Proactive cyber defence

From Wikipedia, the free encyclopedia
  (Redirected from Proactive Cyber Defence)
Jump to navigation Jump to search

Proactive cyber defense or active cyber defense (ACD) means acting in anticipation to oppose an attack involving computers and networks. Proactive cyber defense will most often require additional cybersecurity from internet service providers.

Some of the reasons for a proactive defense strategy are about cost and choice. Making choices after an attack are difficult and costly. Proactive defense is key to mitigating operational risk.


In the fifth century, B.C., Sun Tzu advocated foreknowledge (predictive analysis) as part of a winning strategy. He warned that planners must have a precise understanding of the active threat and not "remain ignorant of the enemy's condition". The thread of proactive defense is spun throughout his teachings.

Psychiatrist Viktor Frankl was likely the first to use of the term proactive in his 1946 book Man's Search for Meaning to distinguish the act of taking responsibility for one's own circumstances rather than attributing one's condition to external factors.

Later in 1982, the United States Department of Defense (DoD) used "proactive" as a contrary concept to "reactive" in assessing risk. In the framework of risk management "proactive" meant taking initiative by acting rather than reacting to threat events. Conversely "reactive" measures respond to a stimulus or past events rather than predicting the event. Military science then and now considers defense as the science-art of thwarting an attack. Furthermore, doctrine poses that if a party attacks an enemy who is about to attack this could be called active-defense. Defense is also a euphemism for war but does not carry the negative connotation of an offensive war. Usage in this way has broadened the term to include most military issues including offensive, which is implicitly referred to as active-defense. Politically, the concept of national self-defense to counter a war of aggression refers to a defensive war involving pre-emptive offensive strikes and is one possible criterion in the 'Just War Theory'. Proactive defense has moved beyond theory. It has been put into practice in theatres of operation.

In 1989 Stephen Covey's The Seven Habits of Highly Effective People, published by Free Press, transformed the meaning "to act before a situation becomes a source of confrontation or crisis". Since then, "proactive" has been placed in opposition to the words "reactive" or "passive".


Cyber is derived from "cybernetics", a word originally coined by a group of scientists led by Norbert Wiener and made popular by Wiener's book of 1948, Cybernetics or Control and Communication in the Animal and the Machine. Cyberspace typically refers to the vast and growing logical domain composed of public and private networks; independently managed networks linked together through the lingua franca of the Internet, the Internet Protocol (IP). The definition of Cyberspace has been extended to include all network-space which at some point, through some path, may have eventual access to the public internet. Under this definition, cyberspace becomes virtually every networked device in the world, which is not devoid of a network interface entirely. There is no air-gap anymore between networks.

The origins of cyber defense undoubtedly evolved from the original purpose of the Internet which was to harden military networks against the threat of a nuclear strike. Later cyber defense was coveted by the tenets of information warfare and information operations.

The rapid evolution of information warfare operations doctrine in the 1990s embraced a proactive preemptive cyber defense strategy.

Current status[edit]

In the United States[edit]

"Information Warfare is an emergent reality that comes from a self-organization process that has never seen before. The problem is that we talk about it using terms that have well known connotations. And it is difficult to talk about something completely new using words that bring with them specific understanding and expectancies. The early period of the automobile faced a similar situation. At one time it was called a "horseless carriage" as this was the only way to define its essential quality. The car is more than a carriage without a horse. This is the dilemma we face when we discuss Information Warfare. The danger is that the uses of familiar words misrepresent and mask the true extend of the revolution that will have to take place if we are to be able to retain a military capacity in a new physical, social and cognitive space." - Dr. Robert Garigue in Information Warfare, 1994.

The National Strategy to Secure Cyberspace was published in February 2003 to outline an initial framework for both organizing and prioritizing efforts to secure the cyberspace. It highlighted the necessity for public private partnerships. Proactive threads include the call to deter malicious activity and prevent cyber attacks against America's critical infrastructures.

The notion of "proactive defense" has a rich history. The hype of "proactive cyber defense" reached its zenith around 1994. This period was marked by intense "hype" discussions under the auspices of Information Warfare. Much of the current doctrine related to proactive cyber defense was fully developed by 1995. A number of programs were initiated then, and advanced to full operation by 2005 including those of hostile states. Meanwhile, the public discussions diminished until the most recent resurgence in proactive cyber defense 2004-2008. Now most of the discussions around proactive defense in the literature are much less "proactive" than the earlier discussions in 1994 or existing operational programs. 'Proactive' is often used to hype marketing of security products or programs, in much the same way that "extreme" or "quality" adjectives have been misused.[1]

The hype-cycle of discussion reached its peak in 1994. Present-day proactive cyber defense strategy was conceived within the context of the rich discussion that preceded it, existing doctrine and real proactive cyber defense programs that have evolved globally over the past decade. Dr. Robert John Garigue, a computational epistemologist and father of information warfare in Canada, published Information Warfare, Developing a Conceptual Framework. This was a landmark document in 1994 and genesis for proactive cyber defensive theory in Canada.

Dave McMahon, who sat on the interdepartmental committee on Information Warfare with Dr. Robert Garigue in the 1990s wrote: Strategic listening, core intelligence and a proactive defence provide time and precision. Conversely, reacting in surprise is ineffective, costly and leaves few options. Strategic deterrence needs a credible offensive, proactive defence and information peacekeeping capability in which to project power and influence globally through Cyberspace in the defence of Canada. Deterrence and diplomacy are required in the right dosage to dissuade purposeful interference with Canadian national critical cyber infrastructures by foreign states. [2]


The Information Assurance Directorate (IAD) worked with private companies and government networks to plug security holes before they can be exploited in cyberattacks and was merged with its offensive counterpart, the Signals Intelligence Directorate in 2016.[3] In 2013 a presidential advisory committee recommended that the US Government should increase the use of encryption, and urge US companies to do so, in order to better protect data.[4] In 2016 senior DoD officials said that the Defense Department supports strong encryption to protect military capabilities and US economic security and competitiveness.[5]

Intelligence agencies such as the NSA were criticized for buying up and stockpiling zero-day vulnerabilities, keeping them secret and developing mainly offensive capabilities instead of defensive measures and helping patch vulnerabilities.[6][7][8][9]

This criticism was widely reiterated and recognized after the May 2017 WannaCry ransomware attack.[10][11][12][13][14][15]

In a March 9 press release on the Vault 7 documents WikiLeaks released 2 days earlier, Julian Assange states that much of the leak's remainder included unpatched vulnerabilities and that he was working with IT companies such as Microsoft and Google to get these vulnerabilities patched as he would not release information which would put the public at risk, and as fixes were released by manufacturers he would release details of vulnerabilities.[16]

Proactive pre-emptive operations[edit]

"Effective cyber defenses ideally prevent an incident from taking place. Any other approach is simply reactive. FedCIRC, the NIPC, the NSIRC, the Department of Defense and industry components realize that the best [action] is a pre-emptive and proactive approach." - Sallie McDonald, the Assistant Commissioner for the Office Of Information Assurance and Critical Infrastructure Protection, Federal Technology Service and General Services Administration; in offering testimony about the National Infrastructure Protection Center (NIPC) and the Federal Computer Incident Response Center or FedCIRC; before The Subcommittee on Terrorism Technology and Government Information Committee on Judiciary and the United States Senate on July 25, 2001.

The notion of a Proactive Pre-emptive Operations Group (P2OG) emerged from a report of the Defense Science Board (DSB), 2002 briefing. The briefing was reported by Dan Dupont in Inside the Pentagon on September 26, 2002, and was also discussed by William M. Arkin in the Los Angeles Times on October 27, 2002. The Los Angeles Times has subsequently quoted U.S. Secretary of Defense Donald Rumsfeld revealing the creation of the "Proactive, Pre-emptive Operations Group". The mission of the P2OG is reportedly to conduct Aggressive, Proactive, Pre-emptive Operations to interdiction and disruption the threat using: Psychological operations, Managed Information Dissemination, Precision Targeting, Information Warfare Operations, and SIGINT... The proactive defense strategy is meant to improves information collection by stimulating reactions of the threat agents, provide strike options and to enhance operational preparation of the real or virtual battle space. The P2OG has been recommended to be constituted of "one hundred 'highly specialized people with unique technical and intelligence skills such as information operations, PSYOPS, network attack, covert activities, SIGINT, HUMINT, SOF, influence warfare/deception operations and to report to the National Security Council with an annual budget of $100 million". The group would be overseen by the White House's deputy national security adviser and would carry out missions coordinated by the secretary of defense or the CIA director. "The proposal is the latest sign of a new assertiveness by the Defense Department in intelligence matters, and an indication that the cutting edge of intelligence reform is not to be found in Congress but behind closed doors in the Pentagon." - Steven Aftergood of the Federation of American Scientists. DoD doctrinally would initiate a 'pre-emptive' attack on the basis of evidence that an enemy attack is imminent. Proactive measures, according to DoD are those actions taken directly against the preventive stage of an attack by the enemy.

See also[edit]


  1. ^ "Proactive Cyber Defense". Google Tech Talk. Retrieved 16 June 2012. 
  2. ^ "Information Warfare 2.0". 
  3. ^ Yadron, Danny (3 February 2016). "NSA merging anti-hacker team that fixes security holes with one that uses them". The Guardian. Retrieved 6 January 2017. 
  4. ^ "NSA should stop undermining encryption standards, Obama panel says". Ars Technica. Retrieved 6 January 2017. 
  5. ^ "Senior Officials: DoD Supports Strong Encryption for Defense, Commerci". U.S. DEPARTMENT OF DEFENSE. Retrieved 6 January 2017. 
  6. ^ Schneier, Bruce (24 August 2016). "New leaks prove it: the NSA is putting us all at risk to be hacked". Vox. Retrieved 5 January 2017. 
  7. ^ "Cisco confirms NSA-linked zeroday targeted its firewalls for years". Ars Technica. Retrieved 5 January 2017. 
  8. ^ Greenberg, Andy. "The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days". WIRED. Retrieved 5 January 2017. 
  9. ^ "Trump Likely to Retain Hacking Vulnerability Program". Bloomberg BNA. Retrieved 5 January 2017. 
  10. ^ Wong, Julia Carrie; Solon, Olivia (12 May 2017). "Massive ransomware cyber-attack hits 74 countries around the world". The Guardian. Retrieved 12 May 2017. 
  11. ^ Heintz, Sylvia Hui, Allen G. Breed and Jim. "Lucky break slows global cyberattack; what's coming could be worse". Chicago Tribune. Retrieved 14 May 2017. 
  12. ^ "Ransomware attack 'like having a Tomahawk missile stolen', says Microsoft boss". The Guardian. 14 May 2017. Retrieved 15 May 2017. 
  13. ^ Storm, Darlene (2017-05-15). "WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight". Computerworld. Retrieved 2017-05-17. 
  14. ^ Smith, Brad. "The need for urgent collective action to keep people safe online". Microsoft. Retrieved 14 May 2017. 
  15. ^ Helmore, Edward (13 May 2017). "Ransomware attack reveals breakdown in US intelligence protocols, expert says". The Guardian. Retrieved 14 May 2017. 
  16. ^ "Wikileaks Vault 7 March 9th Press Conference [Full Transcript] — Steemit". 10 March 2017. 


  • A Proactive Holistic Approach To Strategic Cyber Defense, Bradley J. Wood, O. Sami Saydjari, Victoria Stavridou PhD., SRI International
  • Critical Infrastructure: Understanding Its Component Parts, Vulnerabilities, Operating Risks, and Interdependencies by Tyson Macaulay (Author) BN-13: 978-1420068351
  • Arquilla and Ronfeldt, Cyberwar is Coming, RAND corporation, published in the Journal of Comparative Strategy Vol 12.
  • Proactive Cyber Defense and the Perfect Storm. David McMahon 19 April 2008
  • Busey IV, Adm. James B., USN (Ret.), "Information Warfare Calculus Mandates Protective Actions", Presidents Commentary, Signal, October 1994, Official Publication of AFCEA, p. 15.
  • Campen, Alan D., ed., The First Information War, AFCEA International Press, Fairfax, VA, October 1992.
  • Defense Information Systems Agency, "Defensive Information Warfare (DIW)Management Plan", 15 August 1994, Version l.2, 4 sections and Appendices.
  • Directorate of Army Doctrine Update: Information Operations Doctrine Review, Sep 2005
  • Garigue, Lieutenant(N) R., Information Warfare: Developing a Conceptual Framework, Draft Ver 2.0 for Discussion, SITS/ADM(DIS), 10 July 1995.
  • Garigue, Robert, Mackie, Andrew, "From Provincial Action to National Security: A National Information Protection Agenda for Securing Government in Cyberspace", CIO Conference, Information Protection and Assurance White Paper, 16 April 1999.
  • Garigue, Robert. "On Strategy, Decisions and the Evolution of Information Systems". Technical Document. DSIS DND Government of Canada. 1992
  • Garigue, Robert. Information Warfare — Theory and Concepts, Ottawa: Office of the Assistant Deputy Minister — Defense Information Services, DND, Government of Canada Report, 1995.
  • Garigue, Robert. Information Warfare: Developing a conceptual framework. A discussion paper.
  • Garigue, Robert. On Strategy, Decisions and the Evolution of Information Systems. Technical Document. DSIS DND Government of Canada, 1992.
  • Government Accounting Office. Technology Assessment: Cyber security for Critical Infrastructure Protection. May 2004 (
  • Information Warfare, Developing a Conceptual Framework, Dr. Robert Garigue, 1993
  • Macaulay, Tyson — Critical Infrastructure: Understanding its Component Parts, Interdependencies, Vulnerabilities and Operating risks, 700 pages Auherbach publishing, June 2008
  • Macaulay, Tyson — Security Converged IP Networks: New requirements for information and Communications Technology Security and Assurance, 300 pages, Auherbach publishing, June 2006
  • McMahon, Dave, - A Canadian National Proactive Defense Strategy, Bell Canada, 800 pages, August 2004
  • McMahon, Dave, Rohozinski, Rafal - Combating Robot Networks and their Controllers, Bell Canada and the Secdev Group, 750 pages, August 2004
  • McMahon, Dave, Rohozinski, Rafal - Dark Space Report, Bell Canada and the Secdev Group 600 pages, December 2012
  • National Infrastructure Security Coordination Center NISCC Briefing 08/2005 Issued 16 June 2005, Targeted Trojan Email Attacks, Titan Rain
  • Network Centric Warfare: Developing and Leveraging Information Superiority, David S. Alberts, John J. Garstka, Frederick P. Stein, DoD C4ISR Cooperative Research Program, February 2000
  • Networks and Netwars: The Future of Terror, Crime, and Militancy, Edited by: John Arquilla, David Ronfeldt, RAND Corporation, 1999
  • Office of Homeland Security; The National Strategy to Secure Cyberspace, February 2003
  • Office of Information Assurance And Critical Infrastructure Protection Federal Technology Service General Services Administration Before The Subcommittee On Terrorism Technology And Government Information Committee On Judiciary And The United States Senate July 25, 2001
  • Schwartau, Winn. "Information Warfare — Chaos on the electronic superhighway "Thunder's Mouth Press, New York, 1994
  • Science Application International Corporation (SAIC), "Planning Considerations for Defensive Information Warfare — Information Assurance -", 16 December 1993, 61 pages.
  • "Seeking Symmetry In Fourth Generation Warfare: Information Operations In The War Of Ideas", K. A. Taipale, Executive Director, Center For Advanced Studies NYLS, Bantle-INSCT Symposium March 29–30, 2006
  • Subcommittee on Emerging Threats and Capabilities, Committee on Armed Services United States Senate Hearing on Cyber Security and Critical Infrastructure Protection, Martin C. Faga, Executive Vice President, The MITRE Corporation, March 1, 2000
  • Toffler, Alvin, and Heidi Toffler. War and Anti-War. New York: Warner Books, 1995. 370pp. (U102 .T641 1995)
  • What Works in Implementing the U.S. National Strategy to Secure Cyberspace Case Studies of Success in the War on Cyber crime and Cyber Espionage, A SANS Consensus, Document Version 1.0 December 10, 2007

External links[edit]