Computer scientists at Lockheed-Martin corporation described in 2011 the usage of a new "intrusion kill chain" framework or model to defend computer networks.^[1] They wrote that attacks may occur in stages and can be disrupted through controls established at each stage. The kill chain can also be used as a management tool to help continuously improve network defense. Threats must progress through seven stages in the model:

• Reconnaissance: Intruder selects target, researches it, and attempts to identify vulnerabilities in the target network.
• Weaponization: Intruder creates remote access malware weapon, such as a virus or worm, tailored to one or more vulnerabilities.
• Delivery: Intruder transmits weapon to target (e.g., via e-mail attachments, websites or USB drives)
• Exploitation: Malware weapon's program code triggers, which takes action on target network to exploit vulnerability.
• Installation: Malware weapon installs access point (e.g., "backdoor") usable by intruder.
• Command and Control: Malware enables intruder to have "hands on the keyboard" persistent access to target network.
• Actions on Objective: Intruder takes action to achieve their goals, such as data exfiltration, data destruction, or encryption for ransom.

A U.S. Senate investigation of the 2013 Target Corporation data breach included analysis based on the Lockheed-Martin kill chain framework. It identified several stages where controls did not prevent or detect progression of the attack.^[2]

	This file is a work of a sailor or employee of the U.S. Navy, taken or made as part of that person's official duties. As a work of the U.S. federal government, it is in the public domain in the United States.
	This file has been identified as being free of known restrictions under copyright law, including all related and neighboring rights.

https://creativecommons.org/publicdomain/mark/1.0/PDMCreative Commons Public Domain Mark 1.0falsefalse