Re: [Smart] When we say 'cyber'...

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Fri, 19 October 2018 13:44 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: smart@ietfa.amsl.com
Delivered-To: smart@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A992E130DD5 for <smart@ietfa.amsl.com>; Fri, 19 Oct 2018 06:44:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.988
X-Spam-Level:
X-Spam-Status: No, score=-1.988 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1-gTrYfMtil for <smart@ietfa.amsl.com>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
Received: from mail-ot1-x32d.google.com (mail-ot1-x32d.google.com [IPv6:2607:f8b0:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 420AD130EE7 for <smart@irtf.org>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
Received: by mail-ot1-x32d.google.com with SMTP id x4so31805536otg.3 for <smart@irtf.org>; Fri, 19 Oct 2018 06:44:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gD0cjcAS8tQmTZQH/kOthOr8jZFitrd1YXytjXjdCXs=; b=LfkWZw96hC7FsxkoIfBdZfZEYIDsW9dbfgh/eNkYY94Tq/VHUtszCtf/1c2vErBu3d dg0xQCOpjxfCn8eKFbAcP8OIipzTEKS9/ohPAPMYgUOB5KCGvXRYkdYvkZuNwc0GknxA YHPIRURAVSEcXeEY4RBEx6qSsFuDq3/JExf+nlQS3JJ+774mNexYC5060cfuIYqS2rQc yEHz3E3hUWQ8VzVokhAOr3OQHYt8G2wJxT+iBFtVz28dV5Y8DVd8YgxzWyvrRSRsR5wh TCFObqqIG2BKVBMlDHShLmKGVWHPZI4JGqPBmonWT+/r10d5YMwhs3FUGQ2xop7RZk6R o/ZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gD0cjcAS8tQmTZQH/kOthOr8jZFitrd1YXytjXjdCXs=; b=pg12j0z5WJtJdtseutW9ZiOpR1/fjW1AX+wiqwCOLiqBQrkAC6tb5BtJSjjt0DM0p2 LiLq70PzDxLAhnUGdlJNkdL8nXTU2ycvZ1KuWB0RR6Ovjg3cV0xZdg9XAXGJxMgAYlnu XkFv5/gvokdl/lULs2mHxoagm/UgcLFU8fdZtp/4owRN205dO7qf+dt+UFxyko0amamL NtUzXwZ78Xt+2sl/FSo0BeL5Z6J87CS93wg63IM5NFJQUm2yp6aQpsk4CUImVs3qcdLc ROPQesUA6rKhSF6L+Y8IDroC0ce0Z4eOBHyKIZdbtJFXPlHYRsQSAvvhG/lwwuAPXPRw BTHg==
X-Gm-Message-State: ABuFfoixshx4Lefg0MquyM1B8+IDTQeRwn2tynXkrl/2IXLQ1ChZIWBy o/zbQbvK1Jlc5KfpbyngCBVog8StK9br5rG2Cwa1kg==
X-Google-Smtp-Source: ACcGV60ALxKLxIgeCkmGQtFXF38hlwRvsP78DGyQIDoy0TCY8xh10pnss2dQUWTxHCfyssk+12HQbnJNDTAhS1h5Pqw=
X-Received: by 2002:a9d:1566:: with SMTP id z35mr23720913otz.325.1539956663430; Fri, 19 Oct 2018 06:44:23 -0700 (PDT)
MIME-Version: 1.0
References: <LOXP123MB14168BB24E88B846C5055842D3EA0@LOXP123MB1416.GBRP123.PROD.OUTLOOK.COM> <F2B9750C-A3F9-421A-90F4-57F144413D2C@isoc.org>
In-Reply-To: <F2B9750C-A3F9-421A-90F4-57F144413D2C@isoc.org>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Fri, 19 Oct 2018 09:43:47 -0400
Message-ID: <CAHbuEH7B30TRuN=3z9FqqTAc49q=DpLDMsh30Um3X96aWJM1DA@mail.gmail.com>
To: Olaf Kolkman <kolkman@isoc.org>
Cc: Mark.O=40ncsc.gov.uk@dmarc.ietf.org, smart@irtf.org
Content-Type: multipart/alternative; boundary="000000000000e4b14d05789519c9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/smart/g-lktcw17cxr0IFCl_Ph9TUg9Ak>
Subject: Re: [Smart] When we say 'cyber'...
X-BeenThere: smart@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Stopping Malware And Researching Threats <smart.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/smart>, <mailto:smart-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smart/>
List-Post: <mailto:smart@irtf.org>
List-Help: <mailto:smart-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/smart>, <mailto:smart-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Oct 2018 13:44:28 -0000

On Fri, Oct 19, 2018 at 7:59 AM Olaf Kolkman <kolkman@isoc.org> wrote:

> Hello all,
>
> I am normally lurking on this list but I would personally stay somewhat at
> arms length from ‘cyber defence’. There is a delta in understanding between
> how technologists, policy makers, and diplomates use and understand the
> term *cyber security* and in my experience the delta may be bigger for
> the words *cyber defence*.
>

Thanks, Olaf.  I agree and have been trying to watch how others use the
word cyber and am not coming up with any special meaning yet that make it
distinct as a useful term.  If there is something that makes it distinct,
hearing it would be good to know.  I also tried tweeting (@KathleeMoriarty)
this to see how people define it, but haven't gotten many responses and
none that are convincing yet.  If someone has one please post.

Thank you,
Kathleen

> —Olaf Kolkman
>
> On 4 Oct 2018, at 17:44, Mark O wrote:
>
>
>
> There’s been some discussion on the list about what to call the main topic
> of our research. We settled on the name ‘SMART’ – Stopping Malware And
> Researching Threats - for the list because it covered a couple of our major
> aims and made for a handy acronym. But it’s not the whole of our ambition.
>
>
>
> When we first mooted the possibility of a research group at the SAAG open
> meeting in Montreal, we referred to ‘Cyber Defence’. That’s [part of] what
> we do at the National Cyber Security Centre – we have an Active Cyber
> Defence <https://www.ncsc.gov.uk/active-cyber-defence> programme, aimed
> at improving the resistance of UK infrastructure to cyber attacks. So the
> word ‘cyber’ trips easily off our tongues. It’s not just us – large parts
> of industry and academia refer to ‘cyber security’ and ‘cyber attacks’, as
> do the media. But we’re also aware that ‘cyber’ means different things to
> different people, it’s a buzzword, it’s generic, and it can raise hackles
> in some. Earlier versions of the draft charter referred to ‘cyber
> security’, ‘cyber defence’, ‘security operations’, and the current version
> refers to the rather plain ‘attack defence’. Hopefully without getting
> side-tracked – what speaks best to most people?
>
>
>
> Ultimately, we don’t have a strong view on what phrase is used – the
> important point is that it’s clear and obvious what type of threats we’re
> trying to defend against (without being prescriptive). So it’s probably
> more helpful to try and build a list of the kind of threats we’re meaning.
>
>
>
> As a general theme, the threats we’re considering:
>
>    - have malicious intent – as opposed to accidental threats (e.g.
>    hardware failure causing data loss);
>    - involve active interference with data, users or the network – as
>    opposed to passive wiretapping and offline attacks; and
>    - result in harm.
>
>
>
> We probably will need to reference a taxonomy of threats, and we needn’t
> reinvent the wheel here – that work has been done before. ENISA has
> produced one such threat taxonomy
> <https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends/enisa-threat-landscape/etl2015/enisa-threat-taxonomy-a-tool-for-structuring-threat-information>
> which I’ve used to construct the list below. This is just a starting point
> – there will be some things I’ve missed off, and I certainly can’t promise
> that we’ll be able to address all of them:
>
>    - Unsolicited e-mail – spam and infected e-mails; links to malicious
>    websites
>    - Identity theft – stealing credentials
>    - Denial of service – DDoS, network and application layer,
>    amplification attacks
>    - Malware, worms, trojans, rootkits, injection attacks, viruses,
>    exploits
>    - Spyware, scareware, ransomware
>    - Social engineering – phishing, spear-phishing
>    - Fake certificates, MITM, signed malware
>    - Manipulation of hardware and software
>    - Manipulation of information – hijacking, routing table manipulation,
>    DNS poisoning
>    - Misuse of audit tools to discover security weaknesses
>    - Unauthorised access, network intrusion
>    - Unauthorised installation of software, web/browser-based attacks,
>    drive-by downloads
>    - Data breach
>    - Remote execution, botnets
>    - Advanced Persistent Threats
>
> Note that ‘cyber’ doesn’t appear in the list once – and that’s OK.
>
>
>
> Is that what everyone’s expecting? This is still up for grabs and we’d
> like everyone to have the same, clear view of what we’re trying to achieve.
>
>
>
> -- Mark
>
>
>
>
> This information is exempt under the Freedom of Information Act 2000
> (FOIA) and may be exempt under other UK information legislation. Refer any
> FOIA queries to ncscinfoleg@ncsc.gov.uk
>
> --
> Smart mailing list
> Smart@irtf.org
> https://www.irtf.org/mailman/listinfo/smart
>
> --
> Smart mailing list
> Smart@irtf.org
> https://www.irtf.org/mailman/listinfo/smart
>


-- 

Best regards,
Kathleen