Coincidences Take A Lot of Planning – RSA Conference 2018 – San Francisco

The RSA Conference is soon upon us! The expectation to see old friends and make new rsa1800008-buckle-up_augacquaintances. The show will once again be great with new technologies displayed, new ideas bantered about, and phrases around AI used inappropriately and about 5-10 years too soon. The parties will crank at night and many will suffer the cocktail flu come the next morning. 40,000 strong is the estimated number for this event! Huge!

کنفرانس RSA 2018  rsa-конференция 2018  2018 RSA 회의  rsa 2018年会议  مؤتمر rsa 2018

But what of the undercurrent that occurs unmentioned every year? Just beneath the surface are a series of activities generated by scores of foreign agents looking to steal information, intellectual property, or gain an upper hand over someone of importance being caught doing illicit things. How many spies will blanket the city and the shop floor armed with various technologies used to extract information? Cyber and physical espionage activities run amuck at such events. This is common and expected. How will you know when your data is being pilfered? Will your hotel room be secure? Are your 2018-04-05_14-43-31mobile devices secure? What data have you given up already? Flight plans, hotel information, email addresses, phone numbers, social media data, car rental information, events you will attend, arrival and departure times, restaurant reservations, meeting information… Do you think your data is not in the wind already? Will a chance encounter lead to unexpected information sharing? Is the person next to you at the bar there just by coincidence?

All questions you should consider. All questions that are usually forgotten or ignored.

BEHIND ALL COINCIDENCES THERE IS A PLAN, AND BEHIND ALL PLANS THERE IS A COINCIDENCE – Malnar

I12149464887

Treadstone 71 Announces Cyber Intelligence Capability Maturity Model

Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.

The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:

Treadstone 71 Cyber Intelligence Maturity Model

T71CICMM.png

INSA Opens Nominations for 2017 Achievement Awards

FOR IMMEDIATE RELEASE

Contact: Ryan Pretzer
(703) 224-4672
rpretzer@insaonline.org

Nominations sought from the IC, private sector, and academia for national security professionals exhibiting great promise

Nominations due Monday, October 31, 2016; six recipients to be recognized in winter 2017 ceremony

ARLINGTON, VA (August 29, 2016) – Members of the intelligence and national security communities are encouraged to nominate their peers and partners from government, private industry, and academia for the 2017 Achievement Awards, the Intelligence and National Security Alliance (INSA) has announced. The Achievement Awards recognize up-and-coming leaders and mentors serving or supporting the U.S. national security mission. The six awards and eligibility criteria are as follows:

  • Joan A. Dempsey Mentorship Award – Nominees would come from public, private and academic elements up to and including GS-15/0-6 and equivalent rank.  
  • Sidney D. Drell Academic Award – Nominees would include graduate students and untenured professors.
  • Richard J. Kerr Government Award – Nominees would be civilian government employees up to and including GS-13 and equivalent rank.
  • William O. Studeman Military Award – Nominees would be uniformed military personnel up to and including 0-3/E-6.
  • Edwin H. Land Industry Award – Nominees would include contractors and nongovernment employees with 8-10 years of non executive experience.
  • John W. Warner Homeland Security Award – Nominees would include law enforcement personnel, intelligence analysts and first responders from the federal government and state, local, tribal and territorial (SLTT) partners.

The Achievement Awards program has recognized employees from the Defense Intelligence Agency, Drug Enforcement Administration, FBI, National Nuclear Security Administration, National Security Agency, Northrop Grumman, Oak Ridge National Laboratory, Office of Naval Intelligence, U.S. Coast Guard, U.S. Secret Service, and Vencore, among other organizations in recent years.

INSA Chairman Tish Long said, “INSA is very proud to again host the Achievement Awards. This program represents something we as a community must embrace: recognizing and investing in the amazing young professionals who will be responsible for protecting our nation in the future and are contributing to that mission today. I urge all leaders in our intelligence and national security communities to submit nominations on behalf of the rising stars in their organizations.”

The INSA Board of Directors established the Achievement Awards in 2010 to recognize the accomplishments of entry- and mid-level professionals and mentors working in intelligence and national security. The six awards are each named after a recipient of the William Oliver Baker Award.

Both online and printable versions of the nomination form are available at www.insaonline.org/Achievement. Instructions to submit nominees who would require a classified nomination are available by contacting INSA at achievement@insaonline.org.

Nominations for all awards will be accepted through Friday, October 31, 2016. Recipients will be acknowledged at the 2017 Achievement Awards reception, more details about the reception will be released at a later date.

###

About INSA
The Intelligence and National Security Alliance (INSA) is the premier intelligence and national security organization that brings together the public, private and academic sectors to collaborate on the most challenging policy issues and solutions. As a nonprofit, nonpartisan, public-private organization, INSA’s ultimate goal is to promote and recognize the highest standards within the national security and intelligence communities. INSA has 160 corporate members and several hundred individual members who are leaders and senior executives throughout government, the private sector and academia.

Join us at the 2016 ISSA International Conference!

Survival Strategies in a Cyber World
November 2-3, 2016
Hyatt Regency Dallas
Dallas, TX, USA
#ISSAConf

Building a Mature Cyber Intelligence Program 11/2/2016, 4:00 pm – 4:45 pm, Cumberland I/J

http://www.issa.org/?issaconf_home

Senior Many organizations claim to be creating intelligence for their corporate stakeholders. Most believe technology solutions provide the same. Tools, techniques, and protocols / procedures of adversaries is nothing more than data and information unless properly collected, produced, organized, analyzed and disseminated. This discussion covers how to establish the proper strategy using proven intelligence tradecraft methods. We will cover areas of vision, mission, goals and initiative. The discussion guides the attendees through the process of development methods of collection, outlines areas for producing intelligence using structured analytic techniques while extracting the required issues from leadership for focused delivery. Jeff Bardin: Chief Intelligence Officer, Treadstone 71. @treadstone71llc

https://c.ymcdn.com/sites/www.issa.org/resource/resmgr/2016_International_Conference/Detailed_Agenda_2016.pdf

Treadstone 71 Cyber Intelligence and Counterintelligence – Course Overviews and Dates

The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taken separately or as a package. Course requests and modifications acceptable. Courses are based upon intelligence and intelligence analysis tradecraft.

Upcoming Classes

SIGN UP – Next class November 29-December 2 in the DC METRO area for the Cyber CounterIntelligence Tradecraft Course – http://www.planetreg.com/CounterIntel

For more information: osint@treadstone71.com or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises, student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance of the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber Counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered.
​
The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads. This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in operational cyber security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes.

Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take the time to develop to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.

osint@treadstone71.com

888.714.0071

 

 

 

 

Treadstone 71 Cyber Intelligence, Counterintelligence, and Target-Centric OSINT Course Overviews

The below information provide non-inclusive overviews of Treadstone 71 Courses.  The courses are listed in order of suggested training. Courses may be taking separately or as a package. Course requests and modifications acceptable. These are high-level outlines. The courses teach intelligence tradecraft with a focus upon intelligence analysis, methods, tactics, techniques, procedures, and operational security (OPSEC).

Upcoming Classes

For more information: osint@treadstone71.com or 888.714.0071

Cyber Intelligence Tradecraft Certification

This course is highly specialized following intelligence community tradecraft. If you want purely technical, then this is not the course for you. If you want tradecraft that lays the foundation for a solid program, education that creates a lasting impact, then this is the course for you.

Your enemies scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks.

The course includes:

CYBINT1 – Collection Methods and Techniques, Collection Planning, PIRs, Collection Process Flow, Collection Tools and Targeting, Alignment with Hunt and Detect Needs, Ties to CSIRT, TTPs, IoCs, Threat Intelligence, Open Source Intelligence, All-Source Intelligence, Standard Glossary and Taxonomy – (Case Study 1)

CYBINT2 – Organization, Production, and Structured Analytic Techniques, Use of Techniques, Production Management, Critical Thinking, Process Flow, Metrics, Intake forms, and templates – (Case Study 2)

CYBINT3 – Types and Methods of Analysis, Decomposition, Recomposition, Methods for Fusion, Case Studies in Analysis, Cognitive Bias, Credibility and Reliability of Sources, Confidence Levels, Analysis of Competing Hypothesis, Flow into Hunt, Detect, CSIRT, TTPs, IoCs, Inductive/Abductive/Deductive Reasoning, Historic trending and campaign analysis, Intelligence for organizational resilience.

CYBINT4 – Table Top Exercises (TTXs), Identifying Your Consumers, Stakeholder Identification, and Analysis, Standing Orders from Leadership, Analytic Writing, BLUF, AIMS, Types of Reports, Product Line Mapping / Report Serialization, and Dissemination, Cyber and Threat Intelligence Program Strategic Plan, Goals, Objectives. Case Study Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (3 Live Case Studies), student presentations, analytic products, templates, course material—40 CPEs (5-days – 40 hours)

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Cyber Counterintelligence http://www.planetreg.com/CounterIntel

This course presents the student with foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence.

With the expanding importance on the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students.  As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape.  Cyber counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered. The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads.

Cyber CI Team Presentations: Cyber Infiltration, Information Operations, Information Support Operations

  • National Counterintelligence Strategy
  • Standard Glossary and Taxonomy
  • Mission Based Counterintelligence
  • Counter Collection and Anticipation
  • Denial and Deception
  • Counter-Denial and Deception
  • Cyberspace
  • The Cyber Persona Layer
  • Perception as Deception
  • Social Psychology
  • Differences in Culture
  • Hofstede Dimensions
  • Includes open source tool usage
  • Persona creation, establishment, maintenance, expansion (depending upon taking Cyber Intelligence Course)
  • Data collection – recycle for Cyber CI updates/improvements
  • Authoring of blogs and articles for influencing
  • Placement of specific concepts and phrases
  • Target profiles – dossiers
  • Target gap analysis
  • Clearly define the mission so that it aligns with organizational objectives
  • Clandestine Collection
    • Operation
    • Surveillance
    • Counter Surveillance
    • CI Activities
    • CI Analysis and Production
    • CI Analysis Reporting
      • Support Brief
      • Source Evaluation
      • Operational analysis report
      • Asset Evaluation
      • Support Package
      • CI Assessment
      • CI Campaign
        • Mission
        • Mission Management
        • Operations
      • Effects-Based Operations
      • Functions and Services
    • CI Insider Threat
      • Investigations
    • Prepare an estimate of the situation
      • Prepare the plan
        • Support Plan
      • Cyber Media selection
      • Snuggling
      • Internet OPSEC
      • Product development
      • Pretesting – determines the probable impact on the target audience
      • Production and dissemination of material
      • Implementation
      • Post-testing evaluation of audience responses
      • Feedback
    • Ten Commandments of Cyber Counterintelligence
      • Be offensive
      • Honor your profession
      • Own the street
      • Know your history
      • Do not ignore analysis
      • Do not be parochial
      • Train your people
      • Do not be shoved aside
      • Do not stay too long
      • Never give up
    • Research and analyze methods of influencing adversaries from a variety of information sources
    • Team/Individual Presentations

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

Target-Centric Open Source Intelligence

This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in cyber operational security, their defense against adversaries, and passive data collection.  The establishment of cyber personas takes patience and time in order to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes. Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take time to develop in order to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.

Adversaries scour blogs, forums, chat rooms and personal websites to piece together information that used to harm the government and commercial organizations. Learning about cyber intelligence, OSINT, and Cyber-OPSEC effectively equips students with the tools to gather data points, transform these data points into actionable intelligence that prevents target attacks. Students will learn methods to create and manage personas while passively gathering information leading to cyber street credentials.

The course covers (non-inclusively):

  • Open Source Intelligence
    • Methods of collection
    • Specific tools
    • Social media sites and enrollment
  • Methods of Social Media Research
    • Tools and techniques
    • Social media demographics
    • Cyber Criminals
  • Social Psychology
    • Reciprocity
    • Consistency
    • Social validation
    • Liking
    • Authority
    • Scarcity
  • Differences in Culture
    • Diversity
    • What is …
  • Hofstede Dimensions
  • Big 5 Theory of Personality
  • Information Warfare and Cyber Psychological Operations
    • Target analysis and message manipulation where applicable
  • Establish Priority Intelligence Requirements
    • Establish Information Requirements
  • Persona creation and implementation
    • Cyber Persona Development and Maintenance
      • Leverage existing
      • Create new
      • Establish the storyline
      • Establish the plot synopsis
      • Storyline and plot synopsis
    • Story weaving and management
    • Snuggling
    • Collection
      • Linkages, trends, tendencies
    • Cyber Target Acquisition and Exploitation
      • Validation of target
      • Identify active adversary campaigns
      • Intent, Motivation, Goals, & Requirements.
    • Passive data collection
      • Campaign development
      • Target sites
        • Enrollment
      • Tactics, techniques, and procedures
      • Intent, motivation, goals, and requirements
      • Vectors of approach – Courses of action
      • Elicitation and exfiltration

Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—30 CPEs 4-days

All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real world experience during the class.

osint@treadstone71.com 888.714.0071 http://www.planetreg.com/E76722275820

Drone Attack! Swarm with Hazardous Waste Payload

Once again the Team Flying Dragon from Kansas State University has created a critical intelligence estimate, this time, looking at drone attacks. The team consists of John Boesen, Randy Mai, Carrie Padgette, TL Vincent Salerno with oversight and tutelage from Professor Randall K. Nichols. 210 slides of detailed information focused on hazardous waste in the US and the use of drones to cause harm. The full report is available upon request from Treadstone 71 at osint@treadstone71.com – Please provide your name, title, and corporate / university / government email address for access to the report. flydragons

The Agenda

  • Executive Summary
  • Targets: Defenseless Universities (soft targets)
  • Hazardous Material Handling: PPE, antidotes, transport, logistics
  • Substances Used: toxins, location, transport, doses
  • Scenario
  • Consequences: effects, aftermath
  • Recommended Actions
  • Conclusions

fluoroMotive of Terrorist Organization implementing drone attacks

  • Armed, capable of targeting individuals, autos, structures
  • Highly effective at targets, maximize targets
  • Lower cost, risk, no risk to user/pilot
  • Punish, deter, disrupt, degrade, dismantle, defeat
  • Influence mass audience
  • Exceptionally effective in undermining populations
  • Alternative means when other activity cannot be accomplished, as attacking US military

This presentation examines among other things ethical and legal dimensions of on-line behavior regarding cyber security and UAS. It is not intended to turn counterterrorism, information technology or forensics investigators professionals into lawyers. Many of the topics discussed will be concerned with the law and legal implications of certain behaviors.

Every effort is made to provide accurate and complete information. However, at no time during this presentation will legal advice be offered. Any student requiring legal advice should seek services of a lawyer authorized to practice in the appropriate jurisdiction.

ksu3.png

This presentation is not about pushing the envelope or hacking, or trying out any of the UAS/UAV/Drone counter-terrorism approaches in our Cases or A/D scenarios in the field.

If you wish to see the complete presentation, contact Treadstone 71 at osint@treadstone71.com

Cyber Threat Intelligence – All-Source Intelligence – Successful Program Build

Treadstone 71 has a history of solving difficult security and intelligence issues. Recently we were approached by a very large firm to address their cyber intelligence and cyber threat intelligence issues. This organization (ORG A) had spent millions on cybersecurity vendors. The task given to these vendors included building an all-source intelligence program. They failed to deliver. ORG A performed a search to find an organization able to deliver on the promises of others. All recommendations pointed to Treadstone 71.

http://www.planetreg.com/CounterIntel Cyber CounterIntel Tradecraft Certification

Upcoming Classes

We assessed the situation and status, set to work on the issues, solve the problems, and build a functional program. Like all our clients, we cannot divulge the name, but we do have this reference that validates our claims of complete success:

reference

The program examined all-source intelligence and analytic doctrine from the cyber perspective following traditional tradecraft and lifecycle activities. We assisted and drove the building of intelligence strategic and program plans as well as methods to validate and communicate the plans. Laying the groundwork for an accepted and understood program leadership approved. Our methods ensured successful. The Treadstone 71 Cyber Intelligence Program includes:

  • Strategic Plan development, acceptance, and dissemination
    • Vision-Mission-Guiding Principles-Goals-Objectives
    • 18-Month Plan
  • Program Plan development, acceptance, dissemination, and implementation
  • Standard Operating Procedures—Tradecraft focused
    • Intelligence RACIs
    • Process flows and metrics
  • Priority Intelligence Requirements development
  • Strategic, operational, tactical, and technical intelligence
  • Collection Planning and Management
  • Passive Intelligence Collection
  • Production Planning and Management
  • Organization, Production, Processing – Decomposition
  • Methods of Analysis
  • Structured Analytic Techniques
  • Analytic Writing and Dissemination
  • Report Writing and Serialization
  • Virtual HUMINT Creation and Management
  • Internet Exposure Assessment – Attack Surface Analysis – Perception Management – Sentiment Analysis
  • Darknet, Forums, Social Networking, Closed Sites
  • Deception Detection and Credibility Analysis
    • Denial and deception identification
  • Competitive Intelligence Assessment and Program Analysis
  • Campaign Analysis with Recommendations and Opportunities

The Treadstone 71 Program ensures support for organizational mission and objectives while strengthening intelligence across the enterprise. Something we accomplished with ORG A. The program validates intelligence vision, mission, goals, objectives and intelligence requirements. Treadstone 71 incorporates both revolutionary and evolutionaryCYBERINTELTRAININGS methods. We work with you to establish the framework for creating, improving and measuring your program. Methods proved with ORG A and other clients. Strategic goals and objectives are created and assigned.  The program creates metrics, performance goals, milestones, and roadmaps. Treadstone 71 guides you through the journey anticipating modifications and shifts. We offer training as well with the next bootcamp scheduled for July 17-23 in Denver. The program helps you advance the enterprise intelligence program. Standardize intelligence oversight, peer reviews, and governance as well as clear roles, responsibilities and job families.  We also integrate with customer facing organizations providing advice and guidance on competitive intelligence.  The bottom line is a happy client with all tasks accomplished. We can clean up the messes of the big boys or, you can hire us first to get the job done right, done once.

The Treadstone 71 program applies in-depth, substantive expertise, corporate and organizationally specific information and tough-minded tradecraft to product and provide distinctive value-added recommendations and opportunities advancing corporate leadership’s needs while improving organizational business interests. Contact us now to learn how Treadstone 71 can transform your cyber and threat intelligence program.  osint@treadstone71.com – 888.714.0071

http://www.treadstone71.com

The most dangerous thing in the world is a Second Lieutenant with a map and a compass.

The recent excuse by FireEye and other technology firms that their stock is tanking due to China, not hacking is largely an unsupported and completely self-serving hypothesis. They offer no other hypothesis other than the one that gives them an excuse for selling products that do not work, for appeasing their stockholders and investors, and for delivering services steeped in see, detect, and arrest methods. FireEye bet the farm on typical perimeter sensors used to drive detection after the adversaries are in the client’s environment. They doubled down by buying Mandiant,wsj1 an organization focused on putting ‘butts in seats’ for incident response. That would be seats in your organization at a very high cost. Incident response, another function based upon a defeatist mentality using a “kill chain” that kills the adversary and/or the malware that has already penetrated the environment. Much like letting an armed burglar into your home out of fairness and then starting a shootout. Now we see a CEO change over that will surely drive the focus to more incident response marketing. Add that to the latest purchase of an overpriced iSight, a threat research firm that creates once and delivers many and you have a recipe for poor stock performance. Congratulate Mr. Waters on getting out when he did and seeing that an IPO was not in the cards. iSight has even been asked by some firms to build threat intelligence capabilities. Something completely anathema to iSight’s strategy and something they are not capable to deliver in the first place. // We know. We have cleaned up what they have left behind. // They are a research firm.  They create reports. They sell the same report to everyone.

The second part of their complete market arrogance is the statement (WSJ) that none of the 22 Chinese APT groups it tracks are actively attacking U.S. companies. So FireEye has wsj2.png

WSJ – http://blogs.wsj.com/chinarealtime/2016/04/22/why-one-cybersecurity-firm-thinks-china-has-soured-on-hacking/

built this huge capability across the globe yet only tracks 22 Chinese groups? // If a tree falls in a forest and no one is around to hear it, does it make a sound? //  FireEye, CrowdStrike, Trend Micro, Checkpoint, Cylance, Palo Alto, HP, Symantec, and others continue to release reports on various groups they track. Do you really believe these groups will continue the same modes of operation once discovered? Is it not possible that the adversaries changed their protocols and tactics in response to the release of intelligence data on their actions? Is it possible that the archaic methods being used by these vendors will not pick up new methods laced with advanced tactics of denial and deception?  Is it possible that these vendors is not seeing activity because they are not as good as they claim they are? The absence of evidence does not mean the activity does not exist. Keep publishing reports on adversaries, tipping your hand on what capabilities you do have and they are bound to make some changes. I guess that is why you call them advanced. Actually, -advanced- this is cyber espionage so let us call it what it is.  Persistent only in the arrogance of such companies selling solutions that truly do not come close to solving the problem. Chest thumping and marketing reports serve to tip-off the adversary forcing them to become more devious instituting wholesale changes in their approaches.  Possibly to the point where you are not seeing the activity since you have not changed along with the adversary. // The enemy diversion you’re ignoring is their main attack. // We are at war. Who in war tells the enemy that their code has been cracked? That their tactics and methods have been discovered? Did the British divulge that fact they had cracked the enigma code? Of course not. They understood the value of intelligence and intelligence exploitation. They understood what was at stake. The cyber security market today is only interested in generating revenue.

Many organizations continue to purchase the perimeter tools and sensors of the FireEyes and Crowdstrikes. The company’s purchasing these products continue to lose data. Until we stop buying carpetbagger solutions we will not force change. We need to demand solutions that are truly preventive and predictive not based upon malware reverse engineering, or methods (kill chain) based upon see, detect, and arrest. // Professional soldiers are predictable; the world is full of dangerous amateurs. // We need to stop believing that companies with leadership trained only in law enforcement tactics truly understand intelligence tradecraft. We need to stop believing that companies with a pedigree in anti-virus understands intelligence tradecraft and offensive methods. We need to understand that stopping the adversary starts with not tipping them off.  We need to stop believing that just because they are a big company, they actually know what they talk about. They don’t. They are just tasked with selling product.

Understand the latest focus on ‘hunt and detect’ is merely an enhancement to the failed attempts at event correlation in SIEMs. Log aggregation and then analysis of the content for tactics, techniques, and procedures is but an improved method of finding adversaries and malware already in your environment. This is not proactive. This is not preventive no matter what the vendors tell you. It is necessary but  not new.

The adversary has changed yet the security technologies used to stop them are rooted in old and failed methods. Time to wake up and invest in something better.

One more area that needs attention are the actual reports coming out of these companies. They are not written in analytic form and format. They do not provide confidence levels. Most importantly, the market takes them on face value without citation of sources, reliability of sources, and credibility of the information. Even news organizations take them at face value. These are journalists who live and die by source and information validation. Actually, they should not be publishing these openly at all but if they must, then we must demand validation of sources. Otherwise, we run the risk of another Norse. It is always interesting when revenues drop and market share suffers, then suddenly a new discovery is made on an adversary resulting a new, unsubstantiated report.

“Never interrupt your enemy when he is making a mistake.”

― Napoléon Bonaparte

“Always interrupt your vendor when they try to sell you snake oil.”

― T71

 

 

Blog at WordPress.com.

Up ↑

%d bloggers like this: