Defense-in-Depth practices are failing as a result of the significant changes brought by advanced persistent threats (APTs) and globally scaled networks utilized by the internet of things (IoT). APTs evade Defense-in-Depth architecture by accessing resources, building unique attack methods that can change, and sustaining an attack. IoT challenges Defense-in-Depth practices in that its devices have custom platforms and use low resources; moreover, a projection of 50 billion devices by 2020 makes anti-virus and monitoring difficult to implement. Countering threats perpetrated by APTs and IoT is a matter of changing the approach of cyber-defense thinking. This research project examined how Defense-in-Depth’s idea of preventing all cyber incidents is unsustainable. It further examined the active cyber defense cycle (ACDC) and cyber resilience to show that anticipating cyber incidents and controlling failure mitigates the impact of a cyber incident. ACDC anticipates cyber incidents by changing the monitoring and response to an incident by using threat intelligence and threat environment manipulation. Cyber resilience controls the failure domain by adding diversity and redundancy to systems. Two key findings are that ACDC and cyber resilience do not account for IoT devices and that they do not consider the impact of people during cyber incidents. Future research should apply ACDC and cyber resilience to IoT and to the role of people in a cyber incident with a focus on confidentiality and integrity attacks.
|Advisor:||Pantani, Paul, Plude, David|
|School Location:||United States -- New York|
|Source:||MAI 81/7(E), Masters Abstracts International|
|Subjects:||Information Technology, Computer science|
|Keywords:||Active cyber defense cycle, Advanced persistent threat, Cyber resilience, Cybersecurity, Defense-in-depth, Internet of Things|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be