DIGITAL FORENSICS CONSORTIUM

Transcription

1 DIGITAL FORENSICS CONSORTIUM CYBERHUNTING COMPETITIONS Focusing on the Critical Skills and Innovative Approach to Effectively Characterize the Digital Environment Nevin Taylor DFC President/CEO

2

3 The President identified cybersecurity as one of the most serious economic and national security challenges we face but one that we as a government or as a country are not adequately prepared to counter. Executive Branch directed to work closely with all key players to ensure an organized and unified response to future cyber incidents strengthen public/private partnerships to ensure U.S. security and prosperity invest in the cutting-edge research to meet the digital challenges of our time awareness & digital literacy to build the digital workforce of the 21st century CITIZEN SOLVERS Presidential initiative to encouraging agencies to increase their ability to promote and harness innovation using policy tools such as prizes and challenges to drive innovation

4 CHALLENGES: US Digital Forensics Challenge / Digital Forensics Crime Scene Challenge / Cyber Patriot / Cyber Olympics National Collegiate Cyber Defense Competition / Cyber Security Challenge UK DoD Foreign cyber threat Guidance to secure national security systems Furnishing DHS with intelligence enhance networks protection Defending the Nation from a cyber attack Defense & secure military systems and networks Offensive and defensive cyber capabilities Integrating into Operational Plans DHS Protect civilian governmental network Increase cyber security capabilities Protect critical infrastructure Enhance national resilience & response Coordinates respond to significant incidents INDUSTRY FBI investigate, prevent, and respond to cyber events criminal or counterintelligencerelated inside the US Domestic counterintelligence

5 NATIONAL INITIATIVE for CYBERSECURITY EDUCATION Component 1: National Cybersecurity Awareness Lead: Department of Homeland Security Component 2: Formal Cybersecurity Education Leads: Department of Education National Science Foundation Component 3: Cybersecurity Workforce Leads: Department of Homeland Security Office of Personnel Management Department of Defense Department of Labor

6 Security Provision Systems Requirements Planning Info Assurance Compliance Software Assurance/Security/Eng Systems Security Architecture Test and Evaluation Technology R&D System Development Analyze Threat Analysis Exploitation Analysis Targets All Source Intelligence Collect and Operate Collection Operations Cyber Operations Planning Cyber Operations FRAMEWORK And 32 Competencies Investigate Investigation Digital Forensics Operate & Maintain System Administration Network Services Systems Security Analysis Cust Service & Tech Support Data Administration Knowledge Management Protect and Defend Vulnerability Assessment and Management Incident Response Computer Network Def Analysis Computer Network Defense Infrastructure Support Oversight & Development Legal Advice and Advocacy Education and Training Strategic Planning and Policy Development Info Systems Security Ops Security Program Mgt Chief Info Security Officer

7 DIGITAL FORENSICS is KEY What is Digital Forensics? Digital Forensics is the application of science for an investigative or legal purpose involving the processing, discovery and interpretation of electronic data Traditionally, Digital Forensics was a law enforcement discipline Today, nearly all major corporations and law firms deploy critical Digital Forensics capabilities to safeguard their mobile phones, laptops, desktops, tablets, GPS devices, networks and vehicles Digital Forensics is a Cyberhunter discipline that is in high demand and low supply in today s digital marketplace

8 Crimes are Categorized in Three Areas Cyber is leveraged in all of them Person and property Bullying Surveillance Fraud Auctions Sites Online Stores Wire Fraud Credit Card Identity Theft Intellectual Property National Secrets Counter Intelligence Terrorism Espionage 18,000 US Law Enforcement agencies 400< accredited forensics labs 50 have accredited digital forensics labs Less than 1,000 Digital Forensics Examiners

9 CHARACTERIZING THE INFORMATION ENVIRONMENT The Foreign Intelligence Community, Law Enforcement and Private Sector use the same software, hardware, and use the Internet. Who? What? When? How? Where? Why? Law Enforcement Intelligence Analysis Foreign Intelligence Analysis Cyber Intelligence Analysis TTP s/mo s is Digital Forensics Intelligence

10 WHO IS effected Who? What? When? How? Where? Why? vulnerable in the Digital World?

11 Victim Aware Unaware Witness Direct Indirect Subject Attribution Collaborate Motive Intent Characterization

12 Who are the victims DF allows to capture the Subject through collecting info from Witnesses Digital Forensics Identifies the Digital Artifacts Wherever they go

13 WHAT happened? Who? What? When? How? Where? Why?

14 INCIDENT MANAGEMENT Digital Forensics Examiners determine How they got in? What intruder effected? Customers Partners Employee personal info Financials Research Did they change anything? Are they still in the network? Determine your loss Correct problems Damage Assessment Lessons learned Improve Process

15 Incident Attack Event Attackers Tool Vulnerability Action Target Unauthorized Result Objectives Hackers Spies Terrorists Corporate Raiders Professional Criminals Physical Attack Information Exchange User Command Script or Program Autonomous Agent Design Implementation Configuration Probe Scan Flood Authenticate Bypass Account Process Data Component Computer Increased Access Disclosure of Information Corruption of Information Denial of Service Theft of Resources Challenge, Status, Thrills Political Gain Financial Gain Damage Vandals Toolkit Spoof Network Voyeurs Distributed Tool Read Internetwork Data Tap Copy TTP to characterize Steal Modify Delete

16 WHEN did Who? What? When? How? Where? Why? compromise occur identify impact

17 WHEN DID THE BREACH OCCUR Scope and Impact Extent of victims and losses How long they ve been in there Risk Management Cost Benefit Analysis Mitigate Impact Accept Risk Eliminate Source Isolate / Enclaves

18 Mechanics of HOW Who? What? When? How? Where? Why? the victim was exploited

19 TACTICS / TOOLS / PROCEDURES MO

20 WHERE are the Who? What? When? How? Where? Why? subjects/witnesses/victims located?

21 ATTRIBUTION From where attack originated dictates: Location of Evidence Devices that have been impacted Jurisdiction Law in effect and recourse Available courses of legal action Agencies Involved

22 WHY identifies Who? What? When? How? Where? Why? motive

23 DFINTELLIGENCE CHARACTERIZE WHO: They are Attribution WHAT: are their Objective WHEN: Long Term Consequences HOW: Mechanics and TTPs WHERE: Jurisdiction WHY: Identifies Course of Action Heightened Awareness Enhanced Security Diplomatic Action Economic Sanctions Law Enforcement Investigation Counter Intel Ops Military Action

24 CHARACTERIZING THE INFORMATION ENVIRONMENT The same Tactics Tools & Procedures (TTP s) used by either the trusted insider or the outsider are the same because the platforms attacked are the same By characteriing the information environment we begin to understand the dynamics, reliance, and expections that we can reasonably place upon it: Who? What? When? Digital Forensics Intelligence National Security DoD/IC Digital Forensics is key To National, Economic Security as well as Public Safety How? Where? Why? Public Safety LE Economic Security Private Sector

25 DIGITAL FORENSICS CONSORTIUM VISION Develop a Digital Forensics workforce to mitigate the threat to public safety, national and economic security MISSION Create Digital Forensics Cyberhunters one exercise at a time US DIGITAL FORENSICS CHALLENGE DIGITAL CRIME SCENE CHALLENGE STRATEGIC ADVISOR BOARD DIGITAL FORENSICS INTELLIGENCE A Non Profit Organization Focused on Digital Forensics

26 CHALLENGE SPACE AFA Cyber Patriot National Youth Cyber Defense Competition National Collegiate Cyber Defense Competition Cyber Olympics International online ethical hacking, computer network defense competition Polytechnic Institute of New York University (NYU Poly) Cyber Security Awareness Week (CSAW) High School Forensics Contest Cyber Security Challenge UK a series of national competitions, learning programs and networking initiatives to identify and inspire EU citizens residing in UK

27 DIGITAL FORENSICS CONSORTIUM Board of Directors JIM CHRISTY Special Agent (Ret) DFC Vice President, SAB Chair, COO and Co Founder MARK POLLITT, PhD FBI (Ret) Principal Investigator, Advanced Cybersecurity (ACE) RICH MARSHALL CEO, Secure Exchange Technology Innovation MICHAEL ZUCKERMAN Professor of Journalism, George Washington University BERNIE SKOCH Cyber Patriot Commissioner, Air Force association PHIL SMITH Vice President, Government Solutions Trustware HAL ARATA Director Cyber Center of Excellence, Riverside Research MICHAEL DUDZIK Brig Gen (Ret) CEO/President, IQM Research Institute NEVIN TAYLOR Technologist, Strat Ldr, DFC President, SAB Mbr, CEO and Co Founder MARK RASCH, ESQ Principal, RASCH Technologies and Cyberlaw US Digital Forensics Challenge GREG WHITE, PhD Director, Center for Infrastructure Assurance and Security, Assoc Prof Computer Science, University of Texas, San Antonio ERNEST McDUFFIE, PhD Former: Lead for the National Initiative for Cybersecurity Ed, National Institute of Standards and Technology

28 Why Participate in the US Digital Forensics Challenge? - Develop hands-on and critical thinking skills - Apply teamwork and time management skills - Demonstrate knowledge & skillset in DF - Confirm a participant s skills and competencies National Recognition Scholarships, Internships Hardware/Software Plaques/coins Connect Teams to Sponsors& Partners Prepares participants to meet the DHS s National Initiative for Cybersecurity Careers & Studies (NICCS) - Knowledge, Skills, and Abilities (KSA s)

29 DIGITAL FORENSICS CHALLENGE WHO: WHAT: WHEN: WHERE: WHY: HOW: Individual or teams up to 5 from the US or International An international Cyberhunting competition focusing on digital forensics US Digital Forensics Challenge is based on 25 plus scenario-based, progressive level digital forensic exercises Distributed 1 April 2015 Submissions due 1 March 2016 Work on the Challenge Exercises at Home, School, or Office Visibility to Digital Forensics Cyberhunting discipline - Address Digital Forensics professionals shortage - Build relationships in the Digital Forensics Community - Develop new tools, techniques, and methodologies - Connect best and brightest talent with industry partners Online registration - only $50/Team. Download Challenges and submit your solutions online as you complete them

30 To Raise Awareness and Create Excitement about STEM Created a non-profit 501 3C Corporation to run STEM competitions world-wide to encourage kids to consider an education and career in digital forensics or cybersecurity US Digital Forensics Challenge 25 online exercises Digital Crime Scene Challenge Hands-on Crime Scene Processing Taken to conferences or events Collaborative relationship with other well established Cyber Defense Competitions; great synergistic partnerships

31 DIGITAL CRIME SCENE CHALLENGE for Conferences & Schools Hands on experience for teams of 1-5 participants 15 min to process & complete with points awarded for digital evidence found Identifying key device Finding vital information Excite Teams on Digital Forensics & Cyber Security Educational for Students, Teachers, Parents, Law Enforcement, Legislators, Business and Government Leaders (no experience or equipment necessary) Immediate Feedback through Experiential Learning

32 2015 US Digital Forensics Challenge Answer to the US Digital Forensics Challenge Digital Crime Scene Challenge

33 SUMMARY Digital Forensics (DF) AWARENESS: assesses the information environment RISK: provides opportunity to manage risk MITIGATE: Incident Response to overcome threat ATTRIBUTE: investigate to determine responsibility EMPOWER: Characterization of the Digital Environment DF CHARACTERIZES the information environment DF is a growing and underutilized capability Demands for a DF workforce is growing exponentially Elevate understanding of the digital environment Digital Forensics Crime Scene Challenge US Digital Forensics Challenge Cyber Patriot National Collegiate Cyber Defense Competition Cyber Olympics Polytechnic Institute of New York University Cyber Security Awareness Week High School Forensics Contest Cyber Security Challenge UK

34 34