Defining the Challenges of a Modern Moving Target Threat Model: Exploiting the Advantages of a formal Technical and Cyber Security Program
- Traditional security approaches have relied on the ad hoc application of Technical Surveillance Countermeasures (TSCM), Physical Security and Cyber Security concepts. Unfortunately, the resulting piecemeal approach to security is certain to leave gaps and weaknesses that will be found and exploited by a determined and resourceful attacker. At the same time, advances in technology on both sides are creating seemingly infinite opportunities for attackers:
- Powerful tools for compromising information technology and communications systems continue to be developed and deployed;
- Sophisticated, surveillance technologies are widely available at low cost;
- Data can be collected from publicly available sources for use in an intelligence context (open-source intelligence);
- Social engineering approaches (with remarkable success) can be used to acquire information from an organization’s employees (HUMINT), induce them to make mistakes, or be used to spread misinformation damaging the organization’s reputation.