The Cyberspace Advantage: Inviting Them In! How Cyber Deception Enables Better Resilience

A Whitepaper by the MITRE Center for Technology & National Security

Cyber resiliency: “The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources.” – National Institute of Standards and Technology (NIST) Special Publication 800-160, Volume 2.

Building systems that are highly resilient to the cyber threat means employing techniques and technologies that adversaries are unable to anticipate, navigate through, or successfully attack. One option is embedding systems with special-purpose hardware, operating systems, and software to create a “special sauce” that is unique to that system and not exposed to the adversary.

In this whitepaper, MITRE reviews how the integration of deception into cyber defenses can be used to detect malicious actions, manage adversaries once they are inside, and collect intelligence about their tactics and techniques. Information shared includes:

  • A definition of deception and the value of its application in the security ecosystem
  • How intelligence derived from deception can better inform defense and resilience
  • How lessons learned from Boeing’s 787 code leak can create asymmetric advantages
  • How a return on investment can be gained by sharing the knowledge learned from deception-derived intelligence

 

NOTE: The MITRE Corporation’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) is a framework based on community knowledge and analysis of known threat actors that enumerates specific threat actor behaviors across the later stages of the Lockheed Martin Cyber Kill Chain. Learn how Illusive deception technology maps to this framework in the following brief.