دانلود کتاب An Introduction to Cyber Analysis and Targeting

فهرست مطالب :

Foreword Contents Chapter 1: Cyber Analysis and Targeting 1.1 Key Cyber Analysis and Targeting Questions 1.2 Organization of This Book Bibliography Chapter 2: Cyber Policy, Doctrine, and Tactics, Techniques, and Procedures (TTPs) 2.1 Background 2.1.1 Policy, Doctrine, and TTP Definitions 2.2 Introduction 2.3 Policy 2.3.1 Use of Force Policy for Cyber 2.3.2 Authorities 2.3.2.1 Maritime Example: Harbor Lights and World War II (Delayed Authorities) 2.3.2.2 Pre-delegation of Authorities 2.3.3 Schmitt’s Six Criteria to Establish State Responsibility 2.3.4 Policy Example: Coreflood Botnet 2.4 Doctrine 2.4.1 Example US Department of Defense (DoD) Instructions, Directives, and Doctrine for Cyberspace Analysis and Targeting 2.4.2 Critical Security Controls (CSC) 2.5 Tactics, Techniques, and Procedures (TTPs) 2.6 Summary Bibliography Chapter 3: Taxonomy of Cyber Threats 3.1 Background 3.2 NIST Cyber Taxonomy Examples 3.3 Cyber System Threats: Risk Evaluation and Cyber Threat Understanding 3.3.1 Cyber Security Data Standards 3.3.2 DREAD, STRIDE, and CVSS 3.3.3 Process for Attack Simulation and Threat Analysis (PASTA) 3.4 Data-Sharing Models 3.4.1 Cyber Threat Data Providers 3.4.2 Cyber Threat Data and System Defense 3.5 System Engineering and Vulnerability Evaluation 3.5.1 DoD Cyber Security Analysis Approaches and Tools 3.5.2 Analysis and Targeting Use of Cyber Threat Data Examples 3.5.2.1 Use of Vulnerabilities/Exploits for Cyber System Defense 3.5.2.2 Use of Vulnerabilities/Exploits for Cyber System Attack 3.6 Summary Bibliography Chapter 4: Cyber Influence Operations 4.1 Cyber Influence Operations Background 4.1.1 Information Operations (IO) Background 4.1.2 Influence Operations, Advertising, and Propaganda 4.1.3 Influence Operations and Disinformation 4.1.4 Cold War Examples of Soviet Disinformation: Development and Dissemination 4.2 Mechanisms of Influence 4.2.1 Propaganda 4.2.2 Influence Operations and Cyber Kinetic Fusion 4.3 People: Power Laws, Persuasiveness, and Influence 4.3.1 Power Laws 4.3.2 Persuasiveness 4.3.3 Influence Campaigns and Cyber 4.4 The Disinformation Process: Hot Topics, Reporters, and Shades of Media 4.4.1 Journalists, Venues, and Operations Examples 4.4.2 Area Versus Point Targeting: IO Campaigns and Social Media 4.4.3 Example: Chinese Information Operations Via Conventional Media 4.5 Strategic to Tactical Cyber Influence Operations 4.5.1 Troll Farms: Chaos Creators 4.5.2 Political Cyber Influence Operations: Election Tampering 4.6 Cyber Influence Operations Summary Bibliography Chapter 5: Cyber ISR and Analysis 5.1 Background 5.2 Introduction 5.3 Cyber and Human Intelligence 5.3.1 Human Analogs: Automating Spies 5.3.2 ISIS and Human Intelligence 5.3.2.1 Financial Intelligence 2015 Special Forces Raid on ISIS Finance Minister 5.3.2.2 ISIS and Census Information 5.4 Cyber Collection Processes 5.4.1 Cyber and Social Network Analysis (SNA) 5.4.2 Cyber Collection Cycle 5.4.3 Open-Source Intelligence (OSINT) 5.4.3.1 Cyber Espionage: Big Data and Recent Downloads 5.4.4 Directed Collection 5.4.4.1 Post-Event Forensics 5.4.5 Manual vs. Automated Search 5.4.5.1 Defensive Cyber Operations (DCO) 5.4.5.2 Active Cyber Operations 5.5 Technology: Passive and Active Cyber ISR 5.5.1 Passive Reconnaissance: Voluntary Reporting Sites (E.g., Wikileaks) 5.5.2 Active ISR: Bots and Searching the Net 5.5.2.1 Duqu and Flame Duqu (~DQ) Flame 5.6 Summary Bibliography Chapter 6: Cyber Security and Defense for Analysis and Targeting 6.1 Background 6.2 Security and Defense Process 6.2.1 Attacker and Cyber Kill Chain 6.3 Cyber Defense: End Points, Connections, and Data 6.3.1 End-Point Security 6.3.1.1 Antivirus Systems 6.3.1.2 Zero Days 6.3.1.3 Honeypots 6.3.1.4 Moving Target Defense (MTD) 6.3.1.5 Log File Analysis 6.3.2 Connection Security 6.3.2.1 Background: Bots and Botnets 6.3.2.2 Botnets as a Security and Cyber Defense Threat 6.3.2.3 Network Analysis 6.3.2.4 Netflow 6.3.3 Data Security 6.3.3.1 Security Operation Center (SOC) 6.3.3.2 Cloud Computing 6.3.3.3 Blockchain: Example Data Security Technology 6.4 System-Level Security and Defense Approaches 6.4.1 Defensive Countermeasures 6.4.1.1 Denial and Deception 6.4.1.2 Use of Denial and Deception (D&D) across the Lockheed Martin Cyber Kill Chain® Methodology 6.4.1.3 Cyber Kill Chain and Deception Elements 6.5 Summary Bibliography Chapter 7: Cyber Offense and Targeting 7.1 Background 7.2 Introduction 7.2.1 Targeting and Cyber Applications 7.2.1.1 Commander’s Objectives, Guidance, and Intent 7.2.1.2 Target Development, Validation, Nomination, and Prioritization 7.2.1.3 Capabilities and Analysis 7.2.1.4 Commander’s Decision and Force Assignment 7.2.1.5 Mission Planning and Force Execution 7.2.1.6 Combat Assessment 7.2.2 CARVER Targeting Model Example 7.2.3 Targeting, Attack Cycles, and the Cyber Process Evaluator 7.3 Target Process Review 7.3.1 Target Development and Prioritization 7.3.2 Capabilities Analysis and Force Assignment 7.3.3 Mission Planning and Force Execution 7.3.3.1 People, Process, and Technology Elements across the LM Attack Cycle 7.3.3.2 Mission Planning Through Execution Example 7.3.3.3 Time and Cost Example for Threat Groups 7.3.4 Post-Operations Assessment 7.4 Cyber Targeting Summary Bibliography Chapter 8: Cyber Systems Design 8.1 Cyber Systems Design Background 8.1.1 Intelligence Challenges and Cyber Systems 8.2 Introduction—Cyber System Architectures 8.2.1 Cyber and Architecture Background 8.2.1.1 Architecture Types 8.2.1.2 Architecture Description Language (ADL) Background 8.2.1.3 System Hierarchy Levels 8.2.1.4 Department of Defense Architecture Framework (DoDAF) 8.2.2 Architectures and Cyber System Evaluation 8.2.2.1 DoD Cybersecurity Analysis and Review (DoDCAR) 8.3 Cyber System Design Example 8.3.1 2016 US Presidential Election Attack (GRU, Guccifer2.0 and Wikileaks) 8.3.2 Wikileaks Operations Example (Costs and Tactics) 8.4 Summary Bibliography Chapter 9: Measures of Cyber Performance and Effectiveness 9.1 Background—Information Security, Munitions, and Cyber 9.1.1 Metrics and Conventional Operations—Viewing Cyber as a Next Step in Precision Munitions 9.1.1.1 Drones, Precision Guided Munitions (PGMs) and Cyber 9.1.2 Metrics and Cyber Operations 9.2 Using the Munition Continuum to Develop Cyber Operational Measurables 9.3 Cyber and Battle Damage Assessment (BDA) 9.3.1 Cyber Joint Munitions Effectiveness Manuals (JMEMs) 9.3.2 Cyber Operations Lethality and Effectiveness (COLE) 9.3.3 Cyber Effect Significance 9.3.4 Cyber and Biological Weapons—Cyber Effects Analog 9.4 Measuring Non-lethal Capabilities of Cyber 9.5 Traditional Measures of Cybersecurity for Performance and Effectiveness 9.5.1 Cyber Security Metrics Discussion 9.5.2 System Level Cyber Effects 9.6 Measures of Cyber Performance and Effectiveness Wrap Up Bibliography Chapter 10: Cyber Modeling and Simulation for Analysis and Targeting 10.1 Background 10.2 Introduction 10.3 Cyber System Description for Analysis and Targeting 10.3.1 Parallel/Series Nature of Cyber Systems 10.3.1.1 Cyber System with Parallel Layers 10.3.1.2 Series Processes and Cyber Operations 10.4 Cyber Attack Lifecycle Example 10.4.1 Parallel System Vulnerabilities 10.5 Target System Description 10.5.1 Target System as a Discrete Event System 10.5.1.1 Time Difference and Operations Example 10.5.2 Target State Differences for Effects Estimation 10.5.2.1 Effect Sizes 10.5.2.2 Effect Types 10.5.2.3 Attack as Moving Target Example 10.5.3 Static Cyber System Description 10.6 Cyber Modeling and Simulation Environments 10.6.1 Constructive Modeling Environments 10.6.2 Live-Virtual-Constructive (LVC) Cyber Training Tools 10.6.3 Cyber Ranges 10.7 Summary Bibliography Chapter 11: Cyber Case Studies 11.1 Introduction: Cyber Use Cases for Analysis and Targeting 11.2 Cyberspace Mission Analysis 11.2.1 Cyber Analysis and Policy Frameworks 11.3 Target Identification 11.3.1 CARVER (Criticality, Availability, Recuperability, Vulnerability, Effect, and Recognizability) 11.3.2 Cyber System Vulnerability Estimation and Tool Development 11.4 Capabilities Analysis 11.4.1 Cyber Security Technologies 11.4.2 Cyber System Architectures 11.4.3 Cyber System Metrics: Key Performance Parameters (KPPs), Measures of Performance (MOPs), and Measures of Effectiveness (MOEs) 11.5 Mission Planning and Force Execution 11.5.1 Effect Likelihood—JMEMs and COLE 11.5.2 Information Operations (IO)—Cyber Targeting via Social Media 11.6 Mission Assessment 11.6.1 Effect Size—Cohen’s d 11.6.2 Measure of Effectiveness (MOE) 11.7 Summary Bibliography Chapter 12: Cyberspace Analysis and Targeting Conclusions Glossary Index