Be Like Water: Applying Analytical Adaptability to Cyber Intelligence

Similar documents
Advancing Cyber Intelligence Practices Through the SEI s Consortium

Cyber Threat Prioritization

The CERT Top 10 List for Winning the Battle Against Insider Threats

2013 US State of Cybercrime Survey

Cyber Hygiene: A Baseline Set of Practices

Components and Considerations in Building an Insider Threat Program

Defining Computer Security Incident Response Teams

Information Security Is a Business

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Software, Security, and Resiliency. Paul Nielsen SEI Director and CEO

SEI Webinar Series. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA January 27, Carnegie Mellon University

Researching New Ways to Build a Cybersecurity Workforce

Analyzing 24 Years of CVD

Smart Grid Maturity Model

Denial of Service Attacks

ARINC653 AADL Annex Update

Situational Awareness Metrics from Flow and Other Data Sources

Encounter Complexes For Clustering Network Flow

Engineering Improvement in Software Assurance: A Landscape Framework

Julia Allen Principal Researcher, CERT Division

SEI/CMU Efforts on Assured Systems

Roles and Responsibilities on DevOps Adoption

Dr. Kenneth E. Nidiffer Director of Strategic Plans for Government Programs

Providing Information Superiority to Small Tactical Units

Design Pattern Recovery from Malware Binaries

Panel: Future of Cloud Computing

Flow Analysis for Network Situational Awareness. Tim Shimeall January Carnegie Mellon University

Software Assurance Education Overview

Passive Detection of Misbehaving Name Servers

Causal Modeling of Observational Cost Data: A Ground-Breaking use of Directed Acyclic Graphs

Investigating APT1. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Deana Shick and Angela Horneman

Using CERT-RMM in a Software and System Assurance Context

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

NISPOM Change 2: Considerations for Building an Effective Insider Threat Program

Inference of Memory Bounds

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

Advanced Cyber Risk Management Threat Modeling & Cyber Wargaming April 23, 2018

The Insider Threat Center: Thwarting the Evil Insider

Modeling the Implementation of Stated-Based System Architectures

The Cyber Threat. Bob Gourley, Partner, Cognitio June 22, How we think. 1

Cyber Partnership Blueprint: An Outline

Boston Chapter AGA 2018 Regional Professional Development Conference Cyber Security MAY 2018

Open Systems: What s Old Is New Again

Collaborative Autonomy with Group Autonomy for Mobile Systems (GAMS)

Current Threat Environment

10 Years of FloCon. Prepared for FloCon George Warnagiris - CERT/CC #GeoWarnagiris Carnegie Mellon University

Static Analysis Alert Audits Lexicon And Rules David Svoboda, CERT Lori Flynn, CERT Presenter: Will Snavely, CERT

Incident Response Services to Help You Prepare for and Quickly Respond to Security Incidents

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

Threat Based Defence Alonso Jose da Silva II. GRC & Cyber Security Conference - Bringing the Silos

Cyber Intelligence: Challenges and Best Practices

Goal-Based Assessment for the Cybersecurity of Critical Infrastructure

Prioritizing Alerts from Static Analysis with Classification Models

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Foundations for Summarizing and Learning Latent Structure in Video

Continuous protection to reduce risk and maintain production availability

The Need for Operational and Cyber Resilience in Transportation Systems

White Paper. How to Write an MSSP RFP

IT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18

Why you should adopt the NIST Cybersecurity Framework

Achieving & Measuring the Value of Cyber Threat Information Sharing. Lindsley Boiney, Clem Skorupka (presenting)

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

WINNING THE WAR FOR CYBER TALENT

OSATE Analysis Support

COTS Multicore Processors in Avionics Systems: Challenges and Solutions

California Cybersecurity Integration Center (Cal-CSIC)

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Healthcare Security Success Story

Report Writer and Security Requirements Finder: User and Admin Manuals

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

RFP/RFI Questions for Managed Security Services. Sample MSSP RFP Template

An Operational Cyber Security Perspective on Emerging Challenges. Michael Misumi CIO Johns Hopkins University Applied Physics Lab (JHU/APL)

FFIEC Cyber Security Assessment Tool. Overview and Key Considerations

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

The Fine Art of Creating A Transformational Cyber Security Strategy

Request for Expression of Interest. Consultant - Project Coordinator. Project: I-CARE Global Imperative Indicator

An Aflac Case Study: Moving a Security Program from Defense to Offense

ARINC653 AADL Annex. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Julien Delange 07/08/2013

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Fall 2014 SEI Research Review Verifying Evolving Software

Institute of Internal Auditors 2019 CONNECT WITH THE IIA CHICAGO #IIACHI

Cloud Computing. Grace A. Lewis Research, Technology and Systems Solutions (RTSS) Program System of Systems Practice (SoSP) Initiative

Vulnerability Assessments and Penetration Testing

Implementation Framework Cyber Threat Prioritization

THE POWER OF TECH-SAVVY BOARDS:

The New Era of Cognitive Security

May the (IBM) X-Force Be With You

Automating the Top 20 CIS Critical Security Controls

National Initiative for Cyber Education (NICE) and the Cybersecurity Workforce Framework: Attract and Retain the Best in InfoSec.

Automated Provisioning of Cloud and Cloudlet Applications

CYBER SOLUTIONS & THREAT INTELLIGENCE

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

National Counterterrorism Center

CERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University

Opportunities and Obstacles for Enabling the Use of Geospatial Applications

Building a Resilient Security Posture for Effective Breach Prevention

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Louisiana - State Analytical & Fusion Exchange (LA-SAFE)

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Cybersecurity in Acquisition

Transcription:

SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister Senior Analyst Software Engineering Institute Carnegie Mellon University @sei_etc

Scuttlebutt Communications Sells prefabricated secure meeting spaces 2

Company Profile Privately owned 600 employees Consists of two divisions Products Operations Cyber intelligence 3

Cyber Intelligence Mission Acquire and analyze information to identify, track, and predict cyber capabilities, intentions, and activities in ways that offer courses of action to enhance decision making 4

Ways to Offer Courses of Action Attack Alerts Threat Assessments Daily Threat Summaries After Action Reports Emerging Threats Newsletters Situational Awareness Briefings 5

Analyst Cadre IT professional Retired military communications officer Liberal arts graduate 6

Analyst Responsibilities 7

Stress Critical Thinking 8

Fight Stress with Tools and Providers 9

Software Engineering Institute Federally funded research and development center Located at Carnegie Mellon University 10

Fight Stress with Analytical Brainpower Acquire talent with certain traits 11

Fight Stress with Analytical Brainpower 12

Be Like Water 13

Cyber Intelligence Research Collaborators Federal Government Intelligence Community Military Federal Civil Service Industry Defense Contracting Energy Financial Services Healthcare Higher Education Information Technology Intelligence as a service Law Retail 14

Cyber Intelligence Research Endeavors Research Consortium Graduate Course Tradecraft Project 15

Leveraging Creative Brainstorming

Human-Centered Design 17

Creative Matrix Over 200 responses generated in ~30 minutes 18

Importance and Difficulty Matrix Weighs importance versus cost to identify challenges with the greatest potential Luxurious Strategic Difficulty Targeted High Value Importance 19

Resulting Challenges Difficulty Luxurious Strategic Targeted Importance High Value 20

Establishing a Cyber Threat Baseline

The Analytic Framework 22

Framework Components Facilitates timely, actionable, & accurate intelligence Is an art and a science Provides scope for analysis Focuses on internal/external network and operations 23

Framework Components Acquires and aligns data for analysis Ask the right questions to get the right data Assesses functional implications Answers what and how 24

Framework Components Assesses strategic implications Answers who and why Offers courses of action to enhance decision making Reporting only as effective as its feedback counterpart 25

Component Attributes 26

Resulting Cyber Threat Baseline Understanding threats to software supply chain Capturing return on investment Tool acquisition and use Hiring & training Holistically assessing a threat Filtering critical threats from data 27

Holistically Assessing Threats

Three-Step Approach Establish a cyber threat baseline Leverage creative brainstorming whenever possible Assess threat actor potential, organizational impact, and target exposure 29

Scuttlebutt Communications Refresher Sells prefabricated secure meeting spaces Privately owned company with 600 employees Perform cyber intelligence 30

Example You Receive this Email What s going on here? Text JAYMCALLISTE350 to 37607 31

Assessing the Situation Three-step approach Establish a cyber threat baseline Leverage creative brainstorming whenever possible Assess threat actor potential, organizational impact, and target exposure What s going on here? Text JAYMCALLISTE350 to 37607 32

Establish a Cyber Threat Baseline 33

Analytical Acumen Leverage creative brainstorming Affinity clustering - Sorting items by similarity Possible email explanations What s going on here? Text JAYMCALLISTE350 to 37607 34

Environmental Context Establish scope Talk to the mail room and Jack Mail room didn t do it Jack didn t do it 35

Data Gathering Ask the right questions to get the right data Is Jack s computer infected? How did it happen? Who did it? If so, with what? Why did it happen? What data should we collect? Text JAYMCALLISTE350 to 37607 Where has it spread to? 36

Data Gathering Collect information Computer scans, download and web activity TTPs of threat actors known to target the industry Recent activities of a criminal organization What data should we collect? Text JAYMCALLISTE350 to 37607 37

Microanalysis Answer what and how How can we remediate the problem? Text JAYMCALLISTE350 to 37607 38

Microanalysis Support network defense, cybersecurity, and incident response How can we remediate the problem? Text JAYMCALLISTE350 to 37607 39

Macroanalysis Assess threat actor potential, organizational impact, and target exposure What can Scuttlebutt do so the Trojan doesn t affect the nation-state? Text JAYMCALLISTE350 to 37607 40

Scuttlebutt Real-Time Order Tracking 41

What can Scuttlebutt do so the Trojan doesn t affect the nation-state? Text JAYMCALLISTE350 to 37607 42

What can Scuttlebutt do so the Trojan doesn t affect the nation-state? Text JAYMCALLISTE350 to 37607 43

What can Scuttlebutt do so the Trojan doesn t affect the nation-state? Text JAYMCALLISTE350 to 37607 44

Reporting 45

and Feedback Exercise feedback? Text JAYMCALLISTE350 to 37607 46

Overall Result Limits intelligence tunnel vision by understanding all causes and effects of potential threats 47

Applying Analytical Adaptability

Moving Forward Practice creative brainstorming Follow @sei_etc for baseline and holistic assessment templates Use the templates to baseline analysis and assess threats 49

SESSION ID: HUM-W01 Be Like Water: Applying Analytical Adaptability to Cyber Intelligence Jay McAllister jjmcallister@sei.cmu.edu @sei_etc

Copyright 2015 Carnegie Mellon University This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the United States Department of Defense. NO WARRANTY. THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN AS-IS BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT. This material has been approved for public release and unlimited distribution except as restricted below. This material may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu. Carnegie Mellon is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. DM-0002289 51

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback