SlideShare une entreprise Scribd logo

Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

C
crmcg2007

Presentation to the FireEye Defense Summit Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

Technologie
1  sur  9
Télécharger pour lire hors ligne
12/02/2016 1 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED. MODERN CYBER BATTLEFIELD APPLICATION OF KEY COUNTERINSURGENCY PRINCIPALS TO TODAY’S KINETIC CYBER ENVIRONMENT Presented by Chuck McGregor CISSP, CISM VP Security Operations, Parsons COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.2 ABOUT ME • USMC officer • Deployed to Afghanistan and Iraq in advisor and company command capacities in COIN environments/missions • US Marine Special Operations Command Reserve Chief of Staff • Cyber Director at Parsons Corp.
12/02/2016 2 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.3 KNOW THY ENEMY… - Sun Tzu …AND KNOW THY SELF COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.4 COUNTERINSURGENCY OPERATIONS JP3-24 The twenty-first century is typified by a volatile international environment, persistent conflict, and increasing state fragility. Long-standing external and internal tensions tend to exacerbate or create core grievances within some states, resulting in political strife, instability, or even insurgency. Moreover, some transnational terrorists/extremists with radical political and religious ideologies may intrude in weak or poorly governed states to form a wider, more networked threat.
12/02/2016 3 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.5 SETTING THE STAGE • The challenges we face are dynamic • We need new ways to view our cyber adversaries • Correlations of the cyber battlefield to dynamic counterinsurgency landscapes • New ways to view and prepare the cyber battle space • Let’s try something different… A view of our adversaries • Nation-state sponsors • Criminal organizations • Hacktivists • Proxy agents • Competitors • Insiders 6 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.6 INSURGENCY ANALYSIS Before we determine where to focus, let’s analyze insurgencies…
12/02/2016 4 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.7 UNDERSTANDING INSURGENCY • Organized • Complexity • Contemporary conflict • Leadership/narrative • Protracted struggle Modern cyber adversary motives • Ideological • Socio-economic influence • Commercial/defense objectives • Criminal/funding objectives COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.8 RECOGNIZING INSURGENT VULNERABILITIES • Need for secrecy • Need to establish a base of operations • Need for financial resources • Internal divisions • Need to maintain momentum • Informants within the insurgency Cyber exploitation mindset • Strong unity of command • Adjacent unit coordination • Financial resources • Our own people …Our campaign plan
12/02/2016 5 9 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.9 FOCUS AREA #1 PLANNING Focus Area #1 Your counterinsurgency campaign plan COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.10 FOCUS AREA #1 – COIN CAMPAIGN PLANNING • Unity of effort • Intelligence-driven operations (Intel prep of the battlefield) • Economy of force • Component contributions • Operational environment shaping Cyber campaign planning corollaries… • Organize your security practices • Peer-industry integration points • Bottom-up threat intelligence - unleash • Support the analyst effort – invest • Technology force multipliers
12/02/2016 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.11 SMALL WARS MANUAL UNITED STATES MARINE CORPS, 1940 In small wars, caution must be exercised, and instead of striving to generate the maximum power with the forces available, the goal is to gain decisive results with the least application of force. In small wars, tolerance, sympathy, and kindness should be the keynote of our relationship with the mass of the population. Small wars involve a wide range of activities including diplomacy, contacts with the civil population and warfare of the most difficult kind. 12 12 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.12 FOCUS AREA #2 TACTICAL GUERILLA FIGHT Focus Area #2 The tactical guerilla fight
12/02/2016 7 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.13 FOCUS AREA #2 – GUERILLA TACTICS • Attacking the will • Deception • Engagement selection • Supply chain disruption • Attacks to infrastructure • Financial conversion • Prolonged fight Tactical cyber actions… • Fight his strategy, not his forces • Map short term actions to long term vision • Maintain intelligence emphasis • Be prepared for setbacks • Empower the lowest levels • Rank is nothing – talent is eveything • Keep the initiative • Be there COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.14 GUERILLA TACTICS AND THE CYBER KILL CHAIN Initial Compromise Establish Foothold Escalate Privileges Internal Recon Move Laterally Maintain Presence Complete Mission (Action on Objectives) Guerilla Tactics Cyber Tactics “Cyber Kill Chain” is a registered trademark of Lockheed Martin • Patient observation • Develop intimacy • Target development and prioritization • Final planning • Asymmetric positioning • Destroy/disruption • Objective advance • Evade and egress • External attack surface sizing • Social Engineering • External Compromise • Custom Malware • Payload Insert • App Exploitation • Delivery • Credential Theft • Password Cracking • “Pass-the- Hash” • Exploitation • Critical System Recon • System, Active Directory, User Enumeration • Installation • Net Use Commands • Reverse Shell Access • Backdoor Variants • VPN Subversion • Sleeper Malware • C2 Nodes • Staging Servers • Data Consolidation • Data Theft • Destroy
12/02/2016 8 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.15 KEY TAKEAWAYS • Take a new look at we fight on the cyber battlefield • Leverage what we’ve learned in COIN – the similarities prompt consideration • Integrating COIN planning elements into your cyber campaign plan to keep adversary off balance • Ensure intelligence-driven operations • Adopting a COIN mindset can give your front line an edge in the guerrilla fight • Empower your lowest levels COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.16 THANK YOU chuck.mcgregor@parsons.com @chuck_mcg
12/02/2016 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.17 REFERENCES FM 3-24 Counterinsurgency JP 3-24 Counterinsurgency Operations FMFRP 12-15 USMC Small Wars Manual (1940) “28 Articles - Fundamentals of Company-Level Counterinsurgency”, David Kilcullen (2006) “Killing Advanced Threats in Their Tracks:An Intelligent Approach to Attack Prevention”, Tony Sager, SANS Institute (2014) “10 Strategies of a World-Class Security Operations Center”, Carson Zimmerman, MITRE (2014) EXIM APPROVED Parsons #458 7 OCT 16.

Recommandé

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesJoshua Berman
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 

Recommandé

Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsJoshua Berman
 
Security Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSecurity Kung Fu: SIEM Solutions
Security Kung Fu: SIEM SolutionsSolarWinds
 
You Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionYou Can't Stop The Breach Without Prevention And Detection
You Can't Stop The Breach Without Prevention And DetectionCrowdStrike
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Security Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesSecurity Kung Fu: Active Directory Changes
Security Kung Fu: Active Directory ChangesJoshua Berman
 
Gartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit BrochureGartner Security & Risk Management Summit Brochure
Gartner Security & Risk Management Summit Brochuretrunko
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
Threat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchThreat intelligence Primary Tradecraft and Research
Threat intelligence Primary Tradecraft and ResearchFidelis Cybersecurity
 
zero day exploits
zero day exploitszero day exploits
zero day exploitsAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Dragos, Inc.
 
PA SB DC Cyber Brief
PA SB DC Cyber Brief PA SB DC Cyber Brief
PA SB DC Cyber Brief Scott Zimmerman
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasRecorded Future
 
Global Ransomware Attacks
Global Ransomware AttacksGlobal Ransomware Attacks
Global Ransomware AttacksEmily Brown
 
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...Tasneem Sayeed
 
E payment_system1_257091537
E payment_system1_257091537 E payment_system1_257091537
E payment_system1_257091537Indore Management Institute & Research Centre
 

Contenu connexe

Tendances

Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsCommunity IT Innovators
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsForcepoint LLC
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsCrowdStrike
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Puneet Kukreja
 
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Dragos, Inc.
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingCrowdStrike
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgChristopher R. Ward
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client AlertRobyn Melnyk
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017Saumil Shah
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteSaumil Shah
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntySaumil Shah
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of SecuritySaumil Shah
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaSyed Peer
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackKevin Duffey
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasRecorded Future
 
Global Ransomware Attacks
Global Ransomware AttacksGlobal Ransomware Attacks
Global Ransomware AttacksEmily Brown
 

Tendances (20)

zero day exploits
zero day exploitszero day exploits
zero day exploits
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 
Backups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for NonprofitsBackups and Disaster Recovery for Nonprofits
Backups and Disaster Recovery for Nonprofits
 
Addressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider ThreatsAddressing Future Risks and Legal Challenges of Insider Threats
Addressing Future Risks and Legal Challenges of Insider Threats
 
Bear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence OperationsBear Hunting: History and Attribution of Russian Intelligence Operations
Bear Hunting: History and Attribution of Russian Intelligence Operations
 
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...
 
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
Insights To Building An Effective Industrial Cybersecurity Strategy For Your ...
 
PA SB DC Cyber Brief
PA SB DC Cyber Brief PA SB DC Cyber Brief
PA SB DC Cyber Brief
 
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond AlertingProactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
Proactive Threat Hunting: Game-Changing Endpoint Protection Beyond Alerting
 
Global ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sgGlobal ransomware attacks_2017_final msw_g2_sg
Global ransomware attacks_2017_final msw_g2_sg
 
Global Ransomware Client Alert
Global Ransomware Client AlertGlobal Ransomware Client Alert
Global Ransomware Client Alert
 
The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017The Seven Axioms of Security - ITWeb 2017
The Seven Axioms of Security - ITWeb 2017
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
Redefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS KeynoteRedefining Defense - HITB2017AMS Keynote
Redefining Defense - HITB2017AMS Keynote
 
Cross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital SovereigntyCross Border Cyber Attacks: Impact on Digital Sovereignty
Cross Border Cyber Attacks: Impact on Digital Sovereignty
 
The Seven Axioms Of Security
The Seven Axioms Of SecurityThe Seven Axioms Of Security
The Seven Axioms Of Security
 
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, DohaGCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
GCC Operational Technology Security Forum & Exhibition, 21-23 March 2017, Doha
 
CEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber AttackCEOs leading Recovery from Cyber Attack
CEOs leading Recovery from Cyber Attack
 
Improve Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These IdeasImprove Your Threat Intelligence Strategy With These Ideas
Improve Your Threat Intelligence Strategy With These Ideas
 
Global Ransomware Attacks
Global Ransomware AttacksGlobal Ransomware Attacks
Global Ransomware Attacks
 

En vedette

DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...Tasneem Sayeed
 
Tema 7 Legislacion Penal Especial
Tema 7 Legislacion Penal EspecialTema 7 Legislacion Penal Especial
Tema 7 Legislacion Penal EspecialDAYJME
 
Cannabis application booklet 2016
Cannabis application booklet 2016Cannabis application booklet 2016
Cannabis application booklet 2016Keith Jordan, MBA
 
Présentation PNNS - Fatima Kartout
Présentation PNNS - Fatima KartoutPrésentation PNNS - Fatima Kartout
Présentation PNNS - Fatima KartoutARP-Astrance
 
Fashion & consumerism quiz
Fashion & consumerism quizFashion & consumerism quiz
Fashion & consumerism quizmariatics
 
Transformacion y recoleccion cultivo intensivo el olivo
Transformacion y recoleccion cultivo intensivo el olivoTransformacion y recoleccion cultivo intensivo el olivo
Transformacion y recoleccion cultivo intensivo el olivoSandra Echavarri Jaudenes
 
búsquedas efectivas en Internet
búsquedas efectivas en Internet búsquedas efectivas en Internet
búsquedas efectivas en Internet Lucia Herrera
 
04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slidesmonchai sopitka
 
Trabalho colaborativo3 ppt
Trabalho colaborativo3 pptTrabalho colaborativo3 ppt
Trabalho colaborativo3 pptpeacel
 
A persistência da memória, Salvador Dalí.
A persistência da memória, Salvador Dalí.A persistência da memória, Salvador Dalí.
A persistência da memória, Salvador Dalí.AyandraGomes17
 
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...Virginia Streeter
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment SystemRitesh Goyal
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systemsVishal Singh
 

En vedette (18)

DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
DevFest West 2013 @Google: LIGHTNING TALK : Learnings, Prototypes & Use Cases...
 
E payment_system1_257091537
E payment_system1_257091537 E payment_system1_257091537
E payment_system1_257091537
 
Tema 7 Legislacion Penal Especial
Tema 7 Legislacion Penal EspecialTema 7 Legislacion Penal Especial
Tema 7 Legislacion Penal Especial
 
Estudo teste informática
Estudo teste informáticaEstudo teste informática
Estudo teste informática
 
Cannabis application booklet 2016
Cannabis application booklet 2016Cannabis application booklet 2016
Cannabis application booklet 2016
 
Présentation PNNS - Fatima Kartout
Présentation PNNS - Fatima KartoutPrésentation PNNS - Fatima Kartout
Présentation PNNS - Fatima Kartout
 
Aeon management - Velachery
Aeon management - Velachery Aeon management - Velachery
Aeon management - Velachery
 
Fashion & consumerism quiz
Fashion & consumerism quizFashion & consumerism quiz
Fashion & consumerism quiz
 
3. memoria descriptiva
3. memoria descriptiva3. memoria descriptiva
3. memoria descriptiva
 
Transformacion y recoleccion cultivo intensivo el olivo
Transformacion y recoleccion cultivo intensivo el olivoTransformacion y recoleccion cultivo intensivo el olivo
Transformacion y recoleccion cultivo intensivo el olivo
 
búsquedas efectivas en Internet
búsquedas efectivas en Internet búsquedas efectivas en Internet
búsquedas efectivas en Internet
 
04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides04-2 E-commerce Payment Systems slides
04-2 E-commerce Payment Systems slides
 
Trabalho colaborativo3 ppt
Trabalho colaborativo3 pptTrabalho colaborativo3 ppt
Trabalho colaborativo3 ppt
 
A persistência da memória, Salvador Dalí.
A persistência da memória, Salvador Dalí.A persistência da memória, Salvador Dalí.
A persistência da memória, Salvador Dalí.
 
Sujeto de derecho
Sujeto de derechoSujeto de derecho
Sujeto de derecho
 
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...
CCC Workshop - Part 5: Community Engagement & Building Community Power via Co...
 
Electronic Payment System
Electronic Payment SystemElectronic Payment System
Electronic Payment System
 
The electronic payment systems
The electronic payment systemsThe electronic payment systems
The electronic payment systems
 

Similaire à Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportInsights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportStephanie Brannan
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyStephanie McVitty
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Dragos, Inc.
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Canada
 
SucessfulInsiderThreat
SucessfulInsiderThreatSucessfulInsiderThreat
SucessfulInsiderThreatHammerNJ
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Jim Kaplan CIA CFE
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdStrike
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalPriyanka Aash
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Decisions
 
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...scoopnewsgroup
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksPhil Huggins FBCS CITP
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centersBrencil Kaimba
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Decisions
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksResilient Systems
 
CA_Module_13.pdf
CA_Module_13.pdfCA_Module_13.pdf
CA_Module_13.pdfEhabRushdy1
 

Similaire à Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment (20)

Insights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense ReportInsights from 2016 Cyberthreat Defense Report
Insights from 2016 Cyberthreat Defense Report
 
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copyBest_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
Best_of_Breed_3-24-2015_How_to_Achieve_ABAC_Today copy
 
Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response Rising Cyber Escalation US Iran Russia ICS Threats and Response
Rising Cyber Escalation US Iran Russia ICS Threats and Response
 
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the businessCisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
Cisco Connect Vancouver 2017 - Embedding IR into the DNA of the business
 
SucessfulInsiderThreat
SucessfulInsiderThreatSucessfulInsiderThreat
SucessfulInsiderThreat
 
Cyber security series advanced persistent threats
Cyber security series advanced persistent threats Cyber security series advanced persistent threats
Cyber security series advanced persistent threats
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
Reducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained EnvironmentsReducing Attack Surface in Budget Constrained Environments
Reducing Attack Surface in Budget Constrained Environments
 
SecurityOperations
SecurityOperationsSecurityOperations
SecurityOperations
 
CrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas AttackCrowdCasts Monthly: When Pandas Attack
CrowdCasts Monthly: When Pandas Attack
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Shamoon
ShamoonShamoon
Shamoon
 
Threat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formalThreat Hunting - Moving from the ad hoc to the formal
Threat Hunting - Moving from the ad hoc to the formal
 
Scalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary PresentationScalar Security Roadshow - Calgary Presentation
Scalar Security Roadshow - Calgary Presentation
 
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
Forcepoint Raised the Bar: What's Next in the Cross Domain Community-george k...
 
Cyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber ShocksCyber Resilience: Managing Cyber Shocks
Cyber Resilience: Managing Cyber Shocks
 
Governance of security operation centers
Governance of security operation centersGovernance of security operation centers
Governance of security operation centers
 
Scalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver PresentationScalar Security Roadshow - Vancouver Presentation
Scalar Security Roadshow - Vancouver Presentation
 
Incident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber AttacksIncident Response in the age of Nation State Cyber Attacks
Incident Response in the age of Nation State Cyber Attacks
 
CA_Module_13.pdf
CA_Module_13.pdfCA_Module_13.pdf
CA_Module_13.pdf
 

Dernier

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Dernier (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

  • 1. 12/02/2016 1 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED. MODERN CYBER BATTLEFIELD APPLICATION OF KEY COUNTERINSURGENCY PRINCIPALS TO TODAY’S KINETIC CYBER ENVIRONMENT Presented by Chuck McGregor CISSP, CISM VP Security Operations, Parsons COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.2 ABOUT ME • USMC officer • Deployed to Afghanistan and Iraq in advisor and company command capacities in COIN environments/missions • US Marine Special Operations Command Reserve Chief of Staff • Cyber Director at Parsons Corp.
  • 2. 12/02/2016 2 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.3 KNOW THY ENEMY… - Sun Tzu …AND KNOW THY SELF COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.4 COUNTERINSURGENCY OPERATIONS JP3-24 The twenty-first century is typified by a volatile international environment, persistent conflict, and increasing state fragility. Long-standing external and internal tensions tend to exacerbate or create core grievances within some states, resulting in political strife, instability, or even insurgency. Moreover, some transnational terrorists/extremists with radical political and religious ideologies may intrude in weak or poorly governed states to form a wider, more networked threat.
  • 3. 12/02/2016 3 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.5 SETTING THE STAGE • The challenges we face are dynamic • We need new ways to view our cyber adversaries • Correlations of the cyber battlefield to dynamic counterinsurgency landscapes • New ways to view and prepare the cyber battle space • Let’s try something different… A view of our adversaries • Nation-state sponsors • Criminal organizations • Hacktivists • Proxy agents • Competitors • Insiders 6 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.6 INSURGENCY ANALYSIS Before we determine where to focus, let’s analyze insurgencies…
  • 4. 12/02/2016 4 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.7 UNDERSTANDING INSURGENCY • Organized • Complexity • Contemporary conflict • Leadership/narrative • Protracted struggle Modern cyber adversary motives • Ideological • Socio-economic influence • Commercial/defense objectives • Criminal/funding objectives COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.8 RECOGNIZING INSURGENT VULNERABILITIES • Need for secrecy • Need to establish a base of operations • Need for financial resources • Internal divisions • Need to maintain momentum • Informants within the insurgency Cyber exploitation mindset • Strong unity of command • Adjacent unit coordination • Financial resources • Our own people …Our campaign plan
  • 5. 12/02/2016 5 9 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.9 FOCUS AREA #1 PLANNING Focus Area #1 Your counterinsurgency campaign plan COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.10 FOCUS AREA #1 – COIN CAMPAIGN PLANNING • Unity of effort • Intelligence-driven operations (Intel prep of the battlefield) • Economy of force • Component contributions • Operational environment shaping Cyber campaign planning corollaries… • Organize your security practices • Peer-industry integration points • Bottom-up threat intelligence - unleash • Support the analyst effort – invest • Technology force multipliers
  • 6. 12/02/2016 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.11 SMALL WARS MANUAL UNITED STATES MARINE CORPS, 1940 In small wars, caution must be exercised, and instead of striving to generate the maximum power with the forces available, the goal is to gain decisive results with the least application of force. In small wars, tolerance, sympathy, and kindness should be the keynote of our relationship with the mass of the population. Small wars involve a wide range of activities including diplomacy, contacts with the civil population and warfare of the most difficult kind. 12 12 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.12 FOCUS AREA #2 TACTICAL GUERILLA FIGHT Focus Area #2 The tactical guerilla fight
  • 7. 12/02/2016 7 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.13 FOCUS AREA #2 – GUERILLA TACTICS • Attacking the will • Deception • Engagement selection • Supply chain disruption • Attacks to infrastructure • Financial conversion • Prolonged fight Tactical cyber actions… • Fight his strategy, not his forces • Map short term actions to long term vision • Maintain intelligence emphasis • Be prepared for setbacks • Empower the lowest levels • Rank is nothing – talent is eveything • Keep the initiative • Be there COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.14 GUERILLA TACTICS AND THE CYBER KILL CHAIN Initial Compromise Establish Foothold Escalate Privileges Internal Recon Move Laterally Maintain Presence Complete Mission (Action on Objectives) Guerilla Tactics Cyber Tactics “Cyber Kill Chain” is a registered trademark of Lockheed Martin • Patient observation • Develop intimacy • Target development and prioritization • Final planning • Asymmetric positioning • Destroy/disruption • Objective advance • Evade and egress • External attack surface sizing • Social Engineering • External Compromise • Custom Malware • Payload Insert • App Exploitation • Delivery • Credential Theft • Password Cracking • “Pass-the- Hash” • Exploitation • Critical System Recon • System, Active Directory, User Enumeration • Installation • Net Use Commands • Reverse Shell Access • Backdoor Variants • VPN Subversion • Sleeper Malware • C2 Nodes • Staging Servers • Data Consolidation • Data Theft • Destroy
  • 8. 12/02/2016 8 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.15 KEY TAKEAWAYS • Take a new look at we fight on the cyber battlefield • Leverage what we’ve learned in COIN – the similarities prompt consideration • Integrating COIN planning elements into your cyber campaign plan to keep adversary off balance • Ensure intelligence-driven operations • Adopting a COIN mindset can give your front line an edge in the guerrilla fight • Empower your lowest levels COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.16 THANK YOU chuck.mcgregor@parsons.com @chuck_mcg
  • 9. 12/02/2016 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.17 REFERENCES FM 3-24 Counterinsurgency JP 3-24 Counterinsurgency Operations FMFRP 12-15 USMC Small Wars Manual (1940) “28 Articles - Fundamentals of Company-Level Counterinsurgency”, David Kilcullen (2006) “Killing Advanced Threats in Their Tracks:An Intelligent Approach to Attack Prevention”, Tony Sager, SANS Institute (2014) “10 Strategies of a World-Class Security Operations Center”, Carson Zimmerman, MITRE (2014) EXIM APPROVED Parsons #458 7 OCT 16.