TY - GEN
T1 - A conceptual framework for cyber counterintelligence
T2 - 16th European Conference on Cyber Warfare and Security, ECCWS 2017
AU - Duvenage, Petrus
AU - Sithole, Thenjiwe
AU - Von Solms, Sebastian
PY - 2017
Y1 - 2017
N2 - For those connecting the dots, major cyber breaches continue to affirm the necessity of having cyber counterintelligence (CCI) at the core of a proactive cybersecurity approach. While practitioners and executives engaging highend adversaries in the 'real world' are progressively warming up to the opportunities CCI presents, the mentioning of 'theory' is likely to evoke a cool response. Theory is typically regarded as abstract thinking that has little bearing on, or use in, 'real world' cybersecurity trenches. Theory may even be deemed to be the opposite of practice. This is of course not the case-theory is highly relevant to practice and practice ought to inform theory. In the words of Lewin (as cited by Greenwald 2012): "There is nothing so practical as a good theory." Especially for a field as complex as CCI, effective practice presupposes a sound theoretical foundation. The price for poor CCI theory will ultimately be paid through more costly failures and damaging breaches. Theoretical constructs are thus clearly not 'nice to have' academic 'toys'. These constructs, which include frameworks and models, condition our thinking and our approach to practice. In addition to its application to practice, theory should of course also be at the heart of academic disciplines and fields. Herein lies the challenge-as an emerging multidisciplinary academic field, CCI is in its infancy. Given CCI's incipient status, one of the priority agenda items ought to be a conceptual framework that (albeit tentatively) delineates and provides a coherent view of the research object-i.e. CCI. This conceptual framework can furthermore systemise existing knowledge and provide a scaffold for further research. Equally important, it can be an instrument to explain to diverse audiences what CCI is and how it works. Clearly then, a conceptual framework for CCI is theory that really matters. This paper's primary aim is to advance the outlines of such a conceptual Framework for CCI (FCCI). Our FCCI consists of eight notional blocks we deem essential to an academic credible and practically useful FCCI. In designing the FCCI, we synthesised and added to the autors' previous contributions on CCI to inter alia recent European Conferences on Cyberwarfare and Security (ECCWS). For obvious reasons, the FCCI and its building blocks cannot be explained in any detail within the confines of a single conference paper. Consequently, suffice it to provide the essential contours of, and concise rationale behind, our FCCI's design. We qualify our FCCI as a tentative postulation, hopefully constructive to the theoretical discourse and academic practice.
AB - For those connecting the dots, major cyber breaches continue to affirm the necessity of having cyber counterintelligence (CCI) at the core of a proactive cybersecurity approach. While practitioners and executives engaging highend adversaries in the 'real world' are progressively warming up to the opportunities CCI presents, the mentioning of 'theory' is likely to evoke a cool response. Theory is typically regarded as abstract thinking that has little bearing on, or use in, 'real world' cybersecurity trenches. Theory may even be deemed to be the opposite of practice. This is of course not the case-theory is highly relevant to practice and practice ought to inform theory. In the words of Lewin (as cited by Greenwald 2012): "There is nothing so practical as a good theory." Especially for a field as complex as CCI, effective practice presupposes a sound theoretical foundation. The price for poor CCI theory will ultimately be paid through more costly failures and damaging breaches. Theoretical constructs are thus clearly not 'nice to have' academic 'toys'. These constructs, which include frameworks and models, condition our thinking and our approach to practice. In addition to its application to practice, theory should of course also be at the heart of academic disciplines and fields. Herein lies the challenge-as an emerging multidisciplinary academic field, CCI is in its infancy. Given CCI's incipient status, one of the priority agenda items ought to be a conceptual framework that (albeit tentatively) delineates and provides a coherent view of the research object-i.e. CCI. This conceptual framework can furthermore systemise existing knowledge and provide a scaffold for further research. Equally important, it can be an instrument to explain to diverse audiences what CCI is and how it works. Clearly then, a conceptual framework for CCI is theory that really matters. This paper's primary aim is to advance the outlines of such a conceptual Framework for CCI (FCCI). Our FCCI consists of eight notional blocks we deem essential to an academic credible and practically useful FCCI. In designing the FCCI, we synthesised and added to the autors' previous contributions on CCI to inter alia recent European Conferences on Cyberwarfare and Security (ECCWS). For obvious reasons, the FCCI and its building blocks cannot be explained in any detail within the confines of a single conference paper. Consequently, suffice it to provide the essential contours of, and concise rationale behind, our FCCI's design. We qualify our FCCI as a tentative postulation, hopefully constructive to the theoretical discourse and academic practice.
KW - Active defence
KW - Conceptual framework
KW - Cyber counterintelligence
KW - Offensive cybersecurity
KW - Theory
UR - http://www.scopus.com/inward/record.url?scp=85027987156&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85027987156
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 109
EP - 119
BT - Proceedings of the 16th European Conference on Cyber Warfare and Security, ECCWS 2017
A2 - Scanlon, Mark
A2 - Le-Khac, Nhien-An
PB - Curran Associates Inc.
Y2 - 29 June 2017 through 30 June 2017
ER -