Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
ADDRR: A counter kill chain cyber security model
Cyber Security: A Peer-Reviewed Journal,
3
(3),
233-255
(2020)
Abstract
In his book Black Box Thinking, Matthew Syed compares the open approach the aviation industry takes in learning from disasters with the response often taken by the medical profession — the latter more reluctant to investigate incidents and share findings. The ADDRR model introduced in this paper advocates taking aviation’s ‘black box’ approach by having the tenacity to investigate the cause of breaches, learn from mistakes and share lessons learned. This will help all organisations improve their security posture. The ever-changing cyber threat environment also means that current models that guide defence strategies and tactics (for example Lockheed Martin’s Cyber Kill Chain Model and frameworks such as NIST) cannot remain static. The ADDRR model’s contribution to evolving cyber security thinking can be summarised in five key messages: 1) invest in a beefed-up ‘assess’ function that is thirsty for understanding and intelligence sharing; 2) incorporate a new ‘redesign’ objective that demands business and technology teams work together to create more secure products, processes and services that earn trust and generate sustainable growth; 3) consider the maturity and effectiveness of your investments in the five layers of the ADDRR model (assess, defend, detect, respond, redesign) and in protecting against five threat vectors (internal, external, third parties, compliance, IoT/OT devices); 4) mature your SOC capability into a ‘cyber nerve centre’ (incorporating automation and AI) that proactively manages the security of IT, facilities and business operations and provides the Board with a 360-degree view of its business resilience and cyber risk posture; and 5) evaluate the value to the business from investment in security and translate the greater resilience and lower risk/cost of a breach into Goodwill and shareholder value. The final message is a positive one. By introducing a redesign function, the model harnesses the creativity of the human resources of an organisation and gives employees, partners and customers the opportunity to work together to generate new services and stronger, more resilient businesses and ecosystems.
Keywords: cyber; security frameworks; cyber operations; vulnerability assessments; kill chain; maturity model; resilience
The full article is available to subscribers to the journal.
Author's Biography
Alex Henneberg is a digital consultant, supporting public and private sector organisations in creating more efficient, secure and engaging services for users and consumers. He has previously worked as Director of Digital Security and Emerging Technologies at Sopra Steria, where he was also a member of the Digital Board. Alex has supported CIOs and CISOs in their role as trusted advisers to their business and as agents for digital transformation. His expertise is in recognising opportunities for engaging and integrating digital capabilities such as security, cloud, artificial intelligence, automation, user design and innovation in order to create value and improve lives for organisations and individuals. Alex has engaged in many digital initiatives, including introducing 24x7 digital services to local councils and other public sector organisations; creating a proposition to tackle childhood obesity through a secure Internet of Things/blockchain-based activity and behaviour change programme; and establishing a more proactive and intelligence-led security operations centre. Alex is an evangelist for collaboration, innovation and open, informed communication between the business and security functions and has written a number of articles on these themes.
