CyberSatDigital Speakers: “Red-Teaming” Helps Industry Understand, Detect Evolving Threats
Red team exercises – or, simulated cyber attack scenarios run by internal IT groups and/or external third parties – can help satellite companies keep pace with constantly evolving cyberattacks, according to speakers on CyberSatDigital’s opening panel on Monday.
Speaking on the bluntly titled session, “I am Going to Compromise your Satellite Infrastructure: Here is What You Can Do to Stop It,” Matt Devost, CEO of cybersecurity intelligence and analysis firm OODA LLC and CrossCountry Consulting Partner Cameron Over engaged in a hypothetical red-team exercise run by a fictitious satellite company they called “FourStarSat.”
Devost and Over took opposing roles as a talented hacker and the CISO of FourStarSat, respectively. Both ran through the process of how both sides would prepare for and execute their cybersecurity offense and defense.
Devost said that like most satellite companies, FourStarSat’s defense would be limited by its available resources and the nature of its infrastructure. “Most likely, the attack against FourStarSat will target the brownfield assets on the ground,” he said. “It’s important that the red team exercise gives FourStarSat perspective on the hacker’s thinking, their knowledge of the company’s existing weaknesses, and how they would adapt and change their strategy over time.”
Red team exercises are not a new concept. The 1992 Robert Redford film “Sneakers” opens with a famous red team-operation during which Redford’s third-party firm is hired to hack, and even break into a national bank.
Over explained that executive leaders at satellite companies should start their red team program by sketching out their desired scope of learning and how much they are willing to invest in the program. “The red-teaming concept should be stealthy, but also involve both internal capabilities and external, 3rd-parties,” she said. “Nobody should think that they have to defend against cyber threats all by themselves. It takes a community.”
Over added that red teaming can help CISOs build better defenses by understanding how the offense is built. “It starts by performing a threat model and sketching out who your most likely adversaries might be,” she said, adding that the scenario should involve a ‘real’ hacker with ‘real’ motivations for the attack, such as fame or money, and armed with accessible tools and hardware.
When evaluating the results of a red team exercise, Devost said that it’s important for companies not to approach them as pass-fail events. “If you want to validate the existence of the controls you put into place, you have to think of the long-term. Hackers don’t stop after one attempt. They evolve their attack and adapt to your defenses. Only through a series of red team exercises, with data collected over a period of time, can help measure the effectiveness of your defensive posture and clarify the actions that need to take place in order to bolster your defenses,” he said.
CyberSatDigital’s unclassified program runs through Tuesday, May 11, with a classified program taking place on Wednesday, May 12.