military deception

file

Visible to the public Improving Cybersecurity Through Human Systems Integration 29 June 2016

Advanced Persistent Threat (APT) attackers accomplish their attack objectives by co-opting users' credentials. Traditional cyber defenses leave users vulnerable to APT attacks which employ spearphishing. The success of spearphishing attacks is not a data processing failure, but is the result of defenders failing to apply the principles of Human System Integration to the problem of spearphishing. We discuss an alternative defensive strategy which addresses human performance capabilities and limitations to disrupt spearphishing attacks.

file

Visible to the public Spearphishing Defense Through Improved Usability

The information environment consists of three interrelated dimensions which are the physical, the informational and the cognitive. The most important of these is the cognitive dimension which encompasses the minds of people who interact with information and make decisions using information. Employing cyberspace operations, attackers use spearphishing to engage in espionage, sabotage and other intelligence-related activities. We discuss the use of an enhanced user interface as a means of counterintelligence to disrupt spearphishing attacks.