Cyber Threat Prioritization

Similar documents
SEI Webinar Series. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA January 27, Carnegie Mellon University

2013 US State of Cybercrime Survey

ARINC653 AADL Annex Update

Advancing Cyber Intelligence Practices Through the SEI s Consortium

Components and Considerations in Building an Insider Threat Program

Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Current Threat Environment

Cyber Intelligence: Challenges and Best Practices

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

Fall 2014 SEI Research Review Verifying Evolving Software

Empirically Based Analysis: The DDoS Case

Implementation Framework Cyber Threat Prioritization

Dana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:

Preventing Insider Sabotage: Lessons Learned From Actual Attacks

A Review of the 2007 Air Force Inaugural Sustainability Report

4. Lessons Learned in Introducing MBSE: 2009 to 2012

Multi-Modal Communication

Service Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003

Information, Decision, & Complex Networks AFOSR/RTC Overview

Kathleen Fisher Program Manager, Information Innovation Office

Technological Advances In Emergency Management

COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)

Architecting for Resiliency Army s Common Operating Environment (COE) SERC

U.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC

Energy Security: A Global Challenge

Architectural Implications of Cloud Computing

DoD Common Access Card Information Brief. Smart Card Project Managers Group

2011 NNI Environment, Health, and Safety Research Strategy

Corrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011

Cyber Hygiene: A Baseline Set of Practices

The CERT Top 10 List for Winning the Battle Against Insider Threats

Concept of Operations Discussion Summary

FUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED

Data to Decisions Terminate, Tolerate, Transfer, or Treat

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Running CyberCIEGE on Linux without Windows

Using Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland

Setting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series. Digital IF Standardization

US Army Industry Day Conference Boeing SBIR/STTR Program Overview

C2-Simulation Interoperability in NATO

COUNTERING IMPROVISED EXPLOSIVE DEVICES

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Towards a Formal Pedigree Ontology for Level-One Sensor Fusion

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

By Derrick H. Karimi Member of the Technical Staff Emerging Technology Center. Open Architectures in the Defense Intelligence Community

Model-Driven Verifying Compilation of Synchronous Distributed Applications

ATCCIS Replication Mechanism (ARM)

Space and Missile Systems Center

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

Introducing I 3 CON. The Information Interpretation and Integration Conference

75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS

Office of Global Maritime Situational Awareness

Defining Computer Security Incident Response Teams

ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD

CENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE

Directed Energy Using High-Power Microwave Technology

ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)

Topology Control from Bottom to Top

Exploring the Query Expansion Methods for Concept Based Representation

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024

ASPECTS OF USE OF CFD FOR UAV CONFIGURATION DESIGN

Wireless Connectivity of Swarms in Presence of Obstacles

Using Templates to Support Crisis Action Mission Planning

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

Julia Allen Principal Researcher, CERT Division

Monte Carlo Techniques for Estimating Power in Aircraft T&E Tests. Todd Remund Dr. William Kitto EDWARDS AFB, CA. July 2011

HEC-FFA Flood Frequency Analysis

MODELING AND SIMULATION OF LIQUID MOLDING PROCESSES. Pavel Simacek Center for Composite Materials University of Delaware

Washington University

Next generation imager performance model

M&S Strategic Initiatives to Support Test & Evaluation

Col Jaap de Die Chairman Steering Committee CEPA-11. NMSG, October

Guide to Windows 2000 Kerberos Settings

THE NATIONAL SHIPBUILDING RESEARCH PROGRAM

Improving Cybersecurity Governance Through Data-Driven Decision- Making and Execution

OSD Product Support BCA Guidebook. Joseph Colt Murphy Senior Financial Analyst ODASD Materiel Readiness 9 May 2011

Information Security Is a Business

BUPT at TREC 2009: Entity Track

Fall 2014 SEI Research Review FY14-03 Software Assurance Engineering

VICTORY VALIDATION AN INTRODUCTION AND TECHNICAL OVERVIEW

Space and Missile Systems Center

Coalition Interoperability Ontology:

Researching New Ways to Build a Cybersecurity Workforce

SURVIVABILITY ENHANCED RUN-FLAT

Approaches to Improving Transmon Qubits

Computer Aided Munitions Storage Planning

A Distributed Parallel Processing System for Command and Control Imagery

AFRL-ML-WP-TM

A Methodology for End-to-End Evaluation of Arabic Document Image Processing Software

Accuracy of Computed Water Surface Profiles

QuanTM Architecture for Web Services

Edwards Air Force Base Accelerates Flight Test Data Analysis Using MATLAB and Math Works. John Bourgeois EDWARDS AFB, CA. PRESENTED ON: 10 June 2010

Web Site update. 21st HCAT Program Review Toronto, September 26, Keith Legg

Secure FAST: Security Enhancement in the NATO Time Sensitive Targeting Tool

DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation

Distributed Real-Time Embedded Video Processing

UMass at TREC 2006: Enterprise Track

Transcription:

Cyber Threat Prioritization FSSCC Threat and Vulnerability Assessment Committee Jay McAllister

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE 01 OCT 2014 2. REPORT TYPE N/A 3. DATES COVERED - 4. TITLE AND SUBTITLE 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) Jay McAllister 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release, distribution unlimited 13. SUPPLEMENTARY NOTES The original document contains color images. 14. ABSTRACT 15. SUBJECT TERMS 11. SPONSOR/MONITOR S REPORT NUMBER(S) 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT SAR a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified 18. NUMBER OF PAGES 15 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

Copyright 2014 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. DM-0001690 2

Agenda Background: Cyber Intelligence Tradecraft Project Cyber Threat Prioritization Future Development: Cyber Intelligence Research Consortium 3

Background: Cyber Intelligence Tradecraft Project 4

Cyber Intelligence Tradecraft Project Sponsor National Intelligence Manager for Cyber, Office of the Director of National Intelligence (ODNI) Purpose Study how organizations from industry, government, and academia perform cyber intelligence (methodologies, processes, tools, and training) Definition of cyber intelligence The acquisition and analysis of information to identify, track, and predict cyber capabilities, intentions, and activities to offer courses of action that enhance decision making Overall finding The most effective organizations balanced the need to protect their network perimeters with the need to look beyond them for strategic insights 5

Cyber threat baseline ENV DG FA SA SRF Qj Cl... ~ s::::... Qj u Qj Q. 0 - - - + median J _ Software Engineering Institute I Cm nt g-ie 'lellnnl'nivt t sit~ ' 6

Cyber Threat Prioritization 7

Q: How do you rank threats, from high to low? We consider everything a high priority threat. - US government participant 8

Likelihood Attack Methods Humans are creatures of habit. Although threat actors take great care to avoid detection. at some level they too succumb to this adage. Tracking how threat actors operate exposes patterns that analysts can use to combat their effectiveness. Infrastructure Technology Coding Resources Understanding what is available to threat actors offers context to the sophistication of their attacks. Leverage government. industry, and intelligence service provider information sharing arrangements to learn about actors resources. Money People Tools Motive Why do threat actors attack? Determining an actor's motive provides insight into the possible direction of their behavior. and determines their interest in targeting the organization. t Intrinsic (personally rewarding) Extrinsic (receive external reward or avoid punishment) Targeted Data Understanding what a threat actor is after will factor into determining their intent to target the organization. Personally Identifiable Information (PII) Research and Development Business Process Industrial Control Systems Maturity Training Targets Software Engineering Institute I Cm nt git.\lellon Lnin r sity 9

Impact Direct Costs Cyber attacks have a financial impact on organizations. Prioritizing threats according to their cost in terms of remediation and mitigation can resonate with technical and non-technica l stakeholders. Business Operations In addition to the known costs of responding to an attack, organizations also should consider the cascading effects an attack can cause and their associated costs. Organizational Interests Plans. people, and products offer tremendous insight into why an organization is targeted and where a threat can do the most damage if certain information is compromised. External Interests Organizations do not operate in a bubble, and neither should threat prioritization. Consider the ramifications cyber attacks can have on organizational partnerships, reputation. culture. geopolitics. and market space. Incident Response Supply Chain Strategic Planning Market/Industry Downtime Logistics Stakeholders Geopolitical Mitigation and/or Prevention Future Earnings Organizational Culture Partnerships Brand Reputation -- Software Engineering Institute Cm nt git.\ lellon L n in r sity 10

Risk Relevance From leadership to rank-and-file employees. the Internet offers a communication platform that allows anyone to make their organization more visible to threat actors. Access Employees with administrator privileges or access to sensitive data are more attractive targets for threat actors. Determining who has what access can significantly aid in identifying the risk to employees. Infrastructure The unknown provenance of software and hardware complicates risk determination in the cyber environment. Overcoming this limitation requires researching where. when. and how an organization's infra-structure is most susceptible to cyber threats. Online Presence The content and services an organization provides on the Internet serve as attractive targets for threat actors. Analysts can assess severity of risk based on this insight into likely attack vectors. Online Presence Extracurricular Activities Motive Physical and Network-Based Access Position Abnormal Activity Hardware Software Supply Chain Website Additional Exposure Additional Services Software Engineering Institute I Cm nt git.\lellon Lnin r sity 11

Implementing Threat = Likelihood + Impact + Risk Likelihood (by threat actor) Impact (to organization) Risk (by known vulnerabilities) Capability Medium Low High Strategic Interests Medium High Medium Low Medium People Medium Low High Medium Intent Operations Cyber Footprint 12

Future Development: Cyber Intelligence Research Consortium 13

Cyber Intelligence Research Consortium Purpose Research and develop technical solutions and analytical practices to help people make better judgments and quicker decisions with cyber intelligence Membership Decision makers and practitioners from academia, Department of Defense, defense contracting, energy, financial services, and the U.S. Intelligence Community Offerings Cyber threat baseline: Threat environment research to identify best practices Tradecraft labs: Workshops to advance analytical & technological capabilities Implementation frameworks: How-to guides for key intelligence practices Crisis simulation: Capture-the-flag exercise to apply techniques & technologies Intelligence insights: Continuous communication on relevant topics 14

Questions? Jay McAllister Senior Analyst Emerging Technology Center Software Engineering Institute Carnegie Mellon University 412.268.9193 jjmcallister@sei.cmu.edu @sei_etc Tradecraft Project: http://www.sei.cmu.edu/about/organization/etc/citp.cfm Threat Prioritization: http://www.sei.cmu.edu/about/organization/etc/citpcyber-threat-prioritization.cfm Consortium: http://www.sei.cmu.edu/about/organization/etc/overview.cfm 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback