A. ICS Vulnerabilities and Cyber Kill Chain
1. Reconnaissance - Summarize plausible active gathering, passive gathering, and active reconnaissance techniques that the adversary could have executed to gain intelligence on the target in the scenario.
Reconnaissance is the act of collecting background research necessary to identify and select targets. (1) Cyber reconnaissance is an important stage of a well-organized cyber-attack, and is also one of the most time-consuming activities. This phase can exploit the information gathered about the target’s weaknesses. The type of information the hacker is looking for is how to actually get in: firewall ports that are open, network hosts, services that are running. Critical information that should be obtained during the reconnaissance phase include network information, host information, security policies, and human information.
“Active reconnaissance is a type of computer attack in which an intruder engages with the targeted system to gather information about vulnerabilities.” (2) This type of information gathering involves doing something on the target network, which could potentially be tracked back to you. The idea of this phase is to gather IP addresses, subnet masks, network topologies, user names, operating systems, firewalls, password requirements and change frequency.
Passive reconnaissance is focused more around public information and not engaging with the targeted systems. “Typical passive reconnaissance can include
Per ADP 5-0, to understand something is to grasp its nature and significance. Understanding includes establishing context—the set of circumstances that surround a particular event or situation. ADRP 5-0 states that understanding is fundamental to the commander’s ability to establish a situation’s context. Information collection (to include reconnaissance and surveillance) is indispensable to building and improving the commander’s understanding. ADRP 3-0 states, the intelligence warfighting function is the related tasks and systems that facilitate understanding the enemy, terrain, weather, civil considerations, and other significant aspects of the operations environment
Ping sweeps and port scans are two ways hackers gather information about their targets. They can have a potentially devastating effect on an organization; they are a definite cause for concern. Below, this study explains exactly what ping sweeps and port scans are, how they might affect an organization, and why they are so concerning.
The penetration tools provided in this document allow us to review our network from a security standpoint. This paper focused predominantly on phase two of a penetration test, the exploitation phase; however, a successful penetration test typically starts with the reconnaissance phase. In this phase, the tester attempts to gain as much information about the target company and its network as possible. He or she will test the physical infrastructure (how do people gain access to the building?) and other organizational aspects of the company to find a weakness and a way to get in. Also during this portion of the test, the penetration tester will use tools such as NMAP, whois.com, and other resources to obtain information regarding the network
Since the onset of the first packet switching event that many believe to be beginning of the internet, no other technology besides the printing press has ever transformed the ability to deliver information. Although the internet is used by a large percentage of the civilized world, few Americans realize how vital cyberspace is to our national infrastructure. Today, we are faced with even more threats although it has been a recognized problem since 2009, when President Barrack Obama said “The cyber threat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government or as a country (Obama, 2009).” Every industry that operates in the United States is dependent on the internet for some aspect of their business. Commerce, transportation, financial institutions, military, as well as industrial control systems are all interconnected. This interconnectedness has created vulnerabilities within their infrastructure that have increasingly become targets of terrorists, script kiddies, foreign governments and hackers of all types.
2. In order to exploit or attack the targeted systems, the first initial step I would do to collect as much information as possible about the targets prior to devising an attack and penetration test plan would be reconnaissance. I would use passive reconnaissance as this pertains to information gathering.
Intelligence is the knowledge that provides security for our country; experience comes from our analysts and ability is derived from our freedoms. Over many decades all of this has been accomplished without the use of advanced technology, mainly through highly trained operatives who have infiltrated and obtained information from both foreign and homeland enemies. The current advancements have provided options that ensure the safety and efficiency of intelligence operations, surveillance being a
The objective is data predominance in this way expanding the velocity at which choices are made, while acquiring adversary decisions and approaches. The clash of Tannenberg WWI in the middle of Germany and Russia gives the same bits of knowledge the United States Military utilized against
Active reconnaissance is the information collection process in which attacker gains access to the target system and performs port scans or check ways to go around the firewalls and routers. Since in an active reconnaissance attacker must enter or probe the target’s network, there is a possibility that target might get information about attacker like attacker’s IP address. (Mike Chapple, 2014)
The Third week of this class was designed to cover objectives one, two, and three. Objectives one and two were covered in weeks one and two which allowed week three to take what we had already learned about what information warfare is and the theory of warfare and apply it in our week three assignment trough an anticlerical review of the use of
The United States has focused on developing better methods and capabilities to obtain intelligence since the revolutionary war. Arguably, the most significant advances in intelligence collection capabilities have developed since the digital era and have matured through asymmetric warfare during the Global War on Terrorism. For the past thirteen years, the United States has continued to grow technical intelligence capabilities to understand and develop the military battlefield environment. With this growing, need for technical intelligence the United States’ non-technical intelligence methodologies have gradually atrophied and reduced the nation’s military ability to obtain a comprehensive intelligence picture. Through examples in Iraq, Afghanistan, and African countries, we can illustrate adversaries’ abilities in an asymmetric environment to overcome technical intelligence requiring the nation to retrain and perfect non-technical intelligence capabilities. With a constantly evolving battlefield, the future success of the nation requires a blended approach of collecting and disseminating intelligence utilizing technical and non-technical capabilities equally to enable predictive deployment of military power against unseen threats in future operating environments.
The purpose of this blog is to identify the most difficult part of the targeting cycle in the Army targeting framework of the Find, Fix, Finish, Exploit, Analyze and Disseminate (F3EAD) targeting cycle and to explain why. In my opinion, the most difficult aspect of the F3EAD targeting cycle varies IAW correlating efforts of military intelligence and Intelligence Preparation of the Battlefield (IPB) process contributions.
With this definition in mind, covert action embraces a broad array of activities. The Journal of U.S. Intelligence Studies recommends the classification that Mark Lowenthal uses in his commonly cited textbook From Secrets to Policy. Lowenthal breaks covert action down into five analytically distinct activities. This paper will include a sixth added element from The Intelligence and Policy Project of Harvard:
Dunleigh argues that intelligence obtained by covert is inefficient, expensive and unsatisfactory. He asserts that secret intelligence will be meaningless to collect unless it is genuinely and urgently required by the executive authority. That being said the top executives need to know exactly where to look for collected necessary actionable intelligence and how to attack his targets. It is imperative to ask covert collectors the right questions to get the right answers. Policy makers will be easily overwhelmed by the flood of information that produced by the collectors. Further, Bundy asserts there is a very great difference between the guidance problems of the overt and semi-overt systems and those of clandestine collection is the one plus
Data can be collected through human sources, satellites, wiretapping, signals, and internet traffic. However, intelligence organizations must be in compliance with the law to ensure that they are not illegally collecting information (Chesney, 2012). Collection occurs because a threat is likely to occur or agencies are trying to find out what information our foreign adversaries possess about the nation’s assets. Intelligence collection occurs in both domestic and foreign territories. Intelligence agencies collect information about foreign adversaries in order to exploit their weaknesses or vulnerabilities (Gentry, 2008). Furthermore, government agencies and political leaders want to discover which of the nation’s assets are seen as vulnerable to the enemy (Gentry, 2008).
Counterintelligence (CI) involves actions aimed at protecting the United States against foreign intelligence operations and espionage from penetration and disruption by hostile nations or their intelligence services (Lowenthal, 2014). Three main components of Counterintelligence include collection, defensive and offensive. The collection is the ability to gather intelligence information about rivalry capabilities against own nation; defensive part of CI involves measures to prevent and thwart other nations ' attempts to penetrate into own nation 's intelligence system; while an offensive aspect deal with running double agents to penetrate, manipulate, exploit, and control targeted adversaries. CI is said to be the most essential aspect of the intelligence disciplines, in the sense that it helps in collecting vast quantities of secret information and produce an excellent analysis of intelligence, although, ineffective counterintelligence measures may diminish confidence in the final results (Van Cleave, 2013).