Towards a new cyber threat actor typology

Towards a new cyber threat actor typology

a hybrid method for the NCSC cyber security assessment

Samenvatting

For some years a cyber threat actor typology is used in the annual Cyber Security Assessment Netherlands. It has evolved over time and captures a set of actors with different motives, intentions and capabilities. In view of its age and rather intuitive development process, it is considered whether the current typology needs to be updated and improved in light of recent insights from science and cyber security practice. This report sets out to develop a new and systematic method to enable the National Cyber Security Centre (NCSC) of the National Coordinator for Security and Counterterrorism (NCTV) to continuously update its cyber actor typology. Section 3.5 contains a concise description of the framework, to be used as a standalone document. As part of the method description, a tentative new typology is developed. This can be found in Section 5.3.
The research questions which accompany the project goals were:

  1. To what extent is the current cyber actor typology validated by recent insights fromscience and cyber security practice and what design criteria for a new cyber actortypology can be identified?
  2. What method to develop a cyber actor typology satisfies the identified design criteriaand enhances or enriches the current cyber actor typology different cyber actors?
  3. To what extent can a typology be constructed based upon state-of-the art knowledgeon cyber actors and empirical data on cyber incidents, and what would the resultingtypology look like?

Inhoudsopgave

Preface
Executive summary
Leeswijzer

  1. Introduction
  2. Designing a method for a cyber threat actor typology
  3. The deductive approach - threat actor typology framework
  4. The inductive approach - data analysis
  5. A tentative new threat actor typology

Bibliography

Publicatiegegevens

Auteur(s):
Bruijne, M. de, Eeten, M. van, Gañán, C.H., Pieters, W.
Organisatie(s):
Delft University of Technology - Faculty of Technology, Policy and Management, WODC
Plaats uitgave:
Delft
Uitgever:
Delft University of Technology - Faculty of Technology, Policy and Management
Jaar van uitgave:
2017
Type rapport:
Eindrapport

Bestelinformatie

Adres:
Technische Universiteit Delft - Techniek Bestuur en Management
 
Jaffalaan 5
 
2628 BX Delft
Telefoon:
015-2789801
E-mailadres:
communication-tbm@tudelft.nl
Website:
https://www.tudelft.nl/en/tbm/

Onderzoekgegevens

Werktitel:
Categorisering en motieven cyberactoren
Projectnummer:
2740
Operationele status:
Afgerond