The discussion of cyber defense strategies is about a variety of issues, among which the most important issue is whether the significance of the potential damage caused by cyber-attacks can justify the use of a complex system for the implementation of this kind of defense. It is difficult to find an answer to this question because the available information is negligible and is often provided by sources whose impartiality is doubtful. In fact, the severity of the dangers of cybercrime (or, in other words, the constant hostile acts affecting information systems globally) cannot be simply determined.
But based on the evidence available, there have been significant cyber-attacks since 2007 (including deep-seated spyware interventions), all of which indicate cybercriminals that are more likely to be exploited Malicious actors; while information and communication systems in everyday activities have a very sensitive place to carry out physical and material operations, to store confidential and personal information or to exchange information among actors at distances.
In contrast to this wide range of malicious activities, the first issue that comes to be identified is the overall role that can have cyber defense.
In a defensive call, not only must have defensive and aggressive abilities, it should also prove the effectiveness of these abilities when needed, or, in other words, create a “reputable defense”.
Establishing “credible defense” in the cyberspace is a complicated problem, and the problems with identifying the root and the objectives of the attack will exacerbate it. The “Conficker” virus is a good example in this regard: the virus sped up in 2008 and 2009, infecting millions of computers, but its author was never identified.
Sometimes actors demonstrate “reputable defense” to showcase their cyber defense capabilities. But the current structure of the Internet and information systems prevents any kind of defense capability being displayed in real dimensions. An attack against a specific information system, for example, a power system for displaying power, allows you to convey persuasive reasons that prove the impact of the aggressive and defensive capabilities of the aforementioned actor, but on the other hand it can also have important adverse effects that they should take for responsibility. In addition, displaying power will not in a packet network, of course, have the same effect on a network.
In addition, the claim to have the ability to attack without passing the document and certificate damages the credibility of the deterrent system, but instead of showing the exact documents and the component, in addition to the ability, the knowledge that has been used in it for rival actors, it is possible to prepare for their support and increase the likelihood that rival actors will perform similar attacks.
For example, the analysis of the component part of the mystery behind the Stuxnet worm unveils its techniques and increases the likelihood that other potential authors will make the same development. But they do not provide definitive evidence of the role of having a specific actor. In this case, even the claims made in this regard cannot be stopped. (Gabi Ashkenazi, the Jewish general, when he retired, claimed he was the father of the Internet worm of Stuxnet.)
Stuxnet, of course, also poses other questions, including: why the same high-level techniques have not been used to hide the remains of the work? Or why the solution was not taken up to the “Stuxnet” worm upon completion of the attack? It will destroy itself to prevent the spread of knowledge used in it. But with the removal of footprints, the author reduces the ability to attribute their aggressive ability. Perhaps the Stuxnet worm has a two-way approach: showing its power at the expense of the diffusion of techniques (which may indicate that the author has more abilities), and provide enough evidence and evidence to prove your defensive ability.
Another issue in “prestigious defense” is the dependability of statements and claims: we must try to make it in the area of clarity and speed of data flow that we do not make false claims to be rejected by others and discredited, Because not only defense is not done, but the role of creator will certainly be questioned, and the loss of reputation in cyberspace will reduce the potential for defense.
For example, the US firm HBG (Federal Security Software Development Company) in 2010 claimed that it developed equipment that could detect hackers by analyzing data transmitted through social networks. Earlier this year, the company claimed that it had penetrated the Anonymous Group, had gained access to some of its members, and announced its readiness to sell the identity of the members to the FBI. In front of the Anonymous group, it also attacked the company’s site and published its tens of thousands of confidential emails over the Internet, disclosing the company’s intentions against WikiLeaks. Additionally, he announced that the people who had been nominated by HBG as members of the Anonymous group were not really members of the group, and that the methods used by HBGI to be not sure technically feasible. Following this revelation, the “HB” customers have gradually diverted from the company and the US government has begun research on the deal set between its defense services and the company.
A similar situation was made between NATO and the Anonymous group. In the spring of 2011, NATO released a report addressing the challenges of recent developments in cybercrime activism, in particular the operations of both WikiLeaks and Anonymous, claiming that the activities of the group (Anonymous It will not be late and soon its members will be identified and prosecuted. In response to NATO’s action, the Anonymous group stepped up its attacks on official sites, in particular the FBI, and announced in late July 2011 that it had attacked NATO sites and had several gigabytes of document he has stolen several documents on the Internet to prove his claims.
It should be noted that this action (prosecution of non-state actors), although not in the defense field, can undoubtedly proceed in the context of a long-running dispute between governments and an illegal group towards progression. In fact, this type of counteraction (and its methods used) is a reminder of the struggle against transnational or national criminal organizations.
The lack of a documented example of confrontation between governments in cyberspace does not mean that there is no such conflict. Rather, it shows that hostilities between the governments are more or less hidden for specific reasons (including the insistence on concealment of their abilities, attempts to avoid physical or economic coping, etc.). In addition, most of the activities in the cyberspace are made using spy services, and these groups have a prominent place in defensive actions. In the perspective of developing and developing cyber defense, this should be considered. There are two main options for governments to organize the development of defensive and aggressive capabilities:
– What France has chosen and confirmed in the White Defense and National Security Council of France, that two defensive and offensive functions should be separated:
France has assigned the Department of Defense to the “National Security Agency for Information Systems” and the offensive section of the Ministry of Defense and the General Directorate of Security.
– In front of the United States, he has chosen a strategy for combining two defensive and aggressive functions in one set, and both have been transferred to a single organization (the NSA).
Finally, it is important to emphasize that, in order to make the attacking and counteracting functions more effective against attacks, it is essential to apply multi-sectorial industrial relations in the field of informatics and to establish international cooperation and to develop and defend defense acceptable cybercrime influences.