warning, information sharing, vulnerability reduction, risk management and recovery efforts to detect, protect against and mitigate the impact of threats that leverage the cyber domain. Though, cyber security has been identified as one of the Top 'Most !ikely' risks to global development, according to this definition, cyber security is not necessarily a new concept. Security is and always has been an integral part of any network. "owever, today's networks have become more critical, underpinning many of the nation's most vital services. #tilities, energy, financial, healthcare, government, and military systems all rely on the network to operate effectively. These networks come under regular attack from an increasing range of sophisticated cyber threats, including$ Advanced, persistent threats %A&T' Malicious Software %Malware' "armful email attachments and phishing Malicious web sites (enial of service attacks %(oS' Mobile device e)ploits Cyber attacks are a global threat where the speed of attack propagation is measured in seconds and there is no limit to the distance between attacker and victim. Many traditional attacks are still prevalent with malware such as the endemic conficker worm and cyber criminals who use social engineering techni*ues such as phishing and spear+phishing. "owever, more recent attacks such as the (oS attack on ,stonia, -hostnet, .lame, Shamoon, and the Stu)net worm are believed to incorporate a state+sponsored element. ,ven where there is no direct link between nation states and cyber criminals, there is always the danger that these criminals may be conscripted at short notice. /f all of the threat categories above, A&T represents the greatest level of concern to national infrastructure and strategic interests. A&T is defined as an attack where the adversary attempts to gain access, maintain foothold, and modify data to disrupt systems or perform data e)filtration through covert channels. A&Ts are typically performed in several stages and over long periods of time in order to avoid being detected by traditional security mechanisms. Cyber threats originate from a variety of actors ranging from foreign nation states to hacktivists and re*uire specific cyber security counter+measures. Such measures should incorporate technical, policy, and process related controls and be designed to protect information and systems directly accessible from the 0nternet, as well as those that are isolated. The e)perience of the Stu)net outbreak clearly highlights the fact that 1ust because a system is not 0nternet accessible, it can still be infiltrated by a motivated attacker. The Cyber Attack Chain There are a number of frameworks available for understanding and analy2ing the landscape of cyber security threats and responses. A good approach for describing common threat patterns, regardless of the adversary, their goals, or method of attack, is represented by the 3intrusion kill chain3 model proposed by !ockheed Martin. This model, derived from #.S. (o( targeting doctrine, describes cyber attacks as a progressive campaign, encompassing a series of distinct intrusion phases. The concept of operations derived from the 3intrusion kill chain3 model illustrates that a defender can neutrali2e cyber threats using countermeasures designed to disrupt the different phases of the attack chain. A disruption at any phase in the chain will stop the overall attack. .urthermore, as separate attacks are correlated, common patterns emerge that aid threat analysts in developing the intelligence necessary to mitigate future attacks. Threat Countermeasures The different phases of the 3intrusion kill chain3 provide a basis for defining an appropriate set of attack countermeasures. These countermeasures fall into four general categories$ &rotect, (etect, 4eact, and Survive. The diagram in figure illustrates how each group of countermeasures aligns with the different phases of the 3intrusion kill chain3. &age 5 of 6 7889:5; http$88www.cisco.com8web8A&8partners8cyber<security<blog<tab.html &rotection countermeasures serve two important purposes in helping defeat the reconnaissance, packaging, and delivery attack phases. .irst, they help eliminate disclosure of information that an adversary can use in developing an attack strategy. Second, they help eliminate and protect against weaknesses and vulnerabilities in the infrastructure. &rotection countermeasures re*uire capabilities that deliver trust, authentication, integrity, confidentiality, and access control. Modern protection services harness integrated, infrastructure+based identity management and policy enforcement capabilities that dynamically enforce which users can access what information under what conditions. (etection countermeasures provide visibility into infrastructure systems and operations, helping reveal indicators of potential threats and attacks. (eep inspection and conte)tuali2ation of activities occurring across the delivery, e)ploitation, installation, and command and control phases provides a high+level of situational awareness that enables defensive actions. /ne of the difficulties in detecting A&Ts is their tendency to employ covert infiltration techni*ues that e)ploit 2ero+day vulnerabilities. Sophisticated detection countermeasures analy2e data across multiple sources to uncover the anomalous behaviors that indicate malicious activity. 4eaction countermeasures provide the ability to block, manage, and redirect attacks. !everaging detection countermeasures, baseline security capabilities can intercept and remove active threats. More advanced security capabilities can minimi2e the impact of attacks on infrastructure systems and, in some cases, fool adversaries into thinking the attack is progressing successfully. =y permitting attacks to continue in a controlled, sandbo)ed environment, analysts can gain a better understanding of the nature, methods, and goals of the attack. Survival countermeasures provide a level of resilience and continuity of operations should the infrastructure succumb to a successful attack. 0n many cases, cyber attacks are not a matter of 3if3 but 3when and how bad3. =y building capabilities for fault tolerance and agility into the infrastructure, a defender can mitigate and minimi2e the worst effects of loss or disruption. Cyber Security Capabilities As a cohesive, comprehensive approach to modeling cyber threats, the 3cyber attack chain3 and respective countermeasures provide a foundation for defining and implementing cyber security capabilities. ,ven though a disruption in any one phase can block the overall attack, a resilient, defense in depth approach re*uires a spectrum of capabilities that implement countermeasures along the entire chain. This ensures that a fault in one or more countermeasure does not necessarily e)pose a vulnerability in the infrastructure. Additionally, a continuum of mutually reinforcing defense capabilities deters adversaries by increasing the cost and comple)ity of conducting a cyber attack campaign. The diagram in figure defines the spectrum of cyber capabilities necessary to disrupt and defeat cyber attacks. These capabilities fall into four general categories$ ,nforce, Secure, (efend, and (eter. =eginning with enforcement, each subse*uent capability builds on and e)tends services delivered by the preceding capability. 0n this way, the capability spectrum represents a maturity model for improving cyber defenses over time. ,nforcement capabilities represent baseline control over the access and usage of the infrastructure and its resources. Core services within the enforcement capability include the ability to identify and authenticate users and devices, differentiate and control infrastructure access, and manage and implement usage policies. Security capabilities e)tend enforcement services, providing the ability to prepare for, detect, and respond to cyber threats. Core services within the security capability include the ability to identify and mitigate risk, filter out known or easily identifiable attacks, and employ automated attack responses. Security services also reduce the overall number of threats that demand human intervention, freeing up analysts to focus on more sophisticated and targeted attacks. (efensive capabilities represent the reali2ation of comprehensive cyber security operations. Combining people, process, and technology, defensive capabilities enable organi2ations to proactively manage and control threats. Core services within the defensive capability include the ability to maintain infrastructural &age 9 of 6 7889:5; http$88www.cisco.com8web8A&8partners8cyber<security<blog<tab.html resilience, generate situational awareness, and operationali2e intelligence as an effective tool for better detecting threats and mitigating future attacks. 0n the domain of nation states, deterrence represents the ape) of cyber security capability. The culmination of infrastructural and operational capabilities in cyber defense become a tool for e)ercising government policy. (eterrence capabilities enable more effective law enforcement, enable nations to restrain the behavior of adversaries through treaties and conventions, and provide a basis for deploying proactive threat defense as a component of overall government action. The cyber security capability spectrum provides guidance in defining, selecting, and implementing the appropriate organi2ational structures, operations, and technologies necessary to defend against cyber attacks. As a conceptual approach, it complements e)isting industry frameworks and methodologies. .undamentally, the cyber security capability spectrum serves as a basis for reali2ing sustainable operations that evolve and adapt to the ever changing cyber threat landscape. Sincerely, Joshua R. McCloud Cisco's Cyber Security Expert Copyright > 9:59 Cisco. All 4ights 4eserved. &age 6 of 6 7889:5; http$88www.cisco.com8web8A&8partners8cyber<security<blog<tab.html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The requested URL could not be retrieved</TITLE>
<STYLE type="text/css"><!--BODY{background-color:#ffffff;font-family:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>
</HEAD><BODY>
<H1>ERROR</H1>
<H2>The requested URL could not be retrieved</H2>
<HR noshade size="1px">
<P>
While trying to process the request:
<PRE>
TEXT http://www.scribd.com/titlecleaner?title=CyberCrime+Report.docx HTTP/1.1
Host: www.scribd.com
Proxy-Connection: keep-alive
Accept: */*
Origin: http://www.scribd.com
X-CSRF-Token: ea5b3d74fc35283c15ef440947b36a61b715cffd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
X-Requested-With: XMLHttpRequest
Referer: http://www.scribd.com/upload-document
Accept-Encoding: gzip,defl