There is MOAR to Structured Analytic Techniques Than Just ACH!.pdf.md

There Is MOAR To Structured Analytic Techniques Than Just ACH!

Rick Holland CISO, Digital Shadows

@rickhholland #CTISummit 1

2

3

BMP1 or BMP2? 4

5

Dick Heuer Jr. 6

"Structured analysis uses structured techniques to mitigate the adverse impact on our analysis of known cognitive limitations and pitfalls. The most distinctive characteristic is that structured techniques externalize and decompose our thinking in a manner that enables it to be reviewed and critiqued piece by piece, or step by step, by other knowledgeable analysts." 7

Confirmation bias 8

Mirror imaging 9

Anchoring 10

Groupthink 11

Groupthink contributors:

1. Cohesion

Lack of Methodological Procedure Lack of Critical Culture

2. Organizational Faults

Lack of Impartial leadership Lack of Diversity Lack of Methodological Procedures

3. Situational Factors

Fatigue Emotional Welfare

Familiar? 13

Analysis of Competing Hypothesis 14

15

Source: Structured Analytic Techniques for Intelligence Analysis 16

Different techniques for different scenarios

Tactical

Structured Brainstorming

ACH

Operational Strategic

SWOT Scenario Planning / Horizon Scanning

Red Hat Analysis Cone of Plausibility

Ain't nobody got time for that!!! 18

19

New CISO says: "ZOMG tell me about BITCOIN fraud!" 20

Key Assumptions Check 21

"Systematic effort to make explicit and question the assumptions that guide an analyst's interpretation of evidence and reasoning about any particular problem." 22

Cryptocurrency fraud key assumptions Cybercriminals will always seek opportunities for financial gain and will continue developing tools Technological advances will increase anonymity offered by new cryptocurrencies New cryptocurrencies will remain volatile, subject to speculation and price bubbles Cryptocurrencies will eventually be adopted by major retailers and financial institutions New alt coins and exchanges will emerge Regulation inevitable as cryptocurrencies are integrated into everyday society Security failures and poor practices will continue 23

24

 Which circumstances would make the assumption untrue? Was the assumption true in the past but no longer? Assign a confidence level. Rate each as: Solid/Caveated/Unsupported 25

Forecast, don't predict with the Cone of Plausibility @rickhholland #CTISummit 26

The methodology Project trends, events and their consequences holistically into the future. Permits a logical progression into time and the creation of alternative scenarios at preselected points or intervals called forecasts. 27

The methodology

1. Understand the current conditions 2. Cleary state
2. Drivers 2. Assumptions
3. Scenarios
4. Preferred 2. Probable 3. Wildcard
5. Map controls against scenarios 5. Monitor for scenarios' emergence 28

· Accessibility: technological advances and availability of tools that enable fraud · Anonymity: level of anonymity offered by cryptocurrencies and blockchain technology · Popularity and hype: value of Bitcoin and altcoins · Reputation: adoption of cryptocurrencies in both digital and physical spaces ­ e.g. payment cards, ATMs, online transactions · Opportunity: new altcoins, ICOs, and exchanges to target · Regulation: and the lack of it · Security: of both individuals and organizations

· Cybercriminals will always seek opportunities for financial gain and will continue developing tools · Technological advances will increase anonymity offered by new cryptocurrencies · New cryptocurrencies will remain volatile, and subject to speculation and price bubbles · Cryptocurrencies will eventually be adopted by major retailers and financial institutions · New altcoins and exchanges will emerge · Regulation inevitable as cryptocurrencies are integrated into everyday society · Security failures and poor practice will continue

2017

Cryptocurrencies remain popular and new altcoins continue to be developed. However, regulatory measures brought in for cryptocurrency exchanges lead to dramatic security improvements given the fines and legal action that they will incur in the case of a breach or cyber attack. Users of cryptocurrencies also become more security minded making it more difficult for cybercriminals to conduct successful attacks. Cybercriminals continue to develop new methods and tools to target cryptocurrencies, with an increasing number of available targets as a larger percentage of the population now use cryptocurrency in everyday transactions. Despite some regulatory measures coming into force, poor security practice by both exchanges and individual users create further opportunities for cybercriminals to profit. New detection tools, heavy regulation and law enforcement action decrease the anonymity offered by cryptocurrencies. This damages the popularity of altcoins and discourages cybercriminals from conducting fraudulent attacks given the high risks associated with it and the diminishing number of suitable targets. 2018

29

Probable scenario Cybercriminals continue to develop new methods and tools to target cryptocurrencies, with an increasing number of available targets as a larger percentage of the population now use cryptocurrency in everyday transactions. Despite some regulatory measures coming into force, poor security practice by both exchanges and individual users create further opportunities for cybercriminals to profit. 30

Develop courses of action @rickhholland #CTISummit 31

Monitor GitHub and similar services for Amazon credentials that could be leveraged for crypto mining using your compute

Validate web browser security controls are in place and account for 3rd party extensions

Use haveibeenpwned to monitor for employee credentials that could be exposed in cryptocurrency exchange compromises

Provide Security Awareness training for staff that are likely to invest in cryptocurrencies

What you can do @rickhholland #CTISummit 36

Recommended team activity Inspired by "Cases in Intelligence Analysis" Run periodic SAT exercises with your team Use historical examples from this book, or use previous assessments your team has produced 37

Google Docs 38

Use tools like Google Jamboard 39

Use tools like Stormboard 40

Intelligence Advanced Research Projects Activity 41

Track CREATE projects Co-Arg - Cogent Argumentation System with Crowd Elicitation SWARM - Smartly-assembled Wikistyle Argument Marshalling TRACE - Trackable Reasoning and Analysis for Collaboration and Evaluation 42

SATs aren't silver bullets 43

"Tell me what you know. Tell me what you don't know. And then, based on what you really know and what you really don't know, tell me what you think is most likely to happen." 44

Thank you! @rickhholland 45

For more information: · Richards J. Heuer Jr., Randolph H. Pherson, Structured Analytic Techniques for Intelligence Analysis: https://www.amazon.com/Structured-Analytic-Techniques-IntelligenceAnalysis/dp/1608710181 · UK Government Office for Science, Horizon Scanning: http://webarchive.nationalarchives.gov.uk/20140108141323/ http://www.bis.gov.uk/assets/foresight/docs/horizon-scanningcentre/foresight_scenario_planning.pdf · RAND, Assessing the Value of Structured Analytic Techniques in the U.S. Intelligence Community: https://www.rand.org/content/dam/rand/pubs/research_reports/RR1400/RR1408/RAND_ RR1408.pdf · PARC ACH Software: http://www2.parc.com/istl/projects/ach/ach.html · Creating Strategic Visions. US National Intelligence Strategy, 2014: https://www.dni.gov/files/2014_NIS_Publication.pdf 46