Christopher,
ISO 27000 (Information technology - Security techniques - Information security
management systems - Overview and vocabulary)
defiChristopher,nes both terms, and differently:
2.4
attack
attempt to destroy, expose, alter, disable, steal or gain unauthorized access
to or make unauthorized use of
an asset (2.3)
2.45
threat
potential cause of an unwanted incident, which may result in harm to a system
or organization
The definition for attack seems appropriate. The definition for threat
is not
bad, but I prefer an older one, commonly used in the military context,
and which
matches with a trio of definitions for understanding security contexts:
Vulnerability - a flaw in a design of implementation of a security-relevent
protocol or system
Attack - more of less as above
Adversary - an entity with a set of motivations and capabilities to
effect an attack
Threat - a motivated, capable adversary. An adversary who is capable,
but not motivated, is not a threat. An adversary who is motivated, but
not capable, is not a threat.
A threat model articulates adversaries and often enumerates classes of
attacks, and
then discusses the perceived motivation and ability of adversaries to
effect attacks
against a system of interest.
We lack a threat model for the Internet. Most of our security protocols
do not
have published threat models (we didn't encourage this until recently) and
what is published typically is an attack model, not a threat model.
Most aspects of pervasive monitoring are indistinguishable from our
traditional attack
model, since that model already assumes adversaries that can engage in
passive and active wiretapping. If we had a real threat model, either it
would have included a discussion of nation states as adversaries with
the capabilities to do what we have seen that they
do, and a motivation to do so, or not. I'd like to see this document
explicitly discuss this.
Steve