Cyber Defence Ninja
Introduction
Before moving into deep dive topics, let's have a first look at some fundamental concepts.
The first one will be Computer Security, if we quote Wikipedia, Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage.
Second one, Cyber Defense, Strategically, cyber defence refers to operations that are conducted in the cyber domain in support of mission objectives. The main difference between cyber security and cyber defence is that that cyber defence requires a shift from network assurance (security) to mission assurance. Cyber defence focuses on sensing, detecting, orienting, and engaging adversaries in order to assure mission success and to outmanoeuver the adversary. This shift from security to defence requires a strong emphasis on intelligence, and reconnaissance, and the integration of staff activities to include intelligence, operations, communications, and planning. Defensive cyber operations refer to activities on or through the global information infrastructure to help protect an institutions' electronic information and information infrastructures as a matter of mission assurance. Defensive cyber does not normally involve direct engagement with the adversary. Active cyber operations refers to activities on the global information infrastructure to degrade, disrupt, influence, respond, and interfere with the capabilities, intentions, and activities of a foreign individual, state, organization, and terrorist groups. Active cyber defence decisively engages the adversary and includes adversarial pursuit activities.
The third one , Proactive cyber defence, Proactive cyber defence means acting in anticipation to oppose an attack through cyber and cognitive domains. Proactive cyber defence can be understood as options between offensive and defensive measures. It includes interdicting, disrupting or deterring an attack or a threat's preparation to attack, either pre-emptively or in self-defence. Common methods include cyber deception, attribution, threat hunting and adversarial pursuit. The mission of the pre-emptive and proactive operations is to conduct aggressive interception and disruption activities against an adversary using: psychological operations, managed information dissemination, precision targeting, information warfare operations, computer network exploitation, and other active threat reduction measures. The proactive defense strategy is meant to improve information collection by stimulating reactions of the threat agents and to provide strike options as well as to enhance operational preparation of the real or virtual battlespace. Proactive cyber defence can be a measure for detecting and obtaining information before a cyber attack, or it can also be impending cyber operation and be determining the origin of an operation that involves launching a pre-emptive, preventive, or cyber counter-operation.
With all that in mind, we start to understand that we are facing a wide range of challenges as Cyber defender. In other post we will start to deep dive into some framework and playbook to allow you to also thrive into this fantastic Cyber World!