Presentation is loading. Please wait.

Presentation is loading. Please wait.

From “Groundhog Day” to “Independence Day”

Published byIrma Cooper Modified over 6 years ago

Similar presentations

Presentation on theme: "From “Groundhog Day” to “Independence Day”"— Presentation transcript:

1 From “Groundhog Day” to “Independence Day”
Scripting your Cyberdefense Movie Tony Sager Senior VP & Chief Evangelist June 2017

2 Seismic Shifts Communications Security  “Cyber”
Technology  Information, Operations Government monopoly  user/market driven “Control Model” of security  Risk model National Security  economic/social Risk

3 A Few Cybersecurity Lessons
Integrated Action: Knowing about vulnerabilities doesn’t get them fixed Integrated Purpose: The Bad Guy doesn’t perform magic Integrated Capability: There’s a large but limited number of defensive choices Integrated Understanding: Cybersecurity => Information Management Cybersecurity is more like Groundhog Day than Independence Day TS

4 A Cyberdefense OODA Loop
(“patch Tuesday”) OBSERVE Track security bulletins, advisories ORIENT Assess applicability, operational issues, risk DECIDE Prioritize remediation ACT Rollout, Monitor, Manage “breakage” A classic military way to think of the dynamic nature of Defense. Origins in airplane dogfights. Every step is about gathering, make sense of information, taking action, the repeat. Here’s the Loop we live every month. Guess who else lives in this loop?

5 (and the role of Threat Intelligence, Analytics)
“Dueling OODAs” (and the role of Threat Intelligence, Analytics) There are many loops, often connected “farther in space, earlier in time” The Bad Guy’s loop is an opportunity OBSERVE ORIENT DECIDE ACT OBSERVE ORIENT DECIDE ACT OBSERVE ORIENT DECIDE ACT OBSERVE ORIENT DECIDE ACT OBSERVE ORIENT DECIDE ACT But there’s a lot going on. You can improve patching, but the Bad Guy has inherent advantages. And he doesn't’t much care about irritating your users. Regression testing. SO the key is to think about either degrading the Bad Guy’s information loop; or about moving the fight to a loop where you have better advantage. No details here, but think of things like Lockheed-Martin Kill Chain, MITRE ATT&ACK Model, Mandiant APT1, etc. all as attempts to get a handle on this thinking. O D A

6 An Effective Cyberdefense “info machine” should be…
based on a model of Attacks, Attackers, and defensive choices and focused on categories, types, patterns, templates, etc. driven by data managed within an open, standards-based framework account for “community risk”, but be tailorable repeatable, dynamic, feedback-driven demonstrable, negotiable for Real People

7 Groundhog’s Day Moments
January 2008 Comprehensive National Cybersecurity Initiative (CNCI) March 2011 Enabling Distributed Security in Cyberspace: Building a Healthy and Resilient Cyber Ecosystem with Automated Collective Action February 2014 The Fog of More: A Cyber Security Community Challenge Today Integrated Cyber – These same ideas applied in today’s cyber environment

8 The CIS Community Attack Model Process
Basis for mapping from multiple Attack Summaries What are the problems we all face? Support the evolution of CIS Critical Security Controls Establishes the foundation, allows for tailoring An effective baseline for use of Threat Intelligence Consistent and open mapping to Defensive Action Able to work with “closed systems” (e.g, classified data) Operate an ongoing refresh cycle is the model still good? Priority within the model?

9 CIS Security Best Practice Automation Workflow

10 The CIS Critical Security Controls
RR

11 Website: www.cisecurity.org
Twitter: @CISecurity Facebook: Center for Internet Security LinkedIn Groups: Center for Internet Security 20 Critical Security Controls

Download ppt "From “Groundhog Day” to “Independence Day”"

Similar presentations

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.

Tenace FRAMEWORK and NIST Cybersecurity Framework Block IDENTIFY.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.
Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.

Join Our Research Efforts in CCAA to Improve Cybersecurity Robustness, Resiliency and Management in Enterprises Information Slides to Encourage Your Organization.
NoVA ARMA February 2015 Tony Sager The Future of Cyberdefense is… Information Management.

NoVA ARMA February 2015 Tony Sager The Future of Cyberdefense is… Information Management.
THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.

THE REGIONAL MUNICIPALITY OF YORK Information Technology Strategy & 5 Year Plan.
Federated Defenses and Watching Each Other’s Back Scott Pinkerton Argonne National Laboratory National Laboratory Information Technology.

Federated Defenses and Watching Each Other’s Back Scott Pinkerton Argonne National Laboratory National Laboratory Information Technology.
Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan www.gilligangroupinc.com Software Assurance Forum November 4, 2009.

Understanding Technology Stakeholders: Their Progress and Challenges John M. Gilligan Software Assurance Forum November 4, 2009.
Ali Alhamdan, PhD National Information Center Ministry of Interior

Ali Alhamdan, PhD National Information Center Ministry of Interior
CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.

CIO Perspectives on Security Fabrício Brasileiro Regional Sales Manager.
Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks
Www.TheSCANFoundation.org Standardized Assessment: Issues and Opportunities Lisa R. Shugarman, Ph.D. Director of Policy Alzheimer’s Advisory Committee.

Standardized Assessment: Issues and Opportunities Lisa R. Shugarman, Ph.D. Director of Policy Alzheimer’s Advisory Committee.
UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.

UNCLASSIFIED 1 National Security in Cyberspace: It Takes a Nation Sandra Stanar-Johnson NSA/CSS Representative to the Department of Homeland Security February.
Name Project Management Symposium June 8 – 9, 2015 Slide 1 Susan Hostetter, Reed Livergood, Amy Squires, and James Treat 2015 Project Management Symposium.

Name Project Management Symposium June 8 – 9, 2015 Slide 1 Susan Hostetter, Reed Livergood, Amy Squires, and James Treat 2015 Project Management Symposium.
CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.

CNCI-SCRM STANDARDIZATION Discussion Globalization Task Force OASD-NII / DoD CIO Unclassified / FOUO.
Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.

Cognitive & Organizational Challenges of Big Data in Cyber Defence. YALAVARTHI ANUSHA 1.
FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.

FFIEC Cybersecurity Assessment Tool Maine Credit Union League September 23, 2015 Patrick Truett, Information Systems Officer National Credit Union Administration.
Phase-1: Prepare for the Change Why stepping back and preparing for the change is so important to successful adoption: Uniform and effective change adoption.

Phase-1: Prepare for the Change Why stepping back and preparing for the change is so important to successful adoption: Uniform and effective change adoption.

Similar presentations

Ads by Google