The motivation behind an attack and attacker psychology is the most complicated aspect. In the Risk Management for computer security textbook, the method to tackle various threats is explained, addressing specific subjects integrated with a particular organization. However, from my understanding of the methods, I would initially evaluate the organization’s external scope and its national/international stance. Later I would list and evaluate all the critical components of the organization and further estimate the impact and extensible scope of each individual asset. Here we are dealing with cyber terrorism; we can understand the motivation and extent of measure the attacker is willing to go and further possible interests. So initially listing the possible threats, evaluating their probability, and further estimating the potential capability of various potential cyber terrorism activists’ groups in general. Which gives the maximum potential of a threat and aids in assessing the worst-case scenario. Further, considering the worst-case scenario evaluate the organization system for vulnerabilities and assess risk and impacts. And build a resiliency robust enough to tackle and defend against possible attacks and limit the impact and scope of the attack.
Schneier attack trees have many similarities with Jones’ and Ashenden’s. They can be used to solve the same problem. However, the requirements change slightly. Jones’ and Ashenden’s is best suited for estimating possible threats, their capabilities, impacts, catalysts to attacks, and Possible Threat amplifiers for a specific system. This method gives out the overall or possible, or potential estimates. However, Schneier attack trees concentrate and are best suited to one specific goal of one specific threat. The Tree involves all the elements of a particular incident and provides a clear method of evaluating the possibility of each individual event of a threat and attempts to provide a better estimation of that particular threat launching a successful attack.
Cyber Threat analysis tools have come a long way with evolving technologies like AI and Machine Learning to automate and bring in new possibilities. The best example would be IBM’s Insider Threat evaluating the possibility of an employee going rogue used to be pure instincts. But not anymore with machine learning and data, including personality traits from Big 5 personality tests, system logs, network logs, and user activity. IBM integrated the intelligence to detect an anomaly or malicious activity and, moreover to predict the probability of a malicious act by an individual.
DHS threat reporting procedures diversity into many categories. It encourages users to report any life-threatening threat as an emergency to 911 and further any suspicious activity in any form, either physically or cyber. And third category information sharing to the benefit of national security to NSI (Nationwide Suspicious Activity Reporting (SAR) Initiative).
From an attacker’s perspective with evident motive, the malicious actor might set a goal of malicious intent to result in harming the organization, for example. By using Schneier’s Attack Trees root and leaf node methodology, he/she can launch a sophisticated attack with an increased probability of success. The reason is simple it allows an attacker to recognizance until the specific goal is achieved or a solution to his problem is found. He then understands the weak links and possibilities. The methodology also allows the attacker to conduct a feasibility study and compute cost and effectiveness. The methodology aids the attacker in understanding his current strengths and his position in the process of achieving his goal. With further helps the attacker to improve and be ready for a much-sophisticated attack that might be successful. The node values, such as Boolean, help the attacker to organize and improve his thinking process in making his decisions. And continuous nodes like cost & Probability would help him be more efficient in planning and other pre-attack analysis and further estimating the outcome more accurately rather than on instincts. The scalability of these trees can be of huge advantage to an attacker; a new Zero Day or vulnerability found or a new skill he acquired can be easily included in the method without the need to build the whole tree from scratch. Due to this, attackers can take advantage of a new vulnerability before the organization can fix it.
References:
Shostack, A.. “Threat Modeling: Designing for Security.” (2014)(Chapter 4).
https://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.878.9000&rep=rep1&type=pdf
https://threatconnect.com/blog/7-threat-intelligence-tools-your-team-needs/