Bridging the Cyber Deception Guidance Gap
Estimated read time 4 min read
Posted in Cybersecurity

Bridging the Cyber Deception Guidance Gap

Key Takeaways

  • The National Cyber Security Centre (NCSC) has identified several barriers and risks associated with cyber deception programs, including the difficulty of generating outcome-based metrics and the lack of guidance and impartial advice.
  • The NCSC has launched a pilot project under the Active Cyber Defence (ACD) 2.0 program, featuring 121 UK organizations and 14 cyber-deception solution providers, to establish an evidence base for the use of cyber deception at a national scale.
  • Cyber deception can be an effective way to detect novel threats and uncover hidden compromises, but it requires planning, strategy, and support to be successful.
  • The NCSC aims to deploy a minimum of 5000 low- and high-interaction solutions on the UK internet, plus 20,000 low-interaction solutions inside internal networks, and 200,000 low-interaction solutions in cloud environments.
  • The use of cyber deception can impose costs on adversaries, slow down attacks, and increase the likelihood of detection, making the UK a harder and more expensive target for attackers.

Introduction to Cyber Deception
Cyber deception is a technique used to detect and prevent cyber attacks by creating fake environments, credentials, and resources that are designed to attract and detect malicious activity. The National Cyber Security Centre (NCSC) has been exploring the use of cyber deception as part of its Active Cyber Defence (ACD) 2.0 program, with the goal of establishing an evidence base for its use at a national scale. The NCSC has launched a pilot project featuring 121 UK organizations and 14 cyber-deception solution providers, which has highlighted several key findings and challenges associated with the use of cyber deception.

Challenges and Barriers to Cyber Deception
One of the main challenges associated with cyber deception is the difficulty of generating outcome-based metrics, which are necessary to measure the effectiveness of the technique. The NCSC has found that data and context are crucial to delivering insight rather than noise, and that terminology is often inconsistent across the cyber-deception industry, making it difficult for organizations to understand what vendors are offering. Additionally, there is a guidance gap, with impartial advice, real-world case studies, and reassurance that tools are effective and safe often missing. This can make it difficult for beginners to navigate the market and choose the right products.

Benefits of Cyber Deception
Despite the challenges and barriers associated with cyber deception, the technique can be an effective way to detect novel threats and uncover hidden compromises. The NCSC has found that cyber deception can impose costs on adversaries, slow down attacks, and increase the likelihood of detection. By forcing attackers to spend time and resources navigating false environments, chasing fake credentials, or second-guessing their access, cyber deception can make the UK a harder and more expensive target for attackers. The NCSC hopes to raise awareness and understanding of cyber deception, so that organizations can choose the right products and learn from peers.

The NCSC’s Pilot Project
The NCSC’s pilot project under the Active Cyber Defence (ACD) 2.0 program aims to deploy a minimum of 5000 low- and high-interaction solutions on the UK internet, across IPv4 and IPv6, plus 20,000 low-interaction solutions inside internal networks. The project also aims to deploy 200,000 low-interaction solutions in cloud environments and two million honeytokens – fake IT resources designed to detect criminal activity. The NCSC hopes that this project will provide valuable insights into the use of cyber deception at a national scale and will help to establish an evidence base for its use.

Conclusion and Future Plans
The NCSC’s pilot project and research into cyber deception highlight the potential benefits and challenges of this technique. While cyber deception is not a magic fix and requires planning, strategy, and support to be successful, it can be an effective way to detect novel threats and uncover hidden compromises. The NCSC will continue to raise awareness and understanding of cyber deception, and will provide support to organizations to help them harness the power of deception, alongside observability and threat hunting, to detect, understand and respond to threats more effectively. By working together, the NCSC hopes to make the UK a harder and more expensive target for attackers, and to improve national resilience by imposing costs on adversaries.

You May Also Like

More From Author

Enhancing Teaching with Technology: Opportunities for New Faculty

Enhancing Teaching with Technology: Opportunities for New Faculty

Oklahoma BLM Leader Charged with Fraud and Money Laundering

Oklahoma BLM Leader Charged with Fraud and Money Laundering

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending Today