DOCSLIB.ORG

A Roadmap for Cybersecurity Research

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

A Roadmap for Cybersecurity Research

November 2009

Contents

Executive Summary................................................................................................................................................iii Introduction..............................................................................................................................................................v Acknowledgements.................................................................................................................................................ix Current Hard Problems in INFOSEC Research
1. Scalable Trustworthy Systems ...................................................................................................................1 2. Enterprise-Level Metrics (ELMs) ..........................................................................................................13 3. System Evaluation Life Cycle...................................................................................................................22 4. Combatting Insider Threats ....................................................................................................................29 5. Combatting Malware and Botnets ..........................................................................................................38 6. Global-Scale Identity Management ........................................................................................................50 7. Survivability of Time-Critical Systems ..................................................................................................57 8. Situational Understanding and Attack Attribution ..............................................................................65 9. Provenance .................................................................................................................................................76 10. Privacy-Aware Security ..........................................................................................................................83 11. Usable Security ........................................................................................................................................90
Appendices Appendix A. Interdependencies among Topics ..............................................................................................A1 Appendix B. Technology Transfer ....................................................................................................................B1 Appendix C. List of Participants in the Roadmap Development .................................................................C1 Appendix D. Acronyms ...................................................................................................................................... D1

i

Executive Summary

Executive Summary

e United States is at a significant decision point. We must continue to defend our

current systems and networks and at the same time attempt to “get out in front” of our adversaries and ensure that future generations of technology will position us to

better protect our critical infrastructures and respond to attacks from our adversaries.

e term “system” is used broadly to encompass systems of systems and networks.

is cybersecurity research roadmap is an attempt to begin to define a national R&D

agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. e research, development, test, evaluation, and other life cycle consider-

ations required are far reaching—from technologies that secure individuals and

their information to technologies that will ensure that our critical infrastructures are much more resilient. e R&D investments recommended in this roadmap must tackle the vulnerabilities of today and envision those of the future.

e intent of this document is to provide detailed research and development

agendas for the future relating to 11 hard problem areas in cybersecurity, for use by agencies of the U.S. Government and other potential R&D funding sources. e 11 hard problems are:

1. Scalable trustworthy systems (including system architectures and requisite development methodology)
2. Enterprise-level metrics (including measures of overall system trustworthiness) 3. System evaluation life cycle (including approaches for sufficient assurance) 4. Combatting insider threats 5. Combatting malware and botnets 6. Global-scale identity management 7. Survivability of time-critical systems 8. Situational understanding and attack attribution 9. Provenance (relating to information, systems, and hardware) 10.Privacy-aware security 11.Usable security

For each of these hard problems, the roadmap identifies critical needs, gaps in

research, and research agenda appropriate for near, medium, and long term

attention. DHS S&T assembled a large team of subject matter experts who provided input into the development of this research roadmap. e content was developed over the course of 15 months that included three regional multi-day workshops, two

virtual workshops for each topic, and numerous editing activities by the participants.

iii

Introduction

Introduction

Information technology has become pervasive in every way—from our phones and

other small devices to our enterprise networks to the infrastructure that runs our

economy. Improvements to the security of this information technology are essential

for our future. As the critical infrastructures of the United States have become more

and more dependent on public and private networks, the potential for widespread

national impact resulting from disruption or failure of these networks has also

increased. Securing the nation’s critical infrastructures requires protecting not only their physical systems but, just as important, the cyber portions of the systems on which they rely. e most significant cyber threats to the nation are fundamentally different from those posed by the “script kiddies” or virus writers who traditionally have plagued users of the Internet. Today, the Internet has a significant role

in enabling the communications, monitoring, operations, and business systems

underlying many of the nation’s critical infrastructures. Cyberattacks are increas-

ing in frequency and impact. Adversaries seeking to disrupt the nation’s critical

infrastructures are driven by different motives and view cyberspace as a possible means to have much greater impact, such as causing harm to people or widespread

economic damage. Although to date no cyberattack has had a significant impact on

our nation’s critical infrastructures, previous attacks have demonstrated that exten-

sive vulnerabilities exist in information systems and networks, with the potential for

serious damage. e effects of a successful attack might include serious economic consequences through impacts on major economic and industrial sectors, threats to infrastructure elements such as electric power, and disruptions that impede the response and communication capabilities of first responders in crisis situations.

e United States is at a significant decision point. We must continue to defend our

current systems and networks and at the same time attempt to “get out in front” of our adversaries and ensure that future generations of technology will position

us to better protect our critical infrastructures and respond to attacks from our

adversaries. It is the opinion of those involved in creating this research roadmap that

government-funded research and development (R&D) must play an increasing role

to enable us to accomplish this goal of national and economic security. e research

topics in this roadmap, however, are relevant not only to the federal government but also to the private sector and others who are interested in securing the future.

is cybersecurity research roadmap is an attempt to begin to define a national R&D

agenda that is required to enable us to get ahead of our adversaries and produce the technologies that will protect our information systems and networks into the future. e research, development, test, evaluation, and other life cycle consider-

ations required are far reaching—from technologies that secure individuals and

their information to technologies that will ensure that our critical infrastructures are much more resilient. ese investments must tackle the vulnerabilities of today and envision those of the future.

“e time is now near at hand...” — George Washington, July 2, 1776

v

Historical background

research programs. e original list has mixes of legacy systems), and the presproven useful in guiding INFOSEC ence of significant, asymmetric threats.

e INFOSEC Research Council (IRC) research, and policy makers and planners

is an informal organization of govern- may find the document useful in evalu- e area of cybersecurity and the associ-

ment program managers who sponsor ating the contributions of ongoing and ated research and development activities

information security research within the proposed INFOSEC research programs. have been written about frequently over

U.S. Government. Many organizations However, the significant evolution of the past decade. In addition to both

have representatives as regular members technology and threats between 1999 the original IRC HPL in 1999 and the

of the IRC: Central Intelligence Agency, and 2005 required an update to the list. revision in 2005, the following reports Department of Defense (including the erefore, an updated version of the have discussed the need for investment

Air Force, Army, Defense Advanced HPL was published in November 2005. in this critical area:

Research Projects Agency, National is updated document included the

ƒ Toward a Safer and More Secure
Cyberspace
Reconnaissance Office, National Secu- following technical hard problems from

rity Agency, Navy, and Office of the the information security perspective:

ƒ Federal Plan for Cyber Security and Information Assurance Research and Development

Secretary of Defense), Department

of Energy, Department of Homeland

Security, Federal Aviation Administra-

tion, Intelligence Advanced Research

Projects Activity, National Aeronautics

1. Global-Scale Identity Management 2. Insider reat 3. Availability of Time-Critical
Systems

ƒ Cyber Security: A Crisis of
Prioritization

and Space Administration, National 4. Building Scalable Secure Systems

ƒ Hardening the Internet
Institutes of Health, National Institute

of Standards and Technology, National Science Foundation, and the Technical

Support Working Group. In addition,

the IRC is regularly attended by partner

organizations from Canada and the

United Kingdom.

5. Situational Understanding and
Attack Attribution

6. Information Provenance 7. Security with Privacy

ƒ Information Security
Governance: A Call to Action

ƒ The National Strategy to Secure
Cyberspace

8. Enterprise-Level Security Metrics

ƒ Cyber Security Research and
Development Agenda

ese eight problems were selected

e IRC developed the original Hard as the hardest and most critical chal-

Problem List (HPL), which was com- lenges that must be addressed by the ese reports can be found at http://

posed in 1997 and published in draft INFOSEC research community if trust- www.cyber.st.dhs.gov/documents.html

form in 1999. e HPL defines desir- worthy systems envisioned by the U.S. able research topics by identifying a set Government are to be built. INFOSEC of key problems from the U.S. Govern- problems may be characterized as “hard”

Current context

ment perspective and in the context of for several reasons. Some problems are On January 8, 2008, the President

IRC member missions. Solutions to hard because of the fundamental techni- issued National Security Presiden-

these problems would remove major cal challenges of building secure systems, tial Directive 54/Homeland Security

barriers to effective information secu- others because of the complexity of Presidential Directive 23, which for-

rity (INFOSEC). e Hard Problem information technology (IT) system malized the Comprehensive National

List was intended to help guide the applications. Contributing to these Cybersecurity Initiative (CNCI) and a

research program planning of the IRC problems are conflicting regulatory and series of continuous efforts designed to

member organizations. It was also hoped policy goals, poor understanding of establish a frontline defense (reducing

that nonmember organizations and operational needs and user interfaces, current vulnerabilities and preventing

industrial partners would consider these rapid changes in technology, large het- intrusions), defending against the full

problems in the development of their erogeneous environments (including spectrum of threats by using intelligence

vi

and strengthening supply chain security, influence in networking and IT systems, interagency coordination to ensure cov-

and shaping the future environment by components, and standards among U.S. erage of all the topics.

enhancing our research, development, competitors. Federal agencies with

and education, as well as investing in mission-critical needs for increased Each of the following topic areas is

  • “leap-ahead” technologies.
  • cybersecurity, which includes informa- treated in detail in a subsequent section

tion assurance as well as network and of its own, from Section 1 to Section 11.

e vision of the CNCI research com- system security, can play a direct role

munity over the next 10 years is to in determining research priorities and

“transform the cyber-infrastructure so assessing emerging technology proto-

that critical national interests are pro- types. Moreover, through technology

tected from catastrophic damage and transfer efforts, the federal government

our society can confidently adopt new can encourage rapid adoption of the

1. Scalable trustworthy systems
(including system architectures and requisite development methodology)

2. Enterprise-level metrics (including measures of overall system trustworthiness)

3. System evaluation life cycle (including approaches for sufficient assurance)

  • technological advances.”
  • results of leap-ahead research. Technol-

ogy breakthroughs that can curb or

Two components of the CNCI deal break the resource-draining cycle of

with cybersecurity research and develop- security patching will have a high likeli-

ment—one focused on the coordination hood of marketplace implementation.

of federal R&D and the other on the

development of leap-ahead technologies. As stated previously, this Cybersecu-

rity Research Roadmap is an attempt

4. Combatting insider threats 5. Combatting malware and botnets 6. Global-scale identity management

No single federal agency “owns” the to begin to address a national R&D

issue of cybersecurity. In fact, the agenda that is required to enable us to

federal government does not uniquely get ahead of our adversaries and produce

own cybersecurity. It is a national and the technologies that will protect our

global challenge with far-reaching con- information systems and networks into

sequences that requires a cooperative, the future. e topics contained in this

comprehensive effort across the public roadmap and the research and developand private sectors. However, as it has ment that would be accomplished if the

done historically, U.S. Government roadmap were implemented are, in fact,

R&D in key technologies working in leap-ahead in nature and address many

7. Survivability of time-critical systems
8. Situational understanding and attack attribution
9. Provenance (relating to information, systems, and hardware)

10.Privacy-aware security 11.Usable security

close cooperation with private-sector of the topics that have been identified Eight of these topics (1, 2, 4, 6, 7, 8,

partners can jump-start the necessary in the CNCI activities

fundamental technical transformation.
9, 10) are adopted from the November 2005 IRC Hard Problem List [IRC05]

and are still of vital relevance. e

other three topics (3, 5, 11) represent

Document format

e leap-ahead strategy aligns with the

consensus of the nation’s networking e intent of this document is to additional areas considered to be of

and cybersecurity research communi- provide detailed research and develop- particular importance for the future. ties that the only long-term solution to ment agendas for the future relating to

the vulnerabilities of today’s network- 11 hard problem areas in cybersecurity, e order in which the 11 topics are

ing and information technologies is to for use by agencies of the U.S. Govern- presented reflects some structural simiensure that future generations of these ment and anyone else that is funding larities among subgroups of the topics technologies are designed with secu- or doing R&D. It is expected that each and exhibits clearly some of their major

rity built in from the ground up. e agency will find certain parts of the interdependencies. e order proceeds

leap-ahead strategy will help extend document resonant with its own needs roughly from overarching system con-

U.S. leadership at a time of growing and will proceed accordingly with some cepts to more detailed issues—except

vii

for the last topic—and has the following Background

ƒ What R&D is evolutionary and what is more basic, higher risk, game changing? structure:
ƒ What is the problem being

addressed? a. Topics 1–3 frame the overarching

problems.
ƒ Resources
ƒ What are the potential threats?
ƒ Measures of success
ƒ Who are the potential

beneficiaries? What are their respective needs? b. Topics 4–5 relate to specific major threats and needs.
ƒ What needs to be in place for test and evaluation? c. Topics 6–10 relate to some of the

“ilities” and to system concepts required for implementing the previous topics.
ƒ To what extent can we test real systems?
ƒ What is the current state of the practice?

ƒ What is the status of current

Following the 11 sections are three

appendices: research?

Topic 11, usable security, is different

from the others in its cross-cutting Future Directions

Appendix A: Interdependencies among Topics

nature. If taken seriously enough, it

ƒ On what categories can we

can influence the success of almost all

the other topics. However, some sort

of transcendent usability requirements

need to be embedded pervasively in all the other topics. subdivide the topics?
Appendix B: Technology Transfer

ƒ What are the major research

  • gaps?
  • Appendix C: List of Participants in the

Roadmap Development
ƒ What are some exemplary

problems for R&D on this topic?

Each of the 11 sections follows a

similar format. To get a full picture of the problem, where we are, and where

we need to go, we ask the following

questions:
ƒ What are the challenges that must be addressed?

ƒ What approaches might be desirable?

References

  • [IRC2005]
  • INFOSEC Research Council Hard Problem List, November 2005

http://www.cyber.st.dhs.gov/docs/IRC_Hard_Problem_List.pdf.

[USAF-SAB07] United States Air Force Scientific Advisory Board, Report on Implications of Cyber Warfare. Volume 1:
Executive Summary and Annotated Brief; Volume 2: Final Report, August 2007. For Official Use Only.

Additional background documents (including the two most recent National Research Council study reports on cybersecurity)

can be found online. (http://www.cyber.st.dhs.gov/documents.html).

viii

Acknowledgements

Acknowledgements

e content of this research roadmap was developed over the course of 15 months

that included three workshops, two phone sessions for each topic, and numer-

ous editing activities by the participants. Appendix C lists all the participants.

e Cyber Security program of the Department of Homeland Security (DHS)

Science and Technology (S&T) Directorate would like to express its appre-

ciation for the considerable amount of time they dedicated to this effort.

DHS S&T would also like to acknowledge the support provided by the staff of SRI

International in Menlo Park, CA, and Washington, DC. SRI is under contract with

DHS S&T to provide technical, management, and subject matter expert support for

the DHS S&T Cyber Security program. ose involved in this effort include Gary

Bridges, Steve Dawson, Drew Dean, Jeremy Epstein, Pat Lincoln, Ulf Lindqvist,

Jenny McNeill, Peter Neumann, Robin Roy, Zach Tudor, and Alfonso Valdes.

Of particular note is the work of Jenny McNeill and Peter Neumann. Jenny

has been responsible for the organization of each of the workshops and phone

sessions and has worked with SRI staff members Klaus Krause, Roxanne Jones,

Recommended publications
  • KPMG Report A4

    KPMG Report A4

    + = TAKING SECURITY TESTING TO THE NEXT LEVEL 5 MAY 2014 STAN HEGT HAVE YOU EVER ENCOUNTERED AN ADVERSARY THAT RAN NESSUS FROM A MEETING ROOM? PENETRATION TESTING vs RED TEAMING Penetration Testing Red Teaming Gain oversight of vulnerabilities Goal Test resilience against real attacks Predefined subset Scope Realistic access paths Focus on preventive controls Tested controls Focus on detection and response Focus on efficiency Test method Focus on realistic simulation Mapping, scanning, exploiting Test techniques Attacker TTPs Very limited Post-exploitation Extensive focus on crown jewels Part of development lifecycle Positioning Periodical exercise RED TEAMING – THE APPROACH The Red Team . Uses the same Tactics, Techniques and Procedures (TTPs) as real adversaries . Red team members must be on top of threat intelligence . Team members must have operational versatility The Blue Team . Is not only the security team (but also users, IT, management) . Does not know if an incident is real or triggered by a red team . Measure improvement: mean time to detect (MTTD) and mean time to recovery (MTTR) THE APPROACH – CYBER KILL CHAIN METHODOLOGY Transmission of the Select targets and attack via physical, Install “malware” to Complete actions and determine attack email, web, or social gain remote control achieve the red flags methods engineering Before the Hack T-1 T0 After the Hack T+1 Recon Weaponize Deliver Exploit Install Control Execute Establish command & Develop the attack Successful penetration control throughout the methods – access gained network Developed by Lockheed Martin, Intelligence-Driven Computer Network Defense THE ASSUME COMPROMISE MODEL Recon Weaponize Deliver Exploit Install Control Execute Focus on last steps in Kill Chain .
  • Inside a Hacker's Mind

    Inside a Hacker's Mind

    1 © MazeBolt Technologies. All Rights Reserved. 2 Table of Contents Introduction 3 The Evolving Hacker Community 4 What motivates Hackers 4 Modus Operandi of DDoS Hackers 5 Best Practices to Mitigate DDoS Attacks: 8 Summary: Beating Hackers at their Own Game 8 References 9 Table of Figures Figure 1 – Anonymous Hackers Mask _______________________________________________________________ 3 Figure 2 - A Tweet by the Anonymous Group ________________________________________________________ 4 Figure 3 - Another Tweet by Anonymous ____________________________________________________________ 5 Index of Tables Table 1 - Cost of DDoS Services on the Dark Net ________________________________________________________________ 6 © MazeBolt Technologies. All Rights Reserved. 3 Introduction It was in 1974 that the first DDoS attack was launched when David Dennis—a 13-year-old learned about a new command that could be run on CERL’s PLATO terminals. Called “external” or “ext,” the command could cause the terminal to lock up—requiring a shutdown and power- on to regain functionality. He tested his knowledge which forced several users to power off simultaneously. In the 45 years since its inception, this form of attack has gained the status of the most persistent and damaging of all cyber-attacks. The next milestone in DDoS attacks occurred in August 1999, when a hacker used a tool called `Trinoo’ or `Trin00’, to disable the University of Minnesota’s computer network for more than two days. Trinoo is one of the first publicly available DDoS programs and a ground-setter for other widely available DDoS tools that would emerge in the future. Using a compromised host, the attacker executes automated processes to make a list of vulnerable machines.
  • Comptia® Security+ SY0-601 Cert Guide

    Comptia® Security+ SY0-601 Cert Guide

    CompTIA® Security+ SY0-601 Cert Guide Omar Santos Ron Taylor Joseph Mlodzianowski A01_Santos_Fm_pi-plii_1.indd 1 01/06/21 2:49 pm CompTIA® Security+ SY0-601 Cert Guide Editor-in-Chief Copyright © 2022 by Pearson Education, Inc. Mark Taub All rights reserved. No part of this book shall be reproduced, stored in Product Line Manager a retrieval system, or transmitted by any means, electronic, mechanical, Brett Bartow photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the Executive Editor information contained herein. Although every precaution has been taken in Nancy Davis the preparation of this book, the publisher and author assume no respon- Development Editor sibility for errors or omissions. Nor is any liability assumed for damages Christopher A. Cleveland resulting from the use of the information contained herein. ISBN-13: 978-0-13-677031-2 Managing Editor ISBN-10: 0-13-677031-2 Sandra Schroeder Library of Congress Control Number: 2021935686 Senior Project Editor ScoutAutomatedPrintCode Tonya Simpson Copy Editor Trademarks Chuck Hutchinson All terms mentioned in this book that are known to be trademarks or ser- vice marks have been appropriately capitalized. Pearson IT Certification Indexer cannot attest to the accuracy of this information. Use of a term in this book Erika Millen should not be regarded as affecting the validity of any trademark or service mark. Proofreader Abigail Manheim Warning and Disclaimer Technical Editor Every effort has been made to make this book as complete and as accurate Chris Crayton as possible, but no warranty or fitness is implied.
  • Specialized Cyber Red Team Responsive Computer Network Operations

    Specialized Cyber Red Team Responsive Computer Network Operations

    TALLINN UNIVERSITY OF TECHNOLOGY DOCTORAL THESIS 25/2019 Specialized Cyber Red Team Responsive Computer Network Operations BERNHARDS BLUMBERGS TALLINNUNIVERSITYOFTECHNOLOGY SchoolofInformationTechnologies DepartmentofSoftwareScience ThedissertationwasacceptedforthedefenceofthedegreeofDoctorofPhilosophy(cyber security)on2ndofApril,2019 Supervisor: Dr. Rain Ottis, Department of Software Science, School of Information Technologies, Tallinn University of Technology Tallinn, Estonia Co-supervisor: Dr. Risto Vaarandi Department of Software Science, School of Information Technologies, Tallinn University of Technology Tallinn, Estonia Opponents: Professor Dr. Hiroki Takakura, National Institute of Informatics, Tokyo, Japan Fregattenkapitän PD Dr. Dr. habil. Robert Koch, Bundeswehr University of Munich, Munich, Germany Defence of the thesis: 27th of May, 2019, Tallinn Declaration: Hereby I declare that this doctoral thesis, my original investigation and achievement, submitted for the doctoral degree at Tallinn University of Technology, has not been submittedforanyacademicdegreeelsewhere. Bernhards Blumbergs signature Copyright: Bernhards Blumbergs, 2019 ISSN 2585-6898 (publication) ISBN 978-9949-83-413-6 (publication) ISSN 2585-6901 (PDF) ISBN 978-9949-83-414-3 (PDF) TALLINNA TEHNIKAÜLIKOOL DOKTORITÖÖ 25/2019 Vastutegevusele orienteeritud punase meeskonna küberoperatsioonid BERNHARDS BLUMBERGS Contents LIST OF PUBLICATIONS 7 AUTHOR’S CONTRIBUTIONS TO THE PUBLICATIONS 8 LIST OF ACRONYMS 10 LIST OF FIGURES 11 LIST OF TABLES 12 1 INTRODUCTION 15
  • Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations

    Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations

    1/7/2019 More Connected, More at Risk Addressing Cybersecurity Concerns for Tribal Organizations January 10, 2019 To Receive CPE Credit › Individuals • Participate in entire webinar • Answer polls when they are provided › Groups • Group leader is the person who registered & logged on to the webinar • Answer polls when they are provided • Complete group attendance form • Group leader sign bottom of form • Submit group attendance form to [email protected] within 24 hours of webinar › If all eligibility requirements are met, each participant will be emailed their CPE certificate within 15 business days of webinar 1 1/7/2019 Presenter Rex Johnson Director [email protected] Introductions Rex Johnson, CISSP®, CISA®, CIPT, PMP®, PCIP™ Director Health Care, Financial Services, Not-for-Profit, Government, Education, Telecommunications & Manufacturing Industries 2 1/7/2019 Breaches Are Continuing … Reported Breaches by Year 1579 2017 totals: • 1,579 breaches total 1600 • 178,955,069 records exposed 1400 1091 1200 2018 update through Dec. 5, 2018: • 1,138 breaches 1000 783 780 614 • 561,782,485 records 800 471 421 600 400 200 0 2011 2012 2013 2014 2015 2016 2017 Source: ID Theft Center https://www.idtheftcenter.org 2018 – Data Breach Category Y-T-D Summary (12/5/2018) Incident vs. Breaches Incident Breach › Security event that › Incident that results in compromises integrity, the confirmed confidentiality or disclosure—not just availability of an potential exposure—of information asset data to an unauthorized party Source: Verizon 2018 Data Breach Investigations Report 3 1/7/2019 Breaches Are Costing More & More Average cost per Likelihood of a Average total cost Companies that lost or stolen recurring breach of a data breach record within two years contained a breach in $3.86 million $148 27.9% less than 30 days saved more than $1 Up from $3.62 million 2017 was $141 27.7% last year million vs.
  • Red Team Analysis of Information Security Measures and Response

    Red Team Analysis of Information Security Measures and Response

    International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 07 Issue: 04 | Apr 2020 www.irjet.net p-ISSN: 2395-0072 Red Team Analysis of Information Security Measures and Response Khushboo Amin1, Dr. Priyanka Sharma2 1 Student, School of Information Technology & Cyber Security, Raksha Shakti University, Gujarat, India 2Dean, Research & Development, Raksha Shakti University, Gujarat, India ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - This research attempts to develop a factor As we all know today, the cybersecurity threat landscape understanding of Red Team assessment strategies in computer may be a dynamic one and is continually changing. The cyber and data security. The Red Team is a 'cultured form' of attacker of today uses a combination of both traditional and assessment that identifies weaknesses during a quite advanced hacking techniques. On top of this, new variants of information and security system. This research aims to identify the existing malicious threat actors are seen daily. Red and define the form of dimensions of the Red Team's Teaming may be a full-scope, multi-layered attack simulation effectiveness from the customer, management, individual, and designed to live how well a company's people and networks, team member to strengthen the knowledge system's security applications and physical security controls can withstand an and performance. The Red Team generally addresses the attack
  • Principles of Cyberwarfare

    Principles of Cyberwarfare

    Cyberwarfare Principles of Cyberwarfare Cyberwarfare is different from classic kinetic warfare and therefore requires a review of basic warfare principles to differentiate it from armed conflict in the traditional sense. RAYMOND lassic, kinetic warfare principles have been not an exhaus- C. PARKS derived from thousands of years of expe- tive list, nor is it AND DAVID rience as Tsun Tzu, Carl von Clausewitz, intended as the P. DUGGAN Antoine-Henri Jomini, Basil Henry Liddel- final definitive Sandia CHart, and others have documented. Some kinetic one. Instead, these principles are a continuation of the National warfare principles apply to cyberwarfare, others have discussion with the cyberwarfare community that we Laboratories no meaning in cyberwarfare, and a few may actually began with our first article. We chose principles from be antagonistic to cyberwarfare. practical experience. When we follow these princi- The principles of warfare guide warfighting at the ples, we win; when we do not follow them, we lose. strategic, operational, and tactical levels. They’re the enduring bedrock of US military doctrine, derived Definitions from practical experience and the wisdom of those To present our cyberwarfare principles, we must define who documented that experience. Those who fol- our terms. Dan Kuehl defines cyberspace as “an opera- lowed these principles have won, and those who did tional domain whose distinctive and unique character is not have lost. Clearly, we do not have thousands of framed by the use of electronics and the electro magnetic years of experience in cyberwarfare, so we have to spectrum to create, store, modify, exchange and ex- start with what we have had.
  • Ethical Hacking Terminology

    Ethical Hacking Terminology

    Ethical Hacking Terminology Table of Contents Terminology .................................................................................................................................... 2 Terminology -1 ................................................................................................................................ 3 Terminology -2 ................................................................................................................................ 5 Defense in Depth ............................................................................................................................ 6 Confidentiality, Integrity and Availability ....................................................................................... 8 The "Ease of Use" Triangle ............................................................................................................ 11 Types of Hackers – Black Hats ....................................................................................................... 13 Types of Hackers – Gray Hats ....................................................................................................... 15 Types of Hackers – White Hats ..................................................................................................... 17 Hacktivism ..................................................................................................................................... 18 Required Ethical Hacking Skills ....................................................................................................
  • Protect Your Properties from Cyber Attacks!

    Protect Your Properties from Cyber Attacks!

    Protect Your Properties from Cyber Attacks! MNP Cyber Security Presentation Presented by: Danny Timmins, National Cyber Security Leader 2017 Cyber Security MNP Technology Solutions • Cyber Security Overview • Cyber Crime Tactics and Techniques o Hacking (Penetration Testing) o Social Engineering (Malware/Crimeware) o Red Teaming • Considerations Page 2 Lessons from the field • Canada’s 5th Largest Accounting | Tax | Consulting • 4500 Team Members • 80 Offices coast to coast • 55 Cyber Security Professionals Nationally Page 3 MNP is more than an Accounting Firm • Digital Strategy • Operational Technology • Portal Development • IoT • Business Continuity • Cyber Security & Risk • Workplace Collaboration • Data Analytics • CRM/ERP • DevOps • Cloud Strategy • Auditing Page 4 Predictions ➢99% of vulnerabilities exploited will continue to be the ones known by security/IT professionals. ➢The single most impactful enterprise activity to improve security will be patching. ➢The second most impactful enterprise activity to improve security will be removing web server vulnerabilities. Page 5 Predictions ➢Internet of Things will grow to an installed base of 20.4 billion. ➢A third of successful attacks experienced will be on their shadow IT resources. ➢Companies are using more than 15 times more cloud services to store critical company data than CIOs were aware of. ➢Nearly eight in ten (77%) of decision makers admit to using a third-party cloud application without approval. Page 6 What’s happening in the industry? Damages have started to increase in Canada - Casino Rama is an example of damages increasing ….30+ Million Canada’s new privacy laws will require breach notice and affect private sector operations in Canada. (Digital Privacy Act)…do you know your data Cyber Insurance…how much do you need …is it focused on the correct areas Page 7 What’s happening in the industry? Mandatory cyber audits coming for publicly traded companies in Canada….
  • The Applied Critical Thinking Handbook

    The Applied Critical Thinking Handbook

    Red Teaming Handbook v7 Points of Contact UFMCS http://usacac.army.mil/cac2/UFMCS/index.asp University of Foreign Military and Cultural Studies TRISA (TRADOC G2 Intelligence Support Activity) 803 Harrison Drive, Building 467, Room 315 Ft Leavenworth, KS 66027-2308 FAX 913-684-3887 DSN 552 Director 913-684-3860 Operations 913-684-3857 Security 913-684-4336 Technology 913-684-4339 Curriculum 913-684-4321 Instructors 913-684-3892/3959 SMEs 913-684-4323/4338 Librarians 913-785-3001/3081 Enrollment 1. Go to https://www.atrrs.army.mil/atrrscc/search.aspx 2. Select a Fiscal Year, i.e., 2015. 3. Select the School Code: 159 (UFMCS). 4. Click Search the ATRRS course catalog button (near the bottom). 5. Select a UFMCS course from the table. Page i Red Teaming Handbook v7 Table of Contents CHAPTER I: Introduction ....................................................1 Why Red Teaming? ...........................................................1 What is Red Teaming? ......................................................2 How is Red Teaming Conducted? .....................................4 How is a UFMCS Education Unique? ................................5 Why this Red Teaming Handbook? ...................................7 Summary ...........................................................................8 Endnotes ...........................................................................8 CHAPTER II: Self-Awareness .............................................9 What is Self-Awareness? ..................................................9 Who Am I? .....................................................................
  • The Rise of China's Hacking Culture: Defining Chinese Hackers

    The Rise of China's Hacking Culture: Defining Chinese Hackers

    California State University, San Bernardino CSUSB ScholarWorks Electronic Theses, Projects, and Dissertations Office of aduateGr Studies 6-2016 The Rise of China's Hacking Culture: Defining Chinese Hackers William Howlett IV California State University - San Bernardino Follow this and additional works at: https://scholarworks.lib.csusb.edu/etd Part of the Asian Studies Commons, Criminology and Criminal Justice Commons, International Relations Commons, Politics and Social Change Commons, and the Science and Technology Studies Commons Recommended Citation Howlett, William IV, "The Rise of China's Hacking Culture: Defining Chinese Hackers" (2016). Electronic Theses, Projects, and Dissertations. 383. https://scholarworks.lib.csusb.edu/etd/383 This Thesis is brought to you for free and open access by the Office of aduateGr Studies at CSUSB ScholarWorks. It has been accepted for inclusion in Electronic Theses, Projects, and Dissertations by an authorized administrator of CSUSB ScholarWorks. For more information, please contact [email protected]. THE RISE OF CHINA’S HACKING CULTURE DEFINING CHINESE HACKERS A Thesis Presented to the Faculty of California State University, San Bernardino In Partial Fulfillment of the Requirements for the Degree Master of Arts in Social Sciences and Globalization by William Sedgwick Howlett June 2016 THE RISE OF CHINA’S HACKING CULTURE DEFINING CHINESE HACKERS A Thesis Presented to the Faculty of California State University, San Bernardino by William Sedgwick Howlett June 2016 Approved by: Cherstin Lyon, Committee Chair, Social Sciences and Globalization Jeremy Murray, Committee Member, History Jose Munoz, Committee Member, Sociology © 2016 William Sedgwick Howlett ABSTRACT China has been home to some of the most prominent hackers and hacker groups of the global community throughout the last decade.
  • Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors

    Chapter 29 Cyber Attacks by Terrorists and Other Malevolent Actors

    Chapter 29 Cyber Attacks by Terrorists and other Malevolent Actors: Prevention and Preparedness With Three Case Studies on Estonia, Singapore, and the United States Shashi Jayakumar The field of cyberterrorism has existed for as a long as it has been possible to interdict or compromise computer systems. While contributions of scholars, researchers, and practitioners have enriched discussions, there are longstanding and unresolved issues of definition which can give rise to confusion. Does cyberterrorism mean attacks only by individuals groups that fall within widely accepted definitions of “terrorist” or “terrorist organizations?” To what degree does the aim or intention of the malicious actor matter? For the purposes of the present volume, this study (without sidestepping these questions) examines attacks against computer infrastructure and Critical Information Infrastructure (CII) by all actors with capability, and not just groups such as Al-Qaeda or ISIS. As the author notes and establishes early in his discussion, this is necessary given that while conventional terrorist groups might have intent, they have not to date acquired the capability to carry out a genuinely destructive cyber-attack of the type that might lead to major loss of life or infrastructural damage. It is (for the most part) states which have this capability. Cyber prevention and preparedness covers a wide range. This three-part chapter includes technical aspects of cyber protection, systems (and people) resilience, risk mitigation, as well as nurturing talent within