THE CYBER COUNTERINTELLIGENCE PROJECT
The changing threat landscape
At the beginning of this decade there was a high level of trust in conventional cybersecurity approaches to ensure the confidentiality, integrity and availability of data and information for governments and the private sector alike. This confidence in the traditional cyber and information security methods was severely eroded during the past six years. Despite a continuing rise in global spend on cyber-security, governments and business continue to experience breaches of expanding impact. This can in part be attributed to the morphing of high-end threats, which is characterised by the blurring distinction between what was conventionally labelled as state-sponsored Advanced Persistent Threats (APTs) and the actions of other actors (such as criminal groupings, corporate entities, hacktivists). The tradecraft, activities and even aims of various classes of threat actors in cyber space are often difficult to separate and reflect state-grade skills in intelligence and counterintelligence. For state and non-state actors correspondingly, multi-vectored intelligence operations (e.g. human and technical means) are now a precursor to extensive breaches.
Cyber counterintelligence’s role and the status quo
The proactive countering of the above-noted threats is the signature role of Counterintelligence (CI) and its subset Cyber Counterintelligence (CCI). While CCI is not a wonder cure for all cyber ills, it offers a conceptual and practicable approach for state and non-state actors to assert their interests in the cyber arena. It combines clever, proactive defences with the engagement and exploitation of adversaries.
CI has been practiced for millennia and CCI has existed de facto in the state security apparatus of several countries for decades. However, it was only during the late 1990s that CCI crystallised as a formalised multi-disciplinary, specialisation field. Although CCI is not a novel concept, it is academically vastly, under-explored. In fact, outside the circles of governments’ security apparatus, some large corporates and niche vendors that offer specialised services, CCI remains mostly unknown and often misunderstood. Unclassified, academic literature on the subject is scarce, with formalised and academic training (outside the government sector) very limited.
CCI initiatives at the Cyber Security Centre
Against the above background, the Cyber Security Centre has launched a project aimed at the formalising of CCI as a multi-disciplinary field of academic inquiry within the South African context. Presentations on CCI were delivered at local forums such as the (ISC)2 Secure Johannesburg Conference (2013) and the IT Web Security Summit (2014). Concurrently, articles and papers were delivered at international, peer-reviewed conferences. The exceptionally positive feedback received on these papers prompted the Cyber security Centre to, in 2016, expand the project to include a Masters and Doctoral studies as well as a Fellowship (in cooperation with a state entity).
The Fellowship and Masters’ overall aim is to design a conceptual framework for CCI. Such a framework is critical to establish CCI as an academic sub-discipline, a topic of instruction and as a research field. Once completed, this framework will be a core component of an envisaged Certificate in Cyber Intelligence and Counterintelligence which the Centre hopes to launch in 2017.
The Doctoral research project will aim to ultimately develop a cyber counterintelligence maturity model for organisations, as well as the necessary toolkit to allow an organisation to do a self-assessment/test with regard to its own cyber counterintelligence maturity status. Leading to this, it is the intention of the research project to provide organisations with the ability to understand the concept of cyber counterintelligence in relation to cyber threat intelligence, cyber collection/espionage methods, national security; to further understand the need for cyber counterintelligence within organisations and how it can, and should fit into an organisations cyber and intelligence environment.
CCI-RELATED ARTICLES, PAPERS, PRESENTATIONS AND CURRENT RESEARCH
CCI-related articles, papers, presentations and studies completed or in progress are as follows:
- Jaquire, V.J. A Cyber Counterintelligence Maturity Model, in-progress thesis towards a D.Com (Informatics) at the Academy of Computer Science and Software Engineering, University of Johannesburg.
- Duvenage, P.C. A Conceptual Framework for Cyber Counterintelligence, in-progress dissertation towards an M.Com (Informatics) at the Academy of Computer Science and Software Engineering, University of Johannesburg.
- Duvenage, P.C., Sithole, T.G. and Von Solms, S.H. (2017) A Conceptual Framework for Cyber Counterintelligence – Theory That Really Matters. Paper presented at the 2017 European Conference on Cyber Warfare and Security (ECCWS 2017), Dublin, Ireland. PDF
- Jaquire, V.J. and Von Solms, S.H. (2017) Cultivating a Cyber Counterintelligence Maturity Model, Paper presented at the 2017 European Conference on Cyber Warfare and Security (ECCWS 2017), Dublin, Ireland. PDF
- Jaquire, V.J. and von Solms, S.H. (2017) Developing a Cyber Counterintelligence Maturity Model for Developing Countries, Paper presented at the 2017 IST-Africa Conference, Windhoek, Namibia. PDF
- Jaquire, V.J. and von Solms, S.H. (2017) Towards a Cyber Counterintelligence Maturity Model, Paper for the 12th International Conference on Cyber Warfare and Security, Wright State University & the Center for Cyberspace Research, Air Force Institute of Technology, Dayton, USA. PDF
- Van Niekerk, B. and Duvenage, P.C. (2016) Cyber Intelligence and Counterintelligence, Presentation at the ISACA Annual Conference (South African Chapter), Johannesburg. Presentation
- Duvenage, P.C., Von Solms, S. H. and Jaquire, V.J. (2016) Conceptualising Cyber Counterintelligence – Two Tentative Building Blocks, Paper presented at the 15th European Conference on Cyber Warfare and Security, University of the German Federal Armed Forces, Munich, Germany. PDF
- Duvenage, P. C. (2015) Cyber Counterintelligence – the silver bullet? Presentation at GovCon/AfricaCon 2015, Pretoria, South Africa.
- Duvenage, P. C., Von Solms, S.H. and Corregedor, M. (2015) The Cyber Counterintelligence Process - a conceptual overview and theoretical proposition, Paper read at the 14th European Conference on Cyber Warfare and Security, Hatfield, United Kingdom, July. Published in Conference Proceedings. PDF
- Duvenage, P. C. and Von Solms. S.H. (2015) Cyber Counterintelligence: Back to the Future, Journal of Information Warfare, Vol. 13, Issue 4, pp 42-56. PDF
- Duvenage, P. C. and Von Solms. S.H. (2014) Putting Counterintelligence in Cyber Counterintelligence, Paper read at the 13th European Conference on Cyber Warfare and Security, Piraeus, Greece, July 2014. Published in the Conference Proceedings.
- Duvenage, P. C. and Von Solms S.H. (2014) Cyber Counterintelligence - What is it and what has recent history taught us? , IT Web Security Summit, Sandton, South Africa.
- Von Solms, S.H. (2014) Cyber counter-intelligence makes a difference. Interview by Burrows, T., ITWeb Security, Johannesburg, 29 Apr 2014. PDF | ITWeb Article
- Duvenage, P. C. and Von Solms S.H. (2013) Business Cyber Counterintelligence, Presentation at the (ISC)2 Secure Johannesburg Conference, Johannesburg, South Africa.
- Duvenage, P. C. and Von Solms S.H. (2013) The Case for Cyber Counterintelligence, Paper read at the 5TH International Workshop on ICT Uses In Warfare and the Safeguarding of Peace, Pretoria, South Africa, November. Published in the Conference Proceedings (IEEE).