Interior Page Icon

Secure Communications

Protecting Response and Recovery from Compromise

the big idea

A secure response infrastructure requires secure communications in order to keep cyber adversaries from inserting themselves into response and recovery processes. Secure communications is essential for ensuring that critical information and commands are received and delivered to the appropriate parties. This will keep adversaries from undermining response effectiveness, learning more about your organization’s systems and procedures, and further entangling themselves in your organizational systems and networks.

Cyber Resiliency Goals & Objectives

Secure Communications support the Withstand and Recover goals and the Continue, Constrain, and Reconstitute objectives.

Design Principles

As the organization deals with an incident, the design principles for Secure Communications ensure that communications and supporting services (identification, authentication, and authorization; system and network administration) are available and trustworthy.

What Can Be Done Now

Adapt existing architectural elements (e.g., routers, firewalls, VPNs) and define procedures to protect against adversary activities during response and recovery.

The Right People & Policies

Policies and supporting processes for acquiring and maintaining alternate secure communications.

Cyber Attack Lifecycle

Using the cyber resiliency techniques, segmentation, substantiated integrity and redundancy, as described above, defenders can impede the adversary’s attack on the enterprise and limit the damage the malware causes. The use of segmentation with redundancy limits the adversary’s ability to execute the attack plan and maintain a presence in the enterprise. Using substantiated integrity the defenders are able to detect the adversary and curtail the adversary’s ability to control mechanisms to execute the attack plan, and maintain a presence.

Synergies & Barriers

Synergies among practices include Redundancy’s use of Substantiated Integrity.

Barriers to adoption include:

Just Ahead

Advanced adversaries will have already achieved a foothold in the organization's infrastructure. They will use this position and stealth to compromise the organization's communication during recovery. In response the organization needs to deceive the adversary using false communication paths, causing the adversary to prematurely reveal their presence and techniques. Diversity combined with redundancy will also be used, to provide secure communication paths that are independent of the original paths, and not subject to the same attacks. In addition there are new tools for substantiated integrity that indicate whether a man-in-the-middle or a code inject attack has occurred.

See Key Concepts and Terms for definitions

Previous Activity Back to Menu Next Activity