Embed Size (px)
Citation preview
Cyber Principles
November 2010
Bob Gourley
2
The 12 Principles of Cyber Conflict1. Know the enemy: Bad actors in the world are bad actors in cyberspace.2. The Chain: Security in our cyberspace is only as good as its weakest link.3. There is no Perimeter: Agile operational defense in depth is required. 4. Interconnection: Cyber operations is bigger than IT. 5. The Laundry: In Cyber Conflict there is always something to do.6. Prior Planning: Success must be preplanned. 7. Experience Counts: Inexperienced cyber conflict professionals are not.8. User Understanding: Users cannot understand system security posture.9. The Rodeo: No adversary is undefeated. No system is undefeatable.10. One Basket: Never put all your eggs in one basket. 11. Unintended Consequences: Prepare for blow-back and fratricide.12. The Beauty of Offense: You must take the fight to the enemy.
Assume you are breached, plan for mission resilience, build for active defense, mitigate advanced persistent threats, seek to detect anomalies, and
exercise with the extended team, continuously.
3
Can Geospatial Solutions Contribute?Some emerging cyber needs:• Deep network forensics and monitoring• Information aggregation and analysis (human and sensor driven)
e.g. dashboards and metrics• Advanced heuristics for anomaly detection • Advanced forensic techniques • Botnet and bad actor infrastructure monitoring• Dynamic honeypots and advanced simulation environments• Cloud based malware detection and analysis• Mobile platform security• Threat intelligence – situation awareness (including dashboards)• Locations and activities of bad actors (individuals and organizations)
4
Backup Slides
5
The Cyber Conflict Thesis• Cyber conflict decision-makers are growing a Canon of
Knowledge that will contribute to victory
• The most significant Lessons learned from Cyber can be/should be embodied in Principles of Cyber Conflict
• Principles can guide actions including career development, concepts of operations, training, mentoring and, at times, decisions in cyber conflict
• Principles can help us in the “Cyber-Location Nexus”
6
How can we develop Cyber Conflict Principles?
• Combination of real world experience and academic study
• Then community review and continued intellectual rigor
• Feedback from real cyber warriors engaged in cyber conflict
The following principles are based on the experiences of first generation of Joint cyber warriors plus the work of the Cyber Conflict Studies Association (CCSA)
(see http://cyberconflict.org)
7
The 12 Principles of Cyber Conflict1. Know the enemy: Bad actors in the world are bad actors in cyberspace.2. The Chain: Security in our cyberspace is only as good as its weakest link.3. There is no Perimeter: Agile operational defense in depth is required. 4. Interconnection: Cyber operations is bigger than IT. 5. The Laundry: In Cyber Conflict there is always something to do.6. Prior Planning: Success must be preplanned. 7. Experience Counts: Inexperienced cyber conflict professionals are not.8. User Understanding: Users cannot understand system security posture.9. The Rodeo: No adversary is undefeated. No system is undefeatable.10. One Basket: Never put all your eggs in one basket. 11. Unintended Consequences: Prepare for blow-back and fratricide.12. The Beauty of Offense: You must take the fight to the enemy.
Assume you are breached, plan for mission resilience, build for active defense, mitigate advanced persistent threats, seek to detect anomalies, and
exercise with the extended team, continuously.
8
The Operational Threat and a Cyber Locational Nexus
• After reconstruction of events, it was clear that I&W could have been provided on most major cyber events. Some examples:– Moonlight Maze– PRC Espionage against DoD 2005-2010 (ongoing)– Estonia 2007– Georgia 2008– GhostNet 2009– Aurora 2009-2010– Buckshot Yankee 2009-2010
• Each of these events could have benefited from enhanced geospatial/all source intelligence on foreign threat actors, their capabilities, ongoing ops and likely intent.
9
Some questions regarding cyber-location nexus:
• Can we express cyber threat history geospatially to help mitigate cyber threat amnesia?
• High end adversaries are well resourced and are developing capabilities with their own internal R&D, so it is pretty clear we should prepare to be surprised. But can enhanced locational intelligence counter any of their R&D?
• Are there new all source fusion models/methods/techniques that have not been explored yet that locational advances can contribute to?
• What solutions for I&W, CND, CNA, CNE can cyber location nexus drive?
10
Warning: Don’t overreach! Much of cyber conflict is different
Some emerging cyber needs:• Deep network forensics and monitoring• Information aggregation and analysis (human and sensor driven)
e.g. dashboards and metrics• Advanced heuristics for anomaly detection • Advanced forensic techniques • Botnet and bad actor infrastructure monitoring• Dynamic honeypots and advanced simulation environments• Threat intelligence – situation awareness (including dashboards)• Cloud based malware detection and analysis• Mobile platform security• Locations and activities of bad actors (individuals and organizations)
11
Questions/Comments?See: http://ctovision.com
E-mail: [email protected]
• Just like in geospatial intelligence, we won’t make collective progress in cyber conflict till we deserve progress in cyber conflict.
• Help earn our victory by contributing to the canon of knowledge of cyber conflict
• Read, study, think about and refine the principles of cyber conflict.
• Join and engage intellectually with the Cyber Conflict Studies Association (CCSA)
Concluding Thoughts
