Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

35 views

Published on

Presentation to the FireEye Defense Summit
Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Modern Cyber Battlefield - Application of COIN Principals to Today's Kinetic Cyber Environment

  1. 1. 12/02/2016 1 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED. MODERN CYBER BATTLEFIELD APPLICATION OF KEY COUNTERINSURGENCY PRINCIPALS TO TODAY’S KINETIC CYBER ENVIRONMENT Presented by Chuck McGregor CISSP, CISM VP Security Operations, Parsons COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.2 ABOUT ME • USMC officer • Deployed to Afghanistan and Iraq in advisor and company command capacities in COIN environments/missions • US Marine Special Operations Command Reserve Chief of Staff • Cyber Director at Parsons Corp.
  2. 2. 12/02/2016 2 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.3 KNOW THY ENEMY… - Sun Tzu …AND KNOW THY SELF COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.4 COUNTERINSURGENCY OPERATIONS JP3-24 The twenty-first century is typified by a volatile international environment, persistent conflict, and increasing state fragility. Long-standing external and internal tensions tend to exacerbate or create core grievances within some states, resulting in political strife, instability, or even insurgency. Moreover, some transnational terrorists/extremists with radical political and religious ideologies may intrude in weak or poorly governed states to form a wider, more networked threat.
  3. 3. 12/02/2016 3 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.5 SETTING THE STAGE • The challenges we face are dynamic • We need new ways to view our cyber adversaries • Correlations of the cyber battlefield to dynamic counterinsurgency landscapes • New ways to view and prepare the cyber battle space • Let’s try something different… A view of our adversaries • Nation-state sponsors • Criminal organizations • Hacktivists • Proxy agents • Competitors • Insiders 6 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.6 INSURGENCY ANALYSIS Before we determine where to focus, let’s analyze insurgencies…
  4. 4. 12/02/2016 4 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.7 UNDERSTANDING INSURGENCY • Organized • Complexity • Contemporary conflict • Leadership/narrative • Protracted struggle Modern cyber adversary motives • Ideological • Socio-economic influence • Commercial/defense objectives • Criminal/funding objectives COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.8 RECOGNIZING INSURGENT VULNERABILITIES • Need for secrecy • Need to establish a base of operations • Need for financial resources • Internal divisions • Need to maintain momentum • Informants within the insurgency Cyber exploitation mindset • Strong unity of command • Adjacent unit coordination • Financial resources • Our own people …Our campaign plan
  5. 5. 12/02/2016 5 9 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.9 FOCUS AREA #1 PLANNING Focus Area #1 Your counterinsurgency campaign plan COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.10 FOCUS AREA #1 – COIN CAMPAIGN PLANNING • Unity of effort • Intelligence-driven operations (Intel prep of the battlefield) • Economy of force • Component contributions • Operational environment shaping Cyber campaign planning corollaries… • Organize your security practices • Peer-industry integration points • Bottom-up threat intelligence - unleash • Support the analyst effort – invest • Technology force multipliers
  6. 6. 12/02/2016 6 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.11 SMALL WARS MANUAL UNITED STATES MARINE CORPS, 1940 In small wars, caution must be exercised, and instead of striving to generate the maximum power with the forces available, the goal is to gain decisive results with the least application of force. In small wars, tolerance, sympathy, and kindness should be the keynote of our relationship with the mass of the population. Small wars involve a wide range of activities including diplomacy, contacts with the civil population and warfare of the most difficult kind. 12 12 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.12 FOCUS AREA #2 TACTICAL GUERILLA FIGHT Focus Area #2 The tactical guerilla fight
  7. 7. 12/02/2016 7 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.13 FOCUS AREA #2 – GUERILLA TACTICS • Attacking the will • Deception • Engagement selection • Supply chain disruption • Attacks to infrastructure • Financial conversion • Prolonged fight Tactical cyber actions… • Fight his strategy, not his forces • Map short term actions to long term vision • Maintain intelligence emphasis • Be prepared for setbacks • Empower the lowest levels • Rank is nothing – talent is eveything • Keep the initiative • Be there COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.14 GUERILLA TACTICS AND THE CYBER KILL CHAIN Initial Compromise Establish Foothold Escalate Privileges Internal Recon Move Laterally Maintain Presence Complete Mission (Action on Objectives) Guerilla Tactics Cyber Tactics “Cyber Kill Chain” is a registered trademark of Lockheed Martin • Patient observation • Develop intimacy • Target development and prioritization • Final planning • Asymmetric positioning • Destroy/disruption • Objective advance • Evade and egress • External attack surface sizing • Social Engineering • External Compromise • Custom Malware • Payload Insert • App Exploitation • Delivery • Credential Theft • Password Cracking • “Pass-the- Hash” • Exploitation • Critical System Recon • System, Active Directory, User Enumeration • Installation • Net Use Commands • Reverse Shell Access • Backdoor Variants • VPN Subversion • Sleeper Malware • C2 Nodes • Staging Servers • Data Consolidation • Data Theft • Destroy
  8. 8. 12/02/2016 8 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.15 KEY TAKEAWAYS • Take a new look at we fight on the cyber battlefield • Leverage what we’ve learned in COIN – the similarities prompt consideration • Integrating COIN planning elements into your cyber campaign plan to keep adversary off balance • Ensure intelligence-driven operations • Adopting a COIN mindset can give your front line an edge in the guerrilla fight • Empower your lowest levels COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.16 THANK YOU chuck.mcgregor@parsons.com @chuck_mcg
  9. 9. 12/02/2016 9 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.17 REFERENCES FM 3-24 Counterinsurgency JP 3-24 Counterinsurgency Operations FMFRP 12-15 USMC Small Wars Manual (1940) “28 Articles - Fundamentals of Company-Level Counterinsurgency”, David Kilcullen (2006) “Killing Advanced Threats in Their Tracks:An Intelligent Approach to Attack Prevention”, Tony Sager, SANS Institute (2014) “10 Strategies of a World-Class Security Operations Center”, Carson Zimmerman, MITRE (2014) EXIM APPROVED Parsons #458 7 OCT 16.

×