Using deception to shield cyberspace sensors

Abstract

The U.S. President’s Comprehensive National Cybersecurity Initiative calls for the deployment of sensors to help protect federal enterprise networks. Because of the reported cyber intrusions into America’s electric power grid and other utilities, there is the possibility that sensors could also be positioned in key privately-owned infrastructure assets and the associated cyberspace. Sensors provide situational awareness of adversary operations, but acting directly on the collected information can reveal key sensor attributes such as modality, location, range, sensitivity and credibility. The challenge is to preserve the secrecy of sensors and their attributes while providing defenders with the freedom to respond to the adversary’s operations. This paper presents a framework for using deception to shield cyberspace sensors. The purpose of deception is to degrade the accuracy of the adversary’s beliefs regarding the sensors, give the adversary a false sense of completeness, and/or cause the adversary to question the available information. The paper describes several sensor shielding tactics, plays and enabling methods, along with the potential pitfalls. Wellexecuted and nuanced deception with regard to the deployment and use of sensors can help a defender gain tactical and strategic superiority in cyberspace.