SlideShare a Scribd company logo
1 of 17
1
1. The Spectrum of Cyberwarfare
2. Offensive Cyber Operations
3. The ART of Defense
4. A comparative studies of nation states capabilities
PLAN
2
Key definitions :
Cyberwarfare :
A set of strategies used by a nation state actor or organization aimed at attacking countries
information systems infrastructure with the intention of disrupting , damaging or destroying.
Cyberwar :
The act of waging war on a nation state or organization to achieve a strategic political , economic or
ideological objective.
Cybersecurity strategy :
A high-level plan that defines how an organization or nation state actor intends to improve the
resilience and security of its cyberspace.
The Spectrum of Cyberwarfare
3
A “jus ad bellum” for Cyberwarfare :
Military Intelligence gathering
Collection of confidential information on current state of military capabilities and operations of a given nation-
state in support of current of futur operations. Example : Interception of digital communication to uncover
military plans
Geopolitical influence
Accrued tendency of nation-state to increase their existing capacity of influence & control on other nations from
the geophysical domain into the cyberspace through information warfare.
Support of Military Operations
Cyberwarfare is an enabler in support of tangible warfare operations such as disruption of a military
center of operations via a computer virus.
Strategic economic warfare
Attacks against a nation state using cyber technology with the aim of weakening its economy
through acquisition of trade secrets , sabotage of industrial facilities.
Cyber counterintelligence
Activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or
other foreign entity.
The Spectrum of Cyberwarfare
4
The Spectrum of Cyberwarfare
Targets of Interest Example Attribution
Military Infrastructure
Espionage
NSA , FSB , GCHQ , MSS , DGRE
Electoral System &
Process
United States Election (2016) Russia’s FSB
Electrical powergrid Ukraine powergrid (2015) Russia’s FSB
Nuclear powerplant Iranian nuclear plant
Stuxnet virus (2010)
NSA & Israel Unit 8200
Communication systems BGP Hijacking Any major global telecom provider
Supply chain SolarWinds cyberattack (2020) Russia’s Cozy Bear
Any national infrastructure
considered critical
Colonial pipeline Any nation state actor with accrued geopolitical
motivation
5
The Spectrum of Cyberwarfare
6
A library of known adversary
Tactics – the adversary’s technical goals
Techniques – how those goals are achieved
Procedures – specific implementations of techniques
The framework contains 3 Matrices : Enterprise , Mobile and Industrial Control System
https://attack.mitre.org/
Offensive Cyber Operations
Into the premise of offensive cyberwarfare : from spies to APTs
APT ( Advanced Persistent Threat ) : Sophisticated cyber intrusion technique that exploits a
given vulnerability in a system inorder to gain extended persistent foothold with the aim of
achieving a specific malicious objective.
Lockheed Martin Cyberkill chain :
7
From Blitzkrieg to Bitskrieg :
- An intense german military stategy intended to bring about a swift victory in WW II
- Think about a series of swift attacks intended to shutdown a nation’s cyberspace
- Example : Shutdown of Ukraine Electrical Power Grid in 2015 by Sandworm
- Objective : Render your target’s system unoperational through disruptive intrusion in the shortest
possible time frame.
- Possibly : Erase disk , encrypt files , corrupt system kernel , change SCADA programming logic
Offensive Cyber Operations
8
DDOS Distributed Denial of Service:
Directing malicious traffic to a target by using a range of infected devices controlled by C² Servers.
Aim : Disrupt the availability of an online system
Examples :
▪ DNS Amplification Attack
▪ MIRAI Botnet Attack
Offensive Cyber Operations
9
Hunting for vulnerabilities & bugs :
A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known
about and the vendor is not aware of. A zero- ay exploit is the method an attacker uses to access the
vulnerable system.
❑ Active purchase of 0-day exploitsby nation-state to compromise systems ... USA , EU
❑ Advanced vulnerability research program (R&D) ... China
❑ Development of exploits for known vulnerabilities ... Russia
Strategic Objective :
✓ Obtain initial access to a foreign nation state’s system
✓ Maintain a tactical advantage on other nation state
Example : Kaseya Attack , MSRPC Printer Spooler Relay , Zerologon , Stuxnet
Offensive Cyber Operations
10
Social Engineering & Phishing :
Social engineering is the psychological manipulation of people into performing actions or divulging
confidential information.
Cialdini's 6 Principles of Influence are : Reciprocity , Commitment/consistency, Social proof
,Authority, Liking, Scarcity.
Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or
otherwise deceptive) message designed to trick a person into revealing sensitive information to the
attacker
Objective : Leakage of confidential information
Offensive Cyber Operations
11
“If you know the enemy and know yourself, you need not fear the result of a
hundred battles. If you know yourself but not the enemy, for every victory
gained you will also suffer a defeat. If you know neither the enemy nor
yourself, you will succumb in every battle.”
“Sun Tzu
The ART of Defense
STEP ROAD MAP TO PLANNING A NATION-WIDE DEFENSE STATREGY
1 Assess your national cybersecurity landscape
2 Assess the cyber-risk landscape
3 Produce your national cyber strategy
4 Develop an action plan
5 Monitor and evaluate defined metrics of your strategy
6 Continuous improvement & update
12
The ART of Defense
BLUE PRINT FOR BUILDING A NATIONAL CYBERSECURITY DEFENSE STRATEGY
Governance Risk Management Legislation & Regulation
❑ Ensure the highest level of support
❑ Establish a competent cybersecurity
authority
❑ Ensure intra-government cooperation
❑ Ensure inter-sectoral cooperation
❑ Allocate dedicated budget and resources
❑ Define a risk-management approach
❑ Identify a common methodology for
managing cybersecurity risk
❑ Develop sectoral cybersecurity risk profiles
❑ Establishing cybersecurity policies
❑ Establish cybercrime legislation
❑ Recognise and safeguard individual rights and
liberties
❑ Create compliance mechanisms
❑ Promote capacity-building for law enforcement
Preparedness & Resilience Capability & Capacity Building Critical Infrastructure services & essential
services
❑ Establish cyber-incident response
capabilities
❑ Establish contingency plans for
cybersecurity crisis management
❑ Promote information-sharing
❑ Conduct cybersecurity exercises
❑ Develop cybersecurity curricula
❑ Stimulate skills development and workforce
training
❑ Implement a coordinated cybersecurity
awareness-raising programme
❑ Foster cybersecurity innovation and R&D
❑ Establish a risk-management approach to
protecting critical infrastructures
❑ and services
❑ Adopt a governance model with clear
responsibilities
❑ Define minimum cybersecurity baselines
❑ Establish public-private partnerships
13
Defending your critical infrastructure
The ART of Defense
Security best practices and trends
 Threat Intelligence & Hunting  Quantum & Post Quantum Cryptography
 Vulnerability Management  Threat Emulation
 Compliance Audit  Defense in depth
 EDR ( End-point detection & response)  Zero-Trust Architecture
 Security Awareness  Secure Enclaves
 SIEM ( Security Information &Event Management) ❑ MFA (Multi factor Authentication)
 SOAR ( Security Orchestration , Automation & Response ) ❑ Risk Management
 DLP ( Data loss prevention ) ❑ Next Generation Firewall
14
MITRE DEFEND Framework - https://d3fend.mitre.org/
The ART of Defense
15
A comparative studies of nation states capabilities
16
M E R C I !
T H A N K Y O U !
QUESTIONS ?
17

More Related Content

What's hot

Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trendsShreedeep Rayamajhi
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingDepartment of Defense
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber SecurityPriyanshu Ratnakar
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsIain Dickson
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationRitik Kumar
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awarenessJason Murray
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chainSymantec Brasil
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Preventionfmi_igf
 

What's hot (20)

Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Cyber security and current trends
Cyber security and current trendsCyber security and current trends
Cyber security and current trends
 
Social Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness BriefingSocial Media Cyber Security Awareness Briefing
Social Media Cyber Security Awareness Briefing
 
Cyber security
Cyber securityCyber security
Cyber security
 
Introduction to Cyber Security
Introduction to Cyber SecurityIntroduction to Cyber Security
Introduction to Cyber Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feedsCyber Threat Intelligence - It's not just about the feeds
Cyber Threat Intelligence - It's not just about the feeds
 
Cybersecurity PowerPoint Presentation
Cybersecurity PowerPoint PresentationCybersecurity PowerPoint Presentation
Cybersecurity PowerPoint Presentation
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
cyber security
cyber security cyber security
cyber security
 
Cyber security awareness
Cyber security awarenessCyber security awareness
Cyber security awareness
 
Cyber Security Case Studies
Cyber Security Case Studies Cyber Security Case Studies
Cyber Security Case Studies
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Addressing the cyber kill chain
Addressing the cyber kill chainAddressing the cyber kill chain
Addressing the cyber kill chain
 
Threat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill ChainThreat Hunting with Cyber Kill Chain
Threat Hunting with Cyber Kill Chain
 
Cyber Security: Threat and Prevention
Cyber Security: Threat and PreventionCyber Security: Threat and Prevention
Cyber Security: Threat and Prevention
 
Cyber security
Cyber security Cyber security
Cyber security
 

Similar to Case studies in cybersecurity strategies

Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286Udaysharma3
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityAndrea Rossetti
 
D20110714cyber
D20110714cyberD20110714cyber
D20110714cybernitay123
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Kevin Fream
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Shakas Technologies
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfNirenj George
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015AFCEA International
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-statusRama Reddy
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...cyberprosocial
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
 
SHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptxSHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptxofficelifehq
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxstilliegeorgiana
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsFidelis Cybersecurity
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreJamie Moore
 
Dhs cybersecurity-roadmap
Dhs cybersecurity-roadmapDhs cybersecurity-roadmap
Dhs cybersecurity-roadmapAjay Ohri
 

Similar to Case studies in cybersecurity strategies (20)

Cyber weapons 1632578286
Cyber weapons 1632578286Cyber weapons 1632578286
Cyber weapons 1632578286
 
Francesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber securityFrancesca Bosco, Le nuove sfide della cyber security
Francesca Bosco, Le nuove sfide della cyber security
 
DoD Cyber Strategy
DoD Cyber StrategyDoD Cyber Strategy
DoD Cyber Strategy
 
D20110714cyber
D20110714cyberD20110714cyber
D20110714cyber
 
Department of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in CyberspaceDepartment of Defense Strategy for Operating in Cyberspace
Department of Defense Strategy for Operating in Cyberspace
 
Cyber Security Cooperation
Cyber Security CooperationCyber Security Cooperation
Cyber Security Cooperation
 
Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022Microsoft Digital Defense Executive Summary-2022
Microsoft Digital Defense Executive Summary-2022
 
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
Automated Emerging Cyber Threat Identification and Profiling Based on Natural...
 
C018131821
C018131821C018131821
C018131821
 
Microsoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdfMicrosoft Digital Defense Report 2022.pdf
Microsoft Digital Defense Report 2022.pdf
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015Cyber Operations in Smart Megacities: TechNet Augusta 2015
Cyber Operations in Smart Megacities: TechNet Augusta 2015
 
Cyber security-in-india-present-status
Cyber security-in-india-present-statusCyber security-in-india-present-status
Cyber security-in-india-present-status
 
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
Safeguarding the Digital Realm Understanding CyberAttacks and Their Vital Cou...
 
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxSECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docx
 
SHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptxSHIELD_overview_presentation_INFOCOM2018.pptx
SHIELD_overview_presentation_INFOCOM2018.pptx
 
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docxProject 4 Threat Analysis and ExploitationTranscript (backgroun.docx
Project 4 Threat Analysis and ExploitationTranscript (backgroun.docx
 
Hunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systemsHunting for cyber threats targeting weapon systems
Hunting for cyber threats targeting weapon systems
 
Cyber-what?
Cyber-what?Cyber-what?
Cyber-what?
 
Cyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece MooreCyber Warfare - Jamie Reece Moore
Cyber Warfare - Jamie Reece Moore
 
Dhs cybersecurity-roadmap
Dhs cybersecurity-roadmapDhs cybersecurity-roadmap
Dhs cybersecurity-roadmap
 

More from EyesOpen Association

COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATION
COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATIONCOLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATION
COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATIONEyesOpen Association
 
Ransomware : Challenges and best practices
Ransomware : Challenges and best practices Ransomware : Challenges and best practices
Ransomware : Challenges and best practices EyesOpen Association
 
Gestion des Incidents: prendre le contrôle de votre processus
Gestion des Incidents: prendre le contrôle de votre processus Gestion des Incidents: prendre le contrôle de votre processus
Gestion des Incidents: prendre le contrôle de votre processus EyesOpen Association
 
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...EyesOpen Association
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance EyesOpen Association
 
Internal and External threats to a corporate network : Bypassing perimeter de...
Internal and External threats to a corporate network : Bypassing perimeter de...Internal and External threats to a corporate network : Bypassing perimeter de...
Internal and External threats to a corporate network : Bypassing perimeter de...EyesOpen Association
 
Cybersecurity Competencies and the Future of Work
Cybersecurity Competencies and the Future of Work Cybersecurity Competencies and the Future of Work
Cybersecurity Competencies and the Future of Work EyesOpen Association
 
Approche de sécurisation des identités: Cas de Active Directory
Approche de sécurisation des identités: Cas de Active DirectoryApproche de sécurisation des identités: Cas de Active Directory
Approche de sécurisation des identités: Cas de Active DirectoryEyesOpen Association
 
Cyber threat intelligence avec Open CTI
Cyber threat intelligence avec Open CTI Cyber threat intelligence avec Open CTI
Cyber threat intelligence avec Open CTI EyesOpen Association
 
Le rôle de la sensibilisation et de la formation à la cybersécurité
Le rôle de la sensibilisation et de la formation à la cybersécuritéLe rôle de la sensibilisation et de la formation à la cybersécurité
Le rôle de la sensibilisation et de la formation à la cybersécuritéEyesOpen Association
 
Cyber psychology: Understand your cyber security mental health culture
Cyber psychology: Understand your cyber security mental health culture Cyber psychology: Understand your cyber security mental health culture
Cyber psychology: Understand your cyber security mental health culture EyesOpen Association
 
La sécurité des API: Quand les mauvais élèves entrent en piste.
La sécurité des API: Quand les mauvais élèves entrent en piste.La sécurité des API: Quand les mauvais élèves entrent en piste.
La sécurité des API: Quand les mauvais élèves entrent en piste.EyesOpen Association
 
Programme de cybersécurité : Implementer le framework NIST CSF en entreprise
Programme de cybersécurité : Implementer le framework NIST CSF en entrepriseProgramme de cybersécurité : Implementer le framework NIST CSF en entreprise
Programme de cybersécurité : Implementer le framework NIST CSF en entrepriseEyesOpen Association
 
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique EyesOpen Association
 
Report: Digital Transformation and Application Security Posture in West and C...
Report: Digital Transformation and Application Security Posture in West and C...Report: Digital Transformation and Application Security Posture in West and C...
Report: Digital Transformation and Application Security Posture in West and C...EyesOpen Association
 
Effective Information Security Risk and Controls Management
Effective Information Security Risk and Controls Management Effective Information Security Risk and Controls Management
Effective Information Security Risk and Controls Management EyesOpen Association
 
Cybersecurity in Mergers and Acquisitions (M&A)
Cybersecurity in Mergers and Acquisitions (M&A) Cybersecurity in Mergers and Acquisitions (M&A)
Cybersecurity in Mergers and Acquisitions (M&A) EyesOpen Association
 

More from EyesOpen Association (20)

COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATION
COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATIONCOLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATION
COLLECT AND ANALYZE RAM FOR DIGITAL INVESTIGATION
 
Ransomware : Challenges and best practices
Ransomware : Challenges and best practices Ransomware : Challenges and best practices
Ransomware : Challenges and best practices
 
Gestion des Incidents: prendre le contrôle de votre processus
Gestion des Incidents: prendre le contrôle de votre processus Gestion des Incidents: prendre le contrôle de votre processus
Gestion des Incidents: prendre le contrôle de votre processus
 
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...
Art du threat Modeling : Modéliser les menaces informatiques avec la méthode ...
 
Cyber and information security operations and assurance
Cyber and information security operations and assurance Cyber and information security operations and assurance
Cyber and information security operations and assurance
 
Zero Trust : How to Get Started
Zero Trust : How to Get StartedZero Trust : How to Get Started
Zero Trust : How to Get Started
 
CTFaaS pour la cybereducation
CTFaaS pour la cybereducationCTFaaS pour la cybereducation
CTFaaS pour la cybereducation
 
Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques Phishing mails: Bonnes pratiques
Phishing mails: Bonnes pratiques
 
Internal and External threats to a corporate network : Bypassing perimeter de...
Internal and External threats to a corporate network : Bypassing perimeter de...Internal and External threats to a corporate network : Bypassing perimeter de...
Internal and External threats to a corporate network : Bypassing perimeter de...
 
Cybersecurity Competencies and the Future of Work
Cybersecurity Competencies and the Future of Work Cybersecurity Competencies and the Future of Work
Cybersecurity Competencies and the Future of Work
 
Approche de sécurisation des identités: Cas de Active Directory
Approche de sécurisation des identités: Cas de Active DirectoryApproche de sécurisation des identités: Cas de Active Directory
Approche de sécurisation des identités: Cas de Active Directory
 
Cyber threat intelligence avec Open CTI
Cyber threat intelligence avec Open CTI Cyber threat intelligence avec Open CTI
Cyber threat intelligence avec Open CTI
 
Le rôle de la sensibilisation et de la formation à la cybersécurité
Le rôle de la sensibilisation et de la formation à la cybersécuritéLe rôle de la sensibilisation et de la formation à la cybersécurité
Le rôle de la sensibilisation et de la formation à la cybersécurité
 
Cyber psychology: Understand your cyber security mental health culture
Cyber psychology: Understand your cyber security mental health culture Cyber psychology: Understand your cyber security mental health culture
Cyber psychology: Understand your cyber security mental health culture
 
La sécurité des API: Quand les mauvais élèves entrent en piste.
La sécurité des API: Quand les mauvais élèves entrent en piste.La sécurité des API: Quand les mauvais élèves entrent en piste.
La sécurité des API: Quand les mauvais élèves entrent en piste.
 
Programme de cybersécurité : Implementer le framework NIST CSF en entreprise
Programme de cybersécurité : Implementer le framework NIST CSF en entrepriseProgramme de cybersécurité : Implementer le framework NIST CSF en entreprise
Programme de cybersécurité : Implementer le framework NIST CSF en entreprise
 
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique
Cyberguerre et Cyberdéfense: les nouveaux enjeux pour l’Afrique
 
Report: Digital Transformation and Application Security Posture in West and C...
Report: Digital Transformation and Application Security Posture in West and C...Report: Digital Transformation and Application Security Posture in West and C...
Report: Digital Transformation and Application Security Posture in West and C...
 
Effective Information Security Risk and Controls Management
Effective Information Security Risk and Controls Management Effective Information Security Risk and Controls Management
Effective Information Security Risk and Controls Management
 
Cybersecurity in Mergers and Acquisitions (M&A)
Cybersecurity in Mergers and Acquisitions (M&A) Cybersecurity in Mergers and Acquisitions (M&A)
Cybersecurity in Mergers and Acquisitions (M&A)
 

Recently uploaded

Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.bazilnaeem7
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfKinben Innovation Private Limited
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfSkillCertProExams
 
Understanding Poverty: A Community Questionnaire
Understanding Poverty: A Community QuestionnaireUnderstanding Poverty: A Community Questionnaire
Understanding Poverty: A Community Questionnairebazilnaeem7
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Gurusaastr
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfSkillCertProExams
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...Kayode Fayemi
 
ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024SkillCertProExams
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by  Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by  Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptxAnsari Aashif Raza Mohd Imtiyaz
 
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxThe Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxMogul Press
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...Sosiaali- ja terveysministeriö / yleiset
 
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxDAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxFamilyWorshipCenterD
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdfNancy Goebel
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptxnitishjain2015
 

Recently uploaded (14)

Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.Deciding The Topic of our Magazine.pptx.
Deciding The Topic of our Magazine.pptx.
 
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdfACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
ACM CHT Best Inspection Practices Kinben Innovation MIC Slideshare.pdf
 
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdfMicrosoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
Microsoft Fabric Analytics Engineer (DP-600) Exam Dumps 2024.pdf
 
Understanding Poverty: A Community Questionnaire
Understanding Poverty: A Community QuestionnaireUnderstanding Poverty: A Community Questionnaire
Understanding Poverty: A Community Questionnaire
 
SaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of GuruSaaStr Workshop Wednesday with CEO of Guru
SaaStr Workshop Wednesday with CEO of Guru
 
Databricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdfDatabricks Machine Learning Associate Exam Dumps 2024.pdf
Databricks Machine Learning Associate Exam Dumps 2024.pdf
 
The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...The Concession of Asaba International Airport: Balancing Politics and Policy ...
The Concession of Asaba International Airport: Balancing Politics and Policy ...
 
ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024ServiceNow CIS-Discovery Exam Dumps 2024
ServiceNow CIS-Discovery Exam Dumps 2024
 
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by  Ansari Aashif Raza.pptxTSM unit 5 Toxicokinetics seminar by  Ansari Aashif Raza.pptx
TSM unit 5 Toxicokinetics seminar by Ansari Aashif Raza.pptx
 
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docxThe Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
The Influence and Evolution of Mogul Press in Contemporary Public Relations.docx
 
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
STM valmiusseminaari 26-04-2024 PUUMALAINEN Ajankohtaista kansainvälisestä yh...
 
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptxDAY 0 8 A Revelation 05-19-2024 PPT.pptx
DAY 0 8 A Revelation 05-19-2024 PPT.pptx
 
2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf2024 mega trends for the digital workplace - FINAL.pdf
2024 mega trends for the digital workplace - FINAL.pdf
 
2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx2024-05-15-Surat Meetup-Hyperautomation.pptx
2024-05-15-Surat Meetup-Hyperautomation.pptx
 

Case studies in cybersecurity strategies

  • 1. 1
  • 2. 1. The Spectrum of Cyberwarfare 2. Offensive Cyber Operations 3. The ART of Defense 4. A comparative studies of nation states capabilities PLAN 2
  • 3. Key definitions : Cyberwarfare : A set of strategies used by a nation state actor or organization aimed at attacking countries information systems infrastructure with the intention of disrupting , damaging or destroying. Cyberwar : The act of waging war on a nation state or organization to achieve a strategic political , economic or ideological objective. Cybersecurity strategy : A high-level plan that defines how an organization or nation state actor intends to improve the resilience and security of its cyberspace. The Spectrum of Cyberwarfare 3
  • 4. A “jus ad bellum” for Cyberwarfare : Military Intelligence gathering Collection of confidential information on current state of military capabilities and operations of a given nation- state in support of current of futur operations. Example : Interception of digital communication to uncover military plans Geopolitical influence Accrued tendency of nation-state to increase their existing capacity of influence & control on other nations from the geophysical domain into the cyberspace through information warfare. Support of Military Operations Cyberwarfare is an enabler in support of tangible warfare operations such as disruption of a military center of operations via a computer virus. Strategic economic warfare Attacks against a nation state using cyber technology with the aim of weakening its economy through acquisition of trade secrets , sabotage of industrial facilities. Cyber counterintelligence Activities designed to prevent or thwart spying, intelligence gathering, and sabotage by an enemy or other foreign entity. The Spectrum of Cyberwarfare 4
  • 5. The Spectrum of Cyberwarfare Targets of Interest Example Attribution Military Infrastructure Espionage NSA , FSB , GCHQ , MSS , DGRE Electoral System & Process United States Election (2016) Russia’s FSB Electrical powergrid Ukraine powergrid (2015) Russia’s FSB Nuclear powerplant Iranian nuclear plant Stuxnet virus (2010) NSA & Israel Unit 8200 Communication systems BGP Hijacking Any major global telecom provider Supply chain SolarWinds cyberattack (2020) Russia’s Cozy Bear Any national infrastructure considered critical Colonial pipeline Any nation state actor with accrued geopolitical motivation 5
  • 6. The Spectrum of Cyberwarfare 6 A library of known adversary Tactics – the adversary’s technical goals Techniques – how those goals are achieved Procedures – specific implementations of techniques The framework contains 3 Matrices : Enterprise , Mobile and Industrial Control System https://attack.mitre.org/
  • 7. Offensive Cyber Operations Into the premise of offensive cyberwarfare : from spies to APTs APT ( Advanced Persistent Threat ) : Sophisticated cyber intrusion technique that exploits a given vulnerability in a system inorder to gain extended persistent foothold with the aim of achieving a specific malicious objective. Lockheed Martin Cyberkill chain : 7
  • 8. From Blitzkrieg to Bitskrieg : - An intense german military stategy intended to bring about a swift victory in WW II - Think about a series of swift attacks intended to shutdown a nation’s cyberspace - Example : Shutdown of Ukraine Electrical Power Grid in 2015 by Sandworm - Objective : Render your target’s system unoperational through disruptive intrusion in the shortest possible time frame. - Possibly : Erase disk , encrypt files , corrupt system kernel , change SCADA programming logic Offensive Cyber Operations 8
  • 9. DDOS Distributed Denial of Service: Directing malicious traffic to a target by using a range of infected devices controlled by C² Servers. Aim : Disrupt the availability of an online system Examples : ▪ DNS Amplification Attack ▪ MIRAI Botnet Attack Offensive Cyber Operations 9
  • 10. Hunting for vulnerabilities & bugs : A zero day (or 0-day) vulnerability is a security risk in a piece of software that is not publicly known about and the vendor is not aware of. A zero- ay exploit is the method an attacker uses to access the vulnerable system. ❑ Active purchase of 0-day exploitsby nation-state to compromise systems ... USA , EU ❑ Advanced vulnerability research program (R&D) ... China ❑ Development of exploits for known vulnerabilities ... Russia Strategic Objective : ✓ Obtain initial access to a foreign nation state’s system ✓ Maintain a tactical advantage on other nation state Example : Kaseya Attack , MSRPC Printer Spooler Relay , Zerologon , Stuxnet Offensive Cyber Operations 10
  • 11. Social Engineering & Phishing : Social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Cialdini's 6 Principles of Influence are : Reciprocity , Commitment/consistency, Social proof ,Authority, Liking, Scarcity. Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker Objective : Leakage of confidential information Offensive Cyber Operations 11
  • 12. “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” “Sun Tzu The ART of Defense STEP ROAD MAP TO PLANNING A NATION-WIDE DEFENSE STATREGY 1 Assess your national cybersecurity landscape 2 Assess the cyber-risk landscape 3 Produce your national cyber strategy 4 Develop an action plan 5 Monitor and evaluate defined metrics of your strategy 6 Continuous improvement & update 12
  • 13. The ART of Defense BLUE PRINT FOR BUILDING A NATIONAL CYBERSECURITY DEFENSE STRATEGY Governance Risk Management Legislation & Regulation ❑ Ensure the highest level of support ❑ Establish a competent cybersecurity authority ❑ Ensure intra-government cooperation ❑ Ensure inter-sectoral cooperation ❑ Allocate dedicated budget and resources ❑ Define a risk-management approach ❑ Identify a common methodology for managing cybersecurity risk ❑ Develop sectoral cybersecurity risk profiles ❑ Establishing cybersecurity policies ❑ Establish cybercrime legislation ❑ Recognise and safeguard individual rights and liberties ❑ Create compliance mechanisms ❑ Promote capacity-building for law enforcement Preparedness & Resilience Capability & Capacity Building Critical Infrastructure services & essential services ❑ Establish cyber-incident response capabilities ❑ Establish contingency plans for cybersecurity crisis management ❑ Promote information-sharing ❑ Conduct cybersecurity exercises ❑ Develop cybersecurity curricula ❑ Stimulate skills development and workforce training ❑ Implement a coordinated cybersecurity awareness-raising programme ❑ Foster cybersecurity innovation and R&D ❑ Establish a risk-management approach to protecting critical infrastructures ❑ and services ❑ Adopt a governance model with clear responsibilities ❑ Define minimum cybersecurity baselines ❑ Establish public-private partnerships 13
  • 14. Defending your critical infrastructure The ART of Defense Security best practices and trends  Threat Intelligence & Hunting  Quantum & Post Quantum Cryptography  Vulnerability Management  Threat Emulation  Compliance Audit  Defense in depth  EDR ( End-point detection & response)  Zero-Trust Architecture  Security Awareness  Secure Enclaves  SIEM ( Security Information &Event Management) ❑ MFA (Multi factor Authentication)  SOAR ( Security Orchestration , Automation & Response ) ❑ Risk Management  DLP ( Data loss prevention ) ❑ Next Generation Firewall 14
  • 15. MITRE DEFEND Framework - https://d3fend.mitre.org/ The ART of Defense 15
  • 16. A comparative studies of nation states capabilities 16
  • 17. M E R C I ! T H A N K Y O U ! QUESTIONS ? 17