Cyber Security - Thinking Like The Enemy

CYBER

D E F E N C E

THINKING LIKE

THE ENEMY
p e t e r c o c h r a n e . c o m
Prof Peter Cochrane OBE, DSc

OUR ENEMIES
Immoral

D e v i o u s

C o r r u p t

I n v i s i b l e

C r i m i n a l

A d a p t i v e

Innovative

Re l e n t l e s s

U b i q u i t o u s

N e t w o r k e d

V i r t u a l i s e d

C o o p e r a t i v e

Opportunistic
Everything

We are not!
“ T h i s i m m e d i a t e l y p l a c e s U S a t s o m e

d i s a d v a n t a g e i n u n d e r s t a n d i n g
e x a c t l y w h a t w e a r e u p a g a i n s t ”

INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue

expertise and tools

will not allow us to

win this war…

INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue

expertise and tools

will not allow us to

win this war…
W
E
N
EED
TO
GET
IN
SIDE

a
n
d
M
ODEL

RELA
TION
SHIPS

W I S D O M S
F r o m ~ 5 5 0 B C
“To know your enemy you
must become your enemy”
“Destroy your enemy from

within””
Sun Tzu
The Art of War
“There is no instance of a nation
bene
fi
tting from prolonged warfare”

D e r i v at i v e

Hypothesis
“ Yo u c a n n o t b e a g o o d d e f e n d e r u n l e s s yo u
h a ve f i r s t b e e n a g o o d a t t a c ke r ”

F U N D A M E N TA L M E M E S

P e o p l e a r e b y f a r t h e s i n g l e b i g g e s t r i s k

a n d t h e k e r n e l f o r a l l f o r m s o f a t t a c k
I t o n l y t a k e s o n e t o m a k e
a n e r ro r, b e t e m p t e d , g e t

a n g r y , u p s e t , b e c o m e
c o r r u p t e d , o r t u r n t o

t h e D a r k S i d e + + + !
“ Pe o p l e a re i n h e re n t l y k i n d a n d w i l l h e l p
i f t h e y t h i n k yo u a r e h a v i n g d i f f i c u l t y ”
“ T h e y a r e g e n e r a l l y g r a t e f u l
f o r a n y g u i d a n c e a n d / o r

h e l p g i v e n ”

B E Y O N D P E O P L E

S e c u r i t y i s w a y b e y o n d e d u c a t i o n
I t i s f u n d a m e n t a l l y u n a c c e p t a b l e
t o e x p e c t u s e r s t o b e s e c u r i t y
s a v v y / s e l f s u f f i c i e n t !
I n d u s t r y m u s t a s s u m e

t h a t r e s p o n s i b i l i t y

f ro m D a y 1
S e c u r i t y c a n n o t b e

j u s t a n a p p e n d a g e ,

a m e re a f t e r t h o u g h t ,

i t m u s t b e i n t e g r a l

t o t h e b a s i c d e s i g n

S E G U A E

The Opportunistic
Dropped receipt to a wet
floor - I picked it up and
this caught my eye

C a r e l e s s

There are no safe cities
I was working in London

and stopped for a coffee

break in Soho…
Soho

C a r e l e s s



break in Soho…
Soho
A smart young man walked

in and I spotted his badge !

C a r e l e s s



break in Soho…
Soho

He sat right in front of me and this is what his

boot-up looked like - such a great advert !

C a r e l e s s



break in Soho…
Soho

He sat right in front of me and this is what his

boot-up looked like - such a great advert !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W

L O U D & R U D E

There is always a price to pay !

A stack of papers
readable at a glance
E X H I B I T I O N I S T S

Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same

A stack of papers
readable at a glance
E X H I B I T I O N I S T S

Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same
In < 1hour of looking & listening I had:

All there names

Mobile numbers + eMail addresses

Unit Codes

Postal Drop

Building
fl
oor and room

IT Support Number and log in

Who was at their meeting

Meeting agenda

Who said what

Decisions made

Project Code Name

Organisations involved

Objectives and progress

The name of a ‘Secret Project’

Talked about in euphemisms

+++++

L a x s e c u r i t y

Unintended revelations/consequences
TRUTH ENGINES

An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting

L a x s e c u r i t y

Unintended revelations/consequences
TRUTH ENGINES

An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting
TRUTH ENGINES

An End Game Company
Peter Cochrane
Internal A
ff
airs Advisor
DAY 2: Pass Card as a member of sta
f

H O N E Y P O T S

Applies ‘equally’ to both sexes
Older man - younger woman

Older woman - younger man

Careless talk, briefcase, laptop access

Access to some informal meetings

Eavesdropping telephone calls

Listening device planting

Geo tracking/bugging

Spyware install

Corruption

Blackmail

Collusion

Long term investment and
strategy most often used

by rogue states for .Gov

& industrial spying with
operations spanning years

A X I O M

A t t a c k e r s

A d v a n t a g e
“A t t a c k s c o m e f ro m u n e x p e c t e d d i r e c t i o n s . .

. . b y m e c h a n i s m s y o u d i d n ’t a n t i c i p a t e . .

. . a t t i m e s t h a t a r e r e a l l y i n c o n v e n i e n t ”

Paradox
“ T h e m i l i t a r y p l a y a l l d a y a n d o c c a s i o n a l l y
h a ve a wa r, w h i l s t W E a re a t wa r e ve r y d a y
a n d n e v e r p l a y ”

Constraints

W e a r e d i s a d v a n t a g e d !
Z i p

Z e r o

N o n e

To t a l F r e e d o m

A n y t h i n g G o e s
L e g a l

M o r a l

S o c i a l

E t h i c a l

Po l i t i c a l

M a n a g e r i a l

+ + + + + + + + + +
C o n s t i t u t i o n a l

R i s k A p p e t i t e

P ro f e s s i o n a l

E d u c a t i o n a l

Re g u l a t o r y

D i v e r s i t y

+ + + + + +
W e c a n p l a y , b u t m u s t n o t s t r a y

b e y o n d t h e ‘ b o u n d a r y c o n d i t i o n s ’

O u r w o r l d i s n o l o n g e r s i m p l e
“There are no simple solutions

to complex problems”
“The energy required to solve a problem is
always greater than that expended to create it”
NOT Understood

D E F E N C E

& d E F E AT

“You cannot unilaterally defend yourself to victory

- and we are 100% defence focused

- ergo we can never win”

Fortresses, Walls, Bailies, Dykes et
al do not deter or repel enemies
and attackers for very long!
Ditto Firewalls

AntiVirus Apps

Portal Monitors

Activity Scanners

VPNs, BlockChain,

Encryption, Clouds,

Connectivity Scanners

++++

2025
2015
NEEDLES
There are three basic types
2025
2015
“The Dark Side should be

a member of the G8”
“Nothing we are doing

right now will slow

this growth”
A P P A R E N T P A

FA I L U R E C O S T S

W A R F A R E
Scale of Potential Devastation
Potential Depth

of Penetration

Geographical

Metaphysical

Technological

Psychological

Ecological

Biological

Physical

Virtual

Real
A wider perspective
Land Sea Air Space Cyber Information

Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Potential Depth

of Penetration

Geographical

Metaphysical

Technological

Psychological

Ecological

Biological

Physical

Virtual

Real
Total

Extinction

Trigger

Event
Catalyst
A wider perspective

Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Potential Depth

of Penetration

Geographical

Metaphysical

Technological

Psychological

Ecological

Biological

Physical

Virtual

Real
Total

Extinction

Trigger

Event
Catalyst
A wider perspective
THERE IS ONLY
W
AR

AND

EVERY
DOMAIN

IS

INTERCONNECTED Governments

AND
The Military

Can
no
longer

protect their

citizens

THE BIG PICTURE
Cyber security is no longer contained
The Dark Side is winning by a

100% commitment & focus

They are far more integrated

and sharing than we are and

‘driven’ by money/evil intent

We do not anticipate attacks or

innovations in tactics, tools,…we

are always on the back foot!

Start thinking like the enemy

Develop better radar systems

Build automatic react systems

Cooperate on developments

War game attack scenarios

Share all data & solutions

We need to:

Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?

T h e s p e c t r u m o f A t t a c k e r s Military

Nat Defence
Intelligence

Services
Terrorists

Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers

T h e s p e c t r u m o f A t t a c k e r s
Medium

Game

Massive

Gain
Military

Nat Defence
Intelligence

Services
Terrorists

Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers

Medium

Game

Massive

Gain
Boy In a
Bedroom

Start Up
Small

Business
Medium

Business
Large

Business
Global

Business
Public

Bodies
Military

Nat Defence
Intelligence

Services
Terrorists

Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers

Medium

Game

Massive

Gain
Boy In a
Bedroom

Start Up
Small

Business
Medium

Business
Large

Business
Global

Business
Public

Bodies
Military

Nat Defence
Intelligence

Services
Terrorists
Zip Planning

Opportunistic

Vision

Plan

£0

Vision

Mission

Partners

Plan £X
MD CEO

Board

Investors

R&A £XX
Military

Civil Service

Fully Funded
MD CEO

Board

Investors

Management
MD CEO

Board

Divisions

Management

This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e

This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e
The IOT

IS

Missing
Insider threat

Recognised

But NOT YET A

PRIORITY

what we know for sure
Attacks are escalating
The Dark Side is winning
The attack surface is increasing
Cyber disruption costs are growing
Companies do not collaborate and share
The attackers operate an open market
All our security tools are reactive
Attacker innovation is on the up
People are the biggest risk
There are no silver bullets
Our mindset is wrong
It is time to rethink our strategy and solution space
More of the same but

better & faster will not
change the game…
…we have to think anew

-get out of the box

and do something very

different !

Most of the tools required -
and ‘dark consultants’ are
available if help is needed!
Tools: Don’t Build

A THING IF YOU CAN BUY

Just one of many ‘stores’ on the Dark Web

At tac k To o l s 20 20

A ‘hint’ of what is for sale on the Dark Net
~$50

W e a k P a s s w o r d s

F u l l A c c o u n t C a t a l o g u e s a l s o a v a i l a b l e
People in companies and at
home are inherently careless

G R O w i n g

A T T A C K

S U R F A C E
We are exacerbating our

problems by design; and will

continue to do so until there is

a m i n d s e t c h a n g e a n d a m o v e t o

proactive defence (and retaliation?)
I N T E R N E T ~ 6 B n
M O B I L I T Y ~ 2 0 B n
I 4 . 0 + I O T > 3 0 0 B n
Po i n t s o f a t t a c k a n d

opportunity almost

the entire surface

of the planet

UNBOUNDED POSSIBILITIES
From thermostats to doorbells, toasters to vehicles
R E M O T E

AT TA C K S

R A P I D M A L W A R E

S p e c i a t i o n

A r t i f i c i a l L i f e B r e e d i n g M a l w a r e
We had this capability 30 years ago

but neglected to develop it !

The Dark Side embraced it and

now uses it against us!

Why don’t we have any breeding
programs like this so we can play

and create defences and solutions

for attacks to come?

Auto-immunity
Mirrors biological forebears
ICs

ISPs

WiFi

Hubs

LANs

Cards

Traffic

Servers

Circuits

Devices

Internet

Networks

Organisations

Companies

Platforms

Groups

People

Mobile

Fixed

Autonomous and evolutionary

Relentless everywhere 365 x 24 x 7
Can
W
E EMULATE
THIS IN
THE

SILICON
W
ORLD

Broadcasting

Malware
Responding

with updated

protection Wider

Network

Updated
Latest

Solution

Update
Dynamic isolation of infected

devices and components

leading to repair
A mix of clean and infected
Auto-immunity

A Multiplicity of channels
Attack detection/exposure/thwarting using access diversity
BlueTooth

Short Range

Device to Cloud

Device to Device
WiFi, WiMax

Medium Range

WLAN/Cloud
Integrated and intelligent

security systems embedded

into all products and components
ZigBe/Other ?

Car-to-Car Direct

Communications
Defence opportunities in channel/device/system diversity

A wide plurality of channel detection and protection

Attacks almost never isolated or single sourced

Not restricted to single channel/attempt

Secure attack and infection isolation

Diverse immunity/support access

Distributed info sharing

GEO info location

3, 4, 5 G

Long Range

Device to Net

Device to Cloud
SatCom

Broadcast

Auto-immunity
Mirrors biological forebears
Applied everywhere 24 x 7

ICs

ISPs

WiFi

Hubs

LANs

Cards

Traffic

Servers

Circuits

Devices

Internet

Networks

Organisations

Companies

Platforms

Groups

People

Mobile

Fixed

Auto-immunity
Slow-Motion Simulation
Network

people travel

device vehicle

Movement

Scale & Complexity
Beyond human abilities across too many fronts
Physical and Cyber are as one -

with dimensionality, dynamics,
and non-linearity (complexity)
well beyond the human span!

“A non-linear stochastic problem”

C Y B E R

DEFENCE
Outdated
Outmoded
Outsmarted
Confounded
Ine
ff
ective
Reactive
Isolated
Losing
Little or no
automation
dominated
by people

Behavioural

A N A LY T I C S
“The cyber sector has yet to take this
seriously, but it is a rich source of all
activities, performance metrics spanning
all system forms”
“It is also pertinent to all forms of cyber
attack detection including insider threats”
This is the only technique we have for all
networks, devices, machines and people

HYPOTHESIS
All systems: designed, designoid,
evolved, grown and constructed
give precursor indicators of an
impending failure
But you have to know where to
look & be capable of identifying
their form and function
Early changes in performance
and behaviour are two forms of
pre-cursor pertinent to cyber
attacks, crime, and espionage

EXISTENCE

T H E O R E M
Pro-active failure (trend) detection and
maintenance maximises operating time, reduces
costs and saves lives

EXISTENCE

T H E O R E M
Many leading high CAPEX/OPEX sectors have
systems capable of predicting future failures through
the behavioural analysis of components

MECHANICAL

S Y S T E M S
Unwanted Resonances
Failure Precursors
Speci
fi
c Element in
Wear Out Phase
Vibration spectrum identi
fi
es reducing
machine performance pending total failure

Time
Machine
Conditio
n/Funct
ion MECHANICAL

S Y S T E M S

Components: people, PC, device, router,
switch, hub,
fi
rewall, network, cloud, tra
ffi
c
and data activity
C Y B E R

SYSTEMS
Pre-cursor
to full on
attack

People
Systems
Networks
Monitoring

People

Systems

Networks
All Operations Disabled
All Systems Failing
Visible
Operational
Noise
Sporadic
Outages
Multi-System Critical
Fails-Unpredictable
Up Times
Inexplicable
Productivity
Reductions
CYBER

ATTACK
Undetected
Attack Build
Up + Hidden
Precursors
Time
IT
Systems
Conditio
n/Funct
ion

C Y B E R

SYSTEMS
Monitor everyone + all devices
personal and company + network
looking for deviations from the
historically established norm
EXPERIMENTAL

STARTER FOR 10

C Y B E R

SYSTEMS
Monitor every connected PC, device,
router, switch, hub,
fi
rewall, network, cloud,
and all tra
ffi
c for unusual activity
“At this juncture we can
only guess which are the
mission critical nodes -
but we need know for
certain ”

HOW DOES THIS APPLY TO PEOPLE
It is amazing how extremely dumb big organisations & people can be !
Edward

Snowden

WHO, WHAT, Why Patterns ?
A re a n y b e h a v i o u r s a b n o r m a l a n d w h a t i s t h e i n t e n t ?

PEOPLE FAIl: SOCIAL ENGINEERING
This is way more convincing and devious than the Indian call centre

FINALE It really doesn’t seem to

be a ‘technology’ problem !

FINALE It really doesn’t seem to

be a ‘technology’ problem !
Oh NO! It is a people issue

and I have to get them all to
collaborate: share attack info
and data; experiences, plus
common workable solutions !

This is a really difficult

and big problem, but we

have to tackle it head on,

this more or less the only

option available to us……..

RESPONSIBILITY

EMPOWERMENT
ETHICS & TRUST
WE have to gather real data to test
and prove all of this - and address the
issue of letting machines potentially
operate with full autonomy !
“When the machines make
far fewer errors than we do,
then it will be game over”

WHAT WE NOW NEED ?
An essentials shopping list is reasonably short
Global monitoring and shared situational awareness

Cooperative environments on attacks and solutions

Universal sharing of identified attacks/developments

Address cloaking & decoy customer sites/net nodes

Behavioural analysis of networks, devices, people

To continue and expand all established efforts

Auto-Immunity for all devices including IoT

Fast, rehearsed, automated, tested responses

M e t r i c s

W h e r e t o f o c u s ?
T h e r e a r e 1 0 0 s o f r e p o r t s a n d
a c r e s o f s t a t s o f e v e r y a s p e c t
o f t h i s w a r a n d t h e y a r e a l l
d y n a m i c - f r a n k l y , a n a l y s i s i s
w a y b e y o n d h u m a n a b i l i t y a n d
w e n e e d m a c h i n e h e l p !

Complexity, scale, and speed
place this problem well
beyond any human

span!
“Beyond real time observation and historical data
recording, it is pattern recognition that is core to a
workable solution - and AI is supreme in this respect”
The only technology we have

that has the inherent abilities

we need is AI
A T i m e ly
Reminder
Continuing to do what we have always
done will only see even more losses

Our enemies appear to have poor defences
They are not expecting expect us to attack
We could cause them to attack each other
We could employ their tools & weapons
We know who and where they are
We know their weaknesses
We know their networks
We have the resources
BUT this would be war
WE Cannot engage in this, only
governments can give sanction
THE FIGHT BACK

STARTING A WAR?

WE Cannot engage in this, only
governments can give sanction
ARE WE SEEING THE

S TA R T o f A W A R ?

Th
e
fu
ture belongs
to
th
e
most adaptable and
th
ose
who dare !
Th
ank You
petercochrane.com

Cyber Security - Thinking Like The Enemy

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Cyber Security - Thinking Like The Enemy

Ähnlich wie Cyber Security - Thinking Like The Enemy (20)

Mehr von University of Hertfordshire

Mehr von University of Hertfordshire (13)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Cyber Security - Thinking Like The Enemy