▶ Black Hat USA 2014 - Enterprise: The Library of Sparta - YouTube
Topic: Miscellaneous
8:34 am EDT, Oct 1, 2014
On today's increasingly militarized Internet, companies, non-profits, activists, and individual hackers are forced to melee with nation-state class adversaries. Just as one should never bring a knife to a gun fight, a network defender should not rely on tired maxims such as "perimeter defense" and "defense in depth." Today's adversaries are well past that. This talk teaches you how to tap what we call the Library of Sparta - the collective written expertise codified into military doctrine. Hidden in plain sight, vast free libraries contain the time-tested wisdom of combat at the tactical, operational, and strategic levels. This is the playbook nation-state adversaries are using to target and attack you. This talk will help you better understand how adversaries will target your organization, and it will help you to employ military processes and strategies in your defensive operations. These techniques scale from the individual and small team level all the way up to online armies. This talk isn't a dry index into the library of doctrine, we provide entirely new approaches and examples about how to translate and employ doctrinal concepts in your current operations.
Many people in the computer security community use words like "OPSEC," "Kill Chain," and "intelligence-driven" without fully understanding the underlying concepts. Even worse, many show their ignorance by using military jargon incorrectly, thereby alienating clients, customers, and colleagues. These concepts are powerful and should not be ignored, but they must be well understood before they can be leveraged in your network.
This talk will include topics such as deception, electronic warfare, operations security, intelligence preparation of the battlefield, human intelligence collection, targeting, psychological operations, information operations, maneuver, and military cryptanalysis, among numerous others. Conventional wisdom at Black Hat is that that attacker will always win. Attackers have a clear intelligence advantage over defenders when it comes to vulnerabilities, malware, and open source information. A key point of the talk will be helping defenders generate the intelligence, information, and disinformation advantage necessary to turn the tables. You will leave this talk with an entirely new arsenal of military-grade strategies that will help you advance your work beyond the individual and small-team level and will prepare you to take on the most advanced adversaries.