defense security service
play

Defense Security Service Defense Security Service Cybersecurity - PowerPoint PPT Presentation

Dec 17, 2022 •151 likes •490 views

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

  1. UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO

  2. UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and the warfighter, secures the nation’s • (U) 11 personnel conducting analysis, technological base, and oversees the liaison, field support, strategic protection of U.S. and foreign classified development and program management information in the hands of Industry • (U) Wide range of skill sets – CI, CT, LE, Cyber, Security, Intel, IA, CNO and more CI Mission DSS CI identifies unlawful penetrators of • (U) Direct access to cleared industry cleared U.S. defense industry and across 25 DSS field offices nationwide articulates the threat for industry and government leaders • (U) Large roles at U.S. Cyber Command, National Security Agency, National Cyber Investigative Joint Task Force and the Scope Department of Homeland Security - 10K+ firms; 13K+ facilities; 1.2m personnel - 1 CI professional / 261 facilities - 10.5% of facilities report UNCLASSIFIED

  3. UNCLASSIFIED Defense Security Service Challenges • (U) Secure sharing of threat information with industry partners • (U) Identifying and reporting suspicious network activity • (U) Limited resources to execute for an quickly expanding mission area Significant Achievements and Notable Events • (U) Since September, 2009 – Assessed over 3,000 cyber-related suspicious contact reports from Industry and the Intelligence Community; facilitating action on over 170 federal investigations/operations • (U) Developed four benchmark product lines for Industry and the Intelligence Community to include the 3rd edition of the DSS Cyber Trends • (U) Briefed at 24 venues and over 1,000 personnel in FY12 on the cyber threat • (U) In FY12, delivered over 350 threat notifications to industry, detailing adversary activity occurring on their networks. UNCLASSIFIED

  4. UNCLASSIFIED SCR Assessment Life Cycle Suspicious Contact Report Educate Threat • (U) Fundamental building block of industry intelligence analysis • (U) Highlights various methods of SCR Exploit Collect contact and approach Assessment • (U) Provides vital insight to Life Cycle military programs and key facility programs Refer Report Analyze UNCLASSIFIED

  5. UNCLASSIFIED Evaluating Suspicious Contacts Method of Operation Attempted Acquisition of Technology • • Conferences, Conventions, Trade Shows Criminal • • Exploitation of Relationships Seeking Employment • • Solicitation or Marketing Services Student Requests – Academic Solicitation • • Suspicious Network Activity Collector Affiliation Commercial, Government, Government Associated, Individual • Technologies and Programs Targeted Military Critical Technology List • UNCLASSIFIED

  6. UNCLASSIFIED//FOUO Way Ahead (U) Continue to grow and expand DSS’s cyber capability • (U) Increase Opportunities for sharing of timely threat • information and actionable data (U) Continue to build partnerships throughout cleared • industry, intelligence and federal government communities UNCLASSIFIED//FOUO

  7. BREAK

  8. UNCLASSIFIED//FOUO Defense Security Service (U) Cyber Threats to the Defense Industrial Base UNCLASSIFIED//FOUO

  9. UNCLASSIFIED (U) Agenda • (U) Fiscal Year 2012 Industry Cyber Reporting • (U) Threat Overview • (U) Where We Are Vulnerable • (U) Methods of Operation • (U) A New Approach to Threat Modeling • (U) Reporting • (U) Getting Ahead UNCLASSIFIED

  10. UNCLASSIFIED//FOUO (U) FY12 Industry Cyber Reporting (U//FOUO) 1,678 suspicious contact reports (SCR) • categorized as cyber incidents (+102% from FY11) (U//FOUO) 1,322 of these were assessed as having a • counterintelligence (CI) nexus or were of some positive intelligence (PI) value (+186% increase from FY11) (U//FOUO) 263 were categorized as successful intrusions • (+78% increase from FY11) (U//FOUO) 82 SCRs resulted in an official investigation or • operation by an action agency (+37% increase from FY11 ) UNCLASSIFIED//FOUO

  11. UNCLASSIFIED//FOUO (U) FY12 Technologies Targeted by Cyber 4% 3% 2% 5% Unknown 6% Aeronautics Information Systems 8% Other Marine Systems Information Security 8% 64% Space Systems Lasers, Optics, Sensors UNCLASSIFIED//FOUO

  12. UNCLASSIFIED//FOUO (U) FY12 Cyber Incident by Category 1% 1% 6% Unsuccessful Attempt 13% Root Level Intrusion Suspicious Network Activity / Exploitation 13% User Level Intrusion 66% Reconnaissance Malicious Logic UNCLASSIFIED//FOUO

  13. UNCLASSIFIED (U) Cyber Threats (U) Nation states (foreign governments) • (U) T errorist groups/extremists/sympathizers • (U) Insiders • (U) Recruited • (U) Disgruntled Employee • (U) Hackers/criminals • (U) Organized/individuals • UNCLASSIFIED

  14. UNCLASSIFIED (U) Where We Are Vulnerable (U) Bottom Line Up-Front: Everywhere • (U) Application vulnerabilities (e.g., Internet Explorer, Adobe) • (U) Operating systems • (U) Web-based applications (e.g., JavaScript, Flash) • (U) Removable media • (U) Network-enabled devices • (U) The end user • UNCLASSIFIED

  15. UNCLASSIFIED (U) Methods of Operation (U) Open source research • • (U) Passive collection (U) Vulnerabilities and exploits • • (U) Socially engineered email attacks • (U) 0-Day (Zero Day) application vulnerabilities • (U) Credentials • (U) Exploitation of trusted relationships (IT) • (U) Poor security practices/configurations • (U) Lack of end user education UNCLASSIFIED

  16. UNCLASSIFIED Threat Modeling (U) The model for handling threats MUST change • “Conventional incident response methods fail to mitigate the risk posed by APTs because they make two flawed assumptions: response should happen after the point of compromise, and the compromise was the result of a fixable flaw” (U) Intelligence-driven computer network defense is a • necessity (U) Address the threat component of risk, incorporating adversary • analysis, their capabilities, objectives, doctrine and limitations UNCLASSIFIED

  17. UNCLASSIFIED Threat Modeling (U) Intrusions must be studied from the adversary’s • perspective – analyzing the “kill chain” to inform actionable security intelligence (U) An adversary must progress successfully through each • stage of the chain before it can achieve its desired objective Command Actions on Recon Weapon Delivery Exploit Install and Control Objectives (U) Just one mitigation disrupts the chain and the adversary • UNCLASSIFIED

  18. UNCLASSIFIED//FOUO Threat Modeling (U) Moving detection and mitigation to earlier phases of the • kill chain is essential in defending today’s networks Command Actions on Recon Delivery Exploit Install Weapon and Control Objectives UNCLASSIFIED//FOUO

  19. UNCLASSIFIED//FOUO Why Your Reporting Matters (U//FOUO) Reporting establishes and/or confirms • Foreign Intelligence Entities activities throughout Industry (U//FOUO) Provides leads for investigations and • operations (U//FOUO) Provides high quality information to the • Intelligence Community (U//FOUO) Provides valuable information that aides • the Intelligence Community in articulating the threat to the highest levels of the U.S. Government (U//FOUO) Stolen unclassified DoD/U.S. • Government data aids the adversary: strategically, operationally, tactically, diplomatically, economically, research and development, etc., etc… UNCLASSIFIED//FOUO

  20. UNCLASSIFIED Getting Ahead (U) Your DSS Community - ISR, ISSP , FCIS • (U) Community Partnerships • (U) Analytical Products • (U) SCR Responses, Cyber Activity Bulletin, Cyber Threat Advisories, • Cyber Special Assessments, Crimson Shield, Scarlet Sentinel, Annual Cyber Trends (U) Homeland Security Information Network (HSIN) • (U) DSS Cyber Security web-based training • http://www.dss.mil/cdse/catalog/counterintelligence.html • http://cdsetrain.dtic.mil/cybersecurity • UNCLASSIFIED

  21. BREAK

  22. UNCLASSIFIED//FOUO Defense Security Service (U) Spear Phishing and Malware Submissions UNCLASSIFIED//FOUO

  23. UNCLASSIFIED (U) Spear Phishing Sample #1 UNCLASSIFIED

  24. UNCLASSIFIED (U) Spear Phishing Sample #2 UNCLASSIFIED

  25. UNCLASSIFIED (U) Spear Phishing Sample #3 UNCLASSIFIED

  26. UNCLASSIFIED//FOUO (U) Malware Submission Website - AMRDEC UNCLASSIFIED//FOUO

  27. UNCLASSIFIED//FOUO (U) Malware Submission Website- AMRDEC UNCLASSIFIED//FOUO

  28. UNCLASSIFIED//FOUO (U) AMRDEC Safe Usage Policy Agreement UNCLASSIFIED//FOUO

  29. UNCLASSIFIED//FOUO (U) Verify Email Address UNCLASSIFIED//FOUO

  30. UNCLASSIFIED//FOUO (U) Malware – Link to Verify Email Address UNCLASSIFIED//FOUO

  31. UNCLASSIFIED//FOUO (U) Malware – Verify Email to Submit File 1 2 3 UNCLASSIFIED//FOUO

  32. UNCLASSIFIED//FOUO (U) Malware – Submission Confirmation UNCLASSIFIED//FOUO

  33. UNCLASSIFIED//FOUO Questions? Jon Stevenson jon.stevenson@dss.mil UNCLASSIFIED//FOUO

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The

CyberWarfare Defense against Penetration T esting and distributed Denial-of-Service Attacks The Foundation of Network Security Stand-alone (ISP/Carrier Server Farm) modular TIPS for Perimeter Defense We brought a prototype for you!

263 views • 24 slides
Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof.

Information Assurance Information Assurance for Defense Security for Defense Security Prof. Paul A. Strassmann George Mason University, March 27, 2007 1 Prof. Strassmann, GMU March 27, 2007 Lecture, REPRODUCED BY PERMISSION ONLY Elements of

662 views • 49 slides
Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu -

Surveillance Defense Small Easy Steps for Security and Privacy Pete Snyder psnyde2@uic.edu - peteresnyder.com Surveillance Defense 1. Good Practices 2. System / PC Security 3. Mobile Security 4. Browser Security 5. Secure Networking Tools

443 views • 27 slides
Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and

Advanced Energy for Homeland CONVERGE S T R A T E G I E S Defense and Security Michael Wu and Wilson Rickerson AGENDA 1.Defense Energy and National Security 2.State Support for DoD Missions 3.Advanced Energy Security for the Home Front

697 views • 16 slides
~-- . . Department of Defense , ., OFFICE OF PREPUBLICATION AND SECURITY REVIEW !\M.A

~-- . . Department of Defense , ., OFFICE OF PREPUBLICATION AND SECURITY REVIEW !\M.A

~ Robert L. Bezy and Kathryn Bolles CLEARED For Open Publication Jan 30, 2020 . . ~-- . . Department of Defense , ., OFFICE OF PREPUBLICATION AND SECURITY REVIEW !\M.A . , ' 11'{,Q" , _._,._. U Department of Defense

218 views • 18 slides
Building Layers of Defense with Spring Security We have to distrust each other. It is our

Building Layers of Defense with Spring Security We have to distrust each other. It is our

Building Layers of Defense with Spring Security We have to distrust each other. It is our only defense against betrayal. Tennessee Williams About Me u Joris Kuipers ( @jkuipers) u Hands-on architect and fly-by-night Spring

709 views • 52 slides
Online Security Michael Hutchinson My First line of Defense Making Things Secure Router

Online Security Michael Hutchinson My First line of Defense Making Things Secure Router

Online Security Michael Hutchinson My First line of Defense Making Things Secure Router Security Anti-Malware Programs Browser Security Internet Searching Router Security Router is First Line of Defense Router typically

472 views • 23 slides
Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols

Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols

Mathy Vanhoef Public PhD Defense A Security Analysis of the WPA- TKIP and TLS Security Protocols Data handled by computers: Banking details Emails Messaging Adult websites Private files Mobile devices 2 Goal of dissertation Is the

758 views • 51 slides
Security as an App and Security as a Service: New

Security as an App and Security as a Service: New

Security as an App and Security as a Service: New Killer Applica6ons for So9ware Defined Networking? Guofei Gu SUCCESS Lab, Texas A&M

447 views • 42 slides
Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in

www.securing.pl Pawel Rzepa Serverless security: attack & defense www.securing.pl #whoami Senior Security Consultant in - Pentesting - Cloud security assessment Blog: https://medium.com/@rzepsky @Rzepsky

1.1k views • 63 slides
CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming

CSE 610 Special Topics: System Security - Attack and Defense for Binaries Instructor: Dr. Ziming Zhao Location: Frnczk 408, North campus Time: Monday, 5:20 PM - 8:10 PM Last Class 1. Defenses a. Direct defense b. Stack Cookie; Canary -

713 views • 26 slides
Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real

Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real

EE515/IS523 Think Like an Adversary Lecture 1 Introduction Yongdae Kim KAIST Offense vs. Defense q Know your enemy. Sun Tzu q "the only real defense is active defense - Mao Zedong q security involves thinking like an

732 views • 51 slides
Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of

Malware Defense I TDDD17 Information Security, Second Course Ulf Kargn Department of Computer and Information Science Linkping University Malware Defense Agenda 2 Two lectures Lecture I : Malware basics, malware on the PC,

621 views • 40 slides
Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future

Defense Against the Dark Arts: An overview of adversarial example security research and future research directions Ian Goodfellow, Sta ff Research Scientist, Google Brain 1st IEEE Deep Learning and Security Workshop, May 24, 2018 This document

726 views • 36 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
Malware Defense II TDDD17 Information Security, Second Course Alireza Mohammadinodooshan

Malware Defense II TDDD17 Information Security, Second Course Alireza Mohammadinodooshan

Malware Defense II TDDD17 Information Security, Second Course Alireza Mohammadinodooshan Department of Computer and Information Science Linkping University TDDD17 - Malware Defense II 1/31/2020 2 What Has Been Covered Malware

760 views • 50 slides
Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu

Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu

Integrated Adaptive Cyber Defense: Integration Spiral Results Wende Peters, JH-APL wende.peters@jhuapl.edu iacd@jhuapl.edu September 2015 Integrated Adaptive Cyber Defense Cybersecurity Reality in the Greater Cyber Ecosystem We arent

660 views • 53 slides
Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I?

Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I?

Big Data Platform Lessons Learned in Growing a Big Data Capability for Network Defense Who am I? - Technical Director, Enlighten IT Consulting, a MacAulay-Brown company - Software Engineering Consultant - Helped found Apache Rya - Chief

600 views • 17 slides
Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and

Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and

Advancing the College of Engineering and Science: The Role of the Associate Dean for Research and Graduate Studies Professor Daniel L. Noneaker Associate Chair & Graduate Program Coordinator Holcombe Department of Electrical and Computer

478 views • 18 slides
Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program

Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program

Intelligent Transportation Systems: Automated Highw ays, Autonomous Vehicles, aTaxis & Personal Rapid Transit Alain L. Kornhauser Professor, Operations Research & Financial Engineering Director, Program in Transportation Faculty Chair,

1.06k views • 87 slides
H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S

H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S

H AMPTON R OADS M ILITARY T RANSPORTATION N EEDS S TUDY 2018 U P D A T E P R E S E N T E D B Y : S A M B E L F I E L D H A M P T O N R O A D S T R A N S P O R TAT I O N P L A N N I N G O R G A N I Z AT I O N M E E T I N G A G E N D A I T E M # 1 3 J

184 views • 14 slides
Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011

Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011

Reconstructing Corrupt DEFLATEd Files Ralf D. Brown Carnegie Mellon University 3 August 2011 Why do we care about DEFLATE compression? DEFLATE is Ubiquitous Many file types are in fact ZIP archives: OOXML (.docx, .xslx, .pptx)

438 views • 40 slides
VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology

VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology

RCAB VacuNest S hape M emory T ooling shaping the future ~ today VacuNest is a NOVATEC technology VacuNest RCAB Shape Memory Tooling shaping the future ~ today PRIOR ART SOLUTIONS RCAB TECHNOLOGI ES DEDI CATED TOOLS FLEXI BLE PI N

406 views • 19 slides
Reweaving Local: Transition Towns & Timebanking A new way of thinking about time, wealth, and

Reweaving Local: Transition Towns & Timebanking A new way of thinking about time, wealth, and

Reweaving Local: Transition Towns & Timebanking A new way of thinking about time, wealth, and community 1 What is Timebanking? At its most basic level, a Timebank is a community of people who support each other. Time Banking

340 views • 16 slides

More recommend