Attacks on Cyber Monster by Data-Driven Structure
Assuming the cyber threat to be a Godzilla, one can analyze and determine the need for a framework that can make the best use of limited resources. Suppose the monster attacks a corporate house, people such as architects or engineers present in the ground floor, would be scared of being stepped on by the monster’s feet. For system engineers who are assumed to be present on the first floor, would be worried not being kicked by the Godzilla. Likewise, the incident responders on the second floor can see the claws and feel threatened of the repercussions. People on higher floors, the operators, can see the shoulders and imagine the threat posed owing to the humongous size. And finally, the customers at the top can see the teeth and flames. All in all, people present in the building can best understand the threat the Godzilla poses when they see the monster from their own viewpoint. This concludes that the solution on any particular level is not necessarily the best possible outcome for the overall threat, where the best use of limited resources was made.
While speaking during the AFCEA Defensive Cyber Operations Symposium, Patrick Arvidson, special Asst. to the Office of National Security Systems, National Security Agency (NSA), said that by comparing the cyber threat with a Godzilla is a way to show how different perspectives need to be incorporated into the structure. This can enable decisions to be made based on priorities and data. He also cited the example of falling of the Berlin Wall due to the incapability of Russians to modernize and win the situation and environment. He continued to say that, different US government agencies prioritize their challenges differently. Likewise, the challenges faced will be different within organizations in the same agency.
“By relating cyber attacks with Godzilla, people need to understand a structure,” adds Arvidson. The top layer addressed the strategic objective of the opponent, which is to stay in, and then act. The next layer corresponds to the operational objective of the rival to be relentless and keep moving laterally. Likewise, the following layer is to identify the purpose of attack, like target location or wiping out a disk drive.
