Applying Indications and Warning Frameworks to Cyber Incidents

Published in: 11th International Conference on Cyber Conflict: Silent Battle: Proceedings 2019, Chapter 5 (2019)

Posted on RAND.org on April 28, 2020

by Bilyana Lilly, Lillian Ablon, Quentin E. Hodgson, Adam Moore

Read More

Access further information on this document at ccdcoe.org

This article was published outside of RAND. The full text of the article can be found at the link above.

Despite significant advancements in academia and public policy on identifying, deterring, and mitigating cyber incidents, there is a general discontent among NATO agencies, member states' governments, and intelligence agencies that their strategy against cyber incidents is primarily reactive and implemented post factum, rather than proactive and executed before such attacks occur. This issue could be addressed through the design and application of appropriate indications and warning (I&W) frameworks for the cyber domain. Currently, there is a lack of comprehensive understanding and generally accepted practice of how governments and international organizations can apply such I&W methodologies and integrate them with their existing capabilities and processes. A survey of the classic warning methodologies used by the U.S. intelligence community to address a range of non-cyber threats can inform the design of such robust frameworks. These mature intelligence methods can be adapted and perfected to adequately address threats in cyberspace. In this article, we examine some of these I&W frameworks and propose a high-level practical approach to cyber I&W that governments, NATO agencies and the private sector can use to design and structure their prevention, detection, and response mechanisms in order to effectively anticipate and defend against cyber threats. To demonstrate the utility of this approach, we apply it to an actual case: the November 14, 2018 spear-phishing campaign by Russia's APT29 against U.S. government agencies, think tanks, and businesses.

This report is part of the RAND Corporation external publication series. Many RAND studies are published in peer-reviewed scholarly journals, as chapters in commercial books, or as documents published by other organizations.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.