Treadstone 71 Selected to Deliver at the RSA Conference 2018 San Francisco

Foundations for a Strong Intelligence Program
April 18, 9AM-11AM RSA Conference
This Lab will explore key aspects of building a strong and long-lasting cyberthreat intelligence program. We’ll review methods of threat intelligence platform selection and bake-off techniques as well as cover stakeholder analysis and priority intelligence requirements. Additionally, we’ll practice collection planning and mission management as well as how to establish effective reporting and dissemination capabilities.

rsa2018
Cyber CounterIntelligence – Deception, Distortion, Dishonesty
April 18, 1:45PM-2:30PM RSA Conference
Deception, distortion, dishonesty are core to social media postings. Our adversaries use these methods concocting stories that create illusions that are meant to leave us divided. The talk will cover methods of countering their messaging while applying these tactics to protect your own organization and brand. Moving from intelligence to counterintelligence is the natural next step in our evolution.

Zapad Exercises – 2nd/3rd Order Effects

 

The recent Russian Zapad wargaming exercises included a plethora of electronic capabilities demonstration and potentially more. Russia is known to recently been involved in illegal immigration efforts in Sweden, Finland, and Norway along with hostile intent along its northern borders (Estonia, Latvia, Lithuania) including cell/communication tower tampering. Could the recent Zapad exercises be more than just wargaming?

Some What If thoughts on these non-linear actions:

– Testing capabilities, distance, strength, impacts
– Testing responses like a stone in pond
    – 2nd and 3rd order effects were measured to determine the impact on targets, targets responses, etc.
    – Russians had people in each target country assisting with target impacts
    – Russians monitored target government communications from within each country
    – Determine length of time for target government to respond and what methods were used and where to get communications back online (if at all) – the locations of the response represent capabilities unknown to Russia until such an exercise is performed
– Other possibles:
     – A cover for illegal activities that occurred during the exercise – a feint, a ruse
 – Testing a precursor to actual execution – that is why military exercises are performed
 – What capabilities are being left in the exercise areas; what is not being removed after the exercise using the exercise as a ruse to place assets close to Western borders that were not there before
 What do you think?
 https://uawire.org/news/media-belarusian-and-russian-militaries-are-jamming-mobile-communications-along-border-with-poland

Drone Wars! Threats, Vulnerabilities and Hostile Use

Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_01Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_02Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_03Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_04Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_05Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_06Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_07Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_08Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_09Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_10Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_11Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_12Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_13Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_14Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_15Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_16Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_17Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_18Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_19Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_20Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_21Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_22Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_23Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_24Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_25Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_26Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_27Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_28Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_29Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_30Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_31Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_32Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_33Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_34Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_35Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_36Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_37Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_38Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_39Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_40Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_41Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_42Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_43Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_44Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_45Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_46Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_47Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_48Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_49Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_50Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_51Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_52Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_53Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_54Drone WARS presentation Cyber Event 100417 slides Rev17A_CMC RKN_201701002 (1)_Page_55

References

Adamy, D. (2001) EW 101 A First Course in Electronic Warfare, Boston: Artech House.

Adamy, D. (2004) EW 102 A Second Course in Electronic Warfare, Boston: Artech House.

Adamy, D. (2009) EW 103 Tactical Battlefield Communications Electronic Warfare, Boston: Artech House.

Adamy, D. (2015) EW 104 EW against a New Generation of Threats, Boston: Artech House.

Anonymous, (2017) GPS/SBAS Signal Generator, GSS4100, Spirent Communications Data Sheet. Satellite AIS, Exact Earth, Ltd.

Anonymous, (9/8/2017) Innovation: Simulating GPS Signals, GPS World, http://gpsworld.com/simulating-gps-signals/

Anonymous, (8/22/2017) Nationwide Automatic Identification System, www.navgen.uscg.gov

Anonymous, (8/22/2017) Long Range Identification and Tracking (LRIT) Overview, www.navgen.uscg.gov

Anonymous, (8/22/2017) How AIS Works, www.navgen.uscg.gov

Anonymous, (2015) Satellite AIS, Exact Earth, Ltd.

Anonymous, (6/21/2015) Cyber Threats against the Aviation Industry, in SCADA on April8, 2014, INFOSEC Institute.

Anonymous, (2012) A Guide for Testers of GPS Devices and Systems, spectracom, Test & Measurement technical Note, TN15-101A – What You Want to know about GPS.

Anonymous, (5/14/2012) what is a GPS Simulator? Spectracom, Test & Measurement White Paper, WP08-101A.

Anonymous, (1/10/2014) GPS Signal Plan, Navipedia, http://www.navipedia.net/index.php/GPS_Signal_Plan

Anonymous, (4/2017) Counter-Unmanned Aircraft System Techniques, HQ, Department of the Army, ATP-3-01.81, https://fas.org/irp/doddir/army/atp3-01-81.pdf

Atayero, A.A, Luka, .K. & Alatishe, A.A (8/2011) Satellite Link Design: A Tutorial, International Journal of Electrical & Computer Sciences, IJECS-IJEND Vol: 11 No: 04.

Balduzzi, M., Wilhoit, K., & Pasta, A. (2014) A Security Evaluation of AIS, Trend Micro Forward-Looking Threat Research

Barker, B.C Capt., et.al. (2006) Overview of the GPS M-Code Signal, MITRE Report.

Bay-Yen, J. (2000) Chapter 5: GPS C/A Code Signal Structure, Fundamentals of Global Positioning System Receivers: A Software Approach, New York: John Wiley, http://read.pudn.com/downloads85/ebook/326017/Fundamentals%20of%20Global%20Positioning%20System%20Receivers/booktext05.pdf

Bhatti, J. & Humphreys, T. E. (2016) Hostile Control of Ships via False GPS Signals Demonstration and Detection, Navigation: Journal of the Institute of Navigation, Vol. 64, No.1, Spring 2017.

Buesne, G & DeSanto, D. (2017) GNSS Receivers and the Cyber-Threat: Lessons from the Information Security Community, Spirent Communications, Baltimore, MD

Buesne, G & Holbrow, M. (6/29/2017) GNSS Threats, Attacks and Simulations, Spirent: PNT Advisory Board, Baltimore, MD

Bussert, J.C. (10/2013) China Expands Influence through Electronics, Signal Magazine, https://www.afcea.org/content/china-expands-influence-through-electronics

Chachak, E. (retrieved 9/1/2017) U.S. Naval Mishaps – Human Error or Cyber Malfeasance? CyberDB.https://www.cyberdb.co/u-s-naval-mishaps-human-error-or-cyber-malfeasance/

Crosby, J. (12/16/2017) here’s What USNS Bowditch Does, Inverse Innovation, https://www.inverse.com/article/25346-usns-bowditch-underwater-drone-stolen-china

Demchak, C., Patton, K, T. & Tangredi, S.J. (8/25/2017) why are our Ships Crashing? Competence, Overload, and Cyber Considerations, Center for International Maritime Security. https://www.realcleardefense.com/articles/2017/08/25/why_are_our_ships_crashing_competence_overload_and_cyber_considerations_112152.html

Dupont, G. (2017) SIEM Fundamentals for your Threat Intelligence Program, Recorded Future, https://www.recordedfuture.com/security-operations-center-fundamentals/

Easton, R.D. & Frazier, E.F. (2013) GPS Declassified: From Smart Bombs to Smartphones, University of Nebraska Press.

FCC Wireless Telecommunications Bureau, Marine VHF Radio Channels, per 47 CFR 80.371© and 80.373(f)

Fessenden, F. & Watkins, D. (6/18/2017) the Path of the Container Ship that Struck a U.S. Destroyer, NYT. https://www.nytimes.com/interactive/2017/06/18/world/asia/path-ship-hit-uss-fitzgerald.html?mcubz=3

Gaertner, U (2013) UAV Swarm Tactics: An Agent-Based Simulation and Markov Process Analysis, Naval Postgraduate School Thesis.

Haider, Z. & Khalid, S. (8/2016) Survey on Effective GPS Spoofing Countermeasures, 6th International Conference on Innovative Computing Technology (INTECH 2016), https://www.researchgate.net/publication/313543601_Survey_on_effective_GPS_spoofing_countermeasures

Heath, T. (5/7/2015) How to Hack a Military Drone Parts I & II, Technology-Hackers, www.cybersecurityintelligence.com/blog/

Hodge, H. (8/23/2017) why are Navy Ships colliding in the Pacific? Experts Weigh In, Military.com

Homeland Security (2017) Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure, NCIC/NCC Unclassified report.

Hurley, M. (9/2017) Beyond the Iron Triad: The Future of Airborne C2ISR, Arlington, VA: Mitchell Institute for Aerospace Studies.

Humphreys, T.E, e. al. (1/1/2009) assessing the Spoofing Threat: Development of a Portable Civilian GPS Spoofer, https://gps.mae.cornell.edu/humphreys_etal_iongnss2008.pdf, Cornell University

Humphreys, T.E, (7/18/2012) Statement on the Vulnerability of Civil Unmanned Aerial Vehicles and Other Systems to Civil GPS Spoofing, Submitted to the Subcommittee on Oversight., Investigations, and Management of the House Committee on Homeland Security.

Kao, Lee, Chang, and Ko. (2007) A Fuzzy Logic Method for Collision Avoidance in Vessel Traffic Service, Journal of Navigation, 60, 17-31.

John, E.N & Schrage, D.P (2017) System Integration and Operation of a Research Unmanned Aerial Vehicle, Atlanta GA: School of Aerospace Engineering, Georgia Institute of Technology.

LaGrone, S. (8/21/2017) Chain of Events Involving U.S Navy Warships in the Western Pacific Raise Readiness, Training Questions, USNI News

LaGrone, S. (1/31/2017) Cruiser USS Antietam Runs Aground in Tokyo Bay, Spills Oil, USNI News.

Mccaslin, I.B. (2017) Red Drones Over Disputed Seas: A Field Guide to Chinese UAVs/UCAVs Operating in the disputed East and South China Seas. Project 2049 Institute.  http://project2049.net/documents/Red%20Drones%20Over%20Disputed%20Seas_PLA_Project2049.pdf

News Correspondent, (8/22/2017) USS McCain crash is 4th Navy Accident in Pacific this Year, The Washington Post, AP.

News Correspondent, (8/31/2017) DDG 51 Arleigh Burke Class Destroyer, Military.com

News Correspondent, (8/21/2017) CNO Orders Operational Pause, Review After Latest Ship Collision, Military.com

News Correspondent, (8/21/2017) 10 Sailors Missing, 5 injured after Destroyer Collides with Tanker, Military.com

News Correspondent, (8/22/2017) Remains of Navy Sailors found on USS John S McCain, Military.com

News Correspondent, (8/17/2017) Navy Fires Commander, XO from USS Fitzgerald for Fatal Collision, Military.com

News Correspondent, (7/21/2017) Investigation Faults Navy in Fitzgerald Collision Report, Military.com

News Correspondent, (6/20/2017) Stories of Fitzgerald Sailors Killed in Destroyer – Container Ship Crash, Military.com

News Correspondent, (6/16/2017) US Navy Destroyer Collides with Japanese Merchant Ship, Military.com

News Correspondent, (5/09/2017) US Navy Ship Collides with South Korean Fishing Boat, Military.com

News Correspondent, (1/31/2017) Oil Spill in Tokyo Bay After Navy Cruiser Runs Aground, Military.com

Nichols, R.K (8/31/2017) Stand By for a whole slew of military short articles on the Navy Collisions (my students only), Private memo to COT799 & CMST 455.

Nichols, R.K. & Lekkas, P.L. (2002) Wireless Security: Threats, Models, Solutions, New York, McGraw Hill.

O’Donnell, W. (2017) Interview with Navy Captain. http://inmilitary.com/real-reason-us-navy-keeps-hitting-merchant-vessels/

Ranganathan, A, et.al, SPREE A Spoofing Resistant GPS Receiver, Department of Computer Science, ETH Zurich, Switzerland, Zurich Information Security and Privacy Center.

Richardson, J. Adm., (8/31/2017) No Evidence of Hacking in McCain and Fitzgerald Collisions, Military.com

Rudow, l. (2014) Where to Mount a Radome for best Performance, Boat US, http://www.boatus.com/magazine/2014/june/mounting-a-radome.asp

Schallhorn, K., (9/1/2017) US Military crashes, collisions in the Pacific, FoxNews. http://www.foxnews.com/us/2017/08/28/us-military-crashes-collisions-in-pacific.html

Schmidt, D.et.al., (5/2016) A Survey and Analysis of the GNSS Spoofing Threat and Countermeasures, ACM Computing Surveys, Vol 48, No 4, Article 64

Sickle, J.V. (8/25/2017) GEOG 862 GPS and GNSS for Geospatial Professionals, Lessons 1-10 complete, Penn State University, College of Earth and Mineral Sciences  https://www.e-education.psu.edu/geog862/node/1407 [ Superb Course on the subject]

Sterling, J. 8/21/2017) A Spate of US Navy warship accidents in Asia since January, CNNNEWS. http://www.cnn.com/2017/08/21/politics/navy-ships-accidents/index.html

Tucker, P., e. al. (9/2017) Beyond GPS: Upgrading the Military’s Navigation-and-timing Backbone, Defense One, e-Book.

Volpe, J.A, (8/29/2001) Vulnerability Assessment of the Transportation Infrastructure Relying on the Global Positioning System, Final Report, Office of Assistant Secretary for Transportation Policy, U.S. Department of Transportation, John A Volpe Transportation Systems Center.

Warner, J.S. % Johnson, R.G. (2013) A Simple Demonstration That the Global Positioning System (GPS) is Vulnerable to Spoofing, Journal of Security Administration, https://pdfs.semanticscholar.org/8ddb/89f56dd3e2ae265047822bc47cfb06815d9a.pdf, LAUR-03-6163.

Warner, J.S. % Johnson, R.G. (2003) GPS Spoofing Countermeasures, Journal of Security Administration, LAUR-03-2384, Los Alamos, NM:  Los Alamos National Laboratory

Weise, E. (8/23/2017) Could Hackers Be Behind The U.S. Navy Collisions? USATODAY.

Patents

Berry, R. & Cook, C. (2016) Detection of wireless data jamming and spoofing, US 9466881 B1

 

Blogs

Banggood Blog (9/14/2017) Whats the difference between RHCP and LHCP antennae?     https://blog.banggood.com/rhcp-and-lhcp-whats-the-difference-29046.html

King Blog (9/14/2017) what is the difference between Azimuth and Elevation? https://kingconnect.com/what-is-the-difference-between-azimuth-and-elevation/

Mike Willis Blog (9/13/2017) Propagation. http://www.mike-willis.com/Tutorial/propagation.html

Law and Cyber Warfare Blog. Groll, E. (2017) Investigating if Destroyer Crash was Caused by a Cyber Attack, http://www.jlcw.org/u-s-navy-investigating-if-destroyer-crash-was-caused-by-cyberattack/

Wikipedia

Editor (8/31/2017) GPS Block IIIA, Wikipedia, https://en.wikipedia.org/wiki/GPS_Block_IIIA

Editor (9/14/2017) Circular polarization, Wikipedia, https://en.wikipedia.org/wiki/Circular_polarization

Editor (9/19/2017) Electromagnetic Spectrum, Wikipedia, https://en.wikipedia.org/wiki/Electromagnetic_spectrum

Editor (9/19/2017) Continuous-wave Radar, https://en.wikipedia.org/wiki/Continuous-wave_radar

Intelligence for the C-Suite and Stakeholders

This is a one-day course designed to educate corporate leadership and stakeholders in cyber and threat intelligence.  There is a general awareness of the need to establish intelligence functions. Many organizations do not have a fundamental understanding of what intelligence is, where the function should reside, how it is different from business and competitive intelligence while understanding the overlaps and natural points of integration. This one day course targets corporate leadership delivering a clear and coherent training that equips stakeholders with the understanding and tools they need to assist in building a successful intelligence program.


Registration Information – Dates and Times TBD

Course High-Level Outline

  • Using Strategic Intelligence
  • Organization and Focus of the Class
  • Background on Strategic Intelligence and Analysis
  • Approaches and Processes
  • Strategic Plan development, acceptance, and dissemination
    • Mission
    • Vision
    • Guiding Principles
    • Roles and Responsibilities
    • Threat Intelligence Perspective
    • Business Intelligence Perspective
    • Competitive Intelligence Perspective
    • Intelligence Strategic Challenges
    • Goals and Initiatives
    • Next Steps
    • Roadmap
  • Stakeholder checklist and stakeholder management groups with strategic and tactical activities definition for intelligence, description of needs and products. This will include:
  • The Future Use of Strategic Intelligence
  • Intelligence: Role, Definitions, and Concepts
  • Basic Concepts Concerning Intelligence
  • The Strategic Intelligence Process – Operations to Tactics
  • The Role of Strategic Intelligence and Its Impact on Stakeholders
    • Operational, Technical, Tactical
  • Why Stakeholders and Executives Need Strategic Analysis:
  • Strategic Analysis Leading to Strategic Decisions
  • Implementing Intelligence Programs
    • The Treadstone 71 Method (Experience with several program builds globally)
  • Challenges for Stakeholders to Accept Intelligence
  • Stakeholder Views: Impact on Intelligence
  • Intelligence as Catalyst for Stakeholders
  • Integrating Analytical Support and the Stakeholder Thought Process
  • Stakeholders and Self-Directed Strategic Processes, Procedures, Methods
  • The Role of Intelligence Management
  • Issues, Tactics, Techniques, Methods, and Principles
  • Managing Intelligence Projects
  • Providing Focused Leadership
    • Leading the Team
    • Understanding Issues and the Process
    • Analysis Overview
    • Collection Management
    • Production Management
      • Evaluation
      • Analysis
      • Integration
      • Interpretation
    • Types of Analysis
      • 14 Types of Analysis
    • Analytic Writing
      • ICD 203, 206, 208
      • Organization, Evidence, Argument, Sources, Pitfalls
      • Use the Title
      • Who/What, Why Now, So What, Impact so far, Outlook, Implications
      • BLUF and AIMS
      • Supervisory Actions
      • Summary Paragraphs
      • Alternative Analysis
      • Clarity and Brevity
      • Peer review
      • Reports and Reporting
        • Feedback
    • Pre-Mortem
    • Post-Mortem
    • Know your professor, get an A – Communicating Up
      • Relevance, Timeliness, Completeness, Accuracy, Usability
    • Briefing Rules
  • Intelligence Analysts and Self-Management
    • High-Level Tasks
  • Analyst Activities
    • Rules for developing analysts – Alignment and as collectors
    • The Role, Responsibilities, and Functions of the Analyst
    • The Analyst’s Roles and Responsibilities – RACI(s)
    • What the Analyst will face
    • Job Descriptions
  • Conclusion
    • The Executive / Stakeholder’s Roadmap
Corporate stakeholders risk investing large amounts of time and money with little positive effect their security, corporate strategies, and business direction. The C-Suite and Stakeholders participating in this course ensures their understanding of the discipline required to build a successful program. The course helps align information security, incident response, security operations, threat and cyber intelligence with the business.

Full Suite of Cyber-Threat Intelligence and Counterintelligence Courses Ready for Global Delivery

Treadstone 71 today announced a full suite of Cyber and Threat Intelligence and CounterIntelligence training courses. The courses drive the expansion of Treadstone 71’s accelerated, academically validated, intelligence training to global markets. Treadstone 71 delivers courses in California, Virginia, Canada, the United Kingdom, and the Netherlands and is set to expand to the Middle East and Asia later this year. (www.planetreg.com/T71IntelTraining)

Treadstone 71 offers a compelling business model that delivers rapid cyber and threat intelligence strategic planning, program build, and targeted training in sectors such as financial services, government, healthcare, energy, and other critical infrastructure verticals. Treadstone 71’s format, curriculum, and instruction model are helping meet critical global demand for cyber and threat intelligence and analysis expertise. Treadstone 71 training provide graduates with an attractive pathway to compensation increases, career progression, and much-needed attention to intelligence. The organization has been teaching cyber intelligence at the Master’s level and commercially for seven years. New courses include a focus on campaign management, the use of Tor, Tails, I2P, and Maltego as well as covering persona development and management. Students create a series of identities, character development, and dimensions, storyline, plot synopsis, story drive and limit, story weaving, applicability, scope, tools to be used, methods of interaction with other identities, engaging secondary characters, refining targeting while developing a campaign to gain street credentials.

“Our courses provide academic instruction combined with real-world, hands-on collection, analysis, analytic writing, dissemination, and briefings that many liken to an apprenticeship,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “Our curriculum follows the teachings of Sherman Kent and Richards Heuer giving students the tools necessary to perform targeted collection, structured analysis while authoring reports modeled after intelligence community standards. We teach methods of cyber infiltration, information and influence operations, counterintelligence strategies, mission based counterintelligence, denial and deception, and counter-denial and deception.”

Treadstone 71 courses are validated and proven by intelligence professionals creating job-ready threat intelligence professionals for global organizations suffering a talent shortage. “Intelligence analysis as an inherently intellectual activity that requires knowledge, judgment, and a degree of intuition,” continued Bardin. “Treadstone 71’s intelligence, counterintelligence, and clandestine cyber HUMINT training and services help organizations transform information into intelligence pertinent to their organization.”

Analysis includes integrating, evaluating, and analyzing all available data — which is often fragmented and even contradictory — and preparing intelligence products. Despite all the attention focused on the operational (collection) side of intelligence, analysis is the core of the process to inform corporate stakeholders. Analysis as more than just describing what is happening and why; identifying a range of opportunities… Intelligence Analysis is the key to making sense of the data and finding opportunities to take action. Analysis expands beyond the technical focus of today providing organizations with core capabilities for business, competitive, cyber, and threat intelligence.

Treadstone 71’s Cyber Intelligence Tradecraft Certification is the gold standard in the industry today derived from both academia and from Treadstone 71’s experience in building cyber intelligence programs at Fortune 500 organizations worldwide.

Treadstone 71

888.714.0071 – osint@treadstone71.comhttp://www.planetreg.com/T71IntelTraining

Cyber Security Predictions – Not Even Reality TV – Just Daytime Entertainment

The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that are never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.

We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the ‘solutions’ to recommend purchase.

The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.

We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.

What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battles occurring 24×7. We need to direct the carpetbagging vendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.

Treadstone 71

  1. All CIOs must have served as a CISO for at least four years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least two technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

  1. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.
  2. New regulations to enforce security and privacy, demanding disclosure of breaches,  fining companies and individuals for negligence are put in place, at once.
  3. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
  4. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Decided to add a real 12:

  1. Let’s create a focused call to action to change the paradigm. Open to suggestions, dedicated forums, public push to change vendors, public push to force IT to change.

Call to Action!

The 12 Days of Cyber Christmas

…or What I want for Cyber Security and Intelligence Christmas 2016

  1. All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
  2. All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
  3. CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
  4. If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
  5. CIOs and their leadership will be held liable for deploying vulnerable systems.
  6. All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
  7. All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
  8. All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.

Treadstone 71 2017 Intelligence Training Courses – Sign up now or inquire about how to have us come onto your site to training.

    9. All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls. 

    10. New regulations to enforce security and privacy, demanding disclosure of breaches,    fining companies and individuals for negligence are put in place, at once.

    11. Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.

  12. You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).

Merry Cyber Christmas from Treadstone 71

img_0668

Drone Attack! Swarm with Hazardous Waste Payload

Once again the Team Flying Dragon from Kansas State University has created a critical intelligence estimate, this time, looking at drone attacks. The team consists of John Boesen, Randy Mai, Carrie Padgette, TL Vincent Salerno with oversight and tutelage from Professor Randall K. Nichols. 210 slides of detailed information focused on hazardous waste in the US and the use of drones to cause harm. The full report is available upon request from Treadstone 71 at osint@treadstone71.com – Please provide your name, title, and corporate / university / government email address for access to the report. flydragons

The Agenda

  • Executive Summary
  • Targets: Defenseless Universities (soft targets)
  • Hazardous Material Handling: PPE, antidotes, transport, logistics
  • Substances Used: toxins, location, transport, doses
  • Scenario
  • Consequences: effects, aftermath
  • Recommended Actions
  • Conclusions

fluoroMotive of Terrorist Organization implementing drone attacks

  • Armed, capable of targeting individuals, autos, structures
  • Highly effective at targets, maximize targets
  • Lower cost, risk, no risk to user/pilot
  • Punish, deter, disrupt, degrade, dismantle, defeat
  • Influence mass audience
  • Exceptionally effective in undermining populations
  • Alternative means when other activity cannot be accomplished, as attacking US military

This presentation examines among other things ethical and legal dimensions of on-line behavior regarding cyber security and UAS. It is not intended to turn counterterrorism, information technology or forensics investigators professionals into lawyers. Many of the topics discussed will be concerned with the law and legal implications of certain behaviors.

Every effort is made to provide accurate and complete information. However, at no time during this presentation will legal advice be offered. Any student requiring legal advice should seek services of a lawyer authorized to practice in the appropriate jurisdiction.

ksu3.png

This presentation is not about pushing the envelope or hacking, or trying out any of the UAS/UAV/Drone counter-terrorism approaches in our Cases or A/D scenarios in the field.

If you wish to see the complete presentation, contact Treadstone 71 at osint@treadstone71.com

Blog at WordPress.com.

Up ↑

%d bloggers like this: