The "triptych of cyber security": A classifi cation of active cyber defence

In the fi eld of cyber security, ill-defi ned concepts and inconsistently applied terminology are further complicating an already complex issue1. This causes diffi culties for policy-makers, strategists and academics. Using national cyber security strategies to support current literature, this paper undertakes three tasks with the goal of classifying and defi ning terms to begin the development of a lexicon of cyber security terminology. The fi rst task is to offer for consideration a defi nition of “active cyber defence” (ACD). This defi nition is based upon a number of characteristics identifi ed in current academic and policy literature. ACD is defi ned here as the proactive detection, analysis and mitigation of network security breaches in real-time combined with the use of aggressive countermeasures deployed outside the victim network. Once defi ned, ACD is contextualised alongside two further approaches to cyber defence and security. These are fortifi ed and resilient cyber defence, predicated upon defensive perimeters and ensuring continuity of services respectively. This contextualisation is postulated in order to provide more clarity to non-active cyber defence measures than is offered by the commonly used term “passive cyber defence”. Finally, it is shown that these three approaches to cyber defence and security are neither mutually exclusive nor applied independently of one another. Rather they operate in a complementary triptych of policy approaches to achieving cyber security.