Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A military perspective on cyber security


Published on

This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes

Published in: Technology, Business

A military perspective on cyber security

  1. 1. A Military Perspective on Cyber Security <br />“Not a Paradigm Shift, Just a Tactical Approach” <br />Joey Hernandez CISSP<br />
  2. 2. Topic<br />Background<br />The Change<br />Center of Gravity Rings<br />Principles of War<br />Contested Commons<br />Your Turn<br />
  3. 3. Background<br />Elevated age in cyber warfare<br />Malware has become focused <br />SCADA Systems (Stuxnet)<br />Malware performs Operational Preparation of the Environment (OPE)<br />Conficker (Millions still infected)<br />Ransomeware<br />Data is being held hostage<br />The advanced capability of the threat has increased the risk. <br />Understanding the risk allows employment of defensive measures to decrease the risk – “Risk will always be present”<br />
  4. 4. The Change<br />Combined capabilities have helped attackers create weapon systems<br />Soldier +Rifle + Bullets =(This is a weapon systems)<br />Cyber<br />State Sponsored, Script Kiddies, Paid Staff<br />Laptop, Desktop, Mobile devices<br />Metasploit, Backtrak, PoisonIvy, Mpack, other RAT<br />Hacker + Laptop + Metasploit = Weapon System<br />Attackers, Adversaries, Cyber terrorist are now employing TTP <br />
  5. 5. Wardens Rings<br />The focus to attack Centers of Gravity <br />The Estonian attack/s<br />Utilized TTP<br />Rings <br />Leadership (Defaced Ministry of Defense, Finance, etc)<br />Organic/System Essentials<br />Infrastructure (DDoS against ISP and Wardialing to lock up POTS network)<br />Population (News Media)<br />Fielded Military Forces<br />Inside Out Attack Methodology For Kinetic Warfare<br />
  6. 6. Cyber <br />Population attacks cascade the ring<br />System essential attacks on services eg. Supply Chain, Food, FedEx ; feeds the rings in both direction<br />Infrastructure attacks feed the ring both directions<br />Leadership focus elevates the nature of the actions<br />“Defense measures must ensure protection of systems first and population foremost”<br />
  7. 7. Countering Principles of War<br />Raising perceptions of attacks guarantee elevated perspective.<br />Proactive approaches to provide defense in depth reduces risk to all Centers of Gravity<br />NOT immediately achievable, requires buy-in<br />
  8. 8. Principle 1<br />Objective: Direct every operation towards a clearly defined, decisive, and attainable objective.<br />Security<br />Create policy & Directives that are concise, fed from leadership and enhances current capabilities.<br />Defense<br />Institutionalize SOP creating a path to obtainable objectives<br />
  9. 9. Principle 2<br />Offensive: Seize, retain, and exploit the initiative<br />Cyber Security personnel must have all tools required to respond to incidents or events when presented enabling decisive results<br />Immediate knowledge of events through proactive<br />Proactive research<br />International teams of trust<br />Reverse engineering of “current” malicious code<br />Pentesting with seized exploits ensure preparedness<br />Exercise routinely against new threats<br />Exploitation allows establishing opstempo for defensive and counter operations.<br />
  10. 10. Principle 3<br />Economy of Force: Allocate minimum essential combat power to secondary efforts.<br />Cyber Security staff should only be allocated tasks relating to protection of grid and its associated systems<br />Minimize external tasks not associated to Cyber Security<br />“Employ” others to do: password resets, maintenance, and support<br />Discriminate whenever possible!<br />Indentify and prioritize cyber assets and assign coverage accordingly<br />
  11. 11. Principle 4<br />Mass: Concentrate combat power at the decisive place and time.<br />Sustain with technology, resolve with Mass – Use Crisis action teams, leverage distributed knowledge<br />“Get there first with the most”.<br />The dynamic nature of Cyber Space allows you to employ mass globally with centralized control<br />Convene and delegate<br />Ensure communication is continuous<br />If possible (Make possible) Disarm the attacker<br />Block/Mitigate adversaries ability to maneuver, virtual arm bar<br />Remain focused on protection<br />
  12. 12. Principle 5<br />Surprise: Strike the enemy at a time, place, or manner for which they are unprepared.<br />Always expect it!<br />Trust but verify – If the network is quiet lower thresholds, to find hidden traffic<br />Utilize time to influence out of the box operating procedures and TTP to develop <br />Always expect it!<br />
  13. 13. Principle 6<br />Maneuver: Place the enemy in a position of disadvantage through flexible application of combat power<br />Gain an advantage in positioning by training, certifying defense crews<br />Exercising as a team places the adversary in a position of disadvantage<br />Train as a group to flexibly protect, respond, and mitigate attacks<br />Leverage internal and external trusted SME capabilities<br />
  14. 14. Principle 7<br />Unity of Command: For every objective, ensure unity of effort under one responsible commander.<br />A single leader should provide direction and coordination for crews ensuring comprehensive objectives.<br />Alignment facilitates communication for mission/common objective<br />Each task presented should have ownership and custodial characteristics for members of the crew<br />Ideas & Solutions <br />Preferred collective<br />Collective not required <br />
  15. 15. Principle 8<br />Security:Never permit the enemy to acquire an unexpected advantage.<br />Protect and preserve defense measures, procedures and capabilities from the eyes of the adversary.<br />Security exertion minimizes attack vectors<br />Understand the capabilities and limiting factors of your people – “provides for a clearer situational awareness”<br />
  16. 16. Principle 9<br />Simplicity: Prepare clear, uncomplicated plans concise orders to ensure thorough understanding.<br />Concise Plans and Orders minimize the chance for mistakes. <br />Degree of operational simplicity results from from experience, training, empowerment and institutionalized processes.<br />Simplicity in Cyber Operations - is an Art of Balance<br />Open lines of communication Local & Global support simplicity<br />
  17. 17. Contested Commons<br />It is Global: Maritime, Air, Space, Cyber<br />Relied upon for business globalization<br />More nations, organizations, economies at risk<br />Rapid capability development, sluggish legal and global agreement on how to “Address Cyber Attacks”<br />Russia & China created No CY Zones <br />Some believe there is “No Cyber War”<br />Ask Estonia, Brazil, Canada, South Africa, Malaysia<br />
  18. 18. Your Turn<br />Train & Exercise your crews as a team<br />Open lines of communication<br />Think strategically, act locally<br />Be proactive, make quick fixes, and best practice into TTP<br />Be paranoid, suspicious and know your adversaries<br />Build your trusted crisis network<br />Plan for events<br />Clear the fog<br />