Tools and Technologies for Professional Offensive Cyber Operations

Abstract

Since 2008, several countries have published new national cyber security strategies that allow for the possibility of offensive cyber operations. Typically, national strategies call for the establishment of a cyber operations unit capable of computer network defence, exploitation, and, in some nations, attack. The cyber operations unit will be manned by professionals and operate under government authority compliant with national and international law. Our research focuses on offensive cyber operations (i.e. computer network exploitation and attack). The cyber unit must be provided with the right resources, in the form of accommodation, computing and networking infrastructure, tools and technologies, doctrine, and training. We contend that the open literature gives an unbalanced view of what tools and technologies a professional group needs because it emphasizes malware and, to a lesser extent, the delivery media used by cyber criminals. Hence, the purpose of this paper is to identify systematically the tools and technologies needed for professional, offensive cyber operations. A canonical model of the cyber attack process was obtained by rationally reconstructing a set of existing attack process models found in the literature. This canonical model was formalized using Structured Analysis and Design Technique (SADT) notation, in which processes are logically linked by inputs, outputs, controls, and mechanisms. A set of tools and technologies was extracted from the mechanisms. The canonical model and set of tools and technologies have been checked by subject matter experts.