This appropriately titled book belongs on the bookshelf of information security (InfoSec) professionals everywhere. Cyber denial, cyber deception, and other related topics are core issues affecting InfoSec at both tactical and strategic levels. The authors of this book are practitioners with both practical and theoretical knowledge coupled with the ability to write succinctly and effectively.
After a brief introductory chapter, there is an interesting chapter on how denial and deception have been used historically and how this motivates its application in computing. The third chapter addresses cyber kill chains and deception chains before looking at intrusion campaigns with a focus on tactics, techniques, and procedures (TTPs). There are two case studies in the fourth chapter: the Stuxnet campaign against the Iranian nuclear program and a hypothetical (yet realistic) espionage scenario based on an advanced persistent threat (APT). That second scenario and the following chapter look at Red (attacker)/Blue (defender) team exercises on practicing cyber-D&D (denial and deception). Chapters 6 and 7 look at key considerations, adaptation, and countering D&D. Chapters 8 and 9 introduce a framework for a cyber-D&D maturity model before presenting a spiral life cycle management approach. Chapter 10 concludes the body of the text with a look to the future and other closing thoughts.
There are five helpful appendices provided after the body of the text. The first appendix provides an important taxonomy for cyber-D&D that covers malicious actor usage and defender usage, followed by more specific classifications with related explanations. It is an excellent reference for a number of key concepts in the book. The second appendix has checklists for creating false virtual persona. The third appendix lists some maxims for offensive deception operations and their adaptation to defensive cyber-D&D. The fourth appendix addresses both historical and recent research on components for a mature D&D capability. The last appendix gives a brief list of acronyms plus a rather complete glossary of terms one typically encounters in the D&D literature. Extensive relevant references follow the appendices, and many helpful figures and tables are provided throughout.
This noteworthy book is very well organized and presented. It can be skimmed or studied in depth, depending on the needs of the reader. In my opinion, this book is important for virtually everyone in the InfoSec world and is a valuable resource for practitioners as well as researchers.
