The term "active cyber defense" is confusing due to its use as a politically appealing and marketable phrase, which varies in meaning across different professional communities like military, cybersecurity, and law, as well as among different nations. This blog series aims to clarify these diverse interpretations and examine the specific actions encompassed by "active defense" to understand its role in enhancing security.
One of the more confusing terms in cyber-security is “active cyber defense”. The confusion with it stems from at least four reasons: 1) it is a political term, a framing to be more precise, to frame certain cyber-activity under a palatable term. Active sounds nice. There is action, activity and not just pure reactivity. For some it means not just taking punches but actually doing something, getting the initiative back. These are all positive connotations. 2) the term has been used in industry as a marketing term for similar reasons: It just sounds better than plain old information security or cyber-security, and thus all kinds of different products can be sold under the term. 3) The terminology lies at the intersection of various epistemic communities (communities of practitioners that have a different background and interpretation of the term) such as military, technical cybersecurity, politics, law, and intelligence. That means for a military General, active defense means something entirely different compared to the cyber-security practitioner or a lawyer who knows about international law. 4) To make matters worse, there are different national definitions as well, so the People’s Republic of China means something entirely different with the term than the UK or France or Germany.
In the last blog post, we deciphered various elements of active cyber defense. We looked at technical definitions, analyzed the spectrum between defense and offense, and talked about deception. We concluded that active cyber defense might entail offense (i.e. engaging with the network of an adversary), but it does not necessarily need to. Active cyber defense might aim to preempt an imminent attack from occurring, rather than to prevent more abstract, future threats. What also became apparent is that active defense seems to entail “more” than passive defense: it employs additional tools and measures like honeypots and deceptive techniques with the aim to gather intelligence on adversary behavior. In this section of the blog post, we will look at what doing active cyber defense actually might entail.
The first-ever Moldova Security Forum, held 19-20 November 2024 in Chișinău, was a key event dedicated to security in the region, which is particularly important given the hybrid threats targeting Moldova and CEE countries. Participants raised the issue of foreign actors’ influence on the security environment in Moldova and neighboring countries, pointing out the significant risk of further strengthening of centrifugal tendencies due to Russia’s high activity in the region and the attempts at electoral manipulation undertaken during the referendum on Moldova’s European perspective and the presidential elections held in October 2024. Nuclear and conventional threats were also widely discussed during the forum, mainly in the context of Russian aggression against Ukraine. The event gathered several hundred participants from around the world, including senior representatives of NATO and the European Union.
IFSH Researcher Mateusz Łabuz took part in the panel “Countering FIMI and strengthening societal resilience”, during which cooperative security strategies to confront emerging threats in the information space were discussed. Participants focused on ways to mitigate Foreign Information Manipulation and Interference (FIMI), pointing out the need to significantly strengthen social resilience, invest in technologies, counteract algorithmic amplification and consistently implement programs necessary for safeguarding democracy and social cohesion.
The 2022 invasion of Ukraine led to major updates to German defence policy, but cyber defence is still lacking, argues Matthias Schulze in Bindinghook.
Companies and institutions are increasingly exposed to complex cyberattacks. In order to counter these threats effectively, a deep understanding of the current threat situation and available technologies is crucial. But how can we analyse current attack strategies and improve the attribution of cyber attacks from a security policy perspective? What technical options are available to detect and defend against cyber threats and what role does technological sovereignty play in this? Experts from academia, business and computer science will dsicuss this in the online WebTalk on 4th September 2024.
ICS conducted a workshop in cooperation with the Federal Foreign Office on the cyber security aspect of the German National Security Strategy as part of the dialogue processes.
The hybrid event centred on four thematic blocks: security trends and constellations; tasks, goals, and instruments; civil society and business partnerships; as well as regional and international cooperation.
The newsletter is usually released at the beginning of each week with a summary of noteworthy cyber-security, -science and -policy news.