Cyber Network Operations

this is so classic yes apart from this I am starving on stage is your neck specific topics and it is never about the presentation this presentation is final one and it does not reflect the position of my organization and also to talk about medications I am not buying information if that is something that you thought that Rick would be coming so you've Leonid is finally if you think there may be some classified information a special thanks to my Joseph so join this dog but he would not come here Messiah another just me he put in a lot of effort specification and putting his thoughts based on physics he kept strong but it because it's a combination of the

Masters so what is this all about so I provide an insight into the traditional intelligence and company engines technologies that have been refined over over the years it has many uses military operations for a long time regardless of whether you are important differences differences theme these free supply in today's society say hello and the fundamentals remains the same we just need to see that rather than trying to reinvent new things every day just getting lost in may be the new buzzwords we can focus on these stablish methodologies and try to leverage the platform which is their rightful average term framework which is already there in traditional really brief spectrum about cybernetic of operation stickers I'm

trying to correlate the cycling of operations with so scientific operation static as immediately yes hi as computer network operations three major functions of cybernetic operations are cyber network defense cyber network exploitation and slavery and today I will be talking about cyber defense and serving to network exploitation with legislation to apply intelligence and counterintelligence why you are part of either the defense team or exploitation so the Center for today is very small and straightforward intentions and it's applications inside of your operations we will touch upon history of intelligence I will see you a few use cases and applications of Indians we will go through the along with the use cases so if we try to look at it from that it's a

stick framework you will need to look at your organization from a perspective of nation state you need you you try you should try to answer these basic questions that when your nation state trying to protect their essence what exactly they are trying to protect they're trying to particular technology the economy is their infrastructure and above all visitors because limitation everybody healthy company has and probably those secrets is little business or or horses or any sort of secrets aren't probably one of the biggest negative related to the revenues that it's a trait so looking looking at you around organizations from the same perspective what exactly you should be you could be your operational capabilities your financials the

technology like intellectual property your research and of your clients the plane theta so as I said every company has their secrets and especially if you are doing any sort of business very each customer related information or EDI your personal information of users or clients that information is of prime importance as not as something that you should look into from the same perspective of a nation state related sector because that is what your business is based on so we'll see how how we can't apply those techniques while we try to coordinate the coding and intelligence and intelligence techniques with our commercial organizations one thing - one thing to notice in this context is like both military and us as an organization

any company that you work for you are responsible for your work and the actions that a military makes you know - that they take for be for doing what anything that they do we have customers or people that they are separate to they are a different set of evil that they are not separate - they are very restricted by what what they can do in terms of finances but and amenities act with intelligence or information galleries or any sort of work we have kind of free to do a lot of things in terms of finances you can trade off the information we can make business of the based out of the informations so why we try to when you

try to apply the existing framework you need to be very aware that the people that again I refer to my different set of people as compared to the National Mediation since so a little definition and the information form when you talk about me telling us what exactly it is because there is a very you know kind of thong overlay mississippiana idea behind when we talk about intelligence because the general notion is witness that intelligence is something that a national level of agency or or police or a military is is only in what we do that is that is not the case stickers and and when you talk about to tell isn't Sarah not impossible that we get lost

especially in the current scenario we are aware of a lot of not a business but with business is there an axis could be a strategies intelligence human intelligence and I mean you can name it anything but essentially collecting and exploiting the information the I the limit woman is is the information objective you will be knowing that what exactly you are trying to get out of the information that you are collected and the whole process of static problem collecting to exploit intended information to reach your objective is isn't evidence a few examples that I have mentioned here is like you can think of it as my decisions pertaining to movements straight it influences political influences and not about the thing sir

it is not just because we have been typically that intelligence is something which was very close to intelligence agencies this is not only detected or restricted to activities like espionage or comparison touched activities earn a degree it's free among intelligence and how it has been used over the years this is the famous book if we would have seen you can try to relate it when the art of cyber war in the current scenario there are none of would say he said which fits completely to today's scenario he was a Chinese general military strategist and a philosopher and long maybe five maybe six also at the very basic level if you want to think of the correct angle you

can think of many Caesar cipher or what we know as ship cycle very secretly in Germany when you replace a certain conservative with you know something else they look like encrypted that's a very common technique that has been used over the years and is still being used in lot of programming languages and a lot of other techniques that we try used in the US they have specific titles for generations so is operational cycle typically is very specific meaning there is this activity however it's not always necessary that these two groups are not working together there will always be a lot of overlap when military operations happen and even even they have different ways responsible for doing operational

activities and with intelligence activities there will be enough interferences between these two groups so but this might not be here in other states like in the United States if we come to the model for in essentially the very beginning of this activity and now they're having a lot of private and commercial intelligence services which have emerged and they're still emerging every every day and I am referring to the intelligence agencies over doing geopolitical intelligence international security groups there also a lot of corporate security as barrage groups as well one company targeting other company they have specific groups doing this kind of work in different fields so and on top of that we talk about cybersecurity there is a lot of talk

about thieves which is when we met we talked about doing intelligence work intelligence most of the time people are talking from trees there are plenty of fields that we can get intelligence geo politics social media monitoring exfoliant and but there will be assessment related information but just skeletal field is not is not essentially an intelligence that exists another source of information that you need to collect analyze and it's voyaged to convert value to intelligence so we will touch upon that so intelligence this is things in cybernetic operations a social engineering is one of the examples where we you need a lot of human evidence why you doing next potential spot this is a typical area in this life cycle excuse

me for by that overanxious diagram what exactly it is all about so just discussing I'd no offense so they see that let's take an example that we have before and in adversity we want to go back in and we started with with sincerity and social engineering everything so he started collecting the information acquiring information regarding the company infrastructure rose in Hawaii the negative information process that and whatever he says to get you subjected to the management based on their suspect again they assign you you know up that is a factor and they try to pick into that country maybe get a little process with the infrastructure install the wrong it either near the company and hit more information maybe

trying to get in to do some sort of fishing get into user emails trying to make users passwords even if even if the guys were witness exploitations work even if they are really bad at what they are doing they would still be able to connect a lot of information by doing this and based on based on the information that that connected it is decided that whether you want to go a little further or you want to stop over there based on the activities that you perform physically over there it is a can expect back you the cycle which is essentially the same thing you connect information to process penalize this information and you will be back to

the management and then I get it based on the Canaries all together from the same process gives you the power decide what exactly to do next if we try to flick the point if you are on the defensive side if you have been targeted and I thought by the incident response team technically females is brown and the second scenario they exam with 24 us self saw sock in the box necessarily fiction I think these I you see is in the end point based they can take it every week that Cody and this scenario and this time what they do they employ whatever they have is collecting information that is very big on star it's hard to

maintain information they denying gustar amount of the information that is that they can tell you that what exactly has happened and what we should be doing next so whatever they can make maybe they maybe they don't find that versity maybe you have not imagined in the clear picture but one thing is very sure the pictures might be clear my new mate but one thing is very clear that what is their isolated and neutralizing that's that's the simple way but still clear adequately so and when this when this information but this asks they start you know kids go to the same face because they mother asks that could be just some assists and this information from the

defense is perspective if you go to the next level based on the information which was found in this particular scenario it is fed to the to the next thing which might be over 60 in my banker analysis team memory start panicking harddrive Avengers value which is Margaret be capcity to my performance as well also they can touch me produce they interrogated people and again the same feedback you move again and again if you reach the information objective that is where we started so the end result is regardless of which side of which side of the line you were on the defensive side or on the flip side they have the various things that is the design cycle that we just saw the

starting from getting Indian tasks that what exactly needs to be to be done and based on that asti what kind of information you collect and how you process are you know lies sorry whatever it lacks all the information and feed it back to the tasking phase and see what exactly needs to be done so this is a famous food we need is some rock choice chief of NSA data access operations coincident a nice book besides last year and it might be fresh for years this is this business that you cannot defend what you don't know in the century of of intelligence you need to gather intelligence about your internal environment and what are the ascetics

that you have because you need to put in on time for anything that informations that they try to get it from outside coming through after the conditions at the kind of subset of signatures activity itself which is trying to view under intelligence as a primary function as I see so many because the protection of the very important assets of your organization's very much related even that any things that we like the defensive end of the safe side we'll see how does it relate to that so when we talk about kinetic company tensions the focus is on for ease which is reference detection deception and destruction if you notice the first two major vo on the defensive side and the

last two are physically offensive the focus is on the exercise however there is a little bit of overlap as well space dome that the exercise because when you are attacking we also try to detect that whether the file is able to be native you or not so but major the detection is mostly on the defensive side and the assumption is on the offensive side so let's take a scenario it's a kind of very ideas in angle most of the organization's fall it's the thing that this is a kind of scenario in our organization that we have mature processes policies and procedures originally an effective technique is this place one and we have a blue team

on a team or a taxi but it's affecting team and most of the times when it is not a bed of water what the other team is doing that is most of the organization so let's take this in any way we see here so starting with the blue team so basically maybe if the blue team has seen some others and they are unaware that the radiation sweet Polly take them directly the basis so they need to seek some other studies on fire or something they get into a trainer sector they get in your seat sir there is a device which has entered into the DC and they get into the data center they try to this is the ignition

is from probably they did that deception it works they try to find out the initial enumeration activities that there is a new device this data sector which should not be there and it is fine together maybe uses passwords of trying to get the username so whatever it is whatever happens you can do base of that and incident response plan is activated and in checks process of utilize the spread and then that process of experience ponds follows what happens when you try to recover that the moment that they get this particular adversity they stop it there and the result is fed back through the management that what exactly has been happening the other side of the scenario is ready team has

Linux is the testing capabilities so it was performing reconnaissance activities so what did they hear it was they decided that they will do covert operations and in the day time rather than what they wanted to fit into the system so rather than he does it for nine days that is I need to use the k-9 probably that would be more beneficial because maybe desiccant when you notice so they predicted the facility for the maybe the package vents getting to there and such as for the exist from the security guard sitting there is not notice because some of this is coming out of the maintained and they probably inclined openly in connection or some things that

we can access and this is what you have actually detected when when when you were maybe monitoring your network so at the end of this exercise what happens is the rate equal success enter into the data center they were able to break is something they were able to execute the formant operation maybe they were not successful completely maybe the result was not the ideal but some objective was achieved on the other hand but the blue team detected something and they SAT through a successful company intelligence operation to neutralize it the moment they detected the open minion connection and immigration activity by new devices the data segment which should not be so in commercial engagements especially probably agreed

this is somewhat very I think you know many times we are going there for backups testing and you know make you are blocked by there it depends TV because they are not aware and that is how you test their car the cleanest so then just keep this argument fine but now about because they found that intentions what exactly we imply this is the pathologist's physical security personal security Commission security company patient security when you saw the example of physical security in the previous slide is prima donnas if you kill stuff this is a part of if any simple boundary changes this is something that you try to put it place so that you can stop you can think of it

as part of what we call the cyber operations and active defense as well this assessment is definitely a part of active defense your risk assessment methodology might be similar might be different but definitely I help you by some actions based on the intelligence together based on the kind of assessment framework and in that instant protection isn't now it's very natural because what you actually try to do my internet connection is to try to imitate a would-be perpetrator I mean you try would be something that they would feel they would you know in in our scenario what would be the deterring maybe the trigger it was the different means the radium activity was probably they did

not want to do it in the time because provide the penis of razor wire CCTV and lightning in the night that is why from being a right we get the pain that was it deterrent otherwise they would have tried to it in the night from it that was the reason that's already thought of doing it in the day and maybe avoid detection on the flip side of the point the CNE teams on security controls force the laity into anything - penetration because they could have probably done something from here see but because of the kind of controls put in place they had to get into the data center that was the highest physical security is definitely a primary

component of deterrence since maybe present attention access like all these things are part of is the security and there's a major part of the decadence in its operations personal security it's very much similar to what we know about human intelligence this is a typical scenario you would have come across that of people trying to gather a lot of information in this kind of gatherings as well is you don't know everybody who is coming across and you know just what you're looking purposes whether that person is trying to do some information gathering what exactly is that so we need to be very aware about about that because first of security is designed with the idea of preventing

unwanted employees and that is clear maybe human resource or sometimes comes into the picture they need to be very aware about this company devastating information security documents and body document transfer a realistic place or even communication all that stuff so communication security tips on the email from the email for once Max's how you are protecting that information property amended communication security maybe not be different but if if even if you have these things in place and a breach occurs you still need to get into the same cycle and you apply that in order to do my inference of breach when we talk about offenses counterintelligence Major League has taken and detection deception is something which is like very it's a

kind of new buzzword in cyber security we talk a lot about deception network these days and sometimes active and passive the basic idea is to neutralize whatever you connect and just just apply the reckoning exercises are most effective in your private defense department occasions by situation another is because the reckoning is not a permanently assessment it is not a specifically a penetration testing and it should not be looking at that way so what do people do is every now and then you need to flip the blue team and great names for that you know they need to know that what exactly the other thing is given off exception there's this is purposefully misleading an individual

group when you say activity sense which is something that you do one like we are doing it very actively these days in network operations also so and anybody coming from intelligence background knows that deception network deception is something which has been using it for a long time and that is that is exactly the same concept be used on the network deception technologies that we are using these days for defense or so applications new cyber network operations both for work force and intelligence is both internally as well as externally unique you need to try to ascertain special there what you are trying to detect your point of interest stuff is timelines what technologies are you using are they giving you their

information that you can leveraged so these becomes a cue point that I can see that from here that everybody thinks that independence is performant agencies only can has been the traditional thought that's all when it's good but it does not mean that we cannot leverage what is already there and trying to remake new new framework because it is already there and we just saw that whatever technologies we are using is somehow addicted to them but rather than running around the new passwords or not trying to reinvent it movie we carefully trying to see the existing mean and trying to just sit back and look at it and try to utilize it again so stop running behind the first words and

trying to look into the yellow stuff is taking the same day so that how we can leverage this that was the quality of the anti-stall any questions I will be happy to I guess we have a lot of time you see any reason for it winding them is a lot employing this type of taxes in the team you normally also taught it to some third party comes in happy with it any reason you see this thing but it depends most of the time that reckoning is usually most of Texas I think that my adult body so in those cases from me it is more difficult to apply and then you convince your client to apply this

the existing framework but if it is then within your honor [Music]