Posts

Strategically-Motivated Advanced Persistent Threat – Computers & Security

Atif Ahmad (University of Melbourne), Jeb Webb (Oceania Cyber Security Centre), James Boorman (Oceania Cyber Security Centre), and I have a new article accepted for publication in Computers & Security.

Advanced persistent threat (APT) is widely acknowledged to be the most sophisticated and potent class of security threat. APT refers to knowledgeable human attackers that are organized, highly sophisticated and motivated to achieve their objectives against a targeted organization(s) over a prolonged period. Strategically-motivated APTs or S-APTs are distinct in that they draw their objectives from the broader strategic agenda of third parties such as criminal syndicates, nation-states, and rival corporations. In this paper we review the use of the term “advanced persistent threat,” and present a formal definition. We then draw on military science, the science of organized conflict, for a theoretical basis to develop a rigorous and holistic model of the stages of an APT operation which we subsequently use to explain how S-APTs execute their strategically motivated operations using tactics, techniques and procedures. Finally, we present a general disinformation model, derived from situation awareness theory, and explain how disinformation can be used to attack the situation awareness and decision making of not only S-APT operators, but also the entities that back them.

University of Pennsylvania – Democracy in the Crosshairs Conference

Heading to the University of Pennsylvania next week to attend the Democracy in the Crosshairs: Cyber Interference, Dark Money and Foreign Influence conference. The two-day event is a closed session. The conference is organized by the Center for Ethics & Rule of Law and the UPenn Law School. I co-authored a paper with Atif Ahmad  (University of Melbourne) for the conference.

Weaponizing Information Systems for Political Disruption: The Actor, Lever,Effects, and Response Taxonomy (ALERT)

Information systems continue to be used by actors who want to undermine public institutions and disrupt political systems. In recent times, actors have engaged in acts of cyber warfare ranging from attempts to compromise voting systems, spread false propaganda, use dark networks to illicitly fund campaigns, and even attack public infrastructure via technologies. Initial analysis points to the fact that most of these attempts have been successful in achieving their intended objectives. Given this reality, we expect them to intensify and be more creative in the future. In this paper, we take a critical look at the concept of weaponizing information systems for political disruption. Our analysis focuses on two specific forms of information systems enabled disruption. The first is direct attacks on information systems infrastructures employed in various facets of political campaigns and the election processes. The second is attacks that target public infrastructure and services, which impact trust in government and public institutions of the nation and indirectly impact political stability and governance regimes. We outline an Actor, Lever, Effects, and Response Taxonomy (ALERT) to understand the nuances associated with various types of options individuals, organizations, and nations have when it comes to weaponizing information systems for political gain and to cause public unrest.

Conference schedule is available here.