The idea of an international standard for “cyber deception” has turned into a contentious subject, and recently the UK government has taken up the challenge to settle the issue for the rest of the world.
The National Cybre Security Centre (NCSC) held a summit of international bodies that sought consensus on what law enforcement agencies should consider appropriate uses of social engineering and other primary cases of what most people would term “hacking” in any reasonable terminology.
Originally, the aim of the exercise was to figure out what threat actors are planning to trick government organizations into falling for phishing attacks and malware packages, the ultimate aim being a methodology for countering malware.
In short, the government bodies quickly realized that they might have to play fast and loose with their morals when it came to unauthorized system access, and they need to clarify least they give the public the wrong idea.
“The NCSC recently brought together international government partners and wider UK government and industry in the first-of-its-kind conference to discuss cyber deception in cyber defense at our headquarters in London,” the agency said.
After donning their black hats, the government bods came to the uncomfortable realization that they might end up being the baddies, and maybe their government careers are not best served by embracing their inner Zer0Cool.
“During discussions, it became clear that ‘deception’ has connotations which can be uncomfortable for some,” NCSC said.
“It is important to acknowledge this, and although there are wider definitions of cyber deception in military and other contexts, they differ to the technology we are referring to here."
What the government organizations mean in this case is a trio of tactics that can be used for red team exercises. The researchers said that their idea of “deception” means the employment of software-based tripwire windows, honeypot servers, and breadcrumb trails that allow researchers to trace their steps.
“It's also worth noting that we are aware of wider thinking and approaches designed to produce synthetic behaviours and content, with the aim of degrading an adversary’s efficacy objective, through effects and other means,” the NCSC said.
“But this is not our focus, as these approaches and intents are out of scope for our cybersecurity use cases.”
