Re: [Smart] When we say 'cyber'...
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 19 October 2018 13:44 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A992E130DD5 for <smart@ietfa.amsl.com>; Fri, 19 Oct 2018 06:44:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1-gTrYfMtil for <smart@ietfa.amsl.com>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 420AD130EE7 for <smart@irtf.org>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id x4so31805536otg.3 for <smart@irtf.org>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gD0cjcAS8tQmTZQH/kOthOr8jZFitrd1YXytjXjdCXs=; b=LfkWZw96hC7FsxkoIfBdZfZEYIDsW9dbfgh/eNkYY94Tq/VHUtszCtf/1c2vErBu3d dg0xQCOpjxfCn8eKFbAcP8OIipzTEKS9/ohPAPMYgUOB5KCGvXRYkdYvkZuNwc0GknxA YHPIRURAVSEcXeEY4RBEx6qSsFuDq3/JExf+nlQS3JJ+774mNexYC5060cfuIYqS2rQc yEHz3E3hUWQ8VzVokhAOr3OQHYt8G2wJxT+iBFtVz28dV5Y8DVd8YgxzWyvrRSRsR5wh TCFObqqIG2BKVBMlDHShLmKGVWHPZI4JGqPBmonWT+/r10d5YMwhs3FUGQ2xop7RZk6R o/ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gD0cjcAS8tQmTZQH/kOthOr8jZFitrd1YXytjXjdCXs=; b=pg12j0z5WJtJdtseutW9ZiOpR1/fjW1AX+wiqwCOLiqBQrkAC6tb5BtJSjjt0DM0p2 LiLq70PzDxLAhnUGdlJNkdL8nXTU2ycvZ1KuWB0RR6Ovjg3cV0xZdg9XAXGJxMgAYlnu XkFv5/gvokdl/lULs2mHxoagm/UgcLFU8fdZtp/4owRN205dO7qf+dt+UFxyko0amamL NtUzXwZ78Xt+2sl/FSo0BeL5Z6J87CS93wg63IM5NFJQUm2yp6aQpsk4CUImVs3qcdLc ROPQesUA6rKhSF6L+Y8IDroC0ce0Z4eOBHyKIZdbtJFXPlHYRsQSAvvhG/lwwuAPXPRw BTHg==
X-Gm-Message-State: ABuFfoixshx4Lefg0MquyM1B8+IDTQeRwn2tynXkrl/2IXLQ1ChZIWBy o/zbQbvK1Jlc5KfpbyngCBVog8StK9br5rG2Cwa1kg==
X-Google-Smtp-Source: ACcGV60ALxKLxIgeCkmGQtFXF38hlwRvsP78DGyQIDoy0TCY8xh10pnss2dQUWTxHCfyssk+12HQbnJNDTAhS1h5Pqw=
X-Received: by 2002:a9d:1566:: with SMTP id z35mr23720913otz.325.1539956663430; Fri, 19 Oct 2018 06:44:23 -0700 (PDT)
MIME-Version: 1.0
References: <LOXP123MB14168BB24E88B846C5055842D3EA0@LOXP123MB1416.GBRP123.PROD.OUTLOOK.COM> <F2B9750C-A3F9-421A-90F4-57F144413D2C@isoc.org>
In-Reply-To: <F2B9750C-A3F9-421A-90F4-57F144413D2C@isoc.org>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 19 Oct 2018 09:43:47 -0400
Message-ID: <CAHbuEH7B30TRuN=3z9FqqTAc49q=DpLDMsh30Um3X96aWJM1DA@mail.gmail.com>
To: Olaf Kolkman <kolkman@isoc.org>
Cc: Mark.O=40ncsc.gov.uk@dmarc.ietf.org, smart@irtf.org
Content-Type: multipart/alternative; boundary="000000000000e4b14d05789519c9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/g-lktcw17cxr0IFCl_Ph9TUg9Ak>
Subject: Re: [Smart] When we say 'cyber'...
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 13:44:28 -0000
On Fri, Oct 19, 2018 at 7:59 AM Olaf Kolkman <kolkman@isoc.org> wrote: > Hello all, > > I am normally lurking on this list but I would personally stay somewhat at > arms length from ‘cyber defence’. There is a delta in understanding between > how technologists, policy makers, and diplomates use and understand the > term *cyber security* and in my experience the delta may be bigger for > the words *cyber defence*. > Thanks, Olaf. I agree and have been trying to watch how others use the word cyber and am not coming up with any special meaning yet that make it distinct as a useful term. If there is something that makes it distinct, hearing it would be good to know. I also tried tweeting (@KathleeMoriarty) this to see how people define it, but haven't gotten many responses and none that are convincing yet. If someone has one please post. Thank you, Kathleen > —Olaf Kolkman > > On 4 Oct 2018, at 17:44, Mark O wrote: > > > > There’s been some discussion on the list about what to call the main topic > of our research. We settled on the name ‘SMART’ – Stopping Malware And > Researching Threats - for the list because it covered a couple of our major > aims and made for a handy acronym. But it’s not the whole of our ambition. > > > > When we first mooted the possibility of a research group at the SAAG open > meeting in Montreal, we referred to ‘Cyber Defence’. That’s [part of] what > we do at the National Cyber Security Centre – we have an Active Cyber > Defence <https://www.ncsc.gov.uk/active-cyber-defence> programme, aimed > at improving the resistance of UK infrastructure to cyber attacks. So the > word ‘cyber’ trips easily off our tongues. It’s not just us – large parts > of industry and academia refer to ‘cyber security’ and ‘cyber attacks’, as > do the media. But we’re also aware that ‘cyber’ means different things to > different people, it’s a buzzword, it’s generic, and it can raise hackles > in some. Earlier versions of the draft charter referred to ‘cyber > security’, ‘cyber defence’, ‘security operations’, and the current version > refers to the rather plain ‘attack defence’. Hopefully without getting > side-tracked – what speaks best to most people? > > > > Ultimately, we don’t have a strong view on what phrase is used – the > important point is that it’s clear and obvious what type of threats we’re > trying to defend against (without being prescriptive). So it’s probably > more helpful to try and build a list of the kind of threats we’re meaning. > > > > As a general theme, the threats we’re considering: > > - have malicious intent – as opposed to accidental threats (e.g. > hardware failure causing data loss); > - involve active interference with data, users or the network – as > opposed to passive wiretapping and offline attacks; and > - result in harm. > > > > We probably will need to reference a taxonomy of threats, and we needn’t > reinvent the wheel here – that work has been done before. ENISA has > produced one such threat taxonomy > <https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/etl2015/enisa-threat-taxonomy-a-tool-for-structuring-threat-information> > which I’ve used to construct the list below. This is just a starting point > – there will be some things I’ve missed off, and I certainly can’t promise > that we’ll be able to address all of them: > > - Unsolicited e-mail – spam and infected e-mails; links to malicious > websites > - Identity theft – stealing credentials > - Denial of service – DDoS, network and application layer, > amplification attacks > - Malware, worms, trojans, rootkits, injection attacks, viruses, > exploits > - Spyware, scareware, ransomware > - Social engineering – phishing, spear-phishing > - Fake certificates, MITM, signed malware > - Manipulation of hardware and software > - Manipulation of information – hijacking, routing table manipulation, > DNS poisoning > - Misuse of audit tools to discover security weaknesses > - Unauthorised access, network intrusion > - Unauthorised installation of software, web/browser-based attacks, > drive-by downloads > - Data breach > - Remote execution, botnets > - Advanced Persistent Threats > > Note that ‘cyber’ doesn’t appear in the list once – and that’s OK. > > > > Is that what everyone’s expecting? This is still up for grabs and we’d > like everyone to have the same, clear view of what we’re trying to achieve. > > > > -- Mark > > > > > This information is exempt under the Freedom of Information Act 2000 > (FOIA) and may be exempt under other UK information legislation. Refer any > FOIA queries to ncscinfoleg@ncsc.gov.uk > > -- > Smart mailing list > Smart@irtf.org > https://www.irtf.org/mailman/listinfo/smart > > -- > Smart mailing list > Smart@irtf.org > https://www.irtf.org/mailman/listinfo/smart > -- Best regards, Kathleen
- [Smart] When we say 'cyber'... Mark O
- Re: [Smart] When we say 'cyber'... Bret Jordan
- Re: [Smart] When we say 'cyber'... Olaf Kolkman
- Re: [Smart] When we say 'cyber'... Kathleen Moriarty
- Re: [Smart] When we say 'cyber'... Bret Jordan