Date post: | 14-Feb-2017 |
Category: |
Technology |
Upload: | crmcg2007 |
View: | 17 times |
Download: | 1 times |
12/02/2016
1
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.
MODERN CYBER BATTLEFIELD
APPLICATION OF KEY COUNTERINSURGENCY PRINCIPALS TO
TODAY’S KINETIC CYBER ENVIRONMENT
Presented by Chuck McGregor CISSP, CISM VP Security Operations, Parsons
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.2
ABOUT ME
• USMC officer
• Deployed to Afghanistan and Iraq in advisor and company command capacities in COIN environments/missions
• US Marine Special Operations Command Reserve Chief of Staff
• Cyber Director at Parsons Corp.
12/02/2016
2
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.3
KNOW THY ENEMY…- Sun Tzu
…AND KNOW THY SELF
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.4
COUNTERINSURGENCY OPERATIONS JP3-24
The twenty-first century is typified by a volatile international environment,
persistent conflict, and increasing state fragility. Long-standing external and internal tensions tend to exacerbate or create core grievances within some states, resulting in political strife, instability, or even insurgency.
Moreover, some transnational terrorists/extremists with radical political and religious ideologies may intrude in weak or poorly governed states to form a wider, more networked threat.
12/02/2016
3
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.5
SETTING THE STAGE
• The challenges we face are dynamic
• We need new ways to view our cyber adversaries
• Correlations of the cyber battlefield to dynamic counterinsurgency landscapes
• New ways to view and prepare the cyber battle space
• Let’s try something different…
A view of our adversaries
• Nation-state sponsors
• Criminal organizations
• Hacktivists
• Proxy agents
• Competitors
• Insiders
66 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.6
INSURGENCY ANALYSIS
Before we determine where to focus, let’s analyze insurgencies…
12/02/2016
4
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.7
UNDERSTANDING INSURGENCY
• Organized
• Complexity
• Contemporary conflict
• Leadership/narrative
• Protracted struggle
Modern cyber adversary motives
• Ideological
• Socio-economic influence
• Commercial/defense
objectives
• Criminal/funding objectives
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.8
RECOGNIZING INSURGENT VULNERABILITIES
• Need for secrecy
• Need to establish a base of
operations
• Need for financial resources
• Internal divisions
• Need to maintain momentum
• Informants within the insurgency
Cyber exploitation mindset
• Strong unity of command
• Adjacent unit coordination
• Financial resources
• Our own people
…Our campaign plan
12/02/2016
5
99 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.9
FOCUS AREA #1 PLANNING
Focus Area #1
Your counterinsurgency campaign plan
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.10
FOCUS AREA #1 – COIN CAMPAIGN PLANNING
• Unity of effort
• Intelligence-driven operations
(Intel prep of the battlefield)
• Economy of force
• Component contributions
• Operational environment
shaping
Cyber campaign planning
corollaries…
• Organize your security practices
• Peer-industry integration points
• Bottom-up threat intelligence -
unleash
• Support the analyst effort – invest
• Technology force multipliers
12/02/2016
6
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.11
SMALL WARS MANUAL
UNITED STATES MARINE CORPS, 1940
In small wars, caution must be exercised, and instead of striving to
generate the maximum power with the forces available, the goal is to gain decisive results with the least application of force. In small wars, tolerance, sympathy, and kindness should be the keynote of our relationship with the
mass of the population. Small wars involve a wide range of activities including diplomacy, contacts with the civil population and warfare of the most difficult kind.
1212 COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.12
FOCUS AREA #2 TACTICAL GUERILLA FIGHT
Focus Area #2
The tactical guerilla fight
12/02/2016
7
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.13
FOCUS AREA #2 – GUERILLA TACTICS
• Attacking the will
• Deception
• Engagement selection
• Supply chain disruption
• Attacks to infrastructure
• Financial conversion
• Prolonged fight
Tactical cyber actions…
• Fight his strategy, not his forces
• Map short term actions to long term vision
• Maintain intelligence emphasis
• Be prepared for setbacks
• Empower the lowest levels
• Rank is nothing – talent is eveything
• Keep the initiative
• Be there
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.14
GUERILLA TACTICS AND THE CYBER KILL CHAIN
Initial
Compromise
Establish
Foothold
Escalate
Privileges
Internal
Recon
Move
Laterally
Maintain
Presence
Complete
Mission
(Action on
Objectives)
Guerilla
Tactics
Cyber
Tactics
“Cyber Kill Chain” is a registered trademark of Lockheed Martin
• Patient observation
• Develop intimacy • Target development and prioritization
• Final planning
• Asymmetric positioning
• Destroy/disruption• Objective
advance• Evade and egress
• External attack surface sizing
• Social Engineering
• External Compromise
• Custom Malware
• Payload Insert
• App Exploitation
• Delivery• Credential
Theft• Password
Cracking• “Pass-the-
Hash”
• Exploitation• Critical
System Recon• System, Active
Directory, User Enumeration
• Installation• Net Use
Commands• Reverse Shell
Access
• Backdoor Variants
• VPN Subversion
• Sleeper Malware
• C2 Nodes
• Staging Servers• Data
Consolidation• Data Theft• Destroy
12/02/2016
8
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.15
KEY TAKEAWAYS
• Take a new look at we fight on the cyber battlefield
• Leverage what we’ve learned in COIN – the similarities prompt consideration
• Integrating COIN planning elements into your cyber campaign plan to keep adversary off balance
• Ensure intelligence-driven operations
• Adopting a COIN mindset can give your front line an edge in the guerrilla fight
• Empower your lowest levels
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.16
THANK YOU
[email protected]@chuck_mcg
12/02/2016
9
COPYRIGHT © 2016, FIREEYE, INC. ALL RIGHTS RESERVED.17
REFERENCESFM 3-24 Counterinsurgency
JP 3-24 Counterinsurgency Operations
FMFRP 12-15 USMC Small Wars Manual (1940)
“28 Articles - Fundamentals of Company-Level Counterinsurgency”, David Kilcullen (2006)
“Killing Advanced Threats in Their Tracks: An Intelligent Approach to Attack Prevention”, Tony Sager, SANS Institute (2014)
“10 Strategies of a World-Class Security Operations Center”, Carson Zimmerman, MITRE (2014)
EXIM APPROVED Parsons #458 7 OCT 16.