Cyberthreats are growing in volume and variety. It is critical for the security industry to understand how to help DoD improve its cyber-intelligence. Defense Intelligence Officer for Cyber, Mr. Carback, will share DoD imperatives that will baseline your understanding of the actors, their intent and impact, the role of cyber-intelligence in DoD, and how we can partner together. (Source: RSA Conference USA 2017)

1. SESSION ID:SESSION ID:
#RSAC
Ron Carback
Opening the Door to DoD Perspectives
on Cyber Threat Intelligence
HTA-W03
Defense Intelligence Officer for Cyber
Defense Intelligence Agency
@roncarback

2. #RSAC
What will I learn in this session?
2
DoD perspective on cyber threats and the risks they pose?
Top issues in cybersecurity impacting our nation and national security
Who are our adversaries? What do they seek to gain?
What is our perspective of the intent of China, Russia, Iran, North Korea, Hacktivists,
Criminals, and Ideologues?
What is cyber intelligence and how is it shaping DoD’s understanding of the threats
we face?
What cyber intelligence do our DoD policymakers, acquisition, and warfighters
need?
What are our cyber workforce needs?
How can cybersecurity industry and practitioners improve our cyber threat
intelligence capability?

3. #RSAC
2016 RSA Submissions…top issues
3

4. #RSAC
4
© American Board for Certification in Homeland Security, Critical Infrastructure Security and Resilience Month, Nov 2013

5. #RSAC
5© Intel Security Predictions 2016

6. #RSAC
Top industry sectors for cyber incidents
6© 2016 IBM Security Cyber Intelligence Report

7. #RSAC
7
© FederalTimes.Com, June 2015

8. #RSAC
8
© Symantec 2016
Internet Security Threat
Report, Government

9. #RSAC
9
© E-ISAC, Analysis of the Cyber
Attack on the Ukrainian Power Grid,
March 2016, page 8

10. #RSAC
Threat Actors
10Source: https://www.fbi.gov/wanted/cyber/

11. #RSAC
11

12. #RSAC
Key things to Consider…in Summary
12
The actors are good at what they do…don’t underestimate !
Don’t assume they are only using cyber to get in… and assume they will get in
Use cyber threat intelligence to discern their intent. What are they after in our
business and why?
Cyber threat intel can be used to drive your resource investment focus
Its not just about the perimeter, protect your data at the source
Evaluate your cyber intelligence program – is it broad enough, answering your
questions, identifying the strategic and tactical threat? Is cyber intelligence
influencing the C-Suite and shaping the strategy
Build and grow your cybersecurity and cyber threat intel staff. Train and retrain
your employees.

13. #RSAC
Apply: How can industry and academia help DoD?
13
Defend and protect your networks, systems, processes, and people
Share the incidents that occur and the threats you see
Build capabilities that will create better cyber resiliency in our
systems, protect our networks, and take the fight to our adversaries
Create tools and analytics that that will enable our analysts to sift
through the data and let analysts focus on analysis
Help us build an expert workforce

14. #RSAC
Apply: Cyber Threat Intelligence in your business
14
Next week you should:
Learn who is your cyber threat intelligence provider and what cyber
intelligence they provide…internal and external providers In the first three
months following this presentation you should:
Identify / Clarify what threat intelligence is needed for your business unit
Ensure that you are gaining the spectrum of threat intelligence from specific
intrusions to strategic intent of those seeking to gain access to your corporate
information and networks – let intel focus operations
Within six months you should:
Review the scope and scale of the cyber intelligence you receive and modify
your approach based on the specific threats to your business

15. #RSAC
Q&A
Email: DIA-PAO@dodiis.mil

16. #RSAC
Back Up

17. #RSAC
17
© Webroot 2016 Threat Report

18. #RSAC
18© Dell Security Annual Threat Report 2016

19. #RSAC
19
© Symantec 2016 Internet
Security Threat Report,
Government