Coronavirus (Covid-19): Latest updates and information
Skip to main content Skip to navigation

Proactive Cyber Defence

Introduction

The rapid developments in information technology and the proliferation of devices and applications have enabled digital communications at a scale never seen before. The issue of securing the cyberinfrastructures that facilitate these communications has attracted the same level of attention as natural disasters and significant stock market crises. This is because unforeseen security challenges in our networked technologies manifest catastrophic impact on human-to-human, human-to-machine, and machine-to-machine activities carried out over the cyberspace. This module seeks to introduce the students to the state-of-the-art in effective and proactive cyberattack deterrents, including tools and techniques that can have long-term benefits in organisational policies while maintaining the resilience of our agile and delicate cyberinfrastructures.

This module aims to introduce the students in the fundamental strategies and emerging tools, techniques and approaches to deter orchestrated cyberattacks and mitigate their impact. Students will be introduced in network security engineering principles and fundamentals in CIAA and AAA while building their understanding of cyber incidents, including their effects, actors and drivers.

The module equips the participants with an in-depth understanding of the fail-safe capabilities of different systems and mechanisms used to analyse targeted and multi-stage cyber attacks. Students will establish a firm and in-depth knowledge in network security protocols, including their design philosophy and their weaknesses exploited by motivated and resourceful adversaries.

The module also seeks to equip students with the technical explication of threat modelling in identifying and ranking threats against a variety of scenarios using industry-led and experimental approaches. Students are expected to critically synthesise tools and approaches to adequately model threat landscapes against efficient and autonomous information systems while transferring these skills in different areas where potential threats to business operations might be present.

Objectives

  • Critically synthesise and apply knowledge of different domains in information security in building an understanding of denying, disrupting, destroying, and manipulating capabilities of adversarial actors.
  • Provide an in-depth and systematic understanding of methodologies, tools and techniques used in network defence and attack analysis in terms of their effectiveness and suitability in different organisational contexts and threat landscapes.
  • Quantify the probability and impact of cyber-attack using modelling techniques such as attack trees, attack graphs and fault trees and present them to key stakeholders of all levels in an organisation in an easily understood manner.
  • Flexibly and autonomously apply knowledge on the creation of innovative and pragmatic solutions in network defence as a response to multi-faced, sophisticated and destructive cyber attacks.

Syllabus

  • Confidentiality, integrity, availability. Applied cryptography with applications to confidentiality, integrity; privacy vs confidentiality, trustworthiness and accuracy of data; business continuity and disaster recovery principles.
  • Authentication, authorisation and accounting (the AAA of cyber security).Public key infrastructure and Identity management; Protocols for authentication and key establishment;. Access control, Network Access Controls, (NAC); Network Access Protection (NAP); Kerberos; Firewall Technologies, IDPS; HoneyPots; VoIP security
  • Vulnerabilities. Constituent elements of a vulnerability: pre-conditions, pre-condition logic, exploits, post-conditions. Vulnerability inventories, disclosure and mitigation; Standard Security Description references; Cyber mission system development frameworks; Cyber defence measurables & evaluation criteria. Virtualisation and the challenges it brings; Threat modelling and vulnerability analysis.
  • Standard security descriptors, DDoS, EDoS and its variations; Intelligence gathering for adaptive network defence; Kill-chain model and the APTs paradigm; STIX and CybOX; Threat actors. Cyber criminals, hacktivists, state-sponsored attackers (advanced persistent threats) and insider threats (malicious, incompetence, negligence); Cyber threat analytics
  • Semantic network and threat modelling techniques. Attack graphs, attack trees and fault trees. The application of attack modelling techniques in aiding attack analysis, event prediction, outlining of mitigation strategies. investigation of incidents and system hardening; STRIDE; DREAD; Experimental approaches; Threat Model Validation & DFDs; Diagram types & Trust Boundaries
  • Cyber security in industrial contexts. Supply-chain, autonomous vehicles, cyber physical systems, IoT.

Assessment

Post-Module Assessment - 3,500 words Case Study on Threat Identification and System Hardening (100%)

Duration

2 weeks including 15 hours of lectures, 13 hours of seminars, 12 hours of tutorials