GT - Cognitive Security and Social Engineering: A Systems-Based Approach

Описание: Ground Truth, 14:00 Wednesday

Cognitive Security is differentiated from more traditional security domains in three ways. First, cognitive security is concerned with protecting cognitive systems not necessarily humans; second, cognitive security considers multiple dimensions of system interaction, and third cognitive security considers multiple scales of operation. Adopting a “systems” perspective considers the interconnectedness of system elements, the function of the system, and scalability; systems-of-systems which may result in one system influencing another. This can be problematic from a security perspective because an effect might be induced in one system that causes an effect in another system, without the effected having visibility into the original cause. Three scales of engagement: the tactical level (single engagements), the operational level (multiple engagements), and the strategic level (traditional security concerns in addition to political and economic levers); combed with an extended OSI Model which includes Layers 8, 9, and 10 to describe human factors, describes a full stack for cognitive security. In order to successfully launch a cognitive attack, threat actors must achieve the objectives of four phases of a Cognitive Security Attack Cycle: Collection, Preparation, Execution, and finally Exploitation. Each phase of the implies points of vulnerability at which an attack might be disrupted.

Matthew Canham, Dr. Ben D. Sawyer