Cybersecurity tactics and strategies improved over the years to identify, protect, detect, respond and recover against overwhelming cyber threats. Although it proved successful so far, but the increased sophistication of cyber attacks put pressure on the defenders to proactively protect the system prior to the attack damages rather than passively compensate for the loss. In addition, the advances in AI, ML, SDN and Cloud Computing made it possible to think of a new defence model.
In this series, I will explain more about this new thinking model, which some call an Active Cyber Defence (ACD) and others call it a my3A Principle. This new defence model utilising Cyber Diversity (CD), Defensive Deception (DD), Moving Target Defence (MTD) and Autonomous Security (AS).
The 3A Security Model:
This new security model is based on Active, Adaptive and Autonomous (3A) defence mechanisms to proactively defend the systems prior to the attack damages. This model based on the fundamental principle in mind, which is:
A Cyber defense paradigm in considered to be insufficiently secure if its effectiveness relies on:
- Rule-abiding human behaviors.
- A perfect protection against vulnerabilities and a perfect prevention from system penetration.
- A perfect knowledge of attacks.
I don’t think you (like me) disagree with this fundamental principle. We understand it’s very challenging and expensive to try to achieve perfection in general and in cybersecurity especially it is a daunting effort. So, I hope you will be interested to know more about this new thinking and what difference it makes to establish an effective (hopefully) cyber defence strategy.
Now, let’s explain a little bit about each of these pillars.
Active defence isn’t a new thing and we are aware of the five functions in the NIST framework which in general is active cyber defence, but the difference here is that your defence capabilities should remain active regardless of user/system/data location and connectivity. A risk-based approach still needed to get accurate visibility using quantitative and qualitative measures. However, the unknown-unknown is the challenging one to defend until it becomes known, but this time in between is crucial in your active defence strategy.
I would like you to read this great article to set the expectation correctly from this Adaptive defence, which is the ability to consistently change to adapt to the surrounding environment, in essence being resilient. However, “there are always limits to resilience” as articulated by Donella Meadows in her book.
The Cyber Diversity (CD), Defensive Deception (DD), Moving Target Defence (MTD) mechanisms are heavily utilised in this defence pillar.
This defence mechanism requires the systems to interact with the adversary to defend and notify other systems by different means without dependency on human interference. This defence uses all kinds of machine learning, especially Reinforcement Learning (RL). For simplicity, the machines will take over to defend itself, by itself.
I will deep dive (in the next article) into some of these techniques to get more understanding on how it can re-imagine cybersecurity strategy, and I would appreciate your feedback and suggestions too.