Deception concepts: the elements of deception

Deception is not reserved for attackers. Defenders can play the deceptive game too, and it can be game changing. Here are four abstractions worth considering during deception planning. They come from the military deception literature, and they map cleanly onto defending a network.

Think of every piece of information as belonging to one of four quadrants, split on two questions: is it true or fictional, and do we want to reveal it or hide it?

NEDI: nonessential elements of deceptive information

Fictional information that is to be hidden. Information we can let attackers find, but not too obviously, because we do not want the deception to read as deceitful. Examples:

NEFI: nonessential elements of friendly information

Truths that are to be revealed. Information we are happy to share, truths that strengthen our position, affirm the attacker’s understanding, or otherwise support the story we want them to keep believing. Make them verifiable. Examples:

EEDI: essential elements of deceptive information

Fictional information that is to be revealed to the adversary. The traps, lures, and fiction we present, hoping to deceive and influence the adversary’s decisions and actions. These are our falsehoods. Examples:

EEFI: essential elements of friendly information

Truths that are to be hidden. Our real strengths, weaknesses, and anything we do not want the adversary to exploit or reveal. Examples:

Framing your deception program around these four buckets makes it much easier to reason about what to plant, what to confirm, what to fake, and what to protect.