SlideShare a Scribd company logo

Red Teaming and Energy Grid Security

Download as PPTX, PDF
EnergySec, profile picture
EnergySec

The document outlines the concept and application of red teaming for enhancing energy grid security, presented by Mike Frederick at the 10th Annual EnergySec Summit. It highlights the need for adversarial assessment and the benefits of red cell methodologies in identifying and mitigating potential threats to the energy infrastructure. Various case studies and historical examples illustrate the importance of red teaming in recognizing and responding to vulnerabilities within the system.

Technology
Related topics:
Insider Threats
1 of 38
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Red Teaming and Energy Grid Security SC PUBLIC SERVICE AUTHORITY LAW ENFORCEMENT DIVISION 10th Annual EnergySec Summit 21 AUG 2014 Austin, TX Presented by Mike Frederick
CIP HAPPENS. STAY ALERT…
Red Teaming and Energy Grid Security
How does kidney theft relate to securing the American energy grid?!
We Su©k at Processing Info J FKFB INAT OUP SNA SAI RS
We Su©k at Processing Info JFK FBI NATO UPS NASA IRS
What Is Red Teaming... ...and What It IS NOT.
Overview RED CELL Introduction to Red Cell concepts Benefits & Capabilities Limitations & Drawbacks Red Teaming and the American Energy Grid Case Studies & Examples Methodology
The Concept • Assessment of Threats, Plans, Operations, or Adversaries • Viewed from the Adversarial Perspective (Alternative Assessment) • Structured, Iterative Process • Trained Team Members • Independent • Continuous
“The firmly inculcated doctrine that an admiral’s opinion was more likely to be right than a captain’s, and a captain’s more than a commander’s, did not hold good when questions entirely novel in character, requiring keen and bold minds unhampered by long routine, were under debate.” -Winston Churchill “To kill an error is as good a service as, and sometimes even better than, the establishing of a new truth or fact.” -Charles Darwin “We do not believe any group of men adequate enough or wise enough to operate without scrutiny or without criticism. We know that the only way to avoid error is to detect it, and that the only way to detect it is to be free to inquire. We know that in secrecy error undetected will flourish and subvert.” -J. Robert Oppenheimer
Security Posture Extremes GROUND TRUTH / REALITY
Red Cell History Richard “Dick” Marcinko, CDR, USN (ret)
Red Cell History • Military OPFOR / Red Teams • “Tiger Teams” (1964) • Navy’s “Red Cell” • Cyber Pen-testing • DARPA / NSCT • Spread into many gov’t and corporate organizations...
Related Concepts • Threat Assessment • Complicated vs. Complex • Asking the right questions • OODA Loops, Contextual Awareness, and Information Speed
OODA OBSERVE ORIENTACT DECIDE
OODA Loops in the NFL
Red Teaming Expands
Red Cell Types Full physical attack simulation on PREPARED target. LEVEL 1 RED CELL LEVEL 2 RED CELL Social engineering, limited penetration testing, etc. Tabletop (intellectual) exercise only. LEVEL 3 RED CELL A C T I V E P A S S I V E
Why Red Cell? • Black Swans (hedge against “5σ” surprise) • Complacency Killer • Breaks Silos • Teaches institutional recognition of suspicious behavior • Teaches institutional recognition of flawed thinking and constructs • “Sense Making” – Collective application of individual intuition to identify changes in patterns (or new patterns)
Why Not? • Situational / Conditional Issues - Scenario Problems; Poor Exercise Design • Organizational Issues - Team Relation; Political Restraints; Misunderstanding Results
What Red Cells Can’t Do • Detect every Black Swan (never enough info to predict all possible scenarios) • No “checklist” can replace logical thought • Only one way to confirm enemy intentions (wait for the attack) • Serve as fault-finding expedition
Red Cell Methodology What do our adversaries want? How will they try to achieve their goals? How do we stop them?
ID/Train Participants EXERCISE Document/evaluate results IMPROVEMENTS Red Cell = Cycles, not Steps
Red Cell Guidelines • Access to background information • Subject matter experts • Adhere to protocol / decision making system • Think creatively (requires effort) • Don’t obsess on failure (past, present, or anticipated) • Work the problems (don’t let them work you)
Assessment Techniques • Pre-mortem • Red Cell / Physical Pen testing • SWOT • WRAP • Dilbert?! Six Filters… • A Team / B Team • Argument Deconstruction • Contrarian Analysis • Devil’s Advocacy • Occam’s Razor “What would have to be true to allow or make this happen?”
Red Teamer Skill Levels • APPRENTICE: Can think like the attacker. • JOURNEYMAN: Can think like the attacker and defender. • MASTER: Able to think like the attacker and defender thinking about each other. Hire an apprentice to model an unsophisticated adversary; a journeyman to model a sophisticated one. Hire masters to model the entire system...
Mumbai, India 2008 • 26 NOV 2008 • 11 Coordinated assaults • Low-tech (“guys with guns”) • Porous border Low-Tech Coordinated Assault
Low-Tech Coordinated Assaults Against US? • 30 Operatives (minimal training) • Porous border? Docs? • $75,000 for housing, rifles, ammo • Pre-raid surveillance / planning • Phase I – Malls • Phase II – Grocery Stores / Wal-Marts • Phase III – Elementary Schools • Phase IV – Houses of Worship • Results? Retail, food shopping, culture, and education systems?
Low-Tech Coordinated Assaults Against US? Beltway Snipers (3 weeks – OCT 2002) John Allen Muhammad and Lee Boyd Malvo
Beslan School 1 – 3 SEP 2004 ~1100 hostages (~775 kids) ~334 killed (including 186 children)
Dam Sabotage
Insider Threats (not new) • WWII B-17 “Tondelayo” (as related in “The Fall of Fortresses” by Elmer Bendiner) • Bomb run over Kassell, Germany • Piloted by Bohn Fawkes; story told by Bendiner • Eleven 20mm explosive shells in aircraft...
Energy Grid Attacks
The general who attempts to protect everything, protects nothing.
Those generals who have had but little experience attempt to protect every point, while those who are better acquainted with their profession, having only the capital object in view, guard against a decisive blow, and acquiesce in small misfortunes to avoid greater. Frederick the Great
Santee Cooper Red Cell
So, what? A newspaper is better than a magazine. A seashore is a better place than the street. At first it is better to run than to walk. You may have to try several times. It takes some skill, but it is easy to learn. Even young children can enjoy it. Once successful, complications are minimal. Birds seldom get too close. Rain, however, soaks in very fast. Too many people doing the same thing can cause problems. One needs lots of room. If there are no complications, it can be very peaceful. A rock will serve as an anchor. If things break loose from it, however, you will not get a second chance.
Red Teaming and Energy Grid Security SC PUBLIC SERVICE AUTHORITY LAW ENFORCEMENT DIVISION QUESTIONS? Presented by Mike Frederick

More Related Content

PDF
Thisworldofours
jennyevans555
 
PDF
Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013
Manuel Brugnoli
 
PDF
Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case
Manuel Brugnoli
 
PDF
First Principles Vulnerability Assessment
Manuel Brugnoli
 
PPTX
Adversary simulation
Chris Hernandez
 
PPT
DOC_OPSEC security operations of a group.ppt
Davidweshwak1
 
PPTX
Cyber Operations in Smart Megacities: TechNet Augusta 2015
AFCEA International
 
PPTX
Secure 360 adversary simulation
Chris Hernandez
 
Thisworldofours
jennyevans555
 
Vulnerability Assessment for EGI and EMI - Presentation for NATO-OTAN 2013
Manuel Brugnoli
 
Vulnerability Assessment of Middleware Packages Supplied by EMI: VOMS Core Case
Manuel Brugnoli
 
First Principles Vulnerability Assessment
Manuel Brugnoli
 
Adversary simulation
Chris Hernandez
 
DOC_OPSEC security operations of a group.ppt
Davidweshwak1
 
Cyber Operations in Smart Megacities: TechNet Augusta 2015
AFCEA International
 
Secure 360 adversary simulation
Chris Hernandez
 

Similar to Red Teaming and Energy Grid Security (20)

PPTX
BSides Huntsville Keynote - Active Cyber Defense Cycle
Robert M. Lee
 
PPTX
Badolato April 2011 Slideshow
Towson University's Division of Innovation & Applied Research
 
DOCX
processesthe appropri-ing, and (3)nt of itsshows s.docx
wkyra78
 
PDF
The Library of Sparta
Lancope, Inc.
 
PDF
centre-for-study-of-intelligence-operations-26-oct-2016
Agha A
 
PDF
Family Guide
USSOCOM
 
PDF
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Pukhraj Singh
 
PDF
Force Protection Detachment Indonesia - Setting the Standard for Security in ...
Scott Bernat
 
PPT
Cracking the Code of Emerging Social Media Communications
Scott Rickard
 
PDF
AFCEA - DOD Cyber
Iman Smith
 
PPTX
2013 workshop-on-intelligence
Robert David Steele Vivas
 
DOC
2009 perhaps we should have shouted
Robert David Steele Vivas
 
DOC
2009 perhaps we should have shouted
Robert David Steele Vivas
 
PDF
Cliffnotes on Blue Teaming
Rishabh Dangwal
 
PPT
Conley Group Operational Security Presentation
guest019923
 
PPT
White7e ppt ch14
difordham
 
PDF
Cyber Guerilla 1st Edition Jelle Van Haaster
keleoscat
 
PDF
Conley Group Opsec Presentation
The Conley Group, Inc.
 
PPT
December ISSA Meeting Executive Security Presentation
whmillerjr
 
PDF
CT IRP Grid Security 9 20 11rev1
jgordes
 
BSides Huntsville Keynote - Active Cyber Defense Cycle
Robert M. Lee
 
Badolato April 2011 Slideshow
Towson University's Division of Innovation & Applied Research
 
processesthe appropri-ing, and (3)nt of itsshows s.docx
wkyra78
 
The Library of Sparta
Lancope, Inc.
 
centre-for-study-of-intelligence-operations-26-oct-2016
Agha A
 
Family Guide
USSOCOM
 
Understanding the 'physics' of cyber-operations - Pukhraj Singh
Pukhraj Singh
 
Force Protection Detachment Indonesia - Setting the Standard for Security in ...
Scott Bernat
 
Cracking the Code of Emerging Social Media Communications
Scott Rickard
 
AFCEA - DOD Cyber
Iman Smith
 
2013 workshop-on-intelligence
Robert David Steele Vivas
 
2009 perhaps we should have shouted
Robert David Steele Vivas
 
2009 perhaps we should have shouted
Robert David Steele Vivas
 
Cliffnotes on Blue Teaming
Rishabh Dangwal
 
Conley Group Operational Security Presentation
guest019923
 
White7e ppt ch14
difordham
 
Cyber Guerilla 1st Edition Jelle Van Haaster
keleoscat
 
Conley Group Opsec Presentation
The Conley Group, Inc.
 
December ISSA Meeting Executive Security Presentation
whmillerjr
 
CT IRP Grid Security 9 20 11rev1
jgordes
 
Ad

More from EnergySec (20)

PDF
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
PDF
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
PDF
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
EnergySec
 
PPTX
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
PPTX
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
PDF
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
EnergySec
 
PPTX
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
EnergySec
 
PPTX
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
PDF
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
PDF
Please, Come and Hack my SCADA System!
EnergySec
 
PDF
Unidirectional Network Architectures
EnergySec
 
PPTX
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
PDF
Industrial Technology Trajectory: Running With Scissors
EnergySec
 
PPT
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
PPTX
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
PDF
Where Cyber Security Meets Operational Value
EnergySec
 
PPTX
Where Are All The ICS Attacks?
EnergySec
 
PPT
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
EnergySec
 
PPT
Industry Reliability and Security Standards Working Together
EnergySec
 
PPT
What the Department of Defense and Energy Sector Can Learn from Each Other
EnergySec
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
EnergySec
 
Slide Griffin - Practical Attacks and Mitigations
EnergySec
 
Patrick Miller - Tackling Tomorrow's Biggest Cybersecurity Problems with Real...
EnergySec
 
Jack Whitsitt - Yours, Anecdotally
EnergySec
 
Steve Parker - The Internet of Everything: Cyber-defense in an Age of Ubiquit...
EnergySec
 
Daniel Lance - What "You've Got Mail" Taught Me About Cyber Security
EnergySec
 
Lessons Learned For NERC CIPv5 Compliance & Configuration Change Management
EnergySec
 
Explore the Implicit Requirements of the NERC CIP RSAWs
EnergySec
 
Wireless Sensor Networks: Nothing is Out of Reach
EnergySec
 
Please, Come and Hack my SCADA System!
EnergySec
 
Unidirectional Network Architectures
EnergySec
 
NERC CIP Version 5 and Beyond – Compliance and the Vendor’s Role
EnergySec
 
Industrial Technology Trajectory: Running With Scissors
EnergySec
 
The Path to Confident Compliance and the Transition to NERC CIP Version 5 – A...
EnergySec
 
ICS Cybersecurity: How to Protect the Proprietary Cyber Assets That Hackers C...
EnergySec
 
Where Cyber Security Meets Operational Value
EnergySec
 
Where Are All The ICS Attacks?
EnergySec
 
SAP’s Utilities Roadmap Overview, The Evolution of Regulatory Compliance and ...
EnergySec
 
Industry Reliability and Security Standards Working Together
EnergySec
 
What the Department of Defense and Energy Sector Can Learn from Each Other
EnergySec
 
Ad

Recently uploaded (20)

PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
NewMind AI Monthly Chronicles - July 2025
NewMind AI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Cloud computing and distributed systems.
kkkkkhan
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 

Red Teaming and Energy Grid Security

  • 1. Red Teaming and Energy Grid Security SC PUBLIC SERVICE AUTHORITY LAW ENFORCEMENT DIVISION 10th Annual EnergySec Summit 21 AUG 2014 Austin, TX Presented by Mike Frederick
  • 4. How does kidney theft relate to securing the American energy grid?!
  • 5. We Su©k at Processing Info J FKFB INAT OUP SNA SAI RS
  • 6. We Su©k at Processing Info JFK FBI NATO UPS NASA IRS
  • 7. What Is Red Teaming... ...and What It IS NOT.
  • 8. Overview RED CELL Introduction to Red Cell concepts Benefits & Capabilities Limitations & Drawbacks Red Teaming and the American Energy Grid Case Studies & Examples Methodology
  • 9. The Concept • Assessment of Threats, Plans, Operations, or Adversaries • Viewed from the Adversarial Perspective (Alternative Assessment) • Structured, Iterative Process • Trained Team Members • Independent • Continuous
  • 10. “The firmly inculcated doctrine that an admiral’s opinion was more likely to be right than a captain’s, and a captain’s more than a commander’s, did not hold good when questions entirely novel in character, requiring keen and bold minds unhampered by long routine, were under debate.” -Winston Churchill “To kill an error is as good a service as, and sometimes even better than, the establishing of a new truth or fact.” -Charles Darwin “We do not believe any group of men adequate enough or wise enough to operate without scrutiny or without criticism. We know that the only way to avoid error is to detect it, and that the only way to detect it is to be free to inquire. We know that in secrecy error undetected will flourish and subvert.” -J. Robert Oppenheimer
  • 12. Red Cell History Richard “Dick” Marcinko, CDR, USN (ret)
  • 13. Red Cell History • Military OPFOR / Red Teams • “Tiger Teams” (1964) • Navy’s “Red Cell” • Cyber Pen-testing • DARPA / NSCT • Spread into many gov’t and corporate organizations...
  • 14. Related Concepts • Threat Assessment • Complicated vs. Complex • Asking the right questions • OODA Loops, Contextual Awareness, and Information Speed
  • 18. Red Cell Types Full physical attack simulation on PREPARED target. LEVEL 1 RED CELL LEVEL 2 RED CELL Social engineering, limited penetration testing, etc. Tabletop (intellectual) exercise only. LEVEL 3 RED CELL A C T I V E P A S S I V E
  • 19. Why Red Cell? • Black Swans (hedge against “5σ” surprise) • Complacency Killer • Breaks Silos • Teaches institutional recognition of suspicious behavior • Teaches institutional recognition of flawed thinking and constructs • “Sense Making” – Collective application of individual intuition to identify changes in patterns (or new patterns)
  • 20. Why Not? • Situational / Conditional Issues - Scenario Problems; Poor Exercise Design • Organizational Issues - Team Relation; Political Restraints; Misunderstanding Results
  • 21. What Red Cells Can’t Do • Detect every Black Swan (never enough info to predict all possible scenarios) • No “checklist” can replace logical thought • Only one way to confirm enemy intentions (wait for the attack) • Serve as fault-finding expedition
  • 22. Red Cell Methodology What do our adversaries want? How will they try to achieve their goals? How do we stop them?
  • 24. Red Cell Guidelines • Access to background information • Subject matter experts • Adhere to protocol / decision making system • Think creatively (requires effort) • Don’t obsess on failure (past, present, or anticipated) • Work the problems (don’t let them work you)
  • 25. Assessment Techniques • Pre-mortem • Red Cell / Physical Pen testing • SWOT • WRAP • Dilbert?! Six Filters… • A Team / B Team • Argument Deconstruction • Contrarian Analysis • Devil’s Advocacy • Occam’s Razor “What would have to be true to allow or make this happen?”
  • 26. Red Teamer Skill Levels • APPRENTICE: Can think like the attacker. • JOURNEYMAN: Can think like the attacker and defender. • MASTER: Able to think like the attacker and defender thinking about each other. Hire an apprentice to model an unsophisticated adversary; a journeyman to model a sophisticated one. Hire masters to model the entire system...
  • 27. Mumbai, India 2008 • 26 NOV 2008 • 11 Coordinated assaults • Low-tech (“guys with guns”) • Porous border Low-Tech Coordinated Assault
  • 28. Low-Tech Coordinated Assaults Against US? • 30 Operatives (minimal training) • Porous border? Docs? • $75,000 for housing, rifles, ammo • Pre-raid surveillance / planning • Phase I – Malls • Phase II – Grocery Stores / Wal-Marts • Phase III – Elementary Schools • Phase IV – Houses of Worship • Results? Retail, food shopping, culture, and education systems?
  • 29. Low-Tech Coordinated Assaults Against US? Beltway Snipers (3 weeks – OCT 2002) John Allen Muhammad and Lee Boyd Malvo
  • 30. Beslan School 1 – 3 SEP 2004 ~1100 hostages (~775 kids) ~334 killed (including 186 children)
  • 32. Insider Threats (not new) • WWII B-17 “Tondelayo” (as related in “The Fall of Fortresses” by Elmer Bendiner) • Bomb run over Kassell, Germany • Piloted by Bohn Fawkes; story told by Bendiner • Eleven 20mm explosive shells in aircraft...
  • 34. The general who attempts to protect everything, protects nothing.
  • 35. Those generals who have had but little experience attempt to protect every point, while those who are better acquainted with their profession, having only the capital object in view, guard against a decisive blow, and acquiesce in small misfortunes to avoid greater. Frederick the Great
  • 37. So, what? A newspaper is better than a magazine. A seashore is a better place than the street. At first it is better to run than to walk. You may have to try several times. It takes some skill, but it is easy to learn. Even young children can enjoy it. Once successful, complications are minimal. Birds seldom get too close. Rain, however, soaks in very fast. Too many people doing the same thing can cause problems. One needs lots of room. If there are no complications, it can be very peaceful. A rock will serve as an anchor. If things break loose from it, however, you will not get a second chance.
  • 38. Red Teaming and Energy Grid Security SC PUBLIC SERVICE AUTHORITY LAW ENFORCEMENT DIVISION QUESTIONS? Presented by Mike Frederick