Deterrence through Cyber Deception

Much has been written concerning the difficulties of achieving deterrence in Cyberspace. The NCDL is seeking to instigate new discussions and build a body of knowledge around the use of Cyber Deception assets to achieve a deterrent effect by declaring their use.

Perhaps the quickest way to illustrate this potential is through a comparison with Burglar Alarms. There are many components to these systems that are ubiquitous in our modern environments. They include an assortment of sensors that detect movement, changes in the state of windows and doors, and even temperatures in controlled environments.

The vast majority of these systems also advertise that they are present and active with a variety of warning signs. These signs might be explicit and highly visible, for example, think about the big yellow alarm boxes on the sides of peoples’ houses. Or they might be more implicit and only be accessible and recognisable to potential attackers, for example, the insistent beeping of an alarm keypad, only audible once an internal door has been breached.

This psychological effect of advertising defensive measures is not a panacea to deter all attackers in all circumstances. However, it is illustrative of how a defender can begin to shape the sensemaking of an intruder. Here we use sensemaking as it is explained in the Artifice System as “What’s going on? What does this mean? And, what should I do about it?” By advertising Cyber Deception and a willingness to aggressively defend their home territory a defender forces their attackers and the software tools they use to question their sensemaking of the network they are illegitimately seeking to exploit. How far these kinds of effects can be taken is the exploitation space the NCDL seeks to map out.