Train Like You Will Fight

Size: px

Start display at page:

Download "Train Like You Will Fight"

Jeffery Wilkins
10 years ago
Views:

1 Train Like You Will Fight Reliability First Workshop 1 October 2015 Dr. Joe Adams

2 Disclaimer 2 The content of this presentation is based on personal and professional experience of the speaker. The content is highly opinionated, personal, and full of behind the scenes stories. This presentation is intended to be thought provoking and provide an insider s view of training and exercises. The content, this presentation, and any of the jokes or comments made by the speaker are his and his alone, and do not represent the official position or opinions of Merit Network, Inc. or anyone else.

3 Introduction 3 Dr. Joe Adams Vice President of Research and Cyber Security Degrees in Computer Engineering Masters of Strategic Studies, US Army War College 26 years Army Signal Corps Associate Professor at US Military Academy 3 time winner of the NSA s Inter- Service Academy CDX Senior Member IEEE Distinguished Fellow, Ponemon Institute

4 Agenda 4 Why Defense? Building a Better Defender Elements of an Exercise Types of Exercises Tabletops Force on Force Capture the Flag Putting It All Together

5 Cyber-Attack Threat Cyber-Attacks Are the Biggest National Security Threat. Leon Panetta My greatest fear is that, rather than having a cyber Pearl Harbor event, we will instead have this death of a thousand cuts. Richard Clarke

6 The Mythical Air Gap 6

7 I Can See You 7

8 The Enemy Are Us 8

9 Cause First World Problems

10 Why Defense? Critical Infrastructure 85% owned by the private sector (GAO-07-39) Small Business Industrial Control Systems Enterprise Systems Only as strong as the weakest link

11 Privately Owned Infrastructure 11

12 Federal Response 12

13 Are You Ready? 13

14 Where Are We Going? 14

15 Building a Better Defender 15 Hack Back vs. Attribution IT Skills vs. Incident Response Teaching Offense to Learn Better Defense Ethics Play a Big Role

16 Building a Better Defender 16 Communication is the Key Skill Understanding the Architecture Where do you fit in? 2 nd and 3 rd Order Effects of your actions Maintaining Your Skills Certification Maintenance = CEUs Try New Things

17 First There is a Plan 17

18 First There is a Plan 18 What information is the most important to you? Where is it stored? How much of it is stored? Where is it processed? What are the reporting requirements in case of a breach? Who do you call? Who does what?

19 But then 19

20 Too Late to Practice 20

21 Elements of an Exercise 21 Safe Entry/Exit No spillage into the production environment Objective-based Challenges It s about training the Blue Team Defined Assessment Standards Task Condition - Standard

22 Elements of an Exercise 22 Exercise Directive Scenario Communications Plan Objectives Master Scenario Event List It s about training the Blue Team Keeps everyone engaged Assessment Checklist The unexpected isn t always bad After Action Review Stay positive Structured to avoid emotion

23 Realistic Exercises

24 Are You Ready? 24

25 Crawl Walk - Run 25

26 Crawl 26 Understand communication links Operating systems Applications Security fundamentals Technical Skills Taught through Structured classes Self-paced labs Experiential learning Basic, consistent training Certificate of completion Continuing education credit Results in

27 Table Top Exercises 27 Meet the Players Identify and Gather Information Identify Paths of Communication Agree on Taxonomy

28 Walk 28 Small Group Training Specialization Media Management Work as a team Roles The Message Communication Responsibilities 2 nd & 3 rd order effects Priorities

29 Capture the Flag 29 Self-Paced Takes the training wheels off Same Tools & Techniques as in class Individual Skill Threads Penetration testing Forensics SCADA PII Database security Scoring engine Encourages competition

30 Red vs. Blue Exercises 30 Focus on system & service security and continuity Synchronous attack & defend Good to get started working as a team Observe and Review hackers in action

31 Training Camp 31

32 Run 32 Collective Training Full Speed Force-onforce Objectivebased Remote Teams Experience out-thinking a live adversary Practice teamwork Relationships & collaboration outside the team

33 Incident Response Exercises 33 Asynchronous Red team creates havoc Blue team diagnoses and recovers Objectives Communications Teamwork Validating plans and procedures at full speed

34 Welcome to Alphaville 34

36 36 A Sense of Place

37 37 Alphaville Power & Electric

38 38 Alphaville 3D

39 Summary 39

40 40 Make a Plan

41 Teach Individual Skills 41

42 Learn how to respond in crisis 42

43 Be Ready to Go! 43

44 And Jump 44

45 Questions? 45

46 Michigan Cyber Range

47 Oakbrook Drive Suite 200 Ann Arbor, Michigan Thank You

Guide for Designing Cyber Security Exercises

Guide for Designing Cyber Security Exercises VICTOR-VALERIU PATRICIU Computer Science Department Military Technical Academy Bucharest, Bd. George Cosbuc, no. 81-83 ROMANIA [email protected] ADRIAN