1
MCTSSA Adversarial Cyber DT
Jimmy Clevenger, C|CISO, CISSP, CPT/CEPTSenior Principal Engineer- Cyber, MCTSSA
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
TOPICS
MCTSSA Mission: Provide test and evaluation, engineering, and deployed technical support for United
States Marine Corps (USMC) and joint service Command, Control, Communications, Computer and Intelligence (C4I) systems throughout all acquisition life cycle phases.
• Background
• Significance
• Distinct Cyber Capability
• Process
• Execution
• Skill Sets
• Challenge Areas
• Summary
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.2
Background• 2014 Cyber testing begins
• Critical issues identified with PoR cyber hygiene
• 2015-2016 Cyber DT Framework and Workforce Development Plan established
• 2016 Adversarial testing for PoRs during Developmental Testing (DT)
• Acquisition requirement (PL-113-283, DoDi 5000.02)
• 2017 Matured testing in response to NDAA 1647
• Mission based, System of System, operationally representative
• C2, Fires, Mission Support Systems, NSS
• Unique cyber assessments (not policy compliance)
• Policy compliance is not enough
• Potential vs actual (shown to be exploitable) vulnerabilities
• Adversarial cyber DT on tactical systems proves itIncrease Cyber resiliency of the MAGTF in direct support of assured C2
services. DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
3
4
Significance• System of System testing on tactical C4 equipment
• Identify critical vulnerabilities in fielded and not yet fielded
systems
• Vulnerabilities that are not identified otherwise
• Correlated to operational mission impacts
• Assign threat sophistication ratings
• Includes corrective action and or mitigation recommendations
• Identify the true operational risk to Commanders
• Aids PM in issue prioritization
• Validates the “vulnerabilities” that actually need to be fixed
• Ex. Prioritize based on mission impacts
• Ex. Only 5 out of 200 are proven exploitableDISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
5
Distinct Cyber Capability
• Not OCO, Operational Testing, nor Red Team testing• Focus is on technical problems, not users or operators
• No social engineering• Intended to be completed before fielding• No live networks• Cooperative• Offensive in support of defense• Destructive testing
• Complimentary to existing efforts• Results can feed Red Team, CPT, DCO efforts• Does not replace the need for current efforts
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
MCTSSA Cyber ProcessPlanning & Preparation• System focused objectives
(technical breaks)• Threat modeling• System characterization
6
Execution & Analysis• Vulnerability Identification• Network analysis• Exploit execution/chaining• Exploit development• Mission impact identification• Reverse engineering
Reporting• Detailed test reports• Quantitative vulnerability scoring• Risk mitigation recommendations
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
7
Cyber Execution
1-Understand Requirements2-Characterize Cyber Attack Surface3-Coorperative Vulnerability Identification4-Adversarial Cybersecurity DT&E5-Cooperative Vulnerability and Penetration testing Assessment6-Adversarial Assessment
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
8
Cyber Execution
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
9
Skill Sets
• Reverse engineering and binary analysis
• Network reconnaissance and exploitation
• Application / Web App exploitation
• Coding (Python, Perl, etc…)
• Exploit Research & Development
• Exploitation Tools Research & Development
• MetaSploit Framework / Kali Linux etc…
• Burp Suite
• IDA Pro
• OSCP, CPT, CEPT, other related industry certifications and standards
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
10
Challenge Areas
Critical Low Density Skill Sets
• Reverse Engineering
• Code Review
• Application Pen Testing
• Network Pen Testing
• SCADA,ICS,PLC, CAN, 1553
• Exploit Development
Emerging Technology
• Artificial Intelligence &
Machine Learning for Pen
Testing
• C2 / Event Collaboration
Solutions
• Infrastructure as Code
• Automated Test / Re-Test
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
11
Summary
• Persistent Adversarial Cyber DT effort for tactical PoRs
• Distinct cyber effort
• Complimentary to existing efforts
• CPTs/DCO
• OT/Red teams/OCO
• Intel
• Proven Capability, not theoretical
DISTRIBUTION STATEMENT A. Approved for public release. Distribution is unlimited.
![EmotiGAN: Emoji Art using Generative Adversarial Networkscs229.stanford.edu/proj2017/final-reports/5244346.pdfA. Generative Adversarial Networks A Generative Adversarial Network[4]](https://static.documents.pub/doc/80x56/5ecde2ffc9dc5a794236dce0/emotigan-emoji-art-using-generative-adversarial-a-generative-adversarial-networks.jpg)
