We are engaged in a war the like of which we have never seen or experienced before. Our enemies are invisible and relentless; with globally dispersed forces working at all levels and in all sectors of our societies. They are better organised, resourced, motivated, and adaptive than any of our organisations or institutions, and they are winning. This war is also one of paradox!
“The cost to many nations is now on a par with their GDP”
“No previous war has seen so many suffer so much to (almost) never retaliate”
“We are up against attackers who operate as a virtual (ghost-like) guerrilla army”
“No state can defend its population and organisations, and they stand alone - isolated and exposed”
“A real army/defence force would rehearse and play all day and very occasionally engage in warfare. We, on the other hand, are at war every day but never play, war-game, or anticipate new forms of attack”
To turn this situation around we need to understand our enemies and adopt their tactics and tools as a part of our defence strategy. We also have to be united, and organised so the no one, and no organisation, stands alone. We also have to engage in sharing attack data, experiences and solutions.
All this has to be supported by wargaming, and anticipatory solutions creation.
The good news is; we have better, and more, people, machines, networks, facilities, and expertise than our enemies. All it requires is the embracing of advanced R&D, leadership, sharing, and orchestration on a global scale.
1. CYBER
D E F E N C E
THINKING LIKE
THE ENEMY
p e t e r c o c h r a n e . c o m
Prof Peter Cochrane OBE, DSc
2. OUR ENEMIES
Immoral
D e v i o u s
C o r r u p t
I n v i s i b l e
C r i m i n a l
A d a p t i v e
Innovative
Re l e n t l e s s
U b i q u i t o u s
N e t w o r k e d
V i r t u a l i s e d
C o o p e r a t i v e
Opportunistic
Everything
We are not!
“ T h i s i m m e d i a t e l y p l a c e s U S a t s o m e
d i s a d v a n t a g e i n u n d e r s t a n d i n g
e x a c t l y w h a t w e a r e u p a g a i n s t ”
3. INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue
expertise and tools
will not allow us to
win this war…
4. INVISIBLE NETWORK
Criminals
T h e D a r k S i d e o f T h e F o rc e D o m a i n s !
Rogue
expertise and tools
will not allow us to
win this war…
W
E
N
EED
TO
GET
IN
SIDE
a
n
d
M
ODEL
RELA
TION
SHIPS
5. W I S D O M S
F r o m ~ 5 5 0 B C
“To know your enemy you
must become your enemy”
“Destroy your enemy from
within””
Sun Tzu
The Art of War
“There is no instance of a nation
bene
fi
tting from prolonged warfare”
6. D e r i v at i v e
Hypothesis
“ Yo u c a n n o t b e a g o o d d e f e n d e r u n l e s s yo u
h a ve f i r s t b e e n a g o o d a t t a c ke r ”
7. F U N D A M E N TA L M E M E S
P e o p l e a r e b y f a r t h e s i n g l e b i g g e s t r i s k
a n d t h e k e r n e l f o r a l l f o r m s o f a t t a c k
I t o n l y t a k e s o n e t o m a k e
a n e r ro r, b e t e m p t e d , g e t
a n g r y , u p s e t , b e c o m e
c o r r u p t e d , o r t u r n t o
t h e D a r k S i d e + + + !
“ Pe o p l e a re i n h e re n t l y k i n d a n d w i l l h e l p
i f t h e y t h i n k yo u a r e h a v i n g d i f f i c u l t y ”
“ T h e y a r e g e n e r a l l y g r a t e f u l
f o r a n y g u i d a n c e a n d / o r
h e l p g i v e n ”
8. B E Y O N D P E O P L E
S e c u r i t y i s w a y b e y o n d e d u c a t i o n
I t i s f u n d a m e n t a l l y u n a c c e p t a b l e
t o e x p e c t u s e r s t o b e s e c u r i t y
s a v v y / s e l f s u f f i c i e n t !
I n d u s t r y m u s t a s s u m e
t h a t r e s p o n s i b i l i t y
f ro m D a y 1
S e c u r i t y c a n n o t b e
j u s t a n a p p e n d a g e ,
a m e re a f t e r t h o u g h t ,
i t m u s t b e i n t e g r a l
t o t h e b a s i c d e s i g n
9. S E G U A E
The Opportunistic
Dropped receipt to a wet
floor - I picked it up and
this caught my eye
10. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
11. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
12. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what his
boot-up looked like - such a great advert !
13. C a r e l e s s
There are no safe cities
I was working in London
and stopped for a coffee
break in Soho…
Soho
A smart young man walked
in and I spotted his badge !
He sat right in front of me and this is what his
boot-up looked like - such a great advert !
Coffee Shop Protocol
• Sit as far back from the door as possible ;
ideally with no one to the rear or the sides
• Check for overhead cameras
• Do not wear identifying insignia of any kind
• Do not boot up to an identifying company,
country, government, agency badge
• Check and be aware N, E, S, W
14. L O U D & R U D E
There is always a price to pay !
15. A stack of papers
readable at a glance
E X H I B I T I O N I S T S
Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same
16. A stack of papers
readable at a glance
E X H I B I T I O N I S T S
Employees bragging/indiscreet
ME
Three identical laptops
Three
Mobiles
all the
same
In < 1hour of looking & listening I had:
All there names
Mobile numbers + eMail addresses
Unit Codes
Postal Drop
Building
fl
oor and room
IT Support Number and log in
Who was at their meeting
Meeting agenda
Who said what
Decisions made
Project Code Name
Organisations involved
Objectives and progress
The name of a ‘Secret Project’
Talked about in euphemisms
+++++
17. L a x s e c u r i t y
Unintended revelations/consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting
18. L a x s e c u r i t y
Unintended revelations/consequences
TRUTH ENGINES
An End Game Company
Dr Peter Cochrane
EU Concept Consultant
DAY 1: Pass Card for a meeting
TRUTH ENGINES
An End Game Company
Peter Cochrane
Internal A
ff
airs Advisor
DAY 2: Pass Card as a member of sta
f
19. H O N E Y P O T S
Applies ‘equally’ to both sexes
Older man - younger woman
Older woman - younger man
Careless talk, briefcase, laptop access
Access to some informal meetings
Eavesdropping telephone calls
Listening device planting
Geo tracking/bugging
Spyware install
Corruption
Blackmail
Collusion
Long term investment and
strategy most often used
by rogue states for .Gov
& industrial spying with
operations spanning years
20. A X I O M
A t t a c k e r s
A d v a n t a g e
“A t t a c k s c o m e f ro m u n e x p e c t e d d i r e c t i o n s . .
. . b y m e c h a n i s m s y o u d i d n ’t a n t i c i p a t e . .
. . a t t i m e s t h a t a r e r e a l l y i n c o n v e n i e n t ”
21. Paradox
“ T h e m i l i t a r y p l a y a l l d a y a n d o c c a s i o n a l l y
h a ve a wa r, w h i l s t W E a re a t wa r e ve r y d a y
a n d n e v e r p l a y ”
22. Constraints
W e a r e d i s a d v a n t a g e d !
Z i p
Z e r o
N o n e
To t a l F r e e d o m
A n y t h i n g G o e s
L e g a l
M o r a l
S o c i a l
E t h i c a l
Po l i t i c a l
M a n a g e r i a l
+ + + + + + + + + +
C o n s t i t u t i o n a l
R i s k A p p e t i t e
P ro f e s s i o n a l
E d u c a t i o n a l
Re g u l a t o r y
D i v e r s i t y
+ + + + + +
W e c a n p l a y , b u t m u s t n o t s t r a y
b e y o n d t h e ‘ b o u n d a r y c o n d i t i o n s ’
23. O u r w o r l d i s n o l o n g e r s i m p l e
“There are no simple solutions
to complex problems”
“The energy required to solve a problem is
always greater than that expended to create it”
NOT Understood
24. D E F E N C E
& d E F E AT
“You cannot unilaterally defend yourself to victory
- and we are 100% defence focused
- ergo we can never win”
Fortresses, Walls, Bailies, Dykes et
al do not deter or repel enemies
and attackers for very long!
Ditto Firewalls
AntiVirus Apps
Portal Monitors
Activity Scanners
VPNs, BlockChain,
Encryption, Clouds,
Connectivity Scanners
++++
25. 2025
2015
NEEDLES
There are three basic types
2025
2015
“The Dark Side should be
a member of the G8”
“Nothing we are doing
right now will slow
this growth”
A P P A R E N T P A
FA I L U R E C O S T S
26. W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
A wider perspective
Land Sea Air Space Cyber Information
27. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
Catalyst
A wider perspective
Land Sea Air Space Cyber Information
28. Cyber-Info War
Nuclear-Warfare
Bio-Chemical Warfare
W A R F A R E
Scale of Potential Devastation
Potential Depth
of Penetration
Geographical
Metaphysical
Technological
Psychological
Ecological
Biological
Physical
Virtual
Real
Total
Extinction
Trigger
Event
Catalyst
A wider perspective
Land Sea Air Space Cyber Information
THERE IS ONLY
W
AR
AND
EVERY
DOMAIN
IS
INTERCONNECTED Governments
AND
The Military
Can
no
longer
protect their
citizens
29. THE BIG PICTURE
Cyber security is no longer contained
The Dark Side is winning by a
100% commitment & focus
They are far more integrated
and sharing than we are and
‘driven’ by money/evil intent
We do not anticipate attacks or
innovations in tactics, tools,…we
are always on the back foot!
Start thinking like the enemy
Develop better radar systems
Build automatic react systems
Cooperate on developments
War game attack scenarios
Share all data & solutions
We need to:
30. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s Military
Nat Defence
Intelligence
Services
Terrorists
31. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Military
Nat Defence
Intelligence
Services
Terrorists
32. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists
33. Fun
Fame
Notoriety
Vandalism
Limited Skills
Limited Resources
Tend to be Sporadic
Rogue States
Criminals
Hacker Groups
Hacktivist
Amateurs
Money
Sharing
Organic
Dispersed
Unbounded
Huge Effort
Progressive
Cooperatives
Self Organising
Vast Resources
Massive Market
Aggregated Skills
Semi-Professional
Substantial Networks
Skilled
Political
Idealists
Emotional
Relentless
Dedicated
Cause Driven
Vast Networks
Varied Missions
Targeted Attacks
Evolving Community
Drugs
Fraud
Global
Extreme
Extortion
Business
Unbounded
Professional
Well Managed
Well Organised
Ahead of the Curve
Orchestrated E
ff
ort
Extremely Pro
fi
table
Syndicated Resources
Massive Attack Surface
Vast up-to-date Abilities
Covert
Money
WarFare
In
fl
uence
Pervasive
Disruption
Espionage
Professional
Sophisticated
Well Organised
Extreme Creativity
Orchestrated E
ff
ort
Political In
fl
uencers
~Unlimited Resources
Tech/Thought Leaders
Regime Destabilisation
Population Manipulation
Military and Civil Domains
T H R E AT S C A P E ?
T h e s p e c t r u m o f A t t a c k e r s
Medium
Game
Massive
Gain
Boy In a
Bedroom
Start Up
Small
Business
Medium
Business
Large
Business
Global
Business
Public
Bodies
Military
Nat Defence
Intelligence
Services
Terrorists
Zip Planning
Opportunistic
Vision
Plan
£0
Vision
Mission
Partners
Plan £X
MD CEO
Board
Investors
R&A £XX
Military
Civil Service
Fully Funded
MD CEO
Board
Investors
Management
MD CEO
Board
Divisions
Management
34. This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e
35. This varies year- on-year tempered by actual events
P E R c e i v e d T h r e at s c a L e
The IOT
IS
Missing
Insider threat
Recognised
But NOT YET A
PRIORITY
36. what we know for sure
Attacks are escalating
The Dark Side is winning
The attack surface is increasing
Cyber disruption costs are growing
Companies do not collaborate and share
The attackers operate an open market
All our security tools are reactive
Attacker innovation is on the up
People are the biggest risk
There are no silver bullets
Our mindset is wrong
It is time to rethink our strategy and solution space
More of the same but
better & faster will not
change the game…
…we have to think anew
-get out of the box
and do something very
different !
37. Most of the tools required -
and ‘dark consultants’ are
available if help is needed!
Tools: Don’t Build
A THING IF YOU CAN BUY
Just one of many ‘stores’ on the Dark Web
38. At tac k To o l s 20 20
A ‘hint’ of what is for sale on the Dark Net
~$50
39. W e a k P a s s w o r d s
F u l l A c c o u n t C a t a l o g u e s a l s o a v a i l a b l e
People in companies and at
home are inherently careless
40. G R O w i n g
A T T A C K
S U R F A C E
We are exacerbating our
problems by design; and will
continue to do so until there is
a m i n d s e t c h a n g e a n d a m o v e t o
proactive defence (and retaliation?)
I N T E R N E T ~ 6 B n
M O B I L I T Y ~ 2 0 B n
I 4 . 0 + I O T > 3 0 0 B n
Po i n t s o f a t t a c k a n d
opportunity almost
the entire surface
of the planet
42. R A P I D M A L W A R E
S p e c i a t i o n
A r t i f i c i a l L i f e B r e e d i n g M a l w a r e
We had this capability 30 years ago
but neglected to develop it !
The Dark Side embraced it and
now uses it against us!
Why don’t we have any breeding
programs like this so we can play
and create defences and solutions
for attacks to come?
45. A Multiplicity of channels
Attack detection/exposure/thwarting using access diversity
BlueTooth
Short Range
Device to Cloud
Device to Device
WiFi, WiMax
Medium Range
WLAN/Cloud
Integrated and intelligent
security systems embedded
into all products and components
ZigBe/Other ?
Car-to-Car Direct
Communications
Defence opportunities in channel/device/system diversity
A wide plurality of channel detection and protection
Attacks almost never isolated or single sourced
Not restricted to single channel/attempt
Secure attack and infection isolation
Diverse immunity/support access
Distributed info sharing
GEO info location
3, 4, 5 G
Long Range
Device to Net
Device to Cloud
SatCom
Broadcast
46. Auto-immunity
Mirrors biological forebears
Applied everywhere 24 x 7
ICs
ISPs
WiFi
Hubs
LANs
Cards
Traffic
Servers
Circuits
Devices
Internet
Networks
Organisations
Companies
Platforms
Groups
People
Mobile
Fixed
Auto-immunity
Slow-Motion Simulation
Network
people travel
device vehicle
Movement
47.
48. Scale & Complexity
Beyond human abilities across too many fronts
Physical and Cyber are as one -
with dimensionality, dynamics,
and non-linearity (complexity)
well beyond the human span!
“A non-linear stochastic problem”
49. C Y B E R
DEFENCE
Outdated
Outmoded
Outsmarted
Confounded
Ine
ff
ective
Reactive
Isolated
Losing
Little or no
automation
dominated
by people
50. Behavioural
A N A LY T I C S
“The cyber sector has yet to take this
seriously, but it is a rich source of all
activities, performance metrics spanning
all system forms”
“It is also pertinent to all forms of cyber
attack detection including insider threats”
This is the only technique we have for all
networks, devices, machines and people
51. HYPOTHESIS
All systems: designed, designoid,
evolved, grown and constructed
give precursor indicators of an
impending failure
But you have to know where to
look & be capable of identifying
their form and function
Early changes in performance
and behaviour are two forms of
pre-cursor pertinent to cyber
attacks, crime, and espionage
52. EXISTENCE
T H E O R E M
Pro-active failure (trend) detection and
maintenance maximises operating time, reduces
costs and saves lives
53. EXISTENCE
T H E O R E M
Many leading high CAPEX/OPEX sectors have
systems capable of predicting future failures through
the behavioural analysis of components
54. MECHANICAL
S Y S T E M S
Unwanted Resonances
Failure Precursors
Speci
fi
c Element in
Wear Out Phase
Vibration spectrum identi
fi
es reducing
machine performance pending total failure
56. Components: people, PC, device, router,
switch, hub,
fi
rewall, network, cloud, tra
ffi
c
and data activity
C Y B E R
SYSTEMS
Pre-cursor
to full on
attack
58. C Y B E R
SYSTEMS
Monitor everyone + all devices
personal and company + network
looking for deviations from the
historically established norm
EXPERIMENTAL
STARTER FOR 10
59. C Y B E R
SYSTEMS
Monitor every connected PC, device,
router, switch, hub,
fi
rewall, network, cloud,
and all tra
ffi
c for unusual activity
“At this juncture we can
only guess which are the
mission critical nodes -
but we need know for
certain ”
60. HOW DOES THIS APPLY TO PEOPLE
It is amazing how extremely dumb big organisations & people can be !
Edward
Snowden
61. WHO, WHAT, Why Patterns ?
A re a n y b e h a v i o u r s a b n o r m a l a n d w h a t i s t h e i n t e n t ?
62. PEOPLE FAIl: SOCIAL ENGINEERING
This is way more convincing and devious than the Indian call centre
64. FINALE It really doesn’t seem to
be a ‘technology’ problem !
Oh NO! It is a people issue
and I have to get them all to
collaborate: share attack info
and data; experiences, plus
common workable solutions !
This is a really difficult
and big problem, but we
have to tackle it head on,
this more or less the only
option available to us……..
65. RESPONSIBILITY
EMPOWERMENT
ETHICS & TRUST
WE have to gather real data to test
and prove all of this - and address the
issue of letting machines potentially
operate with full autonomy !
“When the machines make
far fewer errors than we do,
then it will be game over”
66. WHAT WE NOW NEED ?
An essentials shopping list is reasonably short
Global monitoring and shared situational awareness
Cooperative environments on attacks and solutions
Universal sharing of identified attacks/developments
Address cloaking & decoy customer sites/net nodes
Behavioural analysis of networks, devices, people
To continue and expand all established efforts
Auto-Immunity for all devices including IoT
Fast, rehearsed, automated, tested responses
67. M e t r i c s
W h e r e t o f o c u s ?
T h e r e a r e 1 0 0 s o f r e p o r t s a n d
a c r e s o f s t a t s o f e v e r y a s p e c t
o f t h i s w a r a n d t h e y a r e a l l
d y n a m i c - f r a n k l y , a n a l y s i s i s
w a y b e y o n d h u m a n a b i l i t y a n d
w e n e e d m a c h i n e h e l p !
68. Complexity, scale, and speed
place this problem well
beyond any human
span!
“Beyond real time observation and historical data
recording, it is pattern recognition that is core to a
workable solution - and AI is supreme in this respect”
The only technology we have
that has the inherent abilities
we need is AI
A T i m e ly
Reminder
Continuing to do what we have always
done will only see even more losses
69. Our enemies appear to have poor defences
They are not expecting expect us to attack
We could cause them to attack each other
We could employ their tools & weapons
We know who and where they are
We know their weaknesses
We know their networks
We have the resources
BUT this would be war
WE Cannot engage in this, only
governments can give sanction
THE FIGHT BACK
STARTING A WAR?
70. WE Cannot engage in this, only
governments can give sanction
ARE WE SEEING THE
S TA R T o f A W A R ?