Upload File

information security as counterintelligence•bluf: a (quick and informal) case study of battling...

  • Home
  • Documents
  • Information Security as Counterintelligence•BLUF: A (quick and informal) case study of battling nation-state actors • Information Security program maturity levels • Things you
15
Nick Levay [email protected] @rattle1337 Information Security as Counterintelligence

Upload: others

Post on 31-Jan-2021

3 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • Nick Levay

    [email protected]

    @rattle1337

    Information Securityas

    Counterintelligence

  • • Past Roles

    • Chief Security Officer, Bit9+CarbonBlack (Boston)

    • Director, Information Security and Operations, Center for American Progress (DC)

    • Director, Global Systems and Tools Engineering, iAsiaWorks (SF/HKG)

    • . . . lots of consulting (NJ, NYC, TN, ATL, SF, LA, et cetera..)

    • Practicing professionally since 1997

    • Certified Information Systems Security Professional

    • Educational background in Communications (Not CS/LEO! Weird right?)

    • Areas of Focus

    • Information Warfare

    • Cyber Counterintelligence

    • Security Operations

    About Nick

  • • BLUF: A (quick and informal) case study of battling nation-state actors

    • Information Security program maturity levels

    • Things you should study

    • A bit about espionage threat actors

    • Examples of attacks

    • Q&A (if possible, wouldn’t that be cool..)

    Agenda

  • • Immature• No formal Information Security program

    • Security as a function of Information Technology

    • Progressive• Information Security as an independent function with FTEs

    • Operational SOC (Security Operations Center)

    • Pentesting and Red Team engagements

    • Adaptive• Open-ended bounty based Red Teaming

    • Active Defense (Constant hunting and trap laying)

    • Intelligence Driven Defense

    • Counterintelligence Pratice

    Information Security Program Maturity

  • • Conti/Raymond/Cross “Library of Sparta” talk/paper

    • Operation SMN Axiom report

    • Lockheed Cyber Kill Chain™

    • OODA Loop

    • Intelligence Loss/Gain Analysis

    • Deception Tactics

    • Transactional Analysis

    • Foreign and Public Policy related to your business

    Study Topics

    (Just Google for links!)

  • The Advanced Persistent Threat

    • The APT is NOT:

    • A “what” = type of threat

    • A botnet

    • Directly financially motivated

    • The APT is:

    • A “who” = A Threat Group

    • Term coined by Air Force in 2006(?)

    • Foreign Espionage!

    • Extremely Organized

    • Multiple groups

    • Division of labor by function

  • Advanced

    • Works full spectrum of computer intrusion

    • Uses pedestrian publicly available exploits

    • … but can elevate to use 0day

    • Adjusts tactics based on target’s posture

    They do what’s necessary to get the job done.

  • Persistent

    • Formally tasked to accomplish a mission

    • … not opportunistic intruders

    • Works like an intelligence unit

    • … receives directives, delivers intelligence product

    • Does not mean constant activity in target network

    • … maintains level of activity necessary for objectives

    They don’t give up.

  • APT Exfiltration Team Activity

  • APT Exfiltration Team Activity

  • Threat

    • Adversary is not a mindless piece of code

    • Adversary is organized, funded, and motivated

    • Consists of multiple “groups” with dedicated “crews”

    “As an intelligence professional, I stand back in absolute awe and wonderment at

    the Chinese espionage effort against the United States of America. It is

    magnificent in its breath, its depth and its efficiency.”

    - Gen. Michael Hayden

  • Circa 2010

    (Chatham House Rule please..)

    SpearphishingExamples

  • (sorry)

    EXAMPLES [REDACTED]

  • Questions?

    Nick [email protected]@rattle1337

  • Thank You!

    Nick [email protected]@rattle1337


Bluf 02 12-final

Haagsche Bluf 51 DEN HAAG...De Haagsche Bluf is een totaal vernieuwd winkel- en horecagebied met prachtige architectuur, gelegen in het winkelhart van Den Haag. Aan de Haagse Bluf

Conceptualising Cyber Counterintelligence · 2020. 9. 10. · Keywords: cyber counterintelligence, cyber threat intelligence, offensive cybersecurity, cyber counterintelligence levels,

Intelligence Counterintelligence

Terrorist group counterintelligence

Defense Counterintelligence and Security Agency ......must coordinate a SAP security plan submission with their assigned Information System Security Professional (ISSP), now called

Bottom Line Up Front (BLUF) Report - APTUS Discovery · The Bottom Line Up Front (BLUF) Report (eader ) is derived through collected and measured data from our APTUS Exercises. BLUF

Hardening the US Electrical Power Grid BLUF*

U.S. COUNTERINTELLIGENCE AND SECURITY CONCERNS ... - cia.gov

National Counterintelligence Strategy - dni.gov€¦ · National Counterintelligence. Strategy. of the United States of America. 2020-2022. Executive Summary. NATIONAL COUNTERINTELLIGENCE

Risk-Based Approach to Industrial Security · the industrial and personnel security missions. Enable action agencies to more effectively counter adversaries. Counterintelligence Analysis

BLUF Writing Format

Reporting Counterintelligence and Security …Technical Report 05-6 May 2005 Reporting of Counterintelligence and Security Indicators by Supervisors and Coworkers Suzanne Wood Consultant

Haagse bluf

(U) Counterintelligence Programs · (U) Counterintelligence Programs A. (U) AUTHORITY: The National Security Act of 1947, ... compromise organizational resources for potential ties

Counterintelligence Glossary A

National Counterintelligence Strategy - …...National Counterintelligence Strategy of the United States 1 • Help enable the successful execution of our sensitive national security

Intelligence and Counterintelligence

GUIDELINES COUNTERINTELLIGENCE...2001/09/20  · hostile, or of such concern, to the national security of the United States that counterintelligence or monitoring activities directed

Defense Security Service - Defense Counterintelligence and

Defense Counterintelligence and Security Agency - …...Counterintelligence (CI) Cyber division realized that the CI and the industrial security work force needed an integrated approach

INTRODUCTION TO U.S. COUNTERINTELLIGENCE

NATIONAL SECURITY DECISION DIRECTIVE NUMBER 298...Specify national-level requirements for intelligence and counterintelligence OPSEC support to the SIG-I. Director, National Security

The Army Counterintelligence Program

National Counterintelligence Strategy

402 chapter 7 counterintelligence

Counterintelligence Indicators

Counterintelligence Paper

RunSafe Security BLUF - Rdp-21 · 2020. 11. 2. · RunSafe Security BLUF 1.RunSafe is about attack prevention, based on experience as attackers for USG. 2.RunSafe’s Alkemist®immunizes

Army Counterintelligence Investigations

DEPARTMENTOF HOMELANDSECURITY OFFICEOF …€¦ · Transnational OrganizedCrime,Counterintelligence,Economic Security,Support to State and LocalOfficials,and Training. experience.Heserved

KUBARK Counterintelligence Interrogation

IX. CIA COUNTERINTELLIGEXCE - Stratejik İstihbarat · PDF fileIX. CIA COUNTERINTELLIGEXCE A. COUNTERINTELLIGENCE : AN INTRODUCTION 1. Definitio?L of Counterintelligence Counterintelligence

COUNTERINTELLIGENCE - Lockheed Martin Space...Vice President & Chief Security Officer Lockheed Martin INTRODUCTION 1. According to Executive Order 12333, Counterintelligence (CI) is

1 Counterintelligence & The Insider Threat An Enterprise Operations Counterintelligence Presentation Presented by: Ralph Butler SSC Counterintelligence