Interior Page Icon

Secure Communications

Protecting Response and Recovery from Compromise



Overview

A secure response infrastructure requires secure communications in order to keep cyber adversaries from inserting themselves into response and recovery processes when the usual communication mechanisms are compromised or otherwise unavailable. This document describes how to apply Segmentation, Substantiated Integrity, and Redundancy resiliency techniques

Applying Segmentation to Limit Adversary Impacts

Segmentation - physical or logical separation or isolation of communications based on trustworthiness and criticality - can keep communications while withstanding and recovering from an attack from exposure to the adversary. Separation or isolation can be physical or logical, and predefined or dynamic.

Priorities for Immediate Action with Segmentation

The top priorities for segmentation are:

Applying Substantiated Integrity to Curtail Exposure to the Adversary

Substantiated Integrity - ascertaining whether critical services, information stores, information streams, and components have been corrupted - can prevent an adversary from delivering a payload, curtail the adversary's impact and enable an enterprise to recover from an attack more effectively. There are three approaches to substantiated integrity:

Priorities for Immediate Action with Substantiated Integrity

Applying Redundancy to Impede Adversary Actions

Redundancy - providing multiple protected instances of critical resources can curtail the time during which the adversary can impact mission functions and degrade the extent of that impact. There are three major implementation approaches to redundancy.

Priorities for Immediate Action with Redundancy

Preparing for the Future

Advanced adversaries will use the foothold they have already achieved in the organization's infrastructure in conjunction with stealth to compromise the organization's communication during recovery. In response, the organization needs to deceive the adversary using false communication paths, in order to force the adversary to prematurely reveal their presence and techniques. To limit targets of opportunity by the adversary, secure communications mechanism should be non-persistent in nature, and deployed when actually needed. Use diversity combined with redundancy and employ communication methods that are not used during normal operations (e.g., satellite communications), to avoid the chance of adversary compromise. Ideally, alternate secure communications mechanisms should be revealed only during critical post attack recovery times. This is done to limit the adversary's ability to detect the alternate mechanisms and develop appropriate means of attack. Tools for substantiated integrity are evolving to include approaches that will prevent man-in-the-middle and code injection type attacks.

Potential barriers to adoption of new techniques include the following:

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity