Is Active Cyber Defense the Answer

The purpose of this project is to gauge current cyber threats to critical infrastructure organizations and what actions are needed to mitigate those threats. Passive cyber defense methods have been the industry standard over the last two decades. This project aims to determine why passive defense has failed and what active methods could be viable and effective. Cyber-attacks have begun targeting critical infrastructure using complex malware with destructive motives. Current passive defensive measures have not positioned defenders to be able to steadily mitigate advanced threats to their networks. Active cyber defense has seen a growing interest within various organizations that provides more interaction with cyber threats internally and externally.;This project outlines four categories that incorporate active measures: intelligence operations, internal active defense, active decoys, and counterattacks. The heavy use of destructive malware and various evasion techniques by attackers requires defenders to be more active in defense methods such as threat hunting. Also, intelligence gathered by law enforcement, intelligence agencies, security firms, and critical sector organizations themselves must be shared amongst similar industries. Counterattacks such as hackbacks and rescue missions had limited positive results and thus are not recommended for independent organizations. However, all active methods should be considered with the resources provided by trusted external partners such as government, law enforcement, intelligence agencies, and security firms. The biggest challenge of active cyber defense is the ability to attribute an attack to an adversary. The needed time and effort for attribution are too difficult for counterattacks to be a viable and efficient method for independent organizations.