The document discusses the significant challenges posed by cyber criminals and the need for a paradigm shift in cybersecurity strategies. It emphasizes that understanding the enemy, being proactive, and integrating security from day one are crucial for effective defense against invisible network criminals. Additionally, the document highlights the importance of collaborating and sharing information to combat escalating cyber threats.

1. CYBER
D E F E N C E
THINKING LIKE
THE ENEMY
p e t e r c o c h r a n e . c o m
Prof Peter Cochrane OBE, DSc

2. OUR ENEMIES
Immoral
D e v i o u s
C o r r u p t
I n v i s i b l e
C r i m i n a l
A d a p t i v e
Innovative
Re l e n t l e s s
U b i q u i t o u s
N e t w o r k e d
V i r t u a l i s e d
C o o p e r a t i v e
Opportunistic
Everything
We are not!
“ T h i s i m m e d i a t e l y p l a c e s U S a t s o m e
d i s a d v a n t a g e i n u n d e r s t a n d i n g
e x a c t l y w h a t w e a r e u p a g a i n s t ”

3. INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue
expertise and tools
will not allow us to
win this war…

4. INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue
expertise and tools
will not allow us to
win this war…
W
E
N
EED
TO
GET
IN
SIDE
a
n
d
M
ODEL
RELA
TION
SHIPS

5. W I S D O M S
F r o m ~ 5 5 0 B C
“To know your enemy you
must become your enemy”
“Destroy your enemy from
within””
Sun Tzu
The Art of War
“There is no instance of a nation
bene
fi
tting from prolonged warfare”

6. D e r i v at i v e
Hypothesis
“ Yo u c a n n o t b e a g o o d d e f e n d e r u n l e s s yo u
h a ve f i r s t b e e n a g o o d a t t a c ke r ”

7. F U N D A M E N TA L M E M E S
P e o p l e a r e b y f a r t h e s i n g l e b i g g e s t r i s k
a n d t h e k e r n e l f o r a l l f o r m s o f a t t a c k
I t o n l y t a k e s o n e t o m a k e
a n e r ro r, b e t e m p t e d , g e t
a n g r y , u p s e t , b e c o m e
c o r r u p t e d , o r t u r n t o
t h e D a r k S i d e + + + !
“ Pe o p l e a re i n h e re n t l y k i n d a n d w i l l h e l p
i f t h e y t h i n k yo u a r e h a v i n g d i f f i c u l t y ”
“ T h e y a r e g e n e r a l l y g r a t e f u l
f o r a n y g u i d a n c e a n d / o r
h e l p g i v e n ”

8. B E Y O N D P E O P L E
S e c u r i t y i s w a y b e y o n d e d u c a t i o n
I t i s f u n d a m e n t a l l y u n a c c e p t a b l e
t o e x p e c t u s e r s t o b e s e c u r i t y
s a v v y / s e l f s u f f i c i e n t !
I n d u s t r y m u s t a s s u m e
t h a t r e s p o n s i b i l i t y
f ro m D a y 1
S e c u r i t y c a n n o t b e
j u s t a n a p p e n d a g e ,
a m e re a f t e r t h o u g h t ,
i t m u s t b e i n t e g r a l
t o t h e b a s i c d e s i g n

9. S E G U A E
The Opportunistic
Dropped receipt to a wet
floor - I picked it up and
this caught my eye

10. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho

11. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !

12. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what his
boot-up looked like - such a great advert !

13. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what his
boot-up looked like - such a great advert !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W

14. L O U D & R U D E
There is always a price to pay !

15. A stack of papers
readable at a glance
E X H I B I T I O N I S T S
Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same

16. A stack of papers
readable at a glance
E X H I B I T I O N I S T S
Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same
In < 1hour of looking & listening I had:
All there names
Mobile numbers + eMail addresses
Unit Codes
Postal Drop
Building
fl
oor and room
IT Support Number and log in
Who was at their meeting
Meeting agenda
Who said what
Decisions made
Project Code Name
Organisations involved
Objectives and progress
The name of a ‘Secret Project’
Talked about in euphemisms
+++++

17. L a x s e c u r i t y
Unintended revelations/consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting

18. L a x s e c u r i t y
Unintended revelations/consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal A
ff
airs Advisor
DAY 2: Pass Card as a member of sta
f

19. H O N E Y P O T S
Applies ‘equally’ to both sexes
Older man - younger woman
Older woman - younger man
Careless talk, briefcase, laptop access
Access to some informal meetings
Eavesdropping telephone calls
Listening device planting
Geo tracking/bugging
Spyware install
Corruption
Blackmail
Collusion
Long term investment and
strategy most often used
by rogue states for .Gov
& industrial spying with
operations spanning years

20. A X I O M
A t t a c k e r s
A d v a n t a g e
“A t t a c k s c o m e f ro m u n e x p e c t e d d i r e c t i o n s . .
. . b y m e c h a n i s m s y o u d i d n ’t a n t i c i p a t e . .
. . a t t i m e s t h a t a r e r e a l l y i n c o n v e n i e n t ”

21. Paradox
“ T h e m i l i t a r y p l a y a l l d a y a n d o c c a s i o n a l l y
h a ve a wa r, w h i l s t W E a re a t wa r e ve r y d a y
a n d n e v e r p l a y ”

22. Constraints
W e a r e d i s a d v a n t a g e d !
Z i p
Z e r o
N o n e
To t a l F r e e d o m
A n y t h i n g G o e s
L e g a l
M o r a l
S o c i a l
E t h i c a l
Po l i t i c a l
M a n a g e r i a l
+ + + + + + + + + +
C o n s t i t u t i o n a l
R i s k A p p e t i t e
P ro f e s s i o n a l
E d u c a t i o n a l
Re g u l a t o r y
D i v e r s i t y
+ + + + + +
W e c a n p l a y , b u t m u s t n o t s t r a y
b e y o n d t h e ‘ b o u n d a r y c o n d i t i o n s ’

23. O u r w o r l d i s n o l o n g e r s i m p l e
“There are no simple solutions
to complex problems”
“The energy required to solve a problem is
always greater than that expended to create it”
NOT Understood

24. D E F E N C E
& d E F E AT
“You cannot unilaterally defend yourself to victory
- and we are 100% defence focused
- ergo we can never win”
Fortresses, Walls, Bailies, Dykes et
al do not deter or repel enemies
and attackers for very long!
Ditto Firewalls
AntiVirus Apps
Portal Monitors
Activity Scanners
VPNs, BlockChain,
Encryption, Clouds,
Connectivity Scanners
++++

25. 2025
2015
NEEDLES
There are three basic types
2025
2015
“The Dark Side should be
a member of the G8”
“Nothing we are doing
right now will slow
this growth”
A P P A R E N T P A
FA I L U R E C O S T S

26. W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
A wider perspective
Land Sea Air Space Cyber Information

27. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
Catalyst
A wider perspective
Land Sea Air Space Cyber Information

28. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
Catalyst
A wider perspective
Land Sea Air Space Cyber Information
THERE IS ONLY
W
AR
AND
EVERY
DOMAIN
IS
INTERCONNECTED Governments
AND
The Military
Can
no
longer
protect their
citizens

29. THE BIG PICTURE
Cyber security is no longer contained
The Dark Side is winning by a
100% commitment & focus
They are far more integrated
and sharing than we are and
‘driven’ by money/evil intent
We do not anticipate attacks or
innovations in tactics, tools,…we
are always on the back foot!
Start thinking like the enemy
Develop better radar systems
Build automatic react systems
Cooperate on developments
War game attack scenarios
Share all data & solutions
We need to:

30. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s Military
Nat Defence
Intelligence
Services
Terrorists

31. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Military
Nat Defence
Intelligence
Services
Terrorists

32. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists

33. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists
Zip Planning
Opportunistic
Vision
Plan
£0
Vision
Mission
Partners
Plan £X
MD CEO
Board
Investors
R&A £XX
Military
Civil Service
Fully Funded
MD CEO
Board
Investors
Management
MD CEO
Board
Divisions
Management

34. This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e

35. This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e
The IOT
IS
Missing
Insider threat
Recognised
But NOT YET A
PRIORITY

36. what we know for sure
Attacks are escalating
The Dark Side is winning
The attack surface is increasing
Cyber disruption costs are growing
Companies do not collaborate and share
The attackers operate an open market
All our security tools are reactive
Attacker innovation is on the up
People are the biggest risk
There are no silver bullets
Our mindset is wrong
It is time to rethink our strategy and solution space
More of the same but
better & faster will not
change the game…
…we have to think anew
-get out of the box
and do something very
different !

37. Most of the tools required -
and ‘dark consultants’ are
available if help is needed!
Tools: Don’t Build
A THING IF YOU CAN BUY
Just one of many ‘stores’ on the Dark Web

38. At tac k To o l s 20 20
A ‘hint’ of what is for sale on the Dark Net
~$50

39. W e a k P a s s w o r d s
F u l l A c c o u n t C a t a l o g u e s a l s o a v a i l a b l e
People in companies and at
home are inherently careless

40. G R O w i n g
A T T A C K
S U R F A C E
We are exacerbating our
problems by design; and will
continue to do so until there is
a m i n d s e t c h a n g e a n d a m o v e t o
proactive defence (and retaliation?)
I N T E R N E T ~ 6 B n
M O B I L I T Y ~ 2 0 B n
I 4 . 0 + I O T > 3 0 0 B n
Po i n t s o f a t t a c k a n d
opportunity almost
the entire surface
of the planet

41. UNBOUNDED POSSIBILITIES
From thermostats to doorbells, toasters to vehicles
R E M O T E
AT TA C K S

42. R A P I D M A L W A R E
S p e c i a t i o n
A r t i f i c i a l L i f e B r e e d i n g M a l w a r e
We had this capability 30 years ago
but neglected to develop it !
The Dark Side embraced it and
now uses it against us!
Why don’t we have any breeding
programs like this so we can play
and create defences and solutions
for attacks to come?

43. Auto-immunity
Mirrors biological forebears
ICs
ISPs
WiFi
Hubs
LANs
Cards
Traffic
Servers
Circuits
Devices
Internet
Networks
Organisations
Companies
Platforms
Groups
People
Mobile
Fixed
Autonomous and evolutionary
Relentless everywhere 365 x 24 x 7
Can
W
E EMULATE
THIS IN
THE
SILICON
W
ORLD

44. Broadcasting
Malware
Responding
with updated
protection Wider
Network
Updated
Latest
Solution
Update
Dynamic isolation of infected
devices and components
leading to repair
A mix of clean and infected
Auto-immunity

45. A Multiplicity of channels
Attack detection/exposure/thwarting using access diversity
BlueTooth
Short Range
Device to Cloud
Device to Device
WiFi, WiMax
Medium Range
WLAN/Cloud
Integrated and intelligent
security systems embedded
into all products and components
ZigBe/Other ?
Car-to-Car Direct
Communications
Defence opportunities in channel/device/system diversity
A wide plurality of channel detection and protection
Attacks almost never isolated or single sourced
Not restricted to single channel/attempt
Secure attack and infection isolation
Diverse immunity/support access
Distributed info sharing
GEO info location
3, 4, 5 G
Long Range
Device to Net
Device to Cloud
SatCom
Broadcast

46. Auto-immunity
Mirrors biological forebears
Applied everywhere 24 x 7
ICs
ISPs
WiFi
Hubs
LANs
Cards
Traffic
Servers
Circuits
Devices
Internet
Networks
Organisations
Companies
Platforms
Groups
People
Mobile
Fixed
Auto-immunity
Slow-Motion Simulation
Network
people travel
device vehicle
Movement

48. Scale & Complexity
Beyond human abilities across too many fronts
Physical and Cyber are as one -
with dimensionality, dynamics,
and non-linearity (complexity)
well beyond the human span!
“A non-linear stochastic problem”

49. C Y B E R
DEFENCE
Outdated
Outmoded
Outsmarted
Confounded
Ine
ff
ective
Reactive
Isolated
Losing
Little or no
automation
dominated
by people

50. Behavioural
A N A LY T I C S
“The cyber sector has yet to take this
seriously, but it is a rich source of all
activities, performance metrics spanning
all system forms”
“It is also pertinent to all forms of cyber
attack detection including insider threats”
This is the only technique we have for all
networks, devices, machines and people

51. HYPOTHESIS
All systems: designed, designoid,
evolved, grown and constructed
give precursor indicators of an
impending failure
But you have to know where to
look & be capable of identifying
their form and function
Early changes in performance
and behaviour are two forms of
pre-cursor pertinent to cyber
attacks, crime, and espionage

52. EXISTENCE
T H E O R E M
Pro-active failure (trend) detection and
maintenance maximises operating time, reduces
costs and saves lives

53. EXISTENCE
T H E O R E M
Many leading high CAPEX/OPEX sectors have
systems capable of predicting future failures through
the behavioural analysis of components

54. MECHANICAL
S Y S T E M S
Unwanted Resonances
Failure Precursors
Speci
fi
c Element in
Wear Out Phase
Vibration spectrum identi
fi
es reducing
machine performance pending total failure

55. Time
Machine
Conditio
n/Funct
ion MECHANICAL
S Y S T E M S

56. Components: people, PC, device, router,
switch, hub,
fi
rewall, network, cloud, tra
ffi
c
and data activity
C Y B E R
SYSTEMS
Pre-cursor
to full on
attack

57. People
Systems
Networks
Monitoring
People
Systems
Networks
All Operations Disabled
All Systems Failing
Visible
Operational
Noise
Sporadic
Outages
Multi-System Critical
Fails-Unpredictable
Up Times
Inexplicable
Productivity
Reductions
CYBER
ATTACK
Undetected
Attack Build
Up + Hidden
Precursors
Time
IT
Systems
Conditio
n/Funct
ion

58. C Y B E R
SYSTEMS
Monitor everyone + all devices
personal and company + network
looking for deviations from the
historically established norm
EXPERIMENTAL
STARTER FOR 10

59. C Y B E R
SYSTEMS
Monitor every connected PC, device,
router, switch, hub,
fi
rewall, network, cloud,
and all tra
ffi
c for unusual activity
“At this juncture we can
only guess which are the
mission critical nodes -
but we need know for
certain ”

60. HOW DOES THIS APPLY TO PEOPLE
It is amazing how extremely dumb big organisations & people can be !
Edward
Snowden

61. WHO, WHAT, Why Patterns ?
A re a n y b e h a v i o u r s a b n o r m a l a n d w h a t i s t h e i n t e n t ?

62. PEOPLE FAIl: SOCIAL ENGINEERING
This is way more convincing and devious than the Indian call centre

63. FINALE It really doesn’t seem to
be a ‘technology’ problem !

64. FINALE It really doesn’t seem to
be a ‘technology’ problem !
Oh NO! It is a people issue
and I have to get them all to
collaborate: share attack info
and data; experiences, plus
common workable solutions !
This is a really difficult
and big problem, but we
have to tackle it head on,
this more or less the only
option available to us……..

65. RESPONSIBILITY
EMPOWERMENT
ETHICS & TRUST
WE have to gather real data to test
and prove all of this - and address the
issue of letting machines potentially
operate with full autonomy !
“When the machines make
far fewer errors than we do,
then it will be game over”

66. WHAT WE NOW NEED ?
An essentials shopping list is reasonably short
Global monitoring and shared situational awareness
Cooperative environments on attacks and solutions
Universal sharing of identified attacks/developments
Address cloaking & decoy customer sites/net nodes
Behavioural analysis of networks, devices, people
To continue and expand all established efforts
Auto-Immunity for all devices including IoT
Fast, rehearsed, automated, tested responses

67. M e t r i c s
W h e r e t o f o c u s ?
T h e r e a r e 1 0 0 s o f r e p o r t s a n d
a c r e s o f s t a t s o f e v e r y a s p e c t
o f t h i s w a r a n d t h e y a r e a l l
d y n a m i c - f r a n k l y , a n a l y s i s i s
w a y b e y o n d h u m a n a b i l i t y a n d
w e n e e d m a c h i n e h e l p !

68. Complexity, scale, and speed
place this problem well
beyond any human
span!
“Beyond real time observation and historical data
recording, it is pattern recognition that is core to a
workable solution - and AI is supreme in this respect”
The only technology we have
that has the inherent abilities
we need is AI
A T i m e ly
Reminder
Continuing to do what we have always
done will only see even more losses

69. Our enemies appear to have poor defences
They are not expecting expect us to attack
We could cause them to attack each other
We could employ their tools & weapons
We know who and where they are
We know their weaknesses
We know their networks
We have the resources
BUT this would be war
WE Cannot engage in this, only
governments can give sanction
THE FIGHT BACK
STARTING A WAR?

70. WE Cannot engage in this, only
governments can give sanction
ARE WE SEEING THE
S TA R T o f A W A R ?

71. Th
e
fu
ture belongs
to
th
e
most adaptable and
th
ose
who dare !
Th
ank You
petercochrane.com