired behaviors ▪ Insurance industry ▪ Civil torts ▪ Advantages – Relies on incentives to drive behavior – Balances risks – Adaptable to dynamic environment ▪ Challenges – Legal authority is still needed – Actions can have global consequences – Markets sometimes fail Source: Hoffman and Levite
  • 14. | 14 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Government-Licensed Private Security ▪ The Concept: – Only authorized firms are allowed to conduct ACD – Licensing requirements set by each country – Allowed actions would fall short of most aggressive ACD techniques – Close cooperation with gov’t authorities ▪ Advantages – Clear limits about allowable actions – Lower risk of collateral damage and escalation – Improved public-private cooperation ▪ Challenges – Licensing process – Oversight process – Coordination across nations – State-sanctioned activity Source: Rosenzeig
  • 15. | 15 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 “ACD Policy Framework” ▪ Fifteen recommended steps for U.S. industry, Executive Branch, and Congress ▪ Key themes – Define range of acceptable actions that balance efficacy and risk – Update legal instruments to reflect balanced approach – Work towards global standards across nations – Strengthen public-private cooperation – Create set of best practices that are promulgated across industry Source: CCHS
  • 16. | 16 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Consensus Findings ▪ Private sector needs to be given more authority to act ▪ ACD actions need to balance benefits and risks ▪ Legal clarity is necessary if not sufficient ▪ International aspects may be most challenging ▪ Government and industry cooperation is essential
  • 17. | 17 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 18. | 18 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Key References ▪ Center for Cyber & Homeland Security (CCHS). Into the Grey Zone: The Private Sector and Active Defense Against Cyber Threats: Washington, DC, The George Washington University, 2016. ▪ Croom, Charles, “The Cyber Kill Chain: A Foundation for a New Cyber Security Strategy,” High Frontier 6, No. 4 (2010): 52-56. ▪ Hoffman, Wyatt and Ariel E. Levite. Private Sector Cyber Defense: Can Active Measures Help Stablize Cyberspace: Washington, DC, Carnegie Endowment for International Peace, 2017. ▪ Lachow, Irving. Active Cyber Defense: A Framework for Policymakers: Washington, DC, Center for a New American Security, 2013. ▪ Rosenzweig, Paul, Steven P. Bucci and David Inserra. Next Steps for U.S. Cybersecurity in the Trump Administration: Active Cyber Defense, Backgrounder, No 3188: Washington, DC, The Heritage Foundation, 2017.
  • 19. | 19 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Agenda ▪ Active Cyber Defense Primer ▪ Policy Issues ▪ References ▪ Discussion
  • 20. | 20 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 Questions? Comments? Ideas?
  • 21. | 21 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 UK’s Government ACD Program ▪ Goal: “tackle, in [an] automated way, a significant proportion of the cyber attacks that hit the UK.” ▪ Led by National Cyber Security Centre ▪ Program elements – Strengthen infrastructure protocols – Secure email – Take down criminal websites – Filter DNS – Strengthen identity authentication Source: National Cyber Security Centre
  • 22. | 22 | © 2017 The MITRE Corporation. All rights reserved. For Internal MITRE Use. Approved for Public Release; Distribution Unlimited. Case Number 17-2636 ACD Techniques Most Useful Against Advanced Adversaries ▪ Cyber “hygiene” can thwart most criminal activity ▪ ACD requires time and effort and carries risks Source: Lachow and Croom