Cyber warfare is in many ways similar to traditional warfare in that there are techniques one can practice in “war games” to gauge whether you are prepared against your enemies.
At a breakout session on day two of ICCS2013 Kristin E. Heckman, D.Sc., lead scientist at MaClean, Va.-based MITRE Corporation, and Frank J. Stech, Ph.D., principal investigator for MITRE, described a simulation they conducted in January 2012 that tested a new technique for defense: Denial and Deception.
The concept behind “St. Louis Experiment II,” was to utilize a new program dubbed Blackjack to detect when a team of hackers infiltrated the target, (C2 Mission System). Instead of kicking them out, it redirected the hackers to another server and rewrote, in real time, the content they were seeing—mimicking the Trojan Horse concept where hackers think they are getting something they aren’t
“This is an enormous task, dynamically rewriting the content based on policy, and doing it in real time, and trying to ensure there are no time delays or any other issues with delivery,” Heckman said.
The test pitted teams from a fictional Republic of New England against the Republic of Virginia, with Washington D.C. stuck in the middle of what was dubbed the “Borderlands.”
The results, which the team published as “Active Cyber Network Defense with Denial and Deception,” in the journal Computers & Security, where mixed.
Even though Blackjack was unsuccessful because hackers were able to infiltrate the target undetected and therefore saw content being altered, Heckman said the Denial and Deception concept is still very promising.
And, the other side, said Heckmann, believed they had a “double agent”, which was not true and which “we could have used to our benefit.”