Operationalizing Offensive Social Engineering for the Air Force

Author

Bryan E. Skarda

Date of Award

3-5-2008

Document Type

Thesis

Degree Name

Master of Science in Cyber Operations

Department

Department of Electrical and Computer Engineering

First Advisor

Robert F. Mills, PhD

Abstract

Social engineering is the art and science of persuading individuals to bypass in place security mechanisms causing the unintended release of information. It is a low tech solution to a high tech problem and is as much an art as a science. As is true of many such solutions, social engineering is both ill-defined yet extremely effective. Its low cost, high payoff nature makes it an extremely attractive alternative to adversaries that do not have access to all the resources of a nation state. However, with full backing, the weapon can become that much more effective. Social engineering is something the Department of Defense already does. All branches of the military have Red Teaming organizations that use social engineering methods as part of their mission to assess and improve internal security measures. While network and physical protection mechanisms have become more robust, the human remains the weak point of any defense, and social engineering will nearly always succeed. As the Air Force organizes, trains, and equips its new cyber warrior force, it will need to operationalize social engineering principles in order to grow a repeatable, sustainable capability. However social engineering remains a poorly defined concept for the Air Force in particular and the Department of Defense in general. It is some- thing practiced but on a limited scope and with little standardization. Despite its successes, social engineering has yet to achieve widespread acceptance. The focus of this paper is on the use of offensive social engineering. There are three main points. First, establish legitimacy and demonstrate that social engineering is in fact compatible with existing Air Force and Joint military doctrine. This is done with a thorough analysis of doctrine and historical writings about military deception, psychological operations, and related concepts.

AFIT Designator

AFIT-GCO-ENG-08-07

DTIC Accession Number

ADA484842

Recommended Citation

Skarda, Bryan E., "Operationalizing Offensive Social Engineering for the Air Force" (2008). Theses and Dissertations. 2742.
https://scholar.afit.edu/etd/2742