Mike Assante
Lead for Training for ICS and SCADA
SANS Industrial Control
We are used to taking the fight to the enemy, but we are entering into an age where it is expected that the enemy will be doing the same.
3. Cyber Statecraft
Russia is using cyber attacks including online network
disruptions, espionage, disinformation and propaganda
activities in the Ukraine conflict.
Iran and North Korea now consider disruptive and destructive
cyberspace operations a valid instrument of statecraft, including
during what the U.S. considers peacetime. These states likely
view cyberspace operations as an effective means of imposing
costs on their adversaries while limiting the likelihood of
damaging reprisals.
Terrorist groups and non-state actors also have shown an interest in cyber attacks but lack
the capability of state-sponsored threats.
The director of the Defense Intelligence Agency, Marine Corps Lt. Gen. Vincent Stewart,
House Armed Services Committee
Feb. 3, 2015
6. Cyber Espionage & IPB
www.fireye.com
FireEye Threat Intelligence assesses that threat actors
aggressively target strategic industries and government and
military organizations in search of valuable economic, political, or
military intelligence.
• State sponsored threat actors
• Possibility of strategic offensive computer network attacks
“Russia-based threat groups are known to target Nordic
governments and industries that compete with Russia in the
European energy market. Russia and its Arctic Circle
neighbors have overlapping territorial claims and conflicting
interests in the region.”
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-nordic-threat-
landscape.pdf
7. IPB & Espionage: The Patient Warrior?
The patient warrior codex: Do no instantly
recognizable harm today. Maneuver to gain the
advantage and accumulate small victories in time. Act
so not to be perceived as striking. All the time learning,
taking, and eventually formulating a decisive blow.
Is IPB the cyber equivalent of the Battle of Ilipa in 206 BC?
Day after day, the battle lines formed up as both sides sized each other up. One side was
being lulled by the routine, while the other was learning and formulating their attack. Each
day the Carthaginian force took the field, Scipio was taking away something valuable from
them...until he understood their critical weakness
…and on any given day we may wake to a surprise as the opponent’s line draws down with
the full benefit of knowing us
We excel at taking the fight to the enemy, but we are entering into an age where it is expected that the enemy will be doing the same. Our base and installation infrastructure serves critical DoD missions as data-intensive operations and complex technology platforms enhance the way we fight. Potential adversaries have been developing counter punches to compete asymmetrically. This talk will explore emerging evidence of cyber operations against automation and industrial control systems. Learn how some actors are enhancing their TTPs to target and deliver capabilities against the systems that power buildings, move fuel, and provides critical services. Learn how to anticipate the threat environment of tomorrow and how we can defend our own CyberCity.
26 August, 2015 @ 1430-1530
Comming room at Augusta Marriott, Augusta, GA
A host of benefactors are re-investing gains into developing targeted cyber attack capabilities, in the form of delivery, exploitation, and payloads that will continue to outpace cyber defense efforts.
Stakeholders include:
Nation-state intelligence agencies
Military units
Industrial espionage providers
Organized criminals
Structured activists