Enhancing Cyber Situational Awareness Through Active Defence

Self-defense in Cyberspace and the internet

Cyberspace and internet have numerous benefits to their users. Through them, information sharing and interaction between different groups of people have been made easier than before. However, cyber-attacks are among the challenges that emanate from the use of cyberspace and internet. Some people have termed cyber attacks as a form of war because of the damages that result from these crimes (Kesan & Hayes 2011).

To manage this situation, different national and international laws have been adopted. For example, self-defense, also known as active defense has been proposed. Self-defense in cyberspace and internet is where an individual counter-strike in response to cyber-attacks. According to Kesan and Hayes (2012), individuals who oppose self-defense are not aware of the significant part it has played in reducing cyber-attacks. It has come out clear that self-defense is meant for the protection of individual privileges (Gibson 2004). Moreover, the United Nations charter supports self-defense mechanism under article 51.

The following Likert scale statements will help to determine whether self-defense should be adopted in cyberspace and internet or not:

Self-defense should be adopted as a major strategy in the control of cyberspace and internet attacks internationally.

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Self-defense in the control of cyberspace crimes should be adopted but exceptions should be put in place for its applications:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Self-defense in the control of cyberspace attacks limits international liberty by increasing power dominance among best military equipped countries:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Indicate whether you are satisfied with the following statement.

That developed countries are highly favored with self-defence mechanism in the control of cyber attacks than developing countries:

  • Very satisfied
  • Dissatisfied
  • Neither satisfied nor dissatisfied
  • Satisfied
  • Very satisfied
  • Not sure/not applicable

From the choices one to five, select the crucial factor that should be considered before implementing self-defense mechanism in the case of cyber-war.

  • Justification of the attack
  • International relations
  • Individual interest
  • Support from unaffected parties
  • Ineffectiveness of other strategies

Deception in cyberspace

Deception is an interaction between two parties in which one is a deceiver and the other party is a target (Rowe & Custy 2007). The target has to act in a way that the deceiver should benefit from. In cyberspace, hiding identity is one of the most commonly known forms of deception where impersonation can be used to obtain sensitive information. Deception mechanisms can be important in fooling attackers in cyber attacks (Rowe 2006). As countries invest in prevention of cyber attacks, there is a need to improve on deception as a way to handle cyberattacks rather than blocking the attackers. However, it is not easy to implement similar deception practices in the long run.

Understanding an attacker is vital in the control of cyberattacks. Therefore, unlike blocking the attackers, deception can help understand them.

To what extent do you think the use of deception can help obtain attackers’ information in cyberspace crimes?

  • Very little
  • Little
  • Very much
  • Much
  • Not sure/not applicable
  • Impossible

Use of deception in the control of cyber attacks should be avoided because it raises moral and ethical issues:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Information gathered by deception means from an attacker is likely to be accurate and hence understanding the origin of the attacker:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

It is good to block an attacker than use deception to retrieve his or her information because some attackers may be familiar with some of the deception techniques:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Using offensive approach to gather intelligence about the enemy (hacking)

According to Ponemon Institute (2012), findings indicate that 44% of organizations value use of a strong offensive approach in fighting cyber attacks. However, the remaining percent do not value the importance of an offensive approach in fighting hackers because they are limited by their budgets. Offensive approach refers to a proactive and adversarial approach in which organizations protect their computer systems, and networks from hackers. Unlike conventional security approach, offensive approach aims at finding the intruders and disabling their activities. Therefore, because of this attribute, it is suitable for organizations to use this technique to gather intelligence information about the enemy.

Please indicate the major threats the organization faces in its move to adopt the offensive approach. Five indicates the highest priority while one indicates the least priority:

  • Web scrapping
  • Denial of service (DoS)
  • Distributed denial of service
  • Viruses, worms and Trojans
  • Malicious insiders
  • Cross-site scripting

How do you rate building of a strong offense in reduction of your organization’s risk in cyber-attacks?

  • Extremely Poor
  • Below Average
  • Average
  • Above Average
  • Excellent

There are three security intelligence technologies suitable for developing offensive capabilities. Please match each feature as either important or very important on the five scales below:

Technology Very important Important
Technology denying service before an attack occurs
Technology identifying attackers weak points
Technology halting hackers system

Important of passive data collection

Passive defense is one of the types of defense used in management of cyber terrorism. This mechanism involves protection of information technology assets. This mechanism is not strict on attackers compared to the active mechanism. Data collected from this mechanism is termed to be passive because there is no clear interaction between the attacker and a system owner (Cayirci, & Ghergherehnchi 2011). Therefore, lack of serious penalties on intruders makes it easier to collect data about intruders and understand their attacking techniques.

To what extent do you agree with the statement that use of passive mechanisms in understanding cyber attackers is the easiest way because attackers do not complicate their attacking techniques due to lack of serious penalties:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

To what extent are you satisfied with the perception that the collection of passive data in handling cyber-attacks helps limit cyber-attackers from complicating their techniques from time to time?

  • Very satisfied
  • Dissatisfied
  • Neither satisfied nor dissatisfied
  • Satisfied
  • Very satisfied
  • Not sure/not applicable

Collection of passive data is better than collection of active data in cyber-attacks:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Importance of active data collection

Unlike passive data collection, active data collection implies the move by an organization to impose serious penalties on a cyber-attacker (Cayirci, & Ghergherehnchi 2011). It involves the organization going to an extent of determining the identity of the attacker. Actively pursuing the activities of the attacker helps organizations obtain a better understanding of the attacker and increases an organization’s capability to manage new cybercrime attacks.

Active data collection in cyber-attack control threatens attackers from invading organizations information:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

It is assumed that active data collection is mostly done by the governments. How does your organization utilize the available forms of active data collection, which can be done by an organization without government intervention?

  • Very poor
  • Poor
  • Very good
  • Good
  • Not sure/not applicable

Collection of active data is better than collection of passive data in cyber-attacks:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Importance of attacker identity, attacker location, motive and goal, capabilities weakness, and Impact

An effective fight against cybercrime requires proper manipulation of the above variables, which relates to a better understanding of the attacker (Hao, Yong, Mia Hao, Na & Kanadan 2009). A clear understanding of these factors makes it easier for an organization to develop a suitable strategy to control an attacker. The scale below helps determine the importance of these factors in the fight against cyber-attacks.

Attacker’s identity

Understanding an attacker’s identity in cyber-attacks helps an organization eliminate the attacker’s activities completely.

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

To what extent do you rate your organization’s commitment to establishing an attacker’s identity during a cyber-attack investigation?

  • Very high
  • High
  • Low
  • Very low
  • Not sure

Attacker’s location

Understanding an attacker’s location provides a background to implement and improve on cyberspace legal frameworks in a particular area:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Rating your organization at or below five, what are the main reason your organization does not identify an attacker’s location during self-defense?

  • Limited resources and budget
  • Limitations from the available technologies
  • Personnel limitations
  • Ignored in the company security policies
  • Other (specify)

Motive and goal

Understanding an attacker’s goal and motive helps an organization know the kind of information to highly protect and design suitable protection strategies:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

In your own opinion, rating as either difficult or very difficult, how do you rate your organizations in identifying an attacker’s motive and goal?

  • Difficult
  • Very difficult

Capabilities

Kindly rate your organization’s ability to counter diverse attackers’ capabilities to overcome diverse cyber-attacks techniques (please use this scale; 1 (weak) = unable to counter dynamic attacker’s capability and 10 (strong) = ability to effectively respond to attackers’ dynamic capabilities:

1(weak)
2
3
4
5
6
7
8
9
10(Strong)

Attackers’ capabilities make self-defense mechanisms ineffective in responding to cyber-attacks.

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Weakness

An organization’s or a country’s weakness may make self-defense mechanism ineffective in combating cyber-attacks:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Please rate your organization’s weaknesses that make it hard to use self-defense mechanisms in response to cyber-attacks. Please use a scale of one to 10 in which 1 indicates a few weaknesses and 10 indicates numerous weaknesses.

1(a few)
2
3
4
5
6
7
8
9
10(numerous)

Impacts

Do you agree with the statement that negative impacts of using self-defense mechanisms to respond to cyber-attacks are immense compared to another mechanism?

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Taking your rating to be at five and below, what are the main impacts of your organization using self-defense during a cyber-attack?

  • Destruction of both national and international relationships
  • Hindrance of global liberty
  • Pressure on an organization’s resources and budget
  • Quick elimination of cyber-attacks threats
  • Other (specify)

Intelligence gathering from an enemy domain

Intelligence gathering is essential to any organization subject to cyber-attacks. It helps the organization understand an enemy’s tactics and work on ways to counter them. Unfortunately, enemies also conduct intelligence gathering on a certain organization. Such gatherings turn out to be a threat to an organization’s move to control cyber-attacks (Habboush 2012).

An organization subject to cyber-attacks needs to focus on intelligence gathering to understand the motives and goal of the attackers hence making self-defense mechanism suitable in the control of cyber attacks:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

With a scale of 1 to 5, how does your organization respond to intelligence gathering from an enemy’s domain (1= weak and 5= strong):

1(weak)
2
3
4
5(strongly)

Intelligence gathering can ensure that use of active defensive in cyber-attacks is justified:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Cyber situational awareness (CSA)

CSA refers to understanding the occurrences in a specific domain after one initiates a command on specified goals and objectives to help understand information, events and results (Christian 2010). It is essential in altering decisions to already made commands. An offensive approach can be effective in enhancing CSA. This is because this approach aims at identifying cyber-attackers and disabling their operations (Ponemon Institute 2012).

Taking your rating to be at five and below, what are the significances of CSA when offensive approach is employed?

  • It is easier to answer the who, what, how, and when of a cyber-crime
  • Recognizes an organization’s technical performance
  • It is an assurance to missions and enhances cyber security
  • Other (specify)

Offensive approach will enhance CSA than any other approach:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

CSA can help nations justify the use of active defense in cyber-attacks:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

The process of hacking

Re-designing and configuration of computer hardware and software to alter the intended function is known as hacking (Bachmann 2010). It is a process by which hackers obtain information from an organization’s system. The process involves three major steps, which include footprinting, scanning, and enumeration (Boyd 2000). In the first step, the hackers obtain an organization’s information. The second step involves the automation of a network ping sweep to determine the viability of an individual step. The step involves users attacking an organization again if the previous steps did not yield expected results. It is done by targeting valid user accounts and resources that are poorly protected (Boyd 2000). Understanding the process of hacking makes it easier for people to overcome its effects. The Linkert scale below is to help understand the degree to which people understand the process of hacking.

Limiting supply of an organization’s information on the internet will make it hard for hackers to determine the scope of an organization’s footprint actions:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

How many times have you given necessary information to people you do not know after manipulation on internet?

  • More than ten times
  • Ten times
  • Less than ten times
  • Never
  • Not sure

Using your organization’s hardware or software for the purpose not intended for it can make it easier for hackers to hack into an organization system:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

If you find your user account information manipulated by unknown person what is the first thing you do?

  • Change the password
  • Report to your organization Information Technology department
  • Ignore
  • Explain to your best friend
  • Other (specify)

Target variables needed to start an attack

Hackers have variables that they target to achieve their goals. These variables should be determined by the hackers for them to identify an opportunity to re-design and configure a certain system. For instance, there exist various variables that hackers targets before approving their attack. First, systems discrimination ability is targeted by the hackers. This refers to the ability of a system to differentiate between a user and a hacker. Deteriorated discrimination ability makes it easier for hackers to launch an attack. Other factors that hackers target before launching an attack include system maintenance and degradation, users, and current security (Mookerje, Morkerje, & Bensoussan 2011). The scale below is used to understand the variables hackers use to launch an attack:

System discrimination ability is the key variable that hackers target before starting an attack:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Most of the variables that hackers target before launching an attack are related to the system itself:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Recognizing changes in the technological environment will help re-design on variables hackers target before launching an attack:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

On a scale of 1 to 10, how do you rate the variable “system degradation and maintenance” as a target by hackers before launching an attack?

1(weak)
2
3
4
5
6
7
8
9
10(strong)

Variables hackers try to hide so that they are not detected

Hackers are driven by different motives. Their motives determine how they conduct their hacking process. Depending on their motives, the hackers may want to remain undetected. Therefore, the hackers have various variables that they may hide in their desire to remain undetected. For example, hackers hide their identity by use of automated programs for the hacking process (Geier 2010). In addition, the hackers use backdoors to hack into a system making them remain undetected (Spam Laws 2013). The scale below will help determine the variables that hackers use to remain undetected.

Backdoor is the key technique that the hackers use to remain undetected:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Use of automated programs by hackers during a hacking process will continue to hide the identity of hackers:

  • Strongly Disagree
  • Disagree
  • Neither agrees nor disagrees
  • Agree
  • Strongly agree
  • Not sure/not applicable

Using a scale of 1(low) to 5 (high), rate your judgment on how hackers can be detected if the backdoor techniques they use is detected immediately:

1(low)
2
3
4
5(high)

At what level are you satisfied with the way your organization tries to identify the variables that the hackers use to remain undetected?

  • Very satisfied
  • Dissatisfied
  • Neither satisfied nor dissatisfied
  • Satisfied
  • Very satisfied
  • Not sure/not applicable

Reference

Bachmann, M 2010, “The Risk Propensity and Rationality of Computer Hackers”, International Journal of Cyber Criminology, vol. 4, no. 1 &2, pp. 643-656.

Boyd, IM 2000, The Fundamentals of Computer Hacking, SANS Institute, Bethesda.

Cayirci, E & Ghergherehnchi, R 2011, Modeling Cyber Attacks and their Effects on Decision Process, Web.

Christian 2010, Cyber Situaional Awareness, Web.

Geier, E 2010, 7 Things Hackers Hope you Don’t Know, Web.

Gibson, DM 2004, Avirtual Pandora’s Box: Anticipatory Self-Defense in Cyberspace, Web.

Habboush, M 2012, Cyber attacks on Gulf infrastructure seen rising, Web.

Hao, W, Yong, J, Mia Hao, T, Na, J, & Kanadan, RM 2009, “Analysis of Computer Crime in Singapore using Local English Newspapers”, Singapore Journal of Library & Information Management, vol 38, pp. 77-102.

Kesan, JP & Hayes, CM 2011, Self Defense in Cyberspace: Law and Policy, Web.

Kesan, JP, & Hayes, CM 2012, “Mitigative Counterstriking: Self-Defense and Deterrence in Cyberspace”, Harvard Journal of Law & Technology, vol. 25, no. 2, Web.

Mookerje, V, Morkerje, R, & Bensoussan, A, 2011, “When Hackers Talk: Managing Information Security under Variable Attack Rates and Knowledge Dissemination”, Information System Research, vol. 22, no. 3, pp. 606-623.

Ponemon Institute 2012, Cyber Security on the Offense: A study of IT Security Experts, Ponemon Institute, Transverse City, MI.

Rowe, N 2006, “A taxonomy of deception in cyberspace”, in International Conference on Information Warfare and Security, Princess Anne, Maryland, USA, pp. 173 -181.

Rowe, NC & Custy, JE 2007, “ Deception in cyber-attacks”, in A Colarik & L Jenczewski (eds), Cyber War and Cyber Terrorism, The Idea group, Hershey, PA, pp. 44- 55.

Spam Laws, 2013, Common Backdoors Hackers use to Access Networks, Web.