Cyber Principles November 2010 Bob Gourley. The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace.

Slides:

Advertisements

Similar presentations

Marc Grégoire, DRDC Ottawa Luc Beaudoin, Bologik Inc.

Advertisements

Air Force Core Functions

1 Protecting the Long Island Business Community A Public Safety Partnership.

Threat Intelligence Use in Information Security: History, Theory and Practice Tim Gallo Cyber Security Field Engineering 1.

© 2013 AT&T Intellectual Property. All rights reserved. AT&T, the AT&T logo and all other AT&T marks contained herein are trademarks of AT&T Intellectual.

Yuval Elovici, Prof. Director of Telekom Innovation Laboratories Head of BGU Cyber Security Labs June, 2014 The Role of the Academia in Promoting Cyber.

Classification The Threat Environment Joyce Corell, NCSC Assistant Director for Supply Chain National Defense Industrial Association Global Supply Chain.

CYBERSPACE A Global War-fighting Domain Every minute of every day, Airmen in the United States Air Force are flying and fighting in cyberspace.

Addressing Terrorist Use of the Internet, Cyber Crime and Other Threats: National Expert Workshop Forging a Comprehensive Approach to Cyber Security Richard.

South Carolina Cyber.

A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information Security) Certified COBIT 5 Assessor /Certified.

Cyber Support to CJOC / CAF Operations Brief to AFCEA 3 March 2015

Defence Research and Development Canada Recherche et développement pour la défense Canada Canada Social Cyber Networks Joanne Treurniet 18 October 2005.

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Security Offering. Cyber Security Solutions 2 Assessment Analysis & Planning Design & Architecture Development & Implementation O&M Critical Infrastructure.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

An Intelligent Tutoring System (ITS) for Future Combat Systems (FCS) Robotic Vehicle Command I/ITSEC 2003 Presented by:Randy Jensen

Oklahoma Chapter Information Systems Security Association Oklahoma Chapter, Tulsa Oklahoma City Chapter, OKC Student Chapter, Okmulgee Oklahoma Chapter,

Resiliency Rules: 7 Steps for Critical Infrastructure Protection.

California Common Operating Picture (Cal COP) for Public Safety

Information Security Issues at Casinos and eGaming

Staying Ahead of the Curve in Cyber Security Bill Chang CEO, SingTel Group Enterprise.

Industrial Engineering Primary Responsibilities within the Service Industry Institute of Industrial Engineering Industry Advisory Board Business Planning.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Cyber Security: Now and.

MCA-3 The Graduate Certificate of Africa Strategic Intelligence Studies Why CAS? This graduate certificate prepares students to critically identify, analyze.

CSIAC is a DoD Information Analysis Center (IAC) sponsored by the Defense Technical Information Center (DTIC) Presentation to: Insider Threat SOAR Workshop.

I n t e g r i t y - S e r v i c e - E x c e l l e n c e Headquarters U.S. Air Force 1 Lt Gen Bill Lord, SAF/CIO A6 Chief of Warfighting Integration and.

Equipment Capability Customer RIGHT KIT, RIGHT PRICE, RIGHT TIME The role of OA in experimentation? Dave Ferbrache Director Analysis, Experimentation &

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Paul de Souza Chapter 18 - National Cyber Defense Strategy, Pg. 224.

A Repeatable Threat Brief THE NATIONAL PRESS CLUB, WASHINGTON D.C. DECEMBER 3 & 4, 2014 Supported by the Department of Homeland Security, Science & Technology.

Active Security Ryan Hand, Michael Ton, Eric Keller.

Department of Defense Information Age Vision Linton Wells II ASD(NII)/DoD CIO-Acting United States DoD North American Day 2005.

Dr. Jimmie McEver Senior Scientist, JHU APL Chair, AIAA Technical Committee on Information and Command and Control Systems Lessons Learned from Dealing.

Air Force Strategy to Resources

Training for a Network Enabled Capability

CTOlabs.com Government Big Data Success Stories Bob Gourley Jan 2012.

Network security Product Group 2 McAfee Network Security Platform.

STARBASE 2.0 STEM Mentor Training. Training Objectives  Demonstrate an understanding of STARBASE 2.0 & the role of the mentor  Use the STARBASE 2.0.

WELCOME CyberSecurity and Global Affairs Workshop Enhancing Situational Awareness Through Cyber Intelligence Henry Horton, CISM Partner, CyberSecurity.

STRATEGIC INTELLIGENCE MANAGEMENT Chapter by Andrew Staniforth Chapter 17 - Securing Cyberspace: Strategic Responses for a Digital Age, Pg. 213.

A Deception Framework for Survivability Against Next Generation Cyber Attacks Ruchika Mehresh and Shambhu Upadhyaya Department of Computer Science and.

Engaging the Adversary as a Viable Response to Network Intrusion Sylvain P. Leblanc & G. Scott Knight Royal Military College of Canada PST 05 Workshop.

Defense Security Service Joint Industrial Security Awareness Council March 20, 2015.

Governor’s Office of Homeland Security and Emergency Response State Directors Meeting February 24, 2014 Bruce A. Davis, Ph.D. Senior Program Manager Resilient.

Latest Strategies for IT Security Margaret Myers Principal Director, Deputy CIO United States Department of Defense North American Day 2006.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Coast Guard Cyber Command

Why SIEM – Why Security Intelligence??

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

An Introduction to Deception Based Technology Asif Yaqub Nick Palmer February 5, 2016.

Digital Security Focus Area & Critical Infrastructure Protection in H2020 SC7 WP Aristotelis Tzafalias Trust and Security Unit DG Communications.

Cyber Security for the real world Tim Brown Dell Fellow and CTO Dell Security Solutions.

Visual Analytics for Cyber Defense Decision-Making Anita D’Amico, Ph.D. Secure Decisions division of Applied Visions, Inc.

Center of Excellence in Cyber Security

Real-time protection for web sites and web apps against ATTACKS

Cyber Security: State of the Nation

DISA Global Operations

Introduction to a Security Intelligence Maturity Model

Cyber Security coordination in Europe CERT-EU’s perspective

Wenjing Lou Complex Networks and Security Research (CNSR) Lab

Cyber defense management

Cyber Threat Intelligence Sharing Standards-based Repository

5G Security Training

Combining the best of Audit and Penetration Testing

Evolution Of Cybersecurity

Chief, ARSTAF Cyberspace Task Force

What are the Resilience Mechanisms? Hugo Pereira Evoleo Technologies

Cyber Security in a Risk Management Framework

Presentation transcript:

Cyber Principles November 2010 Bob Gourley

The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace. 2. The Chain: Security in our cyberspace is only as good as its weakest link. 3. There is no Perimeter: Agile operational defense in depth is required. 4. Interconnection: Cyber operations is bigger than IT. 5. The Laundry: In Cyber Conflict there is always something to do. 6. Prior Planning: Success must be preplanned. 7. Experience Counts: Inexperienced cyber conflict professionals are not. 8. User Understanding: Users cannot understand system security posture. 9. The Rodeo: No adversary is undefeated. No system is undefeatable. 10. One Basket: Never put all your eggs in one basket. 11. Unintended Consequences: Prepare for blow-back and fratricide. 12. The Beauty of Offense: You must take the fight to the enemy. 2 Assume you are breached, plan for mission resilience, build for active defense, mitigate advanced persistent threats, seek to detect anomalies, and exercise with the extended team, continuously.

Can Geospatial Solutions Contribute? Some emerging cyber needs: Deep network forensics and monitoring Information aggregation and analysis (human and sensor driven) e.g. dashboards and metrics Advanced heuristics for anomaly detection Advanced forensic techniques Botnet and bad actor infrastructure monitoring Dynamic honeypots and advanced simulation environments Cloud based malware detection and analysis Mobile platform security Threat intelligence – situation awareness (including dashboards) Locations and activities of bad actors (individuals and organizations) 3

Backup Slides 4

The Cyber Conflict Thesis Cyber conflict decision-makers are growing a Canon of Knowledge that will contribute to victory The most significant Lessons learned from Cyber can be/should be embodied in Principles of Cyber Conflict Principles can guide actions including career development, concepts of operations, training, mentoring and, at times, decisions in cyber conflict Principles can help us in the “Cyber-Location Nexus” 5

How can we develop Cyber Conflict Principles? Combination of real world experience and academic study Then community review and continued intellectual rigor Feedback from real cyber warriors engaged in cyber conflict 6 The following principles are based on the experiences of first generation of Joint cyber warriors plus the work of the Cyber Conflict Studies Association (CCSA) (see

The 12 Principles of Cyber Conflict 1. Know the enemy: Bad actors in the world are bad actors in cyberspace. 2. The Chain: Security in our cyberspace is only as good as its weakest link. 3. There is no Perimeter: Agile operational defense in depth is required. 4. Interconnection: Cyber operations is bigger than IT. 5. The Laundry: In Cyber Conflict there is always something to do. 6. Prior Planning: Success must be preplanned. 7. Experience Counts: Inexperienced cyber conflict professionals are not. 8. User Understanding: Users cannot understand system security posture. 9. The Rodeo: No adversary is undefeated. No system is undefeatable. 10. One Basket: Never put all your eggs in one basket. 11. Unintended Consequences: Prepare for blow-back and fratricide. 12. The Beauty of Offense: You must take the fight to the enemy. 7 Assume you are breached, plan for mission resilience, build for active defense, mitigate advanced persistent threats, seek to detect anomalies, and exercise with the extended team, continuously.

The Operational Threat and a Cyber Locational Nexus After reconstruction of events, it was clear that I&W could have been provided on most major cyber events. Some examples: – Moonlight Maze – PRC Espionage against DoD (ongoing) – Estonia 2007 – Georgia 2008 – GhostNet 2009 – Aurora – Buckshot Yankee Each of these events could have benefited from enhanced geospatial/all source intelligence on foreign threat actors, their capabilities, ongoing ops and likely intent. 8

Some questions regarding cyber- location nexus: Can we express cyber threat history geospatially to help mitigate cyber threat amnesia? High end adversaries are well resourced and are developing capabilities with their own internal R&D, so it is pretty clear we should prepare to be surprised. But can enhanced locational intelligence counter any of their R&D? Are there new all source fusion models/methods/techniques that have not been explored yet that locational advances can contribute to? What solutions for I&W, CND, CNA, CNE can cyber location nexus drive? 9

Warning: Don’t overreach! Much of cyber conflict is different Some emerging cyber needs: Deep network forensics and monitoring Information aggregation and analysis (human and sensor driven) e.g. dashboards and metrics Advanced heuristics for anomaly detection Advanced forensic techniques Botnet and bad actor infrastructure monitoring Dynamic honeypots and advanced simulation environments Threat intelligence – situation awareness (including dashboards) Cloud based malware detection and analysis Mobile platform security Locations and activities of bad actors (individuals and organizations) 10

Questions/Comments? See: Just like in geospatial intelligence, we won’t make collective progress in cyber conflict till we deserve progress in cyber conflict. Help earn our victory by contributing to the canon of knowledge of cyber conflict Read, study, think about and refine the principles of cyber conflict. Join and engage intellectually with the Cyber Conflict Studies Association (CCSA) Concluding Thoughts