Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Aug 9, 2018

NBlog August 9 - cyberterms

With ISO/IEC JTC 1 / SC 27 still hopelessly bogged down trying to figure out what cybersecurity means, today I bumped into perhaps the most lucid cyber-definitions I've found to date in CNSS (Committee on National Security Systems) Instruction number 4009, a glossary of US government terms last updated in 2015.  

Here are most of the cyber-related terms from CNSSI 4009: 

active cyber defense 
Synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities. Source: DSOC 2011
cyber incident 
Actions taken through the use of an information system or network that result in an actual or potentially adverse effect on an information system, network, and/or the information residing therein. See incident. See also event, security-relevant event, and intrusion. 
Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. Source: NSPD-54/HSPD-23 
The interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Source: NSPD-54/HSPD-23 
cyberspace attack 
Cyberspace actions that create various direct denial effects (i.e. degradation, disruption, or destruction) and manipulation that leads to denial that is hidden or that manifests in the physical domains. Source: DoD JP 3-12 
cyberspace capability
A device, computer program, or technique, including any combination of software, firmware, or hardware, designed to create an effect in or through cyberspace. Source: DoD JP 3-12 
cyberspace defense 
Actions normally created within DoD cyberspace for securing, operating, and defending the DoD information networks. Specific actions include protect, detect, characterize, counter, and mitigate. Source: DoDI 8500.01 
cyberspace operations (CO) 
The employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. Source: DoD JP 3-0 
cyberspace superiority
The degree of dominance in cyberspace by one force that permits the secure, reliable conduct of operations by that force, and its related land, air, maritime, and space forces at a given time and place without prohibitive interference by an adversary. Source: DoD JP 3-12
defensive cyberspace operations (DCO)
Passive and active cyberspace operations intended to preserve the ability to utilize friendly cyberspace capabilities and protect data, networks, net-centric capabilities, and other designated systems. Source: DoD JP 3-12 
defensive cyberspace operation response action (DCO-RA) 
Deliberate, authorized defensive measures or activities taken outside of the defended network to protect and defend Department of Defense (DoD) cyberspace capabilities or other designated systems. Source: DoD JP 3-12
malicious cyber activity 
Activities, other than those authorized by or in accordance with U.S. law, that seek to compromise or impair the confidentiality, integrity, or availability of computers, information or communications systems, networks, physical or virtual infrastructure controlled by computers or information systems, or information resident thereon. Source: PPD 20
non-person entity (NPE) 
An entity with a digital identity that acts in cyberspace, but is not a human actor. This can include organizations, hardware devices, software applications, and information artifacts. Source: DHS OIG 11-121 
offensive cyberspace operations (OCO) 
Cyberspace operations intended to project power by the application of force in or through cyberspace. Source: DoD JP 3-12 
In military cyberspace operations, an abstraction of logical cyberspace with digital representations of individuals or entities in cyberspace, used to enable analysis and targeting. May be associated with a single or multiple entities. Source: DoD JP 3-12  
proactive cyber defense 
A continuous process to manage and harden devices and networks according to known best practices. Source: DSOC 2011 
Red Team
A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise cybersecurity by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. Also known as Cyber Red Team.
regenerative cyber defense 
The process for restoring capabilities after a successful, large scale cyberspace attack, ideally in a way that prevents future attacks of the same nature. Source: DSOC 2011

The glossary also notes that "cybersecurity" supersedes both "computer security (COMPUSEC)" and "information assurance (IA)".

So, the CNSSI definition for "cybersecurity" plus a few other cyber-terms cite "NSPD-54/HSPD-23" as their source.  That, in turn, appears to be a 2008 National Security Policy Directive from the White House originally classified top secret but then disclosed (with redactions) under the Freedom of Information Act in 2014 ... which goes some way towards explaining the ongoing confusion over cyber-terms. They could have elaborated but they'd have had to shoot us.

By the way, the CNSSI glossary also defines information security:
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Source: 44 U.S.C. Sec 3542 
Perhaps you might like to compare and contrast that against the cybersecurity definition. I've got better things to do right now: time to check for any more lambs.