This is a working document for presentation to Cyber Security Professionals concerning a tactical mindset in securing cyberspace within organizations. High level, can add in case studies, more content to come Dec 2010 for the European, UK and German presentation. Feel free to respond to add to brief. Requires Notes

1. A Military Perspective on Cyber Security “Not a Paradigm Shift, Tactical Approach” Joey Hernandez CISSP, MBCI jhernandez@iSCSP.org

2. Topic Background The Change Center of Gravity Rings Principles of War Contested Commons Your Turn

3. About Me Former Intelligence and Cyber Operations Analyst with a broad background in all domains of Network Operations. College Professor in the areas of Criminal Justice & Information Security Background in assessments covering NIST, FIPS, & ISO standards Background in International CERT operations & current Director of Operations for the iSCSP

4. Background Elevated age in cyber warfare Malware has become focused SCADA Systems (Stuxnet) Malware performs Operational Preparation of the Environment (OPE) Conficker (Millions still infected) Ransomeware Data is being held hostage The advanced capability of the threat has increased the risk. Understanding the risk allows employment of defensive measures to mitigate the risk – “Risk will always be present”

5. The Change Combined capabilities have helped attackers create weapon systems Soldier +Rifle + Bullets =(This is a weapon systems) Cyber State Sponsored, Script Kiddies, Paid Staff Laptop, Desktop, Mobile devices Metasploit, Backtrak, PoisonIvy, Mpack, other RAT Hacker + Laptop + Metasploit = Weapon System Attackers, Adversaries, Cyber terrorist are now employing TTP

6. Wardens Rings The focus is to attack Centers of Gravity The Estonian attacks Utilized TTP Rings Leadership (Defaced Ministry of Defense, Finance, etc) Organic/System Essentials Infrastructure (DDoS against ISP and Wardialing to lock up POTS network) Population (News Media) Fielded Military Forces Inside Out Attack Methodology For Kinetic Warfare

7. Cyber Population attacks cascade the rings System essential attacks on services eg. Supply Chain, Food, FedEx ; feeds the rings in both direction Infrastructure attacks feed the rings both directions Leadership focus elevates the nature of the actions Inside Out Attack Methodology For Cyber Warfare “Defense measures must ensure protection of systems first and population foremost”

8. Countering Principles of War Raising perceptions of attacks guarantee an elevated perspective. Proactive approaches to providing defense-in- depth reduces risk to all Centers of Gravity NOT immediately achievable, requires buy-in

9. Principle 1 Objective:Direct every operation towards a clearly defined, decisive, and attainable objective. Security Create policy & Directives that are concise, fed from leadership and enhances current capabilities. Defense Institutionalize SOP creating a path to obtainable objectives

10. Principle 2 Offensive:Seize, retain, and exploit the initiative Cyber Security personnel must have all tools required to respond to incidents or events when presented enabling decisive results Immediate knowledge of events through proactive Proactive research International teams of trust Reverse engineering of “current” malicious code Pentesting with seized exploits ensure preparedness Exercise routinely against new threats Exploitation allows establishing opstempo for defensive and counter operations.

11. Principle 3 Economy of Force:Allocate minimum essential combat power to secondary efforts. Cyber Security staff should only be allocated tasks relating to protection of grid and its associated systems Minimize external tasks not associated to Cyber Security “Employ” others to do: password resets, maintenance, and support Discriminate whenever possible! Indentify and prioritize cyber assets and assign coverage accordingly

12. Principle 4 Mass: Concentrate combat power at the decisive place and time. Sustain with technology, resolve with Mass – Use Crisis action teams, leverage distributed knowledge “Get there first with the most”. The dynamic nature of Cyber Space allows you to employ mass globally with centralized control Convene and delegate Ensure communication is continuous If possible (Make possible) Disarm the attacker Block/Mitigate adversaries ability to maneuver, virtual arm bar Remain focused on protection

13. Principle 5 Surprise:Strike the enemy at a time, place, or manner for which they are unprepared. Always expect it! Trust but verify – If the network is quiet lower thresholds, to find hidden traffic Utilize time to influence out of the box operating procedures and TTP to develop Always expect it!

14. Principle 6 Maneuver:Place the enemy in a position of disadvantage through flexible application of combat power Gain an advantage in positioning by training, certifying defense crews Exercising as a team places the adversary in a position of disadvantage Train as a group to flexibly protect, respond, and mitigate attacks Leverage internal and external trusted SME capabilities

15. Principle 7 Unity of Command: For every objective, ensure unity of effort under one responsible commander. A single leader should provide direction and coordination for crews ensuring clear and concise objectives. Alignment facilitates communication for mission/common objective Each task presented should have ownership and custodial characteristics for members of the crew Ideas & Solutions Preferred collective Collective not required

16. Principle 8 Security:Never permit the enemy to acquire an unexpected advantage. Protect and preserve defense measures, procedures and capabilities from the eyes of the adversary. Protect Information, through PEOPLE vetting “Minimize the chance of future Wiki Leaks” Security exertion minimizes attack vectors Understand the capabilities and limiting factors of your people – “provides for a clearer situational awareness”

17. Principle 9 Simplicity:Prepare clear, uncomplicated plans concise orders to ensure thorough understanding. Concise Plans and Orders minimize the chance for mistakes. Degree of operational simplicity results from from experience, training, empowerment and institutionalization of processes. Simplicity in Cyber Operations - is an Art of Balance Open lines of communication Local & Global support simplicity and information sharing

18. Contested Commons It is Global medium: Maritime, Air, Space, Cyber Relied upon for business globalization More nations, organizations, economies at risk Rapid capability development, sluggish legal and global agreement on how to “Address Cyber Attacks” Russia & China created No CY Zones Some believe there is “No Cyber War” Ask Estonia, Brazil, Canada, South Africa, Malaysia

19. Your Turn Train & Exercise your crews as a team Open lines of communication Think strategically, act locally Be proactive, make quick fixes, and best practice into TTP Be paranoid, suspicious and know your adversaries Build your trusted crisis network Plan for events Clear the fog