SlideShare a Scribd company logo

cyber_sunum.pdf

S
ssuser1205cb

Sandia National Laboratories operates a Cyber Tracer Program and RECOIL facility to conduct research on improving cyber security capabilities. The programs bring together applied research in human cognition and cyber security to enhance analyst performance, identify successful candidate traits, and accelerate learning for incident response teams. Research methods include using scenario-based exercises like Tracer FIRE and cognitive studies to develop a national cadre of expert cyber analysts and defenders.

1 of 22
Download to read offline
Photos placed in horizontal position with even amount of white space between photos and header Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND NO. 2011-XXXXP Cyber Tracer Program Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. Sand2016-???? SAND2016-4413PE
Cyber Tracer Program & RECOIL Combining Applied Research in Human Cognition and Cyber Security to Improve Capabilities and Accelerate Learning of Operational Incident Response Teams 2
Cyber Tracer Program  Our mission is to conduct research and develop techniques to:  Create a community of cyber defenders sharing expertise, skills, and competencies that raises the standards of individuals and the overall community of defenders  Attract, inspire, and grow the next generation of expert cyber defenders for the US  Support educational institutions to create educational capabilities and infrastructure to foster the development of future cyber defenders 3
What if we…  Could enhance the performance of human analysts engaged in cyber defense?  Could improve the ability to identify candidates that will be successful cyber analysts?  How? By exploiting Sandia’s demonstrated experience in cyber security live exercises (Tracer FIRE and RECOIL ForCE) and the emerging technology of neuroscience along with cutting edge work in machine learning at Sandia… 4 Then, we might be able to build a national cadre of “Grand Masters” in Cyber and up our game against our adversaries.
DOE/NNSA MSI & Federal Research Funding 5  $25M/5-year grant from DOE to establish a Cyber Security Consortium amongst 14 MSI Universities (Norfolk State University is lead PI)  $500K AFRL grant to study human effects of weapon induced failures from high power microwave  LDRD has generated interest from other FFRDC’s to collaborate or license Tracer FIRE technology for their research:  CMU CERT  Air Force Research Lab  Office of SecDef
DOE/NNSA MSI & Federal Research Funding (cont.) 6  Beta-tested new scenario called Dragonfly and Tracer environment at LLNL in July 2014 (this prototype is being used for research data collection and to train staff and students used at events for DOE/JC-3 and Universities  All of the software and hardware was created by summer students in the MSI and/or CCD program  Will serve as a test case to integrate into University curriculum (targets: Norfolk State, Bowie State, UNM, TTU, and University of Arizona)
RECOIL 7 Created to collaborate with academia, industry, and government to facilitate experiments that apply a multidisciplinary approach in cyber using: 1) case study analysis of adversary techniques and exploit methods; 2) big data analytics and machine learning; and 3) cognitive psychology and cognitive neuroscience. This multidisciplinary approach of cyber security practitioners, psychologists, sociologists, and computer science researchers working together offers a powerful combination of skills and experience that can be applied in a unique research facility. Research capability and facility that fosters the integration of cyber security and cognitive science “Achieving cybersecurity is far more than a technical problem: it is fundamentally a people problem, and since cybersecurity is a people problem, there must be a people solution.” Lt Colonel Kern, Pell Center
SNL RECOIL Research  Research Question:  How do we train and develop high-performing Cyber Security Incident Response Teams (CSIRTs) in the US that can solve today’s complex cyber challenges.  Approach:  Narrative-Based and Scenario/Problem-Based Learning Competitions  Neuroscience based Cognitive Research and Competency/Performance Modeling for Cyber Defenders  Identify methods of assessing and recruiting qualified candidates to work in cyber security  Determine the influence of creativity and cognitive flexibility in expert cyber defenders  Identify methods to reduce cognitive workload 8
RECOIL Roadmap 9 Integrating Human Performance Research and Big Data Science to Develop National Cadre of Cyber Experts Cognitive research of defenders Big data and machine learning Situational understandin g of adversary Identify KSAs and traits of experts (cyber ninjas) Devise accelerated learning techniques for novices to become cyber ninjas 2016 2018 2020 Integrate cognitive research methods into operational environments so continual learning takes place Develop cyber based machine learning (ML) frameworks Integrate and deploy ML into cyber defenders tools Enable analysts to continually improve and tweak ML Correlate discrete data sources into composite view for querying and interpretation by analysts Year Characterize adversary based on data interpretation Project adversary behavior and conduct proactive cyber defense 2022
Tracer FIRE (Forensic Incident Response Exercise)  Focus is on Incident Response Training  Real World Exercise Requires Student to Put the Pieces of the Incident Together or What is Referred to as the Cyber Kill Chain  Who is the adversary?  How did they get in?  What did they want and did they acquire it?  How to prevent recurring incidents?  Students Investigate an APT (Advanced Persistent Threat) Style Adversary Throughout the Event  Tracer FIRE Team Provides the Expertise, Infrastructure, & Network for the Exercise 10
Goal of Tracer FIRE 11 Allow students to achieve this state of “Flow” in Cyber Incident Response Flow “ is the mental state of operation in which a person in an activity is fully immersed in a feeling of energized focus, full involvement, and success in the process of the activity.” Mihaly Csikszentmihalyi
Scenario Driven Learning  TF5 Scenario was created with the concept of narrative based learning:  Enables participants to enhance their understanding of cyber related problems and their solutions in contextually-meaningful ways  Similar to medical education where students spend time in residency before qualification as a doctor. 12 ShmuxBux Coffee Company Under Attack
Incident Responders Learning 13  How to recognize adversarial tactics within the context of the kill chain:  Reconnaissance  Attack vector  Exploitation  Exfiltration  Implicit Learning objectives:  Look beyond the clues  Infer adversarial intention!  Overall goal is to promote critical thinking
Tracer FIRE 14 Concept & Tool Training Concept & Tool Training Incident Response Exercise Incident Response Exercise Concept & Tool Training Concept & Tool Training Incident Response Exercise Incident Response Exercise Incident Response Exercise Incident Response Exercise Debriefing Debriefing Self Select Teams Team 1 Team 2 Team 3 Day 1 Day 2 Last Day
Tracer FIRE Options  Tracer FIRE event can be 2 days, 3 days, or a full week  Previously Developed Events are Available  Concept and Tool Training Can be Customized for Customer Needs  Incident Response Exercise Can be Customized to Customer Needs by Creating Scenarios that Match your systems and networks i.e., power plant scenario for power plant operators 15
Tracer FIRE Outcomes  Promotes Critical Thinking & Problem Solving  Provides Training on Tools & Capabilities to Perform Incident Response  Provides Students with a Better Understanding of the Cyber Kill Chain & Why it is Important in Incident Response  Allows Students to Interact with Live Malware Without Compromising Their Own Systems  Promotes Collaboration Between Team Members  Co-workers  Colleagues from other institutions  Strengthens Relationships Between Co-Workers  RECOIL Capabilities Can Be Added to Tracer FIRE Platform  Identifying student level of expertise  Human factors research  Case study analysis of adversary techniques & exploit methods 16
Previous Scenario Showcase Tracer FIRE 6 Scenario: “Canuckistan”  Students are incident responders for Canuckistan Power Company. 17 Diagram of Scenario Network Design
Canuckistan: Threat Actors 18 nC0Gnito video and threat narrative based on Dragonfly Campaign • Environmental Hacktivist Group called nC0Gnito • Demands that Canuckistan Power shut down and convert to clean energy such as wind and solar or face a complete take over of their power generation facility Created by Lauren Lockett (UNM), Kelly Cole, Susan Fowler (Purdue) and Rebecca Hart (Ohio State)
Canuckistan: Tracer News Network 19 • Injects the relevant and irrelevant news and information into scenario and requires teams to comprehend narrative and research • Provides researchers ability to measure situational understanding and awareness of teams while they participate in exercise • Motivates teams to perform intelligence analysis as they progress through exercise Content Management System
Canuckistan: SCADA Model 20 • Design implemented Raspberry Pi’s to simulate a SCADA system for power generation • Portable system that can be taken to Tracer FIRE events on the road • Realistic HMI display that emulates power plant SCADA systems and power grids to educate cybersecurity experts on how to respond to energy crisis scenarios like blackouts from cyber attacks Power Generation Simulation Jeremy Gin (University of Arizona), Matthew Letter (UNM) and Marcos Torres (UNM), and Rain Dartt (Rose-Hulman Institute)
Event Debrief & Research Efforts 21 Event Debrief • Teams are asked to make sense of their analysis that they performed during the week and tell a complete story of what the adversary did and their possible motives and intentions • Provides teams opportunity to reflect on what they did and observed during the week Research Efforts • Teams have agreed to be videotaped and research is underway to analyze team and individual performance aspects • Sandia’s cognitive team has designed agent software to monitor students workflow and application usage • Sandia is exploring research methods that include measurement of participants eye tracking and EEG • Objective is to gain a fundamental understanding of cognitive skills of individuals and teams while they perform under stress during a simulated cyber attack Team DeadBeef Cafe Briefing at ENDEX
Questions 22

Recommended

HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems
 
Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef
Stanford University
 
BMNT's Hacking for Defense - Mission Results 2016
BMNT's Hacking for Defense - Mission Results 2016BMNT's Hacking for Defense - Mission Results 2016
BMNT's Hacking for Defense - Mission Results 2016
BMNT Partners
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
 
Cyber security training using virtual labs 3 cs umuc presentation august 2018
Cyber security training using virtual labs 3 cs umuc presentation august 2018Cyber security training using virtual labs 3 cs umuc presentation august 2018
Cyber security training using virtual labs 3 cs umuc presentation august 2018
Highervista
 
Distributed Scalable Systems Short Overview
Distributed Scalable Systems Short OverviewDistributed Scalable Systems Short Overview
Distributed Scalable Systems Short Overview
RNeches
 
Acg Terr Sand2004 2130w
Acg Terr Sand2004 2130wAcg Terr Sand2004 2130w
Acg Terr Sand2004 2130w
NKHAYDEN
 
The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)
Globus
 

Recommended

HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems Engineering Summit Presentation - Collaborative Research with FA...
HPCC Systems
 
Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef Gordian Knot Center Roundtable w/Depty SecDef
Gordian Knot Center Roundtable w/Depty SecDef
Stanford University
 
BMNT's Hacking for Defense - Mission Results 2016
BMNT's Hacking for Defense - Mission Results 2016BMNT's Hacking for Defense - Mission Results 2016
BMNT's Hacking for Defense - Mission Results 2016
BMNT Partners
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Great Wide Open
 
Cyber security training using virtual labs 3 cs umuc presentation august 2018
Cyber security training using virtual labs 3 cs umuc presentation august 2018Cyber security training using virtual labs 3 cs umuc presentation august 2018
Cyber security training using virtual labs 3 cs umuc presentation august 2018
Highervista
 
Distributed Scalable Systems Short Overview
Distributed Scalable Systems Short OverviewDistributed Scalable Systems Short Overview
Distributed Scalable Systems Short Overview
RNeches
 
Acg Terr Sand2004 2130w
Acg Terr Sand2004 2130wAcg Terr Sand2004 2130w
Acg Terr Sand2004 2130w
NKHAYDEN
 
The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)
Globus
 
Herramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento NuclearHerramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento Nuclear
Eduardo Medina Gironzini
 
Image Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel BrochureImage Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel Brochure
monicamckenzie
 
Big Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & InnovationBig Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & Innovation
Philip Bourne
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
Kathleen Jagodnik
 
Secured cloud support for global software
Secured cloud support for global softwareSecured cloud support for global software
Secured cloud support for global software
ijseajournal
 
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science ChallengeIronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
Purdue RCODI
 
The Analytics and Data Science Landscape
The Analytics and Data Science LandscapeThe Analytics and Data Science Landscape
The Analytics and Data Science Landscape
Philip Bourne
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
Von Welch
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
John Dunne
 
Integrated technology-vision-planning
Integrated technology-vision-planningIntegrated technology-vision-planning
Integrated technology-vision-planning
Vanderbilt University
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015
Ricardo Gutiérrez
 
Software Sustainability Institute
Software Sustainability InstituteSoftware Sustainability Institute
Software Sustainability Institute
Neil Chue Hong
 
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
RNeches
 
NIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWGNIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWG
Geoffrey Fox
 
An Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdfAn Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdf
Ashley Hernandez
 
BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017
Katie Saviano
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
Chadni Islam
 
HEC Project Proposal_v1.0
HEC Project Proposal_v1.0HEC Project Proposal_v1.0
HEC Project Proposal_v1.0
Awais Shibli
 
Cyberistructure
CyberistructureCyberistructure
Cyberistructure
Lab Southwest
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 

More Related Content

Similar to cyber_sunum.pdf

Herramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento NuclearHerramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento Nuclear
Eduardo Medina Gironzini
 
Image Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel BrochureImage Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel Brochure
monicamckenzie
 
Big Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & InnovationBig Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & Innovation
Philip Bourne
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
robbiesamuel
 
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
Kathleen Jagodnik
 
Secured cloud support for global software
Secured cloud support for global softwareSecured cloud support for global software
Secured cloud support for global software
ijseajournal
 
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science ChallengeIronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
Purdue RCODI
 
The Analytics and Data Science Landscape
The Analytics and Data Science LandscapeThe Analytics and Data Science Landscape
The Analytics and Data Science Landscape
Philip Bourne
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
Von Welch
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
John Dunne
 
Integrated technology-vision-planning
Integrated technology-vision-planningIntegrated technology-vision-planning
Integrated technology-vision-planning
Vanderbilt University
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015
Ricardo Gutiérrez
 
Software Sustainability Institute
Software Sustainability InstituteSoftware Sustainability Institute
Software Sustainability Institute
Neil Chue Hong
 
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
RNeches
 
NIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWGNIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWG
Geoffrey Fox
 
An Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdfAn Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdf
Ashley Hernandez
 
BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017
Katie Saviano
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
Chadni Islam
 
HEC Project Proposal_v1.0
HEC Project Proposal_v1.0HEC Project Proposal_v1.0
HEC Project Proposal_v1.0
Awais Shibli
 
Cyberistructure
CyberistructureCyberistructure
Cyberistructure
Lab Southwest
 

Similar to cyber_sunum.pdf (20)

Herramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento NuclearHerramientas y técnicas para la Gestión del Conocimiento Nuclear
Herramientas y técnicas para la Gestión del Conocimiento Nuclear
 
Image Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel BrochureImage Fusion -Multi Sensor Intel Brochure
Image Fusion -Multi Sensor Intel Brochure
 
Big Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & InnovationBig Data as a Catalyst for Collaboration & Innovation
Big Data as a Catalyst for Collaboration & Innovation
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
FAIRness Assessment of the Library of Integrated Network-based Cellular Signa...
 
Secured cloud support for global software
Secured cloud support for global softwareSecured cloud support for global software
Secured cloud support for global software
 
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science ChallengeIronHacks Live: Info session #3 - COVID-19 Data Science Challenge
IronHacks Live: Info session #3 - COVID-19 Data Science Challenge
 
The Analytics and Data Science Landscape
The Analytics and Data Science LandscapeThe Analytics and Data Science Landscape
The Analytics and Data Science Landscape
 
CACR Overview
CACR OverviewCACR Overview
CACR Overview
 
MSc Dissertation 11058374 Final
MSc Dissertation 11058374 FinalMSc Dissertation 11058374 Final
MSc Dissertation 11058374 Final
 
Integrated technology-vision-planning
Integrated technology-vision-planningIntegrated technology-vision-planning
Integrated technology-vision-planning
 
Coursera Cybersecurity 2015
Coursera Cybersecurity 2015Coursera Cybersecurity 2015
Coursera Cybersecurity 2015
 
Software Sustainability Institute
Software Sustainability InstituteSoftware Sustainability Institute
Software Sustainability Institute
 
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012Neches Full Cv, Nsf Cyber Infrastructure, June 2012
Neches Full Cv, Nsf Cyber Infrastructure, June 2012
 
NIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWGNIST Big Data Public Working Group NBD-PWG
NIST Big Data Public Working Group NBD-PWG
 
An Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdfAn Engineering Technology Capstone Project The Snow Load Network.pdf
An Engineering Technology Capstone Project The Snow Load Network.pdf
 
BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017BMNT Partners Year-In-Review 2017
BMNT Partners Year-In-Review 2017
 
Multi-vocal Review of security orchestration
Multi-vocal Review of security orchestrationMulti-vocal Review of security orchestration
Multi-vocal Review of security orchestration
 
HEC Project Proposal_v1.0
HEC Project Proposal_v1.0HEC Project Proposal_v1.0
HEC Project Proposal_v1.0
 
Cyberistructure
CyberistructureCyberistructure
Cyberistructure
 

Recently uploaded

Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
AanSulistiyo
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
Trish Parr
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
uehowe
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 

Recently uploaded (20)

Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
Azure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdfAzure EA Sponsorship - Customer Guide.pdf
Azure EA Sponsorship - Customer Guide.pdf
 
Search Result Showing My Post is Now Buried
Search Result Showing My Post is Now BuriedSearch Result Showing My Post is Now Buried
Search Result Showing My Post is Now Buried
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
办理毕业证(NYU毕业证)纽约大学毕业证成绩单官方原版办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 

cyber_sunum.pdf

  • 1. Photos placed in horizontal position with even amount of white space between photos and header Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. SAND NO. 2011-XXXXP Cyber Tracer Program Sandia National Laboratories is a multi-program laboratory managed and operated by Sandia Corporation, a wholly owned subsidiary of Lockheed Martin Corporation, for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-AC04-94AL85000. Sand2016-???? SAND2016-4413PE
  • 2. Cyber Tracer Program & RECOIL Combining Applied Research in Human Cognition and Cyber Security to Improve Capabilities and Accelerate Learning of Operational Incident Response Teams 2
  • 3. Cyber Tracer Program  Our mission is to conduct research and develop techniques to:  Create a community of cyber defenders sharing expertise, skills, and competencies that raises the standards of individuals and the overall community of defenders  Attract, inspire, and grow the next generation of expert cyber defenders for the US  Support educational institutions to create educational capabilities and infrastructure to foster the development of future cyber defenders 3
  • 4. What if we…  Could enhance the performance of human analysts engaged in cyber defense?  Could improve the ability to identify candidates that will be successful cyber analysts?  How? By exploiting Sandia’s demonstrated experience in cyber security live exercises (Tracer FIRE and RECOIL ForCE) and the emerging technology of neuroscience along with cutting edge work in machine learning at Sandia… 4 Then, we might be able to build a national cadre of “Grand Masters” in Cyber and up our game against our adversaries.
  • 5. DOE/NNSA MSI & Federal Research Funding 5  $25M/5-year grant from DOE to establish a Cyber Security Consortium amongst 14 MSI Universities (Norfolk State University is lead PI)  $500K AFRL grant to study human effects of weapon induced failures from high power microwave  LDRD has generated interest from other FFRDC’s to collaborate or license Tracer FIRE technology for their research:  CMU CERT  Air Force Research Lab  Office of SecDef
  • 6. DOE/NNSA MSI & Federal Research Funding (cont.) 6  Beta-tested new scenario called Dragonfly and Tracer environment at LLNL in July 2014 (this prototype is being used for research data collection and to train staff and students used at events for DOE/JC-3 and Universities  All of the software and hardware was created by summer students in the MSI and/or CCD program  Will serve as a test case to integrate into University curriculum (targets: Norfolk State, Bowie State, UNM, TTU, and University of Arizona)
  • 7. RECOIL 7 Created to collaborate with academia, industry, and government to facilitate experiments that apply a multidisciplinary approach in cyber using: 1) case study analysis of adversary techniques and exploit methods; 2) big data analytics and machine learning; and 3) cognitive psychology and cognitive neuroscience. This multidisciplinary approach of cyber security practitioners, psychologists, sociologists, and computer science researchers working together offers a powerful combination of skills and experience that can be applied in a unique research facility. Research capability and facility that fosters the integration of cyber security and cognitive science “Achieving cybersecurity is far more than a technical problem: it is fundamentally a people problem, and since cybersecurity is a people problem, there must be a people solution.” Lt Colonel Kern, Pell Center
  • 8. SNL RECOIL Research  Research Question:  How do we train and develop high-performing Cyber Security Incident Response Teams (CSIRTs) in the US that can solve today’s complex cyber challenges.  Approach:  Narrative-Based and Scenario/Problem-Based Learning Competitions  Neuroscience based Cognitive Research and Competency/Performance Modeling for Cyber Defenders  Identify methods of assessing and recruiting qualified candidates to work in cyber security  Determine the influence of creativity and cognitive flexibility in expert cyber defenders  Identify methods to reduce cognitive workload 8
  • 9. RECOIL Roadmap 9 Integrating Human Performance Research and Big Data Science to Develop National Cadre of Cyber Experts Cognitive research of defenders Big data and machine learning Situational understandin g of adversary Identify KSAs and traits of experts (cyber ninjas) Devise accelerated learning techniques for novices to become cyber ninjas 2016 2018 2020 Integrate cognitive research methods into operational environments so continual learning takes place Develop cyber based machine learning (ML) frameworks Integrate and deploy ML into cyber defenders tools Enable analysts to continually improve and tweak ML Correlate discrete data sources into composite view for querying and interpretation by analysts Year Characterize adversary based on data interpretation Project adversary behavior and conduct proactive cyber defense 2022
  • 10. Tracer FIRE (Forensic Incident Response Exercise)  Focus is on Incident Response Training  Real World Exercise Requires Student to Put the Pieces of the Incident Together or What is Referred to as the Cyber Kill Chain  Who is the adversary?  How did they get in?  What did they want and did they acquire it?  How to prevent recurring incidents?  Students Investigate an APT (Advanced Persistent Threat) Style Adversary Throughout the Event  Tracer FIRE Team Provides the Expertise, Infrastructure, & Network for the Exercise 10
  • 11. Goal of Tracer FIRE 11 Allow students to achieve this state of “Flow” in Cyber Incident Response Flow “ is the mental state of operation in which a person in an activity is fully immersed in a feeling of energized focus, full involvement, and success in the process of the activity.” Mihaly Csikszentmihalyi
  • 12. Scenario Driven Learning  TF5 Scenario was created with the concept of narrative based learning:  Enables participants to enhance their understanding of cyber related problems and their solutions in contextually-meaningful ways  Similar to medical education where students spend time in residency before qualification as a doctor. 12 ShmuxBux Coffee Company Under Attack
  • 13. Incident Responders Learning 13  How to recognize adversarial tactics within the context of the kill chain:  Reconnaissance  Attack vector  Exploitation  Exfiltration  Implicit Learning objectives:  Look beyond the clues  Infer adversarial intention!  Overall goal is to promote critical thinking
  • 14. Tracer FIRE 14 Concept & Tool Training Concept & Tool Training Incident Response Exercise Incident Response Exercise Concept & Tool Training Concept & Tool Training Incident Response Exercise Incident Response Exercise Incident Response Exercise Incident Response Exercise Debriefing Debriefing Self Select Teams Team 1 Team 2 Team 3 Day 1 Day 2 Last Day
  • 15. Tracer FIRE Options  Tracer FIRE event can be 2 days, 3 days, or a full week  Previously Developed Events are Available  Concept and Tool Training Can be Customized for Customer Needs  Incident Response Exercise Can be Customized to Customer Needs by Creating Scenarios that Match your systems and networks i.e., power plant scenario for power plant operators 15
  • 16. Tracer FIRE Outcomes  Promotes Critical Thinking & Problem Solving  Provides Training on Tools & Capabilities to Perform Incident Response  Provides Students with a Better Understanding of the Cyber Kill Chain & Why it is Important in Incident Response  Allows Students to Interact with Live Malware Without Compromising Their Own Systems  Promotes Collaboration Between Team Members  Co-workers  Colleagues from other institutions  Strengthens Relationships Between Co-Workers  RECOIL Capabilities Can Be Added to Tracer FIRE Platform  Identifying student level of expertise  Human factors research  Case study analysis of adversary techniques & exploit methods 16
  • 17. Previous Scenario Showcase Tracer FIRE 6 Scenario: “Canuckistan”  Students are incident responders for Canuckistan Power Company. 17 Diagram of Scenario Network Design
  • 18. Canuckistan: Threat Actors 18 nC0Gnito video and threat narrative based on Dragonfly Campaign • Environmental Hacktivist Group called nC0Gnito • Demands that Canuckistan Power shut down and convert to clean energy such as wind and solar or face a complete take over of their power generation facility Created by Lauren Lockett (UNM), Kelly Cole, Susan Fowler (Purdue) and Rebecca Hart (Ohio State)
  • 19. Canuckistan: Tracer News Network 19 • Injects the relevant and irrelevant news and information into scenario and requires teams to comprehend narrative and research • Provides researchers ability to measure situational understanding and awareness of teams while they participate in exercise • Motivates teams to perform intelligence analysis as they progress through exercise Content Management System
  • 20. Canuckistan: SCADA Model 20 • Design implemented Raspberry Pi’s to simulate a SCADA system for power generation • Portable system that can be taken to Tracer FIRE events on the road • Realistic HMI display that emulates power plant SCADA systems and power grids to educate cybersecurity experts on how to respond to energy crisis scenarios like blackouts from cyber attacks Power Generation Simulation Jeremy Gin (University of Arizona), Matthew Letter (UNM) and Marcos Torres (UNM), and Rain Dartt (Rose-Hulman Institute)
  • 21. Event Debrief & Research Efforts 21 Event Debrief • Teams are asked to make sense of their analysis that they performed during the week and tell a complete story of what the adversary did and their possible motives and intentions • Provides teams opportunity to reflect on what they did and observed during the week Research Efforts • Teams have agreed to be videotaped and research is underway to analyze team and individual performance aspects • Sandia’s cognitive team has designed agent software to monitor students workflow and application usage • Sandia is exploring research methods that include measurement of participants eye tracking and EEG • Objective is to gain a fundamental understanding of cognitive skills of individuals and teams while they perform under stress during a simulated cyber attack Team DeadBeef Cafe Briefing at ENDEX