Guest Lecture 4

Question 1

What is the difference between Cyber security and Cyber Operations

Answer 1

• Cyber security
– A state where CIA is maintained against cyber threats
– Guided by a policy
• Cyber Operations
– An activity to protect and defend against cyber threats
– Guided by military objectives or business goals

Question 2

Which steps are covered in the “Cyber kill chain”?

Answer 2

1. Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
2. Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
3. Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
4. Exploitation: Malware weapon’s program code triggers, which takes action on target network to exploit vulnerability.
5. Installation: Malware weapon installs access point (e.g., “backdoor”) usable by intruder.
6. Command and Control: Malware enables intruder to have “hands on the keyboard” persistent access to target network.
7. Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

Question 3

What Defensive courses of action can be taken against a Cyber kill chain attack?

Answer 3

1. Detect: Determine whether an intruder is present.
2. Deny: Prevent information disclosure and unauthorized access.
3. Disrupt: Stop or change outbound traffic (to attacker).
4. Degrade: Counter-attack command and control.
5. Deceive: Interfere with command and control.
6. Contain: Network segmentation changes