Warrior Maven

Center for Military Modernization

HomeU.S. Air Force News
Become an Expert Warrior

Air Force Cyber-Deception Counters Attackers

The Air Force is working with industry to develop cybersecurity techniques that deceive…

·

By Kris Osborn

…and track attackers and intruders with techniques designed to confuse and gather information about the malicious actors.

The service has begun a two-year public-private agreement with Galois, a private firm specializing in cybersecurity and IT dynamics.

The partnership is employing a number of next-generation practices such as the use of deceptive techniques designed to lure and track cyber-attackers.

Senior Air Force cybersecurity experts often emphasize that advanced techniques are increasingly in demand as adversaries become more sophisticated with their attacks.

“We have to be aware that there are dangers out there. The adversary is constantly evolving, changing and trying to get into our systems and exfiltrate information,” said Peter Kim, Air Force Chief Information Security Officer.

Galois executives talk about it as a broadened or more sophisticated version of a “honey pot” tactic which seeks to create an attractive location for attackers – only to glean information about them.

“Honey pots are an early version of cyber deception. We are expanding on that concept and broadening it greatly,” Adam Wick, research lead at Galois told Defense Systems in an interview.  

A key element of these techniques uses computer automation to replicate human behavior in order to confuse a malicious actor hoping to monitor or gather information from traffic going across a network.

“Its goal is to generate traffic that misleads the attacker, so that the attacker cannot figure out what is real and what is not real,” he added.

“Fake computers look astonishingly real,” he said. “We have not to date been successful in always keeping people off of our computers. How can we make the attacker’s job harder once they get to the site, so they are not able to distinguish useful data from junk.”

Using watermarks to identify cyber behavior of malicious actors is another aspect of this more offensive strategy to identify and thwart intruders.

“If we see data with these watermarks, we know someone was sniffing on those networks. We can generate documents with known signatures to help discover advanced persistent threats,” Wick explained.

Thank you for noticing Warrior's content and joining our community of readers. I am honored that so many experts, academics, weapons developers and servicemembers follow our content and regularly offer amazing expert input.

The idea with Warrior is to offer a unique discussion and analysis of military innovation, emerging technology, weapons systems and military strategy. Our main focus is on the intersection between new technology and how it impacts Concepts of Operation, maneuver formations and military tactics.

We have a special section featuring some additional expertise for so many of you who are extremely advanced experts. Quick sign up and very low $10 monthly charge. Please join our expert community and see long-form interviews with flag officers and leading experts along with more in depth analysis of technology, weapons and tactics. We would be honored to have you join our community of experts and please do not hesitate to share your input/ideas/criticisms with me anytime.

Kris Osborn, Editor-in-Chief

Join Expert Warrior
Become an Expert Warrior