International Cybersecurity Research Made in Hamburg
 

The Active Cyber Defense Series

Matthias Schulze


The term "active cyber defense" is confusing due to its use as a politically appealing and marketable phrase, which varies in meaning across different professional communities like military, cybersecurity, and law, as well as among different nations. This blog series aims to clarify these diverse interpretations and examine the specific actions encompassed by "active defense" to understand its role in enhancing security.


Part 1: The different meanings of active cyber defense

One of the more confusing terms in cyber-security is “active cyber defense”. The confusion with it stems from at least four reasons: 1) it is a political term, a framing to be more precise, to frame certain cyber-activity under a palatable term. Active sounds nice. There is action, activity and not just pure reactivity. For some it means not just taking punches but actually doing something, getting the initiative back. These are all positive connotations. 2) the term has been used in industry as a marketing term for similar reasons: It just sounds better than plain old information security or cyber-security, and thus all kinds of different products can be sold under the term. 3) The terminology lies at the intersection of various epistemic communities (communities of practitioners that have a different background and interpretation of the term) such as military, technical cybersecurity, politics, law, and intelligence. That means for a military General, active defense means something entirely different compared to the cyber-security practitioner or a lawyer who knows about international law. 4) To make matters worse, there are different national definitions as well, so the People’s Republic of China means something entirely different with the term than the UK or France or Germany.

 


 

Part 2: Doing active cyber defense

In the last blog post, we deciphered various elements of active cyber defense. We looked at technical definitions, analyzed the spectrum between defense and offense, and talked about deception. We concluded that active cyber defense might entail offense (i.e. engaging with the network of an adversary), but it does not necessarily need to. Active cyber defense might aim to preempt an imminent attack from occurring, rather than to prevent more abstract, future threats. What also became apparent is that active defense seems to entail “more” than passive defense: it employs additional tools and measures like honeypots and deceptive techniques with the aim to gather intelligence on adversary behavior. In this section of the blog post, we will look at what doing active cyber defense actually might entail.

Read more →





Matthias Schulze

Some Observations about the Cyber Conflict between Israel and Hamas

As in Ukraine, the current war in the Middle East is once again being accompanied by a digital conflict. After two months of war, it is now possible to draw some preliminary conclusions about cyber capabilities in the context of conventional ground wars. Including other conflicts such as in Ukraine 2022, Georgia 2008 or Kosovo 1998, an interesting continuity of the nature of digital conflict becomes apparent.

Read more →








 

f

WebTalk "Strategies and Attribution in Cyberspace"

Companies and institutions are increasingly exposed to complex  cyberattacks. In order to counter these threats effectively, a deep understanding of the current threat situation and available technologies is crucial. But how can we analyse current attack strategies and improve the attribution of cyber attacks from a security policy perspective? What technical options are available to detect and defend against cyber threats and what role does technological sovereignty play in this? Experts from academia, business and computer science will dsicuss this in the online WebTalk on 4th September 2024.

Read more ->


Shaping Cybersecurity 2024: China's Cyber Challenge

China’s strive for global leadership in cyberspace and related technologies poses a unique challenge to the international rules-based order. China’s vision of a global internet shaped by the interests of its one-party state directly challenges the fundamental values of openness, security and interoperability underpinning today’s global digital ecosystem. Additionally, extensive cyber operations increase the urgency of targeted countries to bolster their cyber defences and resilience, especially in the light of globally heightened geopolitical tensions.
IFSH, AA and ESMT are organising the conference on 17th June 2024.

Read more ->


Shaping Cybersecurity 2023: Cyber in Conflict

Cyberattacks and information operations accompanying the Russian invasion of Ukraine have underlined the disruptive potential of digital technologies well beyond the immediate conflict zone. Already prior to the war, criminal cyberattacks against critical infrastructure have become major national security threats, heightening geopolitical tensions due to tacit or even active state support.
IFSH, AA and ESMT organised a workshop with more than 200 participants.

Read more ->






Workshop on Government Vulnerabilities Disclosure

ICS conducted a workshop in cooperation with the Federal Foreign Office on the cyber security aspect of the German National Security Strategy as part of the dialogue processes.
The hybrid event centred on four thematic blocks: security trends and constellations; tasks, goals, and instruments; civil society and business partnerships; as well as regional and international cooperation.

Read more ->

 


International Cybersecurity Hotchpotch

Newsletter


 

Subscribe!


The newsletter  is usually released at the beginning of each week with a summary of noteworthy cyber-security, -science and -policy news.

Hotchpotch Archive