Below you will find a list of our blog posts and short articles – some as single entries, others as part of a series. If you are interested in collaborating with us or publishing your piece here, please contact us!
If you are looking for our work published elsewhere, such as peer-reviewed articles or book chapters, have a look here.
Part 1: The different meanings of active cyber defense
The term "active cyber defense" is confusing due to its use as a politically appealing and marketable phrase, which varies in meaning across different professional communities like military, cybersecurity, and law, as well as among different nations. This blog series aims to clarify these diverse interpretations and examine the specific actions encompassed by "active defense" to understand its role in enhancing security.
Part 2: Doing active cyber defense
In the last blog post, we deciphered various elements of active cyber defense. We looked at technical definitions, analyzed the spectrum between defense and offense, and talked about deception. We concluded that active cyber defense might entail offense (i.e. engaging with the network of an adversary), but it does not necessarily need to. Active cyber defense might aim to preempt an imminent attack from occurring, rather than to prevent more abstract, future threats. What also became apparent is that active defense seems to entail “more” than passive defense: it employs additional tools and measures like honeypots and deceptive techniques with the aim to gather intelligence on adversary behavior. In this section of the blog post, we will look at what doing active cyber defense actually might entail.