Intelligence, Surveillance, and Reconnaissance and Electromagnetic Warfare Methods for Cyber Signature Production: A Conceptual Model

摘要

The purpose of this paper is to offer a methodology using the already mature signature production capabilities offered within the intelligence and electromagnetic warfare fields to develop a similar capability for cyber operators. Not only will the tools and TTPs assist in target and signature production, but they will also make attribution much easier by capturing the common location, profile, and parametric data necessary to identify and to verify adversary identities. In the information related capability (IRC) disciplines of intelligence, surveillance, and reconnaissance (ISR) and electromagnetic warfare (EW), signature production based on parametric data, adversary tactics, techniques, procedures (TTPs), and methodologies have long been the operational answer to the attribution and targeting malaise. Cyber has historically been considered an information related capability to intelligence, surveillance, and reconnaissance and electromagnetic warfare and the recent strategic shift to combine these information-related capabilities (along with information operations) into a super-strategic construct offers further connectivity between all of these information related capabilities through TTPs, philosophies, and analytical prowess. Here, the author will further develop how to potentially construct cyber signatures for adversary attribution, tracking, and targeting using intelligence, surveillance, and reconnaissance analysis and techniques, electromagnetic warfare methods and technology, and will explore how these can be integrated with current cyber methods and analytical scaffolds. Additionally, a conceptual cyber signature capability model will be presented.