Zavidniak, P., D’Amico, A., & McCallam, D. H. (1999). Achieving information resiliency. Information Security Technical Report, 4(3), 54-62.
Introduction
Information resiliency refers to the continuous availability of uncorrupted mission-critical information to support business or military operations, even under the threat of a cyber attack. An information resilient enterprise will continue to engage in its critical operations, despite the attacker’s attempts to intrude, corrupt or deny service. The manner and efficiency with which the operations are conducted may change somewhat, but they remain operative. The commercial world needs information resiliency to maintain its computing operations in order to prevent financial losses, while the military needs it to prevent casualties and tactical losses. In addition, information resiliency is needed to ensure that a country’s critical infrastructure (e.g. transportation, financial industry, electrical power) continues to operate during hostile attacks against their computing and communications systems.
To achieve information resiliency during an Information Warfare (IW) attack, one must understand how observed security breaches (e.g. password failures, intrusion detection, unusual network activity) fit into a bigger picture. By knowing whether a single security event is just a spurious action, or is part of a larger IW campaign, the Information Protection Manager can more appropriately take actions to thwart the attack, respond with countermeasures, and prepare to recover the information and communication systems.
To understand the big picture, and ultimately to achieve information resiliency, one needs an overall model of the cyber attack, from the initial probing by an attacker, to the actual attack launch, to how the target system responds. The model must consider the attacker’s (offensive) actions and the defender’s actions, as well as the mission impact. In this paper, we present one such model, referred to as the IW Timeline.
The objectives of this paper are to:
- present an IW Timeline model of a cyber attack cycle, and
- offer a strategy for changing the timeline such that defensive tactics used against attacks can become more proactive and less reactive.