The National Cyber Security Centre (NCSC) is beginning to collect evidence on how organisations can best use ‘cyber deception’ to strengthen their cyber security.
It said it wants to hear from public and private sector bodies that have deployed solutions so it can build an evidence base to encourage widescale deployment of the technologies and techniques.
It has identified three main elements of cyber deception, firstly tripwires, components and systems designed to detect a threat actor through interactions.
Second are honeypots, components and systems that allow a threat actor to interact with an organisation, making it possible to observe their techniques, tactics and procedures, as well as the capability and infrastructure they use. This supports the collection of intelligence on cyber threats.
Third are breadcrumbs, digital artifacts distributed in a system to entice a threat actor into interact with a tripwire and/or honeypot.
Minimum objectives
NCSC has set out minimum objectives of finding: 5,000 instances on the UK internet of low and high interaction solutions across IPv4 and IPv6; 20,000 instances of low interaction solutions within internal networks; 200,000 assets with cloud environments of low interaction solutions; and the deployment of two million tokens.
It also has three core questions: on how effective deployments are at supporting the discovery or latent compromises; on their effectiveness at supporting the enduring discovery of new compromises by threat actors; and whether threat actors change their behaviour when knowing of the presence of the technologies at a national level.
NCSC plans to collect evidence from participating organisations and run its own experiments before summarising and publishing the results.
Its chief technology officer, Ollie Whitehouse, and incident management technical director, Harry W, said in a blogpost: “We recognise the potential value of using cyber deception technologies and techniques to support cyber defence, in certain situations. We have an ambition to establish an evidence base for use cases of cyber deception and their efficacy, on a national scale, in support of Active Cyber Defence 2.0.”