D/b/a Mark Yanalitis CC Some Rights Reserved Red Teaming Approaches, Rationales, Engagement Risks and Methodologies Indiana University of Pennsylvania.

Slides:

Advertisements

Similar presentations

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

Advertisements

S3-1 © 2001 Carnegie Mellon University OCTAVE SM Process 3 Identify Staff Knowledge Software Engineering Institute Carnegie Mellon University Pittsburgh,

D/b/a Mark Yanalitis CC Some Rights Reserved Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 2012 Information Systems Security Organization.

Distribution Statement A: Approved for Public Release; Distribution is unlimited. 1 Electronic Warfare Information Operations 29 MAR 2011 Val O’Brien.

An Assessment Primer Fall 2007 Click here to begin.

So Many Possibilities Dr. Vic MaconachyChris Inglis Capitol Technology University U. S. Naval Academy CAE Community Meeting, - Columbia, Maryland Accreditations.

Chapter 6 Groups and Teams. Copyright © 2006 by Thomson Delmar Learning. ALL RIGHTS RESERVED. 2 Purpose and Overview Purpose –To understand effective.

Copyright © 2006 by South-Western, a division of Thomson Learning, Inc. All rights reserved. Part 1: Designing Customer- Oriented Marketing Strategies.

Adopt & Adapt Tips on Enterprise Data Management Annette Pence September 10, 2009 MITRE.

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

Term Project Pick a system (discuss choice with me)  Want simple functionality, security issues, whole system (e. g., client and server side) Submit a.

CS 1 – Introduction to Computer Science Introduction to the wonderful world of Dr. T Dr. Daniel Tauritz.

National Institute of Standards and Technology Computer Security Division Information Technology Laboratory Threat Information Sharing; Perspectives, Strategies,

Stephen S. Yau CSE , Fall Security Strategies.

project management office(PMO)

EDUCAUSE/Internet2 Computer and Network Security Task Force Update Jack Suess February 3, 2004.

IT Security Readings A summary of Management's Role in Information Security in a Cyber Economy and The Myth of Secure Computing.

What is Business Analysis Planning & Monitoring?

2008 Indiana State Personnel Department Conference Presented by Krista F. Skidmore, Esq., SPHR, President Strategic Doing—A Model to Align and Execute.

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.

IE398 - lecture 10 SSM in detail

Architecting secure software systems

Introduction to SDLC: System Development Life Cycle Dr. Dania Bilal IS 582 Spring 2009.

Organizational Change

BSBPMG502A Manage Project Scope Manage Project Scope Project Scope Processes Part 1 Diploma of Project Management Qualification Code BSB51507 Unit.

Whitacre College of Engineering Panel Interdisciplinary Cybersecurity Education Texas Tech University NSF-SFS Workshop on Educational Initiatives in Cybersecurity.

Fifth Annual Meeting of the WG: Objectives and Agenda Jennifer H. Madans U.S.A.

Integrating COIN and Full Spectrum Training LtCol M. B. Barry 23 Sep 2010.

BUSINESS PLUG-IN B15 Project Management.

Fall 2015ECEn 4901 Team work and Team Building. Fall 2015 ECEn Lecture 1 review Did you find the class website? Have you met with your team? Have.

Arnhem Business SchoolE-Marketing E-Marketing Course Outline Period 1 1-1Course IntroductionProgram 12 weeks Definitions E-Business Introduction Assignment.

Safeguarding the Freedom of Information: Digital Archive Initiatives in the United States Federal Government Michael Paul Huff Information Resource Officer.

Develop Project Charter

Federal Cybersecurity Research Agenda June 2010 Dawn Meyerriecks

Copyright 2003 – Cedar Enterprise Solutions, Inc. All rights reserved. Business Process Redesign & Innovation University of Maryland, University College.

Copyright © 2006 by South-Western, a division of Thomson Learning, Inc. All rights reserved. 2-1 Chapter 2 Strategic Planning and the Marketing Process.

Apply Quality Management Techniques Project Quality Processes Certificate IV in Project Management Qualification Code BSB41507 Unit Code BSBPMG404A.

CONCEPT OF MIS. Management “Management can be defined as a science of using resources rationally (utilization of resources in judicious manner using appropriate.

Ami™ as a process Showing the structural elements in the Accelerated Model for Improvement™

PMI-Planning Process Group Lecture 08 Ms Saba Sahar.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

Hard Date Change in Master 1 TRADOC: Where Tomorrow’s Victories Begin Adaptive Leaders Methodology (ALM) 18 February 2009 Mr. Donald Vandergriff Leader.

Joint Concept Development and Experimentation (JCD&E)

1 CS 501 Spring 2002 CS 501: Software Engineering Lecture 27 Software Engineering as Engineering.

Page 1 of 10 Red Teams & Other Experiment Process Headaches NDSS 2000 Symposium, 4 February 2000 Brad Wood Information Design Assurance.

Cyber Storm Overview Wednesday 2/1/ PT. Cyber Storm Cyber Storm National Cyberspace Security Exercise Mandated in National Strategy to Secure Cyberspace.

RMC Auditor Workshop Charleston, SC July 2015 Registration Management Committee Company Confidential RMC Auditor Workshop Charleston, SC

S3.1 session day 5 2 Programme management download resources from Approved by the Advisory Group: Programme management Programme and project.

OEA Leadership Academy 2011 Michele Winship, Ph.D.

MGT 498EDU The learning interface/mgt498edudotcom.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Systems Analysis & Design 7 th Edition Chapter 2.

Systems Analysis Lecture 5 Requirements Investigation and Analysis 1 BTEC HNC Systems Support Castle College 2007/8.

Accelerated Adaptation Evolution The learning contest between the IDF and its adversaries ( ) Hezbollah [aided by Iran], Hamas, Islamic Jihad (Gaza),

University of Palestine Faculty of Applied Engineering & Urban Planning Civil Engineering Department Engineering Project Management Chapter 1 Introduction.

© ITT Educational Services, Inc. All rights reserved. IS4680 Security Auditing for Compliance Unit 1 Information Security Compliance.

Cybersecurity, competence and preparedness

Identify the Risk of Not Doing BA

Cyber Offense vs. Cyber Defense: A Theoretical Framework

Hyper-V Cloud Proof of Concept Kickoff Meeting <Customer Name>

Cyber Threat Intelligence Sharing Standards-based Repository

IS4550 Security Policies and Implementation

Phase I Educational Partnership: Climate Change, Engineered Systems and Society Initial Partners: NAE, U VA – Charlottesville, Colorado School of Mines,

The University of Adelaide, School of Computer Science

Bush/Rumsfeld Defense Priorities/Objectives A Mandate For Change

MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further

Joint Application Development (JAD)

Presentation transcript:

d/b/a Mark Yanalitis CC Some Rights Reserved Red Teaming Approaches, Rationales, Engagement Risks and Methodologies Indiana University of Pennsylvania Information Assurance Day 2011 Information Assurance Day 2011 Session 3Session 3: noon IUP HUB Delaware Room © TM

d/b/a Mark Yanalitis CC Some Rights Reserved Goals for today Define Red Teaming and its’ rationale Discuss differences between commercial and full-spectrum Red Teaming Discuss differences between commercial and full-spectrum methodologies Examine common engagement risks Application of Red Teaming methods A companion document exists as supplemental reading resource for this presentationcompanion document November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 2

d/b/a Mark Yanalitis CC Some Rights Reserved Red Teaming Definitions “An array of activity where the overall goal is to understand the adversaries perspective in order to identify one's own vulnerabilities and challenge one 's own assumptions.” 1 “Authorized, adversary-based assessment for defensive purposes.“ 2 “Review of control design and threat-based penetration testing to simulate actual attacks.” 3 November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 3

d/b/a Mark Yanalitis CC Some Rights Reserved Commercial v. Full Spectrum Commercial engagements Threat-based modeling Compliance mandates IT Audit adjunct testing Goal is quick penetration Cost and time driven Automation dependency Survey the known Full-Spectrum engagements Capabilities-based or hybrid modeling Simulations Goal is understanding Risk analysis driven Human in the loop Expand the knowable by parsing the unknown November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 4 Lets explore the motivating factors for commercial and full-spectrum red teams

d/b/a Mark Yanalitis CC Some Rights Reserved Methodologies November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 5 Targeting Client Engagement Master Service Agreement Statement of Work Rules of Engagement Bond of Indemnity Identify Scope Compromise Report Reconnaissance Scan & Attack Reload Commercial Full Spectrum Source: Sandia National Laboratories IDART, 2011

d/b/a Mark Yanalitis CC Some Rights Reserved The Intelligence Process November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 6 4 Schudel, G. and Wood, B. (RAND, SANDIA & GTE: 2000)

d/b/a Mark Yanalitis CC Some Rights Reserved Intelligence Cycle A full-spectrum red team will focus upon likely adversarial courses of action as well as current capabilities. Internally to the team, a need exists to have common doctrinal understanding of resource identification, intelligence collection, collection management, training, and leadership. November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 7

d/b/a Mark Yanalitis CC Some Rights Reserved Intel Fusion Approach November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 8 5 Adapted from Steele, Robert, D. (New Craft of Intelligence: 2002) A red team collects and produces intelligence at variable rates and differing fidelities. The red team leader must be prepared for these eventualities.

d/b/a Mark Yanalitis CC Some Rights Reserved Bias in the Intel process Sources of cognitive error Sources of cognitive error can be found in individual minds, the collective agreement of the team, team composition, and in the quality of support given to the effort. Each individual team member carries both a cognitive bias as the known outsider pre-judged by their own past experiences, as well as the bias of their culture. Organizational and environmental bias indicators The assignment is not taken seriously The team or sponsor becomes too removed from the decision-making process A lack of interaction with the blue team Insufficient access to the details of the target Loss of team confidences The team fails to capture the details of the adversary, and instead mirrors itself The red team does offers no challenge to the blue team Thin top cover: the lack of a robust channel to act on findings in a timely manner, or consider findings with any seriousness. Applied post-event after many bodies already have been thrown at the problem The wrong team targeting the wrong problem (Threat- based team vs. a capabilities based problem) A lack of clarity on the urgency of issues at hand The red team approach is a one-time activity November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 9 6 Defense Science Board. Task Force Report on The Role and Status of Red Teaming Activities: (DoD: 2003 )

d/b/a Mark Yanalitis CC Some Rights Reserved Role play the Adversary Lets explore the difference between a threat- based adversary model and capabilities-based adversary model. Threat – A threat represents a known quantity, a known effect singular in origin, essentially a Pathogen-Antigen model. A threat is an X-Y direct, or inverse relationship. Capability – Actors (or a confederation of multiple actors) capable of achieving a singular goal either due to access to resources, or some form of institutional support. The force multiplier effects of capability-based actors behave like an algebraic expression where leading factors have orders of magnitude, possibly even having orders of operation. November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 10

d/b/a Mark Yanalitis CC Some Rights Reserved Adversarial Modeling November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 11 Red Team A Red Team B Adversary A Adversary B Adversary C The Universe of Actors and Actions In the full-spectrum Red Team context, the sponsor may need more than one type of red team to realistically model the capability. In the commercial world, modeling capability- based actors is the exception, not the norm. Source: Sandia National Laboratories IDART, 2011

d/b/a Mark Yanalitis CC Some Rights Reserved Adversarial Prototyping November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 12 7 Op. Cit. Schudel, G. and Wood, B. : 2000 ‥

d/b/a Mark Yanalitis CC Some Rights Reserved Threat Profiling November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 13 8 Duggan, et. al. SANDIA, 2007

d/b/a Mark Yanalitis CC Some Rights Reserved Attack Trees November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 14 9 Schneier, Bruce. Modeling Security Threats (Dr. Dobb’s Journal: 1999)

d/b/a Mark Yanalitis CC Some Rights Reserved Smart Grid Attack Diagram November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies Penn State University SIIS Laboratory. (Network and Security Research Center: 2010) Corporate Network The Internet DDR PSTN DID 1-(724)-got-powr 128K CSU/DSU Link over carrier

d/b/a Mark Yanalitis CC Some Rights Reserved Smart Grid Attack Tree November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies Ibid. Penn State University SIIS Laboratory: 2010

d/b/a Mark Yanalitis CC Some Rights Reserved When to Use Red Teaming November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies Atkins, William. Read Teaming – It's Good to be Bad. (Missouri S&T ACM SIG in Security: 2010)

d/b/a Mark Yanalitis CC Some Rights Reserved November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 18 Ok, you try it now. Target: A reciprocating high-speed gas compressor Source: BPI Compression 2011BPI Compression

d/b/a Mark Yanalitis CC Some Rights Reserved November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 19 The red team simulation revealed complete destruction of the compressor and block house site plan in 10 minutes. What was the solution? Where are the vulnerabilities? why did the solution work? ½ ton pickup A cinderblock Fender Jack Stump Remover Mentos Duct Tape Magnesium Ribbon 2 black Super Fan Suits Five 2L bottles of Cola One 2L bottle of Clorox 1 Sling Shot Estimated 3 weeks of site observation and rehearsal Flood light and CCTV camera No buried fence It frequently rains here Steel Door

d/b/a Mark Yanalitis CC Some Rights Reserved Use your powers for the greater good, not evil. 20 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies November 10th, 2011 Fight the Good Fight

d/b/a Mark Yanalitis CC Some Rights Reserved References 1McGannon, Michael. Developing Red Team Tactics, Techniques, and Procedures. (Red Team Journal: APR 2004). Internet. Found at 2Sandia IDART Methodology. 3Price Waterhouse Coopers. Is your critical infrastructure safe? (PWC LLP:2010) Internet. Found at Schudel, G. and Wood, B. Modeling the Behavior of a Cyber Terrorist. (RAND National Security Research Division proceeding of workshop. Appendix C: Santa Monica, California: 2000) Internet. Found at 5Steele, Robert, D. The New Craft of Intelligence: Achieving Asymmetric Advantage in the Face of Nontraditional Threats. (U.S. Army War College Strategic Studies Institute: 2002) Department of Defense Science Board. Task Force Report on The Role and Status of Red Teaming Activities (Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics. Washington, D.C :2003). Internet. Found at 7Op. Cit. Schudel and Wood, Duggan, David, P., Thomas, Sherry R., and Veitch, Cynthia K.K., and Woodward, Laura. Categorizing Threat - Building and Using a Generic Threat Matrix. (SANDIA National Laboratories, Albuquerque NM. REPORT SAND : September 2007). Internet. Found at 9Schneier, Bruce. Modeling Security Threats - Attack Trees (Reprint Dr Dobb’s Journal: Counterpane Internet Security: 1999). Internet. Found at 10Penn State University SIIS Laboratory. Advanced Metering Infrastructure Security. (Penn State University Systems and Internet Infrastructure Security Laboratory, Computer Science and Engineering (CSE) Network and Security Research Center (NSRC): 2010). Internet. Found at 11Ibid. Penn State University, Atkins, William. Read Teaming – It's Good to be Bad. (Missouri S&T ACM SIG in Security. SANDIA Critical Infrastructure Systems Department, NM, 10 FEB 2010). Internet. Found at. ‡ See the supplemental paper that accompanies this presetation titled : Yanalitis, Mark. RED TEAMING APPROACH,RED TEAMING APPROACH, RATIONALE, AND ENGAGEMENT RISKSRATIONALE, AND ENGAGEMENT RISKS (self-published: 2011). Internet. Found at November 10th, 2011 Red Teaming Approaches, Rationales, Engagement Risks and Methodologies 21