Treadstone 71 Cyber Intelligence Capability Maturity Model
Published: Monday, 14 August 2017 07:26
Treadstone 71 developed a maturity model to help organizations determine the maturity of their cyber intelligence initiatives against the cyber intelligence common body of knowledge (CICBOK). The model provides strategic and operational aspects of your cyber intelligence maturity, where it needs to go, and where you should concentrate your attention to create more value for your business. Nearly 8 years in the making, the Treadstone 71 Cyber Intelligence Maturity Model uses traditional tradecraft as delivered by Sherman Kent and Richards Heuer, intelligence community standards, analytic standards, and experiential knowledge derived from years of training, assessing, and building cyber intelligence programs.
The Treadstone 71 Cyber Intelligence Capability Maturity Model (T71-CICMM) is a methodology used to develop and refine an organization’s cyber intelligence program. Not only is the model educational and practical skills for learning and developing expertise, but also a roadmap for building a cyber intelligence program. More information is available here:
Treadstone 71 Force Multiplier Intelligence Advisory Services Available to Global Customers
Published: Monday, 06 February 2017 16:19
Treadstone 71 trains,advisesand builds cyber intelligence, threat, business, and competitive intelligence programs. Since 2002, Treadstone 71's footprint is the basis for many intelligence programs.
Half Moon Bay, CA – February 8, 2017 - Treadstone 71announced today enhancements and expansion of their industry leading Force Multiple Intelligence Advisory Services. “Our services deliver actionable intelligence to consumers enabling proactive threat mitigation strategies,” said Jeff Bardin, Chief Intelligence Officer for Treadstone 71. “The intelligence community proven methods, structured techniques, and Kent/Heuer-based procedures increase client awareness of their threat posture while supporting rapid response to their cyber incidents.”
The Treadstone 71 Force Multiplier Intelligence Advisory Services clarifies the cyber threat intelligence strategy while illuminating a path for tactical implementation. In developing this strategy, we adhere to guiding principles. Principles validated when building-out threat intelligence programs from Arizona to Australia. The Treadstone 71 advisory services enable:
Cyber Security Predictions - Not Even Reality TV - Just Daytime Entertainment
Published: Monday, 09 January 2017 17:02
The plethora of 2017 cyber security predictions do nothing but distract practitioners from executing actual controls and methods of defense and prevention. Each year we get slammed with predictions that are never followed, are common sense, and serve to market and sell products and services. The so-called information and cyber security experts, many times self-proclaimed, spew predictions on all potential areas. This is not much more than fake news and methods to direct readers to vendor products. The vendor products that claim to solve these predictions and therefore, become self-fulfilling prophecies. For the most part, once the predictions are published, the follow-up to their success is non-existent. Their purposes are to market and sell, drive perception, manage the market, and drive a false sense of vendor expertise.
We should focus on actual problem resolution and change the failed paradigm within which security exists. We continue to propagate vendor products and services that do not work, only treating the symptoms. This is not much different from the pharmaceutical industry that markets pills to you each evening during the news and prime time. Pills that treat symptoms and cause more side effects than they do solve issues. Advertisements that drive up the cost of the product manipulating the market and those that prescribe the 'solutions' to recommend purchase.
The only way we change this paradigm, and I mean we, is to push back on these vendors to solve problems and quit selling products that treat symptoms. We must also correct our own internal behaviors. A few weeks ago, I published a potential list of 12 items to change this paradigm (the 12th is a shameless plug so 11). They are listed below.
We need to forget the Jerry Springer-like entertainment of annual cyber predictions and focus on solving the hard problems we face.
What does Treadstone 71 seek? We seek an end to the noise and an understanding that our information, our intellectual property, and our way of life is under constant siege. We are in a cyber war with skirmishes and battles occurring 24x7. We need to direct the carpetbagging vendors to cease in their war profiteering and take a moral stance in fighting our adversaries. We also need to correct and adjust how we run IT and information security. The list of 11 is below. We welcome your comments, your additions, and your assistance in this call to action to change the failed paradigm.
This includes integrating, evaluating, and analyzing all available data—which is often fragmented and even contradictory—and distilling it into the final intelligence products, which highlight information on topics of immediate importance or make long-range assessments.
Analysts, who are subject-matter specialists, absorb incoming information, evaluate it, produce an assessment of the current state of affairs within an assigned field or substantive area, and then forecast future trends or outcomes.
They integrate data into a coherent whole, put the evaluated information in context, and produce finished intelligence that includes assessments of events and judgments about the implications of the information for your organization.
Use structured analytic techniques and types of analysis
Analysts are encouraged to include alternative futures in their assessments and to look for opportunities to warn about developments abroad that could either provide threats to or opportunities for organizational security and policy interests.
Analysts also develop requirements for the collection of new information. From analysis, we move to analytic writing.
The Treadstone 71 training course follow intelligence tradecraft following standard intelligence community lifecycle including collection methods, techniques, planning, PIRs, and collection tools and targeting with a focus on intelligence analysis. Intelligence production methods and process flows are covered as well as evidence credibility, reliability, denial and deception, and confidence levels. Students are required to demonstrate understanding and use structured analytic techniques as well as various types of analysis including synthesis and fusion of data and information into actionable intelligence. The class covers methods of adapting TTPs and IoCs for hunt and detect and interfaces to incident response.
Courses from Treadstone 71 provide foundational concepts and processes in the discipline of cyber counterintelligence with a focus on cyber counterintelligence missions, defensive counterintelligence, offensive counterintelligence, and counterespionage as these realms apply to traditional tradecraft, and how they are or will evolve into the cyber domain. By starting with traditional counterintelligence and progressing to cyber counterintelligence, the student will develop an appreciation for collection efforts, exploitation of potential threats, insider concerns, and the risks and benefits of counterintelligence. The Treadstone 71 courses provide foundational support to business intelligence, competitive intelligence, and behavior analysis functions.
Organizations use our training materials to build cyber operations and intelligence collection capabilities. The cyber threat intelligence training is unique following CIA tradecraft as created by Sherman Kent and Richards Heuer. From the initial cyber intelligence tradecraft course through to clandestine cyber HUMINT, the Treadstone 71 threat intelligence training is an apprenticeship to building a reliable, sustainable, and resilient intelligence and intelligence analysis, analytic writing and dissemination program that delivers what stakeholders require.
The Russian hacking efforts against the West is well designed and planned. The Russian concept of maskirovka has expanded from traditional military aspects of denial and deception to information warfare and cyber psychological operations. Imagine you have hacked a target not knowing exactly what you will find. The plan is to extract information from the initial target, examine the information, recalibrate, replan, while setting new actions of disinformation in play. We believe that the data inside the DNC emails has not yet been fully exploited. It would behoove the DNC and other US officials to examine every syllable of every word to determine what was exposed, determine what the Russians may do with this data, and plan to proactively counter the deception that will come from the Russians. The hacking was but one facet of a larger plan by Putin and his inner circle to disrupt, deceive, influence, and exploit weaknesses in the US including political and social beliefs and movements. EU countries are also targeted especially those with upcoming elections. Their actions have been very effective. Treadstone 71 Training 2017
There is a collective lack of institutional memory among target audiences, namely the West – a significant proportion of which had not even been born when Soviet subversion was a concern – therefore, they don’t have the level of knowledge and subsequent paranoia of baby boomers who used to hide under their classroom desktops in atomic bomb drills. Russia has invested hugely in enabling factors to adapt the principles of subversion to the internet age. These new Russian investments cover internally and externally focused media with a substantial online presence, of which RT and Sputnik are the best-known but only two examples; Use of social media and online forums as a force multiplier to ensure Russian narratives achieve broad reach and penetration; and language skills, to engage with target audiences on a broad front in their language.
or What I want for Cyber Security and Intelligence Christmas 2016
All CIOs must have served as a CISO for at least 4 years before being allowed to be a CIO.
All CIOs must have a CISSP, CISM, and at least 2 technical information security certifications and have been thoroughly trained and qualified to be a CIO. No more cronyism.
CISOs will never report to the CIO – conflict of interest and a recipe for … what we have now.
If you are the administrator for a device, you secure that device (servers, routers, appliances, etc.). You are responsible and accountable – Secure what you own. Secure what you manage.
CIOs and their leadership will be held liable for deploying vulnerable systems.
All new products (IoT and beyond) must be certified secure before public release. No more figure it out as we go and bolt it on after we have consumers hooked.
All root access / administrative rights for production, critical, supporting, etc., systems and devices are removed and granted only for approved changes and incidents.
All written code and script must be written properly. There is no such thing as secure code, only code the works correctly and does not create vulnerabilities.
All operating systems will be shipped closed and installed closed with a risk rating system for each port, protocol, and/or service. Each modification reduces the security posture of the operating system providing a risk score while automatically offering advice on how to remediate that score with other controls.
New regulations to enforce security and privacy, demanding disclosure of breaches, fining companies and individuals for negligence are put in place, at once.
Vendors posting adversary IoCs, TTPs, and other methods that would normally be seen as ‘telling the enemy what we know, i.e., sedition’ will be fined for such activity.
You will tell yourselves over and over again that contracting with Treadstone 71 to build your cyber intelligence strategy and program is the absolute right thing to do (repeat after me …).
Merry Cyber Christmas from Treadstone 71
Treadstone 71 on CBS News Live
Published: Monday, 19 December 2016 15:18
Treadstone 71 on CBS News Live with Vlad Duthiers:
Well designed and planned! The Russian concept of maskirovka has expanded from traditional military aspects of denial and deception to information warfare and cyber psychological operations. Imagine you have hacked a target not knowing exactly what you will find. The plan is to extract information from the initial target, examine the information, recalibrate, replan, while setting new actions of disinformation in play. The data inside the DNC emails has not yet been fully exploited. Who knows what data was in those emails. It would be smart for the DNC and other US officials to examine every syllable of every word to determine what was exposed, determine what the Russians may do with this data, and plan to counter the deception that will come from the Russians proactively. The hacking was but one facet of a larger plan by Putin and his inner circle to disrupt, deceive, influence, and exploit weaknesses in the US including political and social beliefs and movements. Their actions have been very useful to Putin and his oligarchs.
Fallacies in Threat Intelligence Lead to Fault Lines in Organizational Security Postures
Published: Sunday, 13 November 2016 10:20
Treadstone 71 Training 2017Organizations follow inaccurate definitions of threat intelligence leading to poorly conceived cyber threat intelligence programs. Vendors communicate threat intelligence definitions supporting their offerings propagating the fallacy that threat intelligence solves numerous security problems.
Cyber Threat Intelligence functions being built on a foundation that is not supported by standard intelligence tradecraft. Many programs support a fraction of the intelligence needs, yet stakeholders hold unrealistic expectations based upon expenditures.
Information security capabilities marginally improve as spending skyrockets and security posture improvement is limited to after-the-fact discoveries communicated as prevention.
Continued purchases of ‘threat intelligence’ tools based on the see-detect-and arrest paradigm ensure slow improvement and loss of data expansion. Intelligence program builds focused on technology capabilities repeats the historical problems of information security when firewalls and anti-virus represented the core of security programs.
Access to organizations who may be more advanced presents gaps in data available for this article. We based evidence upon direct access to some Fortune 500 organizations, discussions during cyber intelligence training classes, and actual intelligence program build activities.
The Cyber Intelligence Training delivered and created by Jeff Bardin adds rapid returns to both Cyber Intel Analysts, and Security Ops Centers. Each student receives quality instruction and hands-on experience with today’s OSINT tools and intelligence tradecraft. This is necessary for anyone new to Cyber Intelligence and complimentary to any Security Operations within your enterprise. This 4.5-day class provides the student with the resources and fundamentals needed to establish cyber intelligence as a force as both a proactive offensive step and a counter intelligence-contributing arm of your larger team. – Antonio,
Look for London training May 8-12 at www.fsisac.com/events
Monday, June 19, 2017 to Friday, June 23, 2017
Cyber Intelligence Tradecraft Training
Monday, August 21, 2017 to Friday, August 25, 2017
Cyber Intelligence Tradecraft Training
Students and organizations taught (non-inclusively):
AIB, American Express, Capital One, Commonwealth Bank, Bank of America, ING, NCSC NL, Defense Security Services, PNY, Dell Secureworks, HPE Security, EclecticIQ, Darkmatter (AE), General Electric, General Motors, PNC, Sony, Goldman Sachs, NASA, DoD, East West Bank, Naval Air Warfare Center, VISA, USBank, Wyndham Capital, Egyptian Government, DNB Norway, Euroclear, Malaysian Cyberjaya, People's United Bank, Baupost Group, Bank of North Carolina, Fidelity Investments, Citi, Citigroup, T. Rowe Price, Wells Fargo, Discover, Blackknight Financial Services, Intercontinental Exchange (ICE), Citizens Financial Group, Scottrade, MetLife, NY Life, Synchrony Financial, TD Ameritrade, National Reconnaissance Office, FBI, Stellar Solutions, Lockheed Martin, Harvard Pilgrim, State of Florida, Deloitte, Ernst and Young, Mitsubishi, Tower Research, Geller & Company, KeyBank, Fannie Mae, BB&T, Aviation ISAC, JP Morgan Chase, Barclays, Nomura International, ING, Finance CERT Norway, BBVA, Santander, Bank of America, Equifax, BNY Mellon, OCC, Verizon, Vantiv, Bridgewater Associates, Bank of Canada, Credit Suisse, HSBC, International Exchange, Vista Equity Partners, Aetna, Betaalvereniging Nederland, non-inclusively (as well as several other firms by proxy as they hire qualified intelligence professionals trained by Treadstone 71).