The need for cyber security training goes well beyond the current efforts by ISC2, ISACA and SANS to name a few.
Their course offerings are solid mind you but in order to deliver intelligence-driven cyber security, organizations need to look elsewhere for their education and training.
Cyber criminals, nation-states, hacktivists and all other adversaries have adopted different approaches to circumventing cyber defenses. They execute sometimes sophisticated, sometimes gullible and simple-minded attacks, designed to use and exploit as many possible avenues of attack / threat vectors as required to accomplish the task.
They will use people, processes and technology weaknesses to exploit human and technical vulnerabilities. Before they can know what these vulnerabilities and weaknesses are, they perform a series of data gathering activities that helps them determine the optimal target(s).
Adversaries use cyber functions of human intelligence (HUMINT), communications intelligence (COMINT), signals intelligence (SIGINT), open source intelligence (OSINT), and geospatial intelligence (GEOINT) non-inclusively to gather tactical (and strategic) information within the overall target of choice.
Meaning, the target of choice may be your organization, but finding the right individual, process or technology for exploitation requires other data gathering and repurposing targeting efforts after discovering the least path of resistance.
Usually, their attacks are only as sophisticated as they need to be, based upon data gathered, produced and analyzed into actionable information. They use normally clandestine methods to gather this information building organizational and individual dossiers on their targets.
These methods are repeatable. They measure their successes and hone their collection, production and analysis procedures to improve their methods.
This shortens cycle times and gives the adversary the ability to spend the most of their time on attack execution, exploitation and data exfiltration.
They use denial, deception, perception management, psychological operations, counterdenial and counterdeception to obfuscate the real intent behind their virtual methods. The intent is to extract information of value for monetization, economic advantage and/or strategic advantage non-inclusively.
Our adversaries also use historical, linguistic, religious and cultural aspects of their targets to fit in and leverage their knowledge of your organization and your people to gain a modicum of trust. Just enough to execute the fraud or graft.
At a minimum, organizations need to understand cyber intelligence, counterintelligence, open source intelligence and the cyber intelligence lifecycle in order to execute intelligence driven cyber security. I don’t know any organization in commercial or government (non-DoD) sectors that actually does this or does this with any measure of success.
The reason is that they are wrapped up in the technical aspects of their IT environment. The adversary has long understood the need for adopting the physical aspects of intelligence to cyber capabilities. We have not.
- Hackers, hacktivists and Virus Writers driven by ego or a technical challenge
- Disgruntled employees or customers seeking revenge
- Crooks interested in personal financial gain or covering criminal activity
- Organized crime seeking to launder money or traffic in humans
- Organized terrorist groups focused on breaking public will
- Foreign espionage seeking to exploit information for economic, political or military purposes
- Tactical countermeasures intended to disrupt specific US military weapons or command systems
- Multifaceted tactical information warfare applied in a broad, orchestrated manner to disrupt a major US military mission
- Large organized groups or nation states intent on overthrowing the United States
Each of these groups or adversary types is using cyber intelligence and counterintelligence capabilities against us. If they don’t know how to do it themselves, they buy the services from cyber proxies, militias, mercenaries and/or cybercriminals of one level of sophistication or another.
The only way we can fight back is to understand and utilize intelligence driven cyber security. This is don’t through cyber intelligence, open source intelligence, and cyber counterintelligence as methods to ensure the right information, tactics and operational security controls are in place at the right time with the correct measure of force and maturity.
Very few organizations can provide the awareness, training and education necessary to move your organization to a different level of cyber defense.
Treadstone 71 recently announced what they have been offering under the covers for nearly two years: A full slate of cyber intelligence courses intended to build capabilities that defend against our adversaries. It is not the usual technical tract but one that uses the virtual manifestation of a physical tradecraft (as they like to call it) to educate and train clients.
About the Author: Jeff Bardin is currently Chief Intelligence Officer for Treadstone 71 (see online courses). In 2007 he was awarded the RSA Conference award for Excellence in the Field of Security Practices. The Bardin-led security team from Hanover Insurance also won the 2007 SC Magazine Award – Best Security Team competing against such organizations as Barclays Global and the Department of State. Jeff sits on the Board of Directors, Boston Infragard; Content Raven, Wisegate, was a founding member of the Cloud Security Alliance; is a member of the Cyber Security Forum Initiative, the RSA Conference Submission Selection Committee and formerly on the Customer Advisory Board for Chosen Security. Jeff published The Illusion of Due Diligence in 2010 and was a co-author for the Computer and Information Security Handbook, Understanding Computers, and has published articles for magazines such as The Intelligencer, CSO, and SC Magazine. Jeff served in the USAF as a cryptologic linguist, and in the USANG as an officer. He has BA in Special Studies - Middle East Studies & Arabic Language from Trinity College as well as a MS in Information Assurance from Norwich University. He is also a professor of masters programs in cyber intelligence, counterintelligence, cybercrime and cyber terrorism at Utica College. Jeff also holds the CISSP, CISM, C|CISO and NSA-IAM certifications.