Title: Cyber Table Top

Transcription

1 Title: Cyber Table Top Date: 8 August 2018 Presenter: Roy Wilson, Professor of Acquisition Cybersecurity, Defense Acquisition University, Mid-Atlantic Region Moderator: Jim Davis, Logistics Department Chair, Defense Acquisition University, Mid-Atlantic Region

2 Cyber Table Top Cyber Table Top (CTT) Guidebook 2 July 2018 DASD/DT&E CTT Facilitator Training DASD/DT&E DAU On-site, 1-day 2

3 Cyber Table Top 3

4 Cyber Table Top 4

5 Cyber Table Top 5

6 Cyber Table Top 6

7 Cyber Table Top 7

8 *Facilitator Training Available via Ms. Standard, Sarah M CIV OSD OUSD ATL (US), sarah.m.standard.civ@mail.mil Cyber Table Top (CTT) Input to Controls Selection / Risk Assessment / Pre-Test User Reps / Focused Mission Areas Event Preparation ~ Weeks Event Execution ~ 3 days Post Mission Analysis ~ Weeks Reporting Analyze Architecture, CONOPS, Intelligence Define Mission Identify Control, Blue, Red, Analysis, Reporting Teams Color Code Operational (Blue) Team Adversarial (Red ) Team Define Attack Paths, & Vulnerabilities Analyze adversary attacks Develop Mission Plan Define Access Paths Describe Effects Execute Attacks Determine Cyber effects: F/P/NMC Risk: Likelihood, Consequence Develop Mitigations Risk Cube Mitigations Executive, Detailed & Full Report

9 Analysis Spreadsheet: OPFOR Attacks; Effects, Impacts, Likelihood; Recommendations, Mitigations OPFOR Attacks Mission, Attack, Variant no. Analysis Team ID M1A1V1 Attack goal concerning mission. Goal Broad class of attack e.g. DDOS. Specific description of attack. OPFOR Attack Method Attack Description Attack assumptions. Assumptions Explain why this matters. When in the Mission Timeline Description of Description of impact if possible outcomes. the attack is successful Possible System Effect (If) Control Team/ OPFOR Attack Result (Then) Description of the operational impact to the mission Mission Effect (If) Operational Team Description of consequence to blue team mission state: F/P/NMC Mission Impact (Then) Level of Access to Operational Data is Critical 9

10 Analysis Spreadsheet: OPFOR Attacks; Effects, Impacts, Likelihood; Recommendations, Mitigations Effects, Impacts, Likelihood Mission, Attack, Variant number Analysis Team ID Assess mission consequence, (1-5) Numerical Mission Impact and Consequence Combination of technical complexity, system information availability Attack Cost / Level of Effort Likelihood attack is successful when executed, NOT likelihood adverary would use attack Analysis Team Attack Success Likelihood Combination of level of effort, ease, and likelihood attack succeeding, (1-5) Numerical Likelihood Difficulty or ease of access to specific Network Analysis of numerical Likelihood Final Value Final Risk Assessment coordinates M1A1V1 User Representation is Critical 10

11 Analysis Spreadsheet: OPFOR Attacks; Effects, Impacts, Likelihood; Recommendations, Mitigations Recommendations, Mitigations Mission, Attack, Variant number: e.g. M2A1V2 Description of how specific cybersecurity in place ould mitigate Description of how specific cybersecurity planned would mitigate Recommendations, e.g. Accept Risk, Conduct Follow-on Analysis, Test, etc. Questions or requests for information Analysis Team ID In Place Today Capabilities Planned for the Future System Test Leads Recommendations Questions, RFIs, Further Analysis M1A1V1 All Participants are Part of the Solution 11

12 CTT Risk Cubes: Impact vs Probability Impact Probability Risk Impact Mission Impact Fully Mission Capable Partial to Fully Mission Capable Partially Mission Capable Non to Partially Mission Capable 12 5 Non-Mission Capable M=Mission A=Attack V=Variant

13 Cyber Table Top Questions? 13

14 Resources Cyber Tabletop Home Page Cyber Table Top Guidebook 0Facilitators/Cyber%20Table%20Top%20Handbook.pdf Cybersecurity Community of Practice Cybersecurity Tools (enter Cybersecurity into the Search Tools area and click Apply Filters 14

15 Contact Info DAU Cybersecurity Enterprise Team Vinny Lamolinara Roy Wilson DASD/DT&E Contact Info Website: 15