# A Systematic Approach to Cyber Deception (Part 1 of 4)

# Introduction
This series is about 

> Knowing ourselves, our enemy & plan in a way to conjure "grounds" & "weather" to our advantage. 

This approach is adapted from a joint-paper by [Mohammed H. Almeshekah](https://scholar.google.com/citations?user=EwhD0vEAAAAJ&hl=en) and [Eugene H. Spafford](https://scholar.google.com/citations?user=MkC5kHcAAAAJ&hl=en), published by [Springer International Publishing](https://www.springerprofessional.de/en/cyber-security-deception/10498858) Switzerland 2016. I will share practical pointers through a series of questions in the context of **I**ndustry **I**nternet-**o**f-**T**hings & **O**perational **T**echnology networks. 

## What is Cyber Deception?
`Cyber` refers to **C**yber-**P**hysical **S**ystems related to Industrial networks, such that impacts may result to Safety & Availability consequences. Deception is about faking it to achieve both early warning & deterrence but also diversions (from real assets) for the undeterred. But how is that achieved?

>It always involves two basic steps, hiding the real (dissimulation) and showing the false (simulation).

## Considerations Specific to Industrial Networks
1. Safety Risks
2. Availability Risks
3. Realism to attackers
4. Secrecy 

The first 3 **P**rimary **C**onsiderations (or PCs in short), are self explanatory. The 4th point depends on the overall objective. For the purpose of honeynet to lure & collect intelligence, a lack of secrecy could ruin the entire effort. For the purpose of deterrence, secrecy may not be a PC since attackers may back off knowing that it is a trap. 

## Phases of Cyber Deception Campaign
A campaign is divided into 3 phases: `Planning > Implementation & Integration > Monitoring & Evaluating`. We need to be mindful with the earlier considerations; Safety, Availability, Realism & depending on strategic goal(s), Secrecy throughout the phases:

A further break-down of the 3 Phases is as follow:

![stepsForCyberDeception.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1615270350744/dug8uKFPA.png)

`Figure 1`

The 1st two considerations of Safety & Availability are related to `step 6` of identifying risks & countermeasures. I will explain the remaining steps along the way. An astute reader may ask: _Why bother with all these, isn't there Deception 2.0 **C**ommercial-**O**ff-**T**he-**S**helf solutions?_

I will further explain how a combination of COTS together with custom deception to deal with Advanced Threat Actors by exploiting inherent mental biases that they may hold.

> Why combined? We **must** assume Advanced Threat Actors to have the resources to figure out COTS Deception solutions & getting into our networks through routes we least expect.

In the  [next part of this series](https://blog.jym.sg/a-systematic-approach-to-cyber-deception-part-2-of-4) , I will cover `How to plan & measure success?`.
