The Chief of Canada’s Defence Staff, in an interview about the defence policy, said it would be “irresponsible for Canada not to have the ability to hit back against hackers and organizations that already use cyberspace as a battleground […] a team can't play with just a goalie.”
Cyber security is based upon standards and practices. Cyber security refers to the ongoing provision of service and support for the routine use of cyberspace for day-to-day business. It is the body of technologies, processes, practices and response and mitigation measures designed to protect networks, computers, programs and data from damage or unauthorized access so as to ensure confidentiality, integrity and availability. Cyber security is defined by standards and the marketed segmentation. Traditional cyber security is preoccupied with internal network protection, compliance to standards and incident response.
In a cyber security model:
your team would only consist of a goalie.
You would outfit your goalie with protective gear, turned them around inside the crease so they faced inside their own net, and have them react as fast as they can to incidents of pucks shot into the net, lights and buzzers.
A referee would ‘audit’ your team to ensure they followed the rules.
Cyber security lacks defence-in-depth and the means to win the game.
Cyber defence refers to operations that are conducted in the cyber domain in support of strategic or tactical objectives. To help understand the practical difference between cyber security and cyber defence, is to recognize that cyber defence requires a shift from network assurance (security) to mission assurance (defence) where cyber is fully integrated into operational planning across the Joint Functions. Cyber defence focuses on sensing, detecting, orienting, hunting, pursuing and engaging adversaries in order to assure a commander’s mission success and to out-manoeuver that adversary. This shift from security to defence requires a strong emphasis on intelligence, surveillance and reconnaissance, and the integration of staff activities to include intelligence, operations, communications, and planning. Cyber Defence necessarily includes but is not limited to: Electronic Warfare, C5ISR, SIGINT, and Influence Activities.
Cyber defence is about playing to win the game. Fighting the network not just managing it.
Cyber defence would start by turning the goalie around, facing the opposing team and give them a fighting chance of deflecting pucks shot on net. A full team of defensive and offensive lines are put into the ice.
Active defence outside of the goalie’s crease (network perimeter) work directly against the competitor’s offensive forces to disrupt and degrade attacks, and get the puck across the blue line. Taking the pressure off of cyber security (goalie) and dramatically reducing breaches.
Forwards do the proactive ‘cyber’ defence and offensive roles; Engaging in forechecking opponents, forcing the adversary onto the defensive and scoring goals.
Cyber defence is a much more fluid and complex game involving tactics, strategy and decisive engagement with the adversary.
Cyber security is:
§ Refereeing only your own team
§ Ensure your team comply with the rules
§ Keeping track and notifying breach’s of your net
§ The industry building goalie sticks, pads and testing your net
§ Training your goalie to stop pucks shot by coaching staff
§ Does not operate out side goalie crease
§ Has no defence or offensive line
Cyber Defence is:
§ About game strategy, defence-in-depth and forechecking
§ Controlling the game
§ Hunt the other team down and chase them out of your zone
§ Offensive Cyber Operations involve checking and scoring, in the other team’s zone