Art of the possible

Video thumbnail (Frame 0) Video thumbnail (Frame 1212) Video thumbnail (Frame 3794) Video thumbnail (Frame 8864) Video thumbnail (Frame 10905) Video thumbnail (Frame 13032) Video thumbnail (Frame 14700) Video thumbnail (Frame 18374) Video thumbnail (Frame 19350) Video thumbnail (Frame 22006) Video thumbnail (Frame 22973) Video thumbnail (Frame 24800) Video thumbnail (Frame 25995) Video thumbnail (Frame 26855) Video thumbnail (Frame 28599) Video thumbnail (Frame 29483) Video thumbnail (Frame 30608) Video thumbnail (Frame 33325) Video thumbnail (Frame 38928) Video thumbnail (Frame 41847) Video thumbnail (Frame 45744) Video thumbnail (Frame 47444) Video thumbnail (Frame 49403) Video thumbnail (Frame 51145) Video thumbnail (Frame 55120) Video thumbnail (Frame 64763) Video thumbnail (Frame 65614) Video thumbnail (Frame 66704)
Video in TIB AV-Portal: Art of the possible

Formal Metadata

Art of the possible
Alternative Title
Operational Use of Offensive Cyber
Title of Series
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Release Date

Content Metadata

Subject Area
This session will discuss the "Art of the Possible" when it comes to "Offensive Cyber Operations" and why it is so important for both military and non-military cyber professionals to understand each others perspectives on "Offensive Cyber Operations". Discussion will focus on the military's planning process and how the potential introduction of offensive cyber operations could effect the process and why information sharing events sessions like "DEFCON" are so important to its eventual success. Christopher Cleary is a former Computer Network Operations Planner from US CYBER COMMAND who led an Operational Planning Team focused on studying "Advanced Persistent Threats" to DoD network. During his tenure at CYBERCOM he was one of the few Officers to lead a forward deployed element supporting combat operations in the CENTCOM AOR. Mr. Cleary is currently employed by Sparta Inc. opa Cobham Analytic Solutions directing Cyber Strategy and Policy.
Operations support system Slide rule Process (computing) Cybernetics Planning Bit Quicksort Hydraulic jump Planning
Code Online help Perspective (visual) Formal language 2 (number) Number Product (business) Operations support system Goodness of fit Hacker (term) Natural number Hash function Green's function Metropolitan area network Covering space Cybernetics Planning Plastikkarte Bit Type theory Arithmetic mean Digital photography Process (computing) Software Integrated development environment Video game Hill differential equation Quicksort Freeware Arithmetic progression
Empennage Copyright infringement Surface Water vapor Bit Software maintenance Arithmetic mean Process (computing) Hill differential equation Right angle Quicksort Office suite Pressure
Cybernetics Keyboard shortcut Set (mathematics) Division (mathematics) Formal language Operations support system Roundness (object) Process (computing) Integrated development environment Software Hacker (term) Order (biology) Hill differential equation Office suite Quicksort Social class Asynchronous Transfer Mode
Inheritance (object-oriented programming) Ring (mathematics) Multiplication sign Hill differential equation Water vapor Online help Game theory Quicksort Mereology Binary file
Metre Rifling Web crawler Context awareness Multiplication sign Planning Open set Mereology Limit (category theory) Operations support system Process (computing) Integrated development environment Different (Kate Ryan album) Hospital information system Right angle Quicksort Traffic reporting Family Hydraulic jump
Slide rule Greatest element Group action Cybernetics State of matter Direction (geometry) Sound effect Bit Instance (computer science) Parameter (computer programming) Operations support system Uniform boundedness principle Process (computing) Roundness (object) Strategy game Hacker (term) Analogy Strategy game Triangle Flag Right angle Data conversion Quicksort Procedural programming
Game controller Arm Cybernetics Block (periodic table) Data recovery Information and communications technology Wave packet Revision control Operations support system Category of being Frequency Energy level Quicksort Spectrum (functional analysis) Stability theory
Operations support system Slide rule Integrated development environment State of matter Multiplication sign Bit Quicksort Object (grammar) RAID
Revision control Operations support system Frequency Interior (topology) Multiplication sign Right angle Quicksort Parameter (computer programming) Spectrum (functional analysis) Stability theory
Operations support system Revision control Slide rule Civil engineering Hill differential equation Bit Right angle Reading (process) Stability theory Stability theory Element (mathematics)
Domain name Information Cybernetics Civil engineering State of matter Parameter (computer programming) Element (mathematics) Operations support system Revision control Shooting method Process (computing) Integrated development environment Different (Kate Ryan album) Hypermedia Uniformer Raum Metropolitan area network Spectrum (functional analysis) Stability theory Stability theory
Multiplication Context awareness Service (economics) Cybernetics State of matter Interior (topology) Non-standard analysis Cyberspace Group action Mereology Limit (category theory) Cyberspace Computer programming CAN bus Hypermedia Royal Navy Kinetische Gastheorie Spacetime Game theory Multiplication Stability theory Spacetime Scalable Coherent Interface
Slide rule Context awareness Group action Multiplication sign Real number Online help Mereology Disk read-and-write head Operations support system Session Initiation Protocol Frequency Goodness of fit Different (Kate Ryan album) Hacker (term) Computer network Physical system God Time zone Scaling (geometry) Information Cybernetics Key (cryptography) Electronic Government Sound effect Planning Bit Denial-of-service attack Density of states System call Operations support system Mixed reality Pole (complex analysis)
Point (geometry) NP-hard Filter <Stochastik> Slide rule Group action Context awareness Transportation theory (mathematics) Observational study State of matter Multiplication sign Ordinary differential equation Mereology Disk read-and-write head Perspective (visual) 2 (number) Neuroinformatik Twitter Operations support system Office suite Gamma function Information security God Vulnerability (computing) Execution unit Focus (optics) Arm Touchscreen Cybernetics Information Fibonacci number State of matter Java applet Planning Sound effect Bit Mereology Sequence Operations support system Process (computing) Personal digital assistant Right angle Lipschitz-Stetigkeit Quicksort Permian Freeware Table (information)
Trail Slide rule State of matter Multiplication sign View (database) 2 (number) Power (physics) Sound effect Planning Operations support system Different (Kate Ryan album) Hacker (term) Gravitation Process (computing) Hydraulic jump Vulnerability (computing) Task (computing) Physical system Radar Gradient Mathematical analysis Horizon Sound effect Planning Loop (music) Process (computing) Personal digital assistant Phase transition Gravitation Website Object (grammar) Table (information)
Point (geometry) Slide rule Functional (mathematics) Multiplication sign Mereology Staff (military) Event horizon Gravitation Statement (computer science) Drum memory Hydraulic jump Task (computing) Vulnerability (computing) Information Gradient Constructor (object-oriented programming) Mathematical analysis Electronic mailing list Sound effect Sequence Process (computing) Telecommunication Gravitation Summierbarkeit Procedural programming Task (computing) Data structure
Point (geometry) Slide rule Group action Sequel Code Multiplication sign Decision theory Branch (computer science) Complete metric space Mereology Staff (military) Vector potential Code Sound effect Operations support system Computer configuration Position operator God Identical particles Boss Corporation Sequel Cybernetics Decision theory Forcing (mathematics) Point (geometry) Mathematical analysis Sound effect Feasibility study System call Vector potential Subset Process (computing) Personal digital assistant Faktorenanalyse Codec Object (grammar) Task (computing) Force Row (database)
Point (geometry) Trail Building Server (computing) Sequel Transportation theory (mathematics) State of matter Multiplication sign Decision theory Source code Branch (computer science) Online help Mereology Proper map Power (physics) Operations support system Programmer (hardware) Malware Hooking Different (Kate Ryan album) Hacker (term) Kinematics Information security Traffic reporting Punched card Area Covering space Arm Cybernetics Information Sound effect Planning Line (geometry) Limit (category theory) Sequence System call Integrated development environment Phase transition Quicksort Spacetime
Operations support system Uniform boundedness principle Operations support system Process (computing) Confidence interval Field (computer science) Information Quicksort Figurate number Sequence Open set Planning
my name is Chris Cleary and when I was a little bit about me and then I'll kind of jump off in a thing so I was asked to come out here by Nico to talk about my recent experience with cyber command i just left Cyber Command not too long ago and I hadn't elliniko said well I really can't talk about cyber command specifically what I did or where I was or what I did while I was there but I could maybe talk about the military planning process in the abstract use some examples and and one of the things that's why that quote on there's young plans or Nothing planning is everything the military we we plan and execute operations and that's sort of our our backing that's what we do the community that we're trying to talk to the community that now that cyber is the big buzzword and we're trying to figure out how to work through it is this community to try and figure out how we start bringing the two together and that's what it leads into the next slide
there's a lot of talk about cyber warfare cyber warfare right now is kind of being made up of the hacker community and the military the military spin on it right now and the way that we're trying to do business is the policies that to come out we released a new cyber policy and the five pillars of the things are going to focus on is pretty much defensive in nature and rightfully so the military's job first and foremost is to defend defend the United States and I was also execute sort of missions that were directed to buy you know our senior leadership the hacker community brings a whole new perspective to that because really arguably you guys were here first there's some things that the military is done for a long long time that we're really good at this is a new domain and we're trying to figure out how to operate in it and it's kind of the bringing together of the peanut butter and the jelly to make something that we're going to coin cyber warfare in the beginning and what I experienced in the last couple years is how the two communities may be talking past one another the military we're very rigid we're very hierarchical we do things very linearly the hacker community is much more dynamic much more free thinking and it's trying to understand i think when we bring these two closer together one of two things are going to have to happen either the hacker community when they want to support the operations that we do are going to have to figure out our planning process and then understand what they do and then bring it to us or maybe we're going to realize that the way that you guys do business and how those things will be brought to bear to support our operations maybe we have to in the military come up with a new planning process a new way of thinking through the new language a new a new way of stepping through it so that you guys can come and leverage what we do sure
right this second okay good morning everybody how many people here are new to DEFCON raise your hands ok closer you don't know my name is priest photos have you heard this I apologize I'm the designated asshole for defcon I'm the mean man who's going to come find you when you're fucking up please don't fuck up I really don't want to see you we like it here this is a nice venue we love the guys where we were before but like I said this is a nice venue I really don't wanna be here Sunday saying this is why we can't have nice things that said he's drinking Light beer that kind of scares me it was bought for me i didn't buy somebody brought it to me by the way it's a good cover story yeah good cover story what I'm here to tell you number one splice it please don't fuck up number two we are having something called the blood coat drive how many people here know what the network ninjas are or the ninja party raise your hand ok for those of you don't know one of the most awesome parties with Def Con is the ninja party their leaders come down with a rare blood disease we're having a blood drive / contest today from 12 o clock to five o'clock doesn't matter what blood type you are if you will if you could please donate a pint of blood please be smart about it don't drink before don't drink booze after rehydrate yourself don't go run a mile and suddenly that have to do it but if you can do it it would really not only help bar code will help everybody else to be there's a picture floating around a bar code if you take a picture of yourself giving blood there's a raffle going on a couple the prizes are one is a skateboard signed by a lot of cool people to is we will take you on a behind-the-scenes tour of Def Con so we'll take you behind the green curtain and you get to little man pulling levers there's nothing back there and like I said we would really appreciate your help they do a lot for us barcode i don't personally is a really cool guy that would really help them out it would really help a lot of other people who need blood so does picture of me floating around I was in first going to do it let's see if we can't make a good good showing look at the blood drive so that's it guys thanks sorry no no so I was just behind the brink green curtain a min ago there's really nothing back there but uh I got some beer and some finger food and stuff like that but uh so I wanted to kind of give a little bit about how I got here on what I sort of learned along the way and what I mean by that is sort of the progression of becoming a military planner that and something to learn from that is we're all sort of products of our environment I mean everybody in this room came from different background they have different experiences in their life that got them either to this room or to what they do and you know being up being a planner was is no different so starting off i
started my career as a maintainer working on fa teens a young kid working on hornets it was really cool it was a really cool job playing around but what I learned is just because you know how
to fix something doesn't mean you know how to use it from there I went to I
actually got an opportunity go to the Naval Academy and I played rugby and
although I got my ass handed to me pretty bad academically Naval Academy I did pretty good in rugby and one of the things you learn sort of it the Academy's is that with enough pressure around you know peg will go into a square hole so then I went to my first
ship I was a Surface Warfare Officer and on my first ship I was the anti-submarine and anti-surface warfare engagement officer which means I either put torpedoes in the water or put harpoons and other ships and when you got there is again as a planner an ex cuter the lesson I took away from that was even though that you're you're important to the mission you don't necessarily know what the guy to the left of the guy the right are you doing but you do know that if they don't do their jobs you can't do yours from there I went to I was the officer in charge of a landing craft attachment worked with the Marines quite a bit which is when the experience all in itself and I always said that a landing craft that a lot of people didn't even know we still have because it was sort of a World War two ERA kind of thing the good thing there was it was sort of like be it was an i always tell everybody was an 18-month episode of McHale's Navy was the most fun I ever had it was kind of like we were like pirates we got to cruise around and just do goofy stuff with very little adult supervision but
working with the Marines I found very very painfully that when they say things are going to happen it happens and they happen to the minute so the whole idea of being able to given a set of orders and execute on a timeline is critically important to them because if you don't people die landing craft in particularly the whole idea is you hit a beach as rounds are coming down and you have to be there to the minute the round stop landing so the Marines have a safe environment to run under the beach from
there I actually lateral transferred in the intelligence community i went to the Office of Naval Intelligence for my first tour and the idea was they were trying to this is what started my technical background they were trying to take intelligence officers make us a little more cyber savvy and then push this out in the environment so when I showed up and I i learned i was going to be doing this job sort of cold the network the guy was going to be working for in the IT division said hey you know the Office of Naval Intelligence is brand new building we have the largest ATM network in the country and i walked in i said you only saw the one ATM in the lobby when I came in here and the and the guy literally turned and looked at me and he rolled his eyes and he was like holy crap are you kidding me this is the guy who's going to be defending our networks so they pumped just dollar and I mean I went to like every sands class there was and these hacker courses it just went completely over my head but the idea was to learn how to speak the language honestly be a keyboard operator but just understand the environment and there's an officer be able to take what you again what you guys are doing the IT professionals are doing is sort of translated to leadership be the intermediary there from there because
the market was so good I ended up jumping out was in DC at the timing went to the private sector I went to go work for Sparta and I learned that it's being a defense contractors a much much different world than being a military officer or in the government for that matter their priorities are different you know at the end of the day they're in it to make money and that's kind of the game you got to play this was around the 06
timeframe came around and as the surge was getting to happen and as I was still a mobile reservist I mobilized and I went to the Joint Special Operations Command and everybody knows what those guys do now courtesy of you know it's putting bin Laden in the ground but there are some things that I learned there the JSOC community was a really really cool community and I always said it was sort of being an outsider coming into it it was sort of like being the water boy on a Super Bowl team you know you got to be on the sideline you get to see things but you weren't going home with any of the cheerleaders after the game and you know you didn't get the ring so you didn't get any to the credit but also in that community is an outsider coming to the inside even as help you realize that there were communities within communities that you necessarily weren't a part of which sort of leads me so from there I went back to
the fence world and then about two plus
years ago I got mobilized again Dakota US Cyber Command and what I realized as a planner there that my background with all those different experiences really set me up pretty well the most important one was the being an outsider and inside our community you know what they do there especially the people that support us is still very much a click and you're not always necessarily allowed into that click ah ah like I said I just got back
from Iraq too long ago and you know I feel a little more nervous in this room than i did when i was over there but somebody in the audience would say Oh Chris you just got back it got so much worse after you left I don't know where you're talking about but we were coined in this kind of thing and when I say one of these things is not like the other as we out there doing operations I read rod Beckstrom book the starfish in the spider and he talked about you know the whole decentralized thing and we're trying to put in a different context and we would start kicking around this idea of sort of the deer hunter in the sniper especially I think it relates to this community pretty well so deer hunters and snipers have some things in common and for the most part that's the weapon system they use you can find a rifle the exact same rifle that a Marine sniper would use the m40 such-and-such 380 caliber but so many grain bullet and you could probably find a lot of deer hunters that are as good maybe better at sometimes with that weapon system from hitting at all arget you could set it a plate out at 800 meters and probably put those guys right next to each other in the for the most part they might be able to take that plate down so in the execution of the tool the execution of the weapons system there might not be a lot of differences there where the differences come in is why they are trying to shoot that plate and then I sort of put the pictures up there of the rifle scopes you know so the deer hunters out there for one purpose one purpose only he's there to hit a deer he's out there during deer season he's wearing his hunter orange and at the end of the day hope he's bagged his limit so you can come home take his you know beef jerky or deer jerky or whatever dude eats I don't eat deer and then you know feed his family the military sniper on the other hand could be out there for a multitude of reasons you even though he's looking through that guy through the scope his job might just be to report that he's there his job might be able they shoot him at a particular time that enables some operation afterwards how he got there is another difference that particular military sniper what if he's a Navy Seal and he had a halo into the environment the high altitude low opening jump maybe he scuba din maybe he was delivered by helicopter maybe he's been out there a week so the differences are not necessarily in their capabilities it's in the planning that went through to get him to that environment and why he's there you know
his job might not be to pull that trigger at all and I find that kind of in the community where we are now we talk about stratix strategy and tactics the military that the government sort of working from the top down most of the conversations were having right now about big policy issues big cyber strategy issues know how we're going to try to use strategy Hughes cyber in the future and at the bottom this community is really working on tactics and I wouldn't go so far as to call them tactics no offense to anybody in the room but a tactic / / joint pub / definition is something that's used in combat which is what makes the military very different even from the intelligence community oh and that kind of leads into my next slide so when I
say those two things are not necessarily the same these two things are not necessarily all that different so you know on the left of the slide I got kind of the military kind of what what an operation center might look like and on the right of slide as a hacker doing certain things and there's countries out there they're obviously leveraging the guy on the left a lot better than we are not that we should or shouldn't be doing that and I'm up here definitely not advocating for you know sort of the citizen soldier concept but there are some countries out there who do necessarily advocate and push some of their hacker communities in that direction to support operations so we start developing tactics techniques and procedures which is I know there's a lot of probably government military in the room who understand what those ours and there's sort of a hacker community it doesn't the analogy that I use for that is again I like using the kinetic example of using maybe a firearm and I imagine there's a lot of guys in this room that have shot a gun before a procedure and a technique or the ways you would use that gun so like for instance when you learn to fire a gun a procedure is how to load it how to clean it how to strip it and more importantly if you're using it and say in a combat situation for round jams how to jam how to unjam it very quickly and get back into the fight a technique for using that gun might be how you hold it kneeling laying down you know guys who shoot pistols there's the you know the isosceles stands in the Weaver stance that's a technique a tactic is how that guy would use that gun in a combat situation with other people and I think we're this community starts needed to do a little bit better at is trying to figure out how a bunch of you guys operate together to sort of deliver some sort of effect or some end state I know do you capture the flag here where teams of guys work towards a common objective and we've seen some other nations some other parameter group the I guess the lull sex and the anonymous of the world sort of do things at least with some sort of end state in mind that's the way the military operates but i want to talk
about the offensive cyber thing and I know that the the brief was originally coined offensive cyber and I want to get away from that for a minute for a couple reasons only do it was you know i'm not from Cybercom trying to trying to say that we should be doing offensive cyber to try to explain to you what the military does or how we would use this capability in the future well we operate the Department of Defense operates within a spectrum of conflict and the reason I say that is because you know with those with those blocks atop stable peace unstable insurgency general war you can look at the world right now and see that we're in one of those categories all over the place and within each of those categories we have operational themes so as an example one
of the operational themes peaceful military engagements what we do there's you know you'd say most of the countries in the world that we're in a period of sort of a peaceful coexistence with and especially our allies our partners we do training we do you know recovery operations when we need to things like arms control counter drug when we start moving up the level a
little bit limited intervention is actually the one I'd like to talk about the most and one that I'm going to talk about again not to in the limited as I go through some more slides but a limited intervention is a specific operation to achieve an end state a clearly defined end state limited in scope sort of those examples there you know a neo is a non-combat evacuation operation the Marines do those all the time go into environment maybe it's breaking down you've got to get some American citizens out of there how they going to do it strikes and raise strikes and raids I think we're beginning to see now and we might see more of and as we start thinking through this this might be how we classify these kinds of operations I gotta slide come up in a little bit where I talk about Stutz necks just as an example but I would classify that as a strike or a raid forward are for whoever did it whyever it was done it was done with a limited scope to achieve a certain objective and then kind of and the operation peace
operations kind of self-explanatory there's lots of reasons were in peace operations irregular warfare again on a
regular warfare you can see that kind of inner in how we support either a regular warfare or go to fight irregular warfare in Iraq and Afghanistan have sort of devolved into a regular warfare they
kind of came from major combat operations and sort of going backwards and in the spectrum of conflict the real the military's goal is as we plan operations to execute through that spectrum of conflict is to take it from the right of that spectrum and bring it to the left we're there to take violent actions and bring them and hopefully by the time we leave we're in a period of stable peace or at least we've left it better than we found it i'm sure we could have a lot of arguments about the things we're doing now and if we're going to leave places better than we found them but that's the idea that's our intent that's why we're going there so within the whole spectrum of
conflicts you got the elements now I know this is kind of an eye chart and I apologize for that and this is mostly for the people afterwards you want to go through the slides and read through them a little bit more but within any of those operations I just showed you on the last slide the kind of things that we would do there are represented here so that we have offensive defensive stability and civil support operations now how you wait those
gun again going back to that last slide is what kind of makes that operation that operation you know obviously to the right of the slide and major combat
operations offensive things or the main reason we're there you're there to you know where that we're the Department of Defense and I used to get in this this argument with some of the other partner agencies you work for and they they look at us and they'd say man you military guys all you want to do is break things
and I'd stand up in my uniform and I go yeah that's that's what we do we break things you know you don't ask an f-18 pilot to draw picnic baskets in another country he is you know he has kinetic weapons he drops bombs and jaydens and you know shoots down airplanes that's what he does that is his domain and he's his whole job is to get better at that the idea was so when we get into information operations and you know CNO being one of the pillars of information operations military planners the guys who are going to plan in that environment are thinking through how to support these kind of a spectrum of conflict with a different you know operational themes and we're going to achieve some commanders and state in there we're going to do things that leverage both offensive defensive stability and civil support so I guess what I'm trying to get people in this audience away for I wish the media would get away from this is that as the cyber capabilities start to evolve they're not just there for offensive reasons we do those for a lot of different reasons and
now I'm going to break down some examples you know schriever war game Schriever war games something that started a couple years ago I participated at last last year it's out here actually in Las Vegas Nevada which is a cyber / cyberspace space cyberspace war game where we get together with a lot of inner service partners a lot of multi agencies and multi nations to come up with a war game space cyberspace kind of all work through it trying to leverage these others capabilities to achieve some kind of end state learn things about it but you know it's done under the context of peaceful military engagement and for the most part with stability in mind here's the Stuxnet
thing I want to talk about and again not knowing anything about Stuxnet other than what I've read in the media what you could argue is there somebody pissed off at the Iranians and for whatever reason they're they're concerned about a particular capability they had and they came up and in my mind I'd call it a strike because it was limited scope it was designed specifically with thing in mind and that was to degrade the Iranian weapons program with no particular following action or at least none that none that we've seen to date but once it was executed and and you could say completed it was it was it was over you know like I said to date we've seen no follow-on action but under the scope of limited intervention it was something that that whoever did it decided to do russia vs georgia we
talked about this one all the time and this is the first time when everybody wants to go to the call cyber warfare oh we saw the Russians do cyber warfare against the you know Georgia Estonian in one other country the different times different periods but when you look at that the actual cyber attack most people in this room and say what was a denial of service attack against some you know government websites big deal well yeah but if you look through in the context of whatever military planner put that together what it was done it was done to enable some other action it was done to get the Georgians to turn their head for a minute and say why is my banking system going down and where'd that tank come from you know so when we talk about information operations for the most part information operations are done to enable other things they're not done with the effect that we deliver there whatever it is and when you talk about information operations there's five pillars mill deck siop computer network operations ops 2nd one other somebody help me I'm sure something the room knows what the fifth one is it's escaping me right now that's why we're there that's why we do it all right so this next slide before I hit the slide key I'll take a sip here to commoners so before I hit the next slide I got to kind of inter the next slide for a minute so talking about the military planning processes again why I came I want to kind of walk you through that and just get an understanding of what it the alt scale call it the ass pain that military planners go through because it is not easy it is very painful you get beat up quite a bit and it's it's way harder than executing and that's not to insult anybody who works on a keystroke on the other end of it but it's the thing that takes that's the longest pole in the tent and if it's not done right it's how things get effed up and we've seen we've seen good examples of operations we've seen bad examples of operations but it's the planning that makes that possible so I wanted to walk you through an example because I couldn't really talk to a real world example I have to talk to this one okay pause for effect all right so all right
so live free die hard first of all I love this movie I know when it first came out a couple years ago it was oh my god hacker it was a look look what they can do look how effed up things are and that was the first the first context of looking at that movie looking it through the lens of only a cyber attack on the United States but when you start
breaking it down and I start talking about you know I did this did Holly wake do their homework and once I became a planner and started thinking through another context if you take the cyber side away from it you think of it just how that guy executed that operation it actually it kind of makes for a nice case study so first of all the movie was based on an article farewell to arms written by this guy John Carlin who basically wrote an article talking about the vulnerabilities of our critical infrastructure and was written like 10 years ago so it was kind of not I'm saying it was wasn't in ahead of its time but it was written before critical infrastructure was really on everybody's lips the movie itself you know focus on the execution it was this a Thomas Gabriel the bad guy when it was taken down her infrastructure and you know the fire sales other stuff but when you when you really look through the movie in my mind it was a very well II well-executed information operations campaign to achieve some end state now of course Bruce Willis gets involved he fucks everything up and takes down the bad guy but had Bruce Willis not been in the movie this guy would have pulled off what he did and if you looked at how he sequences operation he actually did it in a pretty good way and even take please take the the technical things that he did off the table it's just for a minute say that the technical side of the operation were possible he sequenced him in such a way that he really you know they kind of pulled it off so I say part of a bigger plan and I almost wish there could be a live free die hard prequel I mean nobody would go see it there be a handful of people that go see it but it would be the kind of the recruiting of Thomas Gabriel that pull off this operation against the United States because everybody seen the movie right I can't imagine is anybody who hasn't seen the movie all right good I don't have to explain the movie but uh you know in the beginning after the after they you find out who Thomas Gabriel is basically you find out he's a disgruntled government employee who tried to show the government how screwed up the art security was and of course he's blackballed and throw it into the wild and then all of a sudden he's executing this operation and like holy shit where'd you get all that stuff where'd you get that truck where to get those helicopters you know where did those where did those French ninjas come from those you know that guy had to have some Bank he had to have some funding the in the beginning of the movie does it does a kind of a decent job at least it's only in the credits only in the first three seconds of when they're going out and they're they're kind of got that computer screen you know we've access to defense access to financial access to transportation I'm like okay so they kind of hinted it a little bit what will call the preparation of the battlespace going into the movie but holy crap that guy had to have a ton of money and to pull all that stuff off I mean for God's of you in this audience who do this stuff you know that that of all those things that they were trying to access that would take years to execute that operation I'm not only from a financial point but you know the access and the sequencing and the rehearsal at other stuff it just wasn't done on the fly so I always say and I hope there's no French in the room but I thought it was like oh so if the movie could have been he was approached by the French here's some French ninjas it'll be your muscle will give you your money and yeah we want you to dis stabilize the United States of America and oh by the way you'll get to take all that money home but if you looked at the movie in the context of a much bigger campaign it would have been the operation to to stabilize the United States and there was probably some follow-on action after he conducted that operation that maybe there was another sequenced operation that was going to happen behind it you know the next movie what was the thing that was going to happen after this guy brought the government to kind of its knees for the most part so we started
thinking about how they did that again I chart and I apologize for this you know operational design planners live in this world planners take commander's intent run them through a bunch of filters and come up with some plan on the other end and for that I'm sure there's a lot of people in this room that are familiar with this and I'm sure there's some some people that aren't from a planners perspective this is our this is our tcp/ip stack say I know I know a little bit of a little bit of Technology so when I sit through most of the conferences in here it goes right over my head you know technology and I go out 10 whatever and i would expect some of the planning process for people who aren't familiar to go over your head and just from a you know from an abstract perspective Wow why do they have to do those things that doesn't make sense to me in the beginning I don't I don't disagree with you but when you when you become a planner and what I would argue is there's a lot of people out there that are that think there are planners and I thought I was a planner when I showed up just one the fact that I was a military officer that had done in fib eous landings and done you know harpoon engagements and yes there is a planning perspective to that but it's not military joint operation planning and execution planning which is a whole different animal and you kind of learn that the painful way the first time you go to present something and they ask you a million questions like oh I didn't think of that and you get beat up so as you look at that slide from sort of the left to the right you know operational art that operational our tweet coin in the military's is based on your experience and based on the way that you kind of know certain capabilities work and certain things work together you're able to use that put some plans together that kind of makes sense and throw them out the other side to your leadership to to buy off on one of the things that we're finding out in cyber is it's difficult for US military planners to understand this new capability which is why it becomes painful at times not only for the reasons it's hard to explain to military leadership what it is that you guys do but it's also difficult for us to quantify the effects of what you guys do which makes leadership a little bit hesitant to may be executed operations so when you start doing sort of this
mission analysis you get into this effects based planning and what that is is on the right side of the slide you sort of see the military end state which is what you want done you know what are you trying to do and as I'm going to kind of relate this back to the movie I'm going to kind of jump between planning and jump between the movie military in state of you and I got another slide to talk to us in a second was you know destabilize the United States or ultimately in the movie it was he was going to get into woodlawn and steal all the financial data that was being backed up there well to do that no one at the end state is you got to look at your target and I'm going to move to the right side again and go to center of gravity center gravity analysis is something that takes the most time for what we're doing because that ultimately leads us to where we want to deliver our effects center gravity usually so Clausewitz defines it as you know the hub of all Power movement on which everything depends so when you break that down center of gravity you get critical capabilities and you can do this in a lot of different ways and maybe just for an example will say like a you know an air defense system well in their defense systems critical capabilities it's got the missile it's got the launcher it's got the radar and the radars broken and you know it's got a detect radar track radar fire control radar it's got people it's got power those are all the things that make that system operate well based on that it's got critical requirements each one of those systems and has requirements it makes it function you know the radar needs power it needs people the missile needs a view of the horizon you know there's a lot of different things that it would need and then when you start looking at the critical requirements you start identifying critical vulnerabilities and the vulnerabilities are to take down any of those critical capabilities to that would affect the center of gravity so an example of you know the radar if I can destroy the tracking radar because it's physically loaded located somewhere which again makes it vulnerable to attack I'm able to take the the weapon system offline and maybe never had to hit the missile or never had to go out of the people or if I can keep the people from getting to the site to operate it well then the site can't operate so there's a lot of different ways we think through that but as we start piecing it together when we've identified our critical vulnerabilities those become our objectives those become the things that we're trying to target the things we're trying to deliver our effects to so are our effectives then our objectives we assign an effect to it and in the most case in the title 10 world which is very important to distinguish the effects become degrading I destroy disrupt his feet and that's the way you know we're there to break it or deliver an effect two again degrade its ability to operate and that effect will then become a task ok your task is to deliver this kind of capability against this target to degrade this thing and it's kind of an it you get into a new de loop or they qone continues to support the other which
leads us into the joint operations planning process for those in the room who do who are familiar who have participated in it you realize just how painful this is this is for a planner a lot of sleepless nights a lot of getting yelled at by very senior people and a lot of hair pulling out to junior people to get them to try to understand what you do and you bring a lot of people to the table to kind of for a common purpose you know it and again the thing to understand from the from the hacker community is this is very linear you know you get some commander that's is I need you to do X and then you take that that tasks you've been given and you go into a mission analysis phase and you all sit down with the guys at your pay grade you're like holy crap how we going to do this and you start thinking of all the different things you need to execute and then once you have some of your facts again I got some slides I talked about this in detail you know to develop co is you wargaming out and obviously something gets approved and but not all the time execute it's the other thing to understand you even planners plan we plan all the time that's all we do I mean there's somebody somewhere right now probably planning to invade Canada because they've got nothing better to do but that's what we do so when you look at so the mission
analysis again which I said is the most painful part of the process this is when you're trying to piece together what you're trying to do and then trying to revert back to the movie I called some things in red to say you know when Thomas Gabriel was approached by the French so I'll jump into that for a second and was asked to go do XY and z well he teased thing okay if he wants me to go do this and they're going to let me you know do this fire sale how I'd go about doing it and he came up with some in splott you know some implied in essential tasks and he really had to look at our center of gravity or his adversary center of gravity and what makes us tick and when he was going through this and I'll call bring it up in a second he really determined that if he could get to the US government and kind of bring them to her needs it would enable him to do something else commanders the CC IRS fees not familiar that's commanders critical information requirements again if this was the prequel of the movie and he was trying to execute on this his list of information requirements probably would have covered this whole wall because you guys all know from the community all the different targets he was trying to hit and all the different ways to get in there would have just been you know a laundry list of things that he would have taken probably more like years to get his hands on not to mention who built the truck all the other stuff the Monday the spec requirements build a truck out the helicopters the French ninjas all that stuff took a lot of time so again so if we look at the same slide
the mission a task kind of construct for his center gravity analysis you know he was going after the United States government which is which was the target you are capabilities there you know banking law enforcement first responders all the things that make a government function the critical requirements to that are you know so you got financial you got banks you got communications you know you got telecoms see you know you can see the things on the slide and the critical vulnerabilities what he was going after because there are so many different targets I just kind of sum up here there were you know obviously physical vulnerabilities he was going after technical vulnerabilities and it sometimes procedural vulnerabilities things that he could he could initiate that just through procedure drove his target to do something and I have a slide that lays that out in a second and then his of course as we went through the movie he said well to do that I'm going to target critical infrastructure with the with the effects being too depending on the critical infrastructure disruptus grade destroy at some point and we blew up the well it was a kind of I call follow-on mission when he blew up the power plant to try and kill agent mcclain he sequence to an event and then I guess I'd the tasks varied by target
so co-development this is where kind of where the rubber meets the road so now you've gone through your mission analysis you've gone back to your boss and say hey boss you told me to do this this is what I think you told me to do do you still agree with that he'll go yeah I told you once ok thank you for repeating back to me what I just told you to do which that sometimes really pisses them off and then you start getting into a CO and you'd be presenting these Co is back to them and I have a slide on what makes a coca-cola and to do that you know when Co is and we say the you know adequate feasible acceptable distinguishable because you always bring the but you gotta bring the boss more than one option and those options have to be somewhat different so he can you know pick one and and sometimes I like the joke I mean you guys seen the simpsons movie when he puts all the the codes in front of him he kind of leads them to the one that he wants them to pick that's kind of done too because you'll say hey sir these are all your codes but this is really the one we think you should go with and you know you paid us to do this job and we think we're somewhat smarter than you go with this one and some for the most part this will do will modify more send you back it just becomes painful but if you have to think about again back to the movie what he was trying to do the objectives in tonight bilder sorry the major forces requirements now these figured out what he had to do and how he wants to do it that's when he would have gone back and said hey French overlord the guy who asked me to do this I need to build this truck I need this kind of access I'm going to need a lot of walking-around money because i need to buy people on the inside to either write code for me or give me access you know I need a big so I need some you know walking around money and then he would have gone bank said hey but for me to execute all this this is the kind of time I'm going to need two years or six months or whatever his timeframe was and then based on what let's say your commander was trying to do sir we'd like to do that but it's going to take us six months and we'd say well you don't have six months I might have to go to another kind of operation because time is of the essence or if time is not of the essence well I execute I think if you look at the Stuxnet is an example in Wired magazine would a really good article on this you know way back when when reportedly the Israelis asked the Americans for a you know a kinetic bomb to do it and they said no they said ah crap well we needed another way to do this if well not saying it was these raley's but uh whoever whoever did it so I'll strike that from the record whoever did it they said hey some cyber geeks sorry no offense let me buy the room said hey we've got this way of maybe trying to do this it's got a long lead time it's going to take a lot of time to execute and we got to do all these steps and somebody said well you have time is kind of on our side so go ahead and run with it but i can tell you whoever was planning on doing whatever probably had some follow-up operation just in case that didn't work in case time god of the essence that there were some probably following action to deliver the same kind of effect from there you get to you
take all your codes and then you start wargaming them out and then you know with these potential decision points and branches and sequels that's really important because every every everything you're going to try and execute in you'd need if it doesn't work or if it doesn't go down the way you want you have to set some kind of follow up position or you got to stop the operation excuse me what's in based on that then I'm going to kind of walk you through what i call
Gabriel's plan and this is this is kind of where the rubber meets the road in the sense that whatever you're trying to accomplish something in you and you've got your commanders end state and you've got your hey this is how I think we're going to accomplish it then you've got a sort of sequence in because what you find is is the sequencing of the operation is really what makes the operation the operation and I say that's sort of the difference between maybe this community I'm saying the hacker community in the military is again we're very haruka we're very linear we do things one thing's after another because that's the way we do business so again going back to the movie I kind of carved the movie up into three major lines of operation the first one was sorta I'll call housecleaning and that was hey what else what are the final things I needed to execute on the operation and you know he was killing off all his help because he didn't want those guys screwing things up the next one was the fire sale because in the movie they sort of coined that's what the government you know halfway through the movie thought was going on it was a major terrorist attack to take down our infrastructure and just screw things up just because somebody was disgruntled at us and they wanted to you know bring down the United States with the third line of operation being Woodlawn and if you guys remember the movie Woodlawn was really the real reason he was there it wasn't necessarily to do the fire sale it was to enable his his ability to get access to woodland and steal that off that information the fire sale was what he just kept everybody busy with so he could execute something else which is why I coined this as a information operations he used non kinetic effects to enable his end state or his kinetic operation but in the movie which was also cool he would synchronize kinetic and non kinetic things at the same time to enable one another so as we start moving through the operations in the different phases phase zero was all his prep that he was doing to finish the environment you know he was collecting all his last his a last Intel getting his last source code and then he started tying up all his loose ends before he executed and that's when he's killing off all those programmers because those are the guys that the loose ends if I leave them lying around maybe they'll screw me up which of course you know still in the punch line where you seen the movie knows that's exactly what happens with you know Bruce Willis's help of course so he eventually got to a certain point we said hey I'm ready to execute the operation i think i've done my leading into it i'm ready to go and you know he executes phase one and the first thing he does the attacks transportation and at that point people just see it for what it is wow it's a big transportation glitch they're not putting two and two together but eventually it's whoa wait a minute traffic goes down here and the FAS reporting something over here and Amtrak went down over there whoa this is not this is not a coincidence you know we're under attack and they label his under attack and people start freaking out he moves from there I thought a nice line so let's get him outside for some fresh air and he goes after the anthrax alarms and when he sets off the anther arms now everybody's getting out of the building again it's a it gives him some more breathing room it gets the government out of the building it allows him so I think he displaces at this point he moves from one point one place to another it gives him some time and space to get ready for his next thing but what you learned later in the movie is that was a very specific operation required to achieve his ends state they also show that seen you jump to the Social Security Administration it doesn't mean anything at a time and they show people leaving that building that way you know he that's one of the buildings he needed to evacuate because that was really his target but when all the buildings evacuate that doesn't really mean anything to the government because everybody just left their buildings so where's the target so once he evacuates that building now he he goes for after a kinetic operation which he goes in and he sees as the building the people are all out he it's a relatively limit light is on security puts his goons in there his goons go take down all the security guards and then prepped for his next operation which means i'm in i'm in that server room i've downloaded my malware I'm ready to start receiving the download which executes stage to stage two was he goes and attacks the financial market now from the fire stay a line of operation it makes a lot of sense it's the fire say hello everything must go we're going to go after financial going to go after power go after electric so under that line and the government's thinking is wow this is just a big huge cyber attack this is just a big huge terrorist attack on the United States but in his operation that was required because that's what's triggered the download from the financial district to his target where his guy was waiting to receive the payload and in here we'll talk about our first branch or sequel so as a military planner I'd say well that has to happen that download from from The Wall Street to my target has to happen and if I can't do it non kinetically to support the fire sale I might have to have a sequel set up to do it kinetically so maybe in the movie if that didn't work he had some kinetic strike bombing on Wall Street a attack on a something in that area that would have had the same effect and he would have had guys on call to say hey you know that failed we're going to go to sequel one which is the kinetic attack on Wall Street again to drive the same operation because of that didn't happen yeah the fire sale would have gone down it would look like a terrorist attack and it might have enabled the let's say the French is planned to destabilize the government the fire sale would have gone through but his whole plan then have be able to go to woodlawn and steal that information would have failed so it our point if that doesn't happen the upper 8 the operation for the most part is a failure so then the download begins you know this he gets this download at twenty percent kind of thing and at that point is when the decisions made to send his girlfriend out to the power plant facility and take it down now I watched the movie three or four times I'm like why the hell did he take down the power it doesn't make any other sense and then it kind of hit me as well as the sort of the trifecta on the fire sale it sets the rest of the fire sale down which would again in my opinion I think he did at the sort of cover his tracks I'm going to do the fire sale it makes sense they're expecting it's one of those things they'll think we'll go and it's going to take them so long to figure out that why i was really here was to get into woodlawn was to steal this information and before you figure any of this out i'm going to be gone in Paris more than likely you know hanging out with all my money but at the end of the day you know the mission wasn't complete and why wasn't it complete because in my
opinion he didn't do his work on his first line of operation which says you know other than the fact that i know that this line of operation is supposed to kill all these bad guys I don't think he thought through it enough with a proper sequel in place that said if something horrible goes down I might have to put a lot more effort into tying up my loose ends he doesn't McLain gets in there McLain you know screws everything up and it kills the operation so if you think of that in a sequenced event from an IO planner that's how we would have to present to our leadership a campaign leadership were to said yeah go ahead that makes sense to me execute so as I'm kind of getting the hook to
get off the stage I want to I want to leave with this everything I just said is in joint pubs and for those of you who kind of want to learn more about the way that the military operates you know go check out these joint pubs are all there actually some of them come in little cliff notes there online and for those of you who want to sequence operations or figure out how you're going to enable certain things again understanding how the military operates is sort of really important to the subject and I think when you come to us understanding our process as we try and make realms you know come into confidence like this understand your processes will start taking you know things that take weeks and months and years maybe we'll start getting them down two days and hours or minutes and with that
that's the end of my talk I hope you guys liked it and I guess I'll be across the hall for questions