Cyber Attack Models: What are they?

Attack models describe the structure of an attack in phases.   They provide a means to conceptualize the different aspects of an attack.  However, it is important to understand that not all attacks must complete all phases to be successful.  In fact, many attacks iterate recursively through the phases of an attack model.  Kill Chain is a military term used to describe the structure (or phases) of an attack.  In a military context, the process is described as find, fix, track, target, engage, assess (F2T2EA): find adversary targets suitable for engagement; fix their location; track and observe; target with suitable weapon or asset to create desired effects; engage adversary; assess effects.  Scientists at Lockheed Martin used this concept to develop the Cyber Kill Chain.   It was described in a paper presented in 2011 at the 6th Annual International Conference on Information Warfare and Security (Intelligence-Driven Computer Network Defense…).  Some people love it — others, not so much.  Regardless, it has become an almost standard framework which others have altered or extended in different ways.  Let’s do a high-level fly-over, examine some of the criticisms, and then take a look at a couple of variants! (more…)