The cyber attack kill chain defense
By Jim Ricotta for Enterprise CIO Forum
The “Kill Chain” is a traditional warfare term most often used by the US Air Force in defining the command and control process for targeting and destroying enemy forces in order to make it most difficult for the enemy to continue in battle. A well-known and successful execution of this strategy was in the initial air attacks on Iraq during Operation Desert Storm, which targeted command bases and communications networks. The result was that cut-off ground units in the field, lacking orders and control, quickly lost the will to fight. Of late, Kill Chain has been applied by both the US Military and leading cyber threat defense teams at Mitre and Lockheed Martin to define a new defensive strategy for guarding against advanced persistent threats (APT) and other targeted cyber attacks.
In cyber attack, the “Kill Chain Defense” exploits the fact that a successful attack must complete all stages from planning and malware introduction to expansion and one or more command and control phases, until the target is identified, manipulated and exfiltrated. The goal of a kill chain defense is to break one or more stages in the attack chain to stop the progress of the attack and force the opponent to start over. It is important to remember three things in this method: 1) the bad guy must make the entire chain work to succeed; 2) you need only kill one link to stop them; and 3) having detection and kill capability at each point in the enemy’s attack chain gives you the highest probability of success in this defense.
Excerpt appears with permission from John Dodge.
About John Dodge
John Dodge is an award-winning journalist and newspaperman, who has covered technology and business since 1980. He spent 16 years at PC Week (now eWeek) as news editor and editor and several years as editor-in-chief of engineering magazines EDN and Design News. His personal blog is The Dodge Retort. John Dodge is presently the community manager at enterpriseCIOForum.com, an online community for CIOs sponsored by Hewlett Packard and produced by IDG.