 My name is Chris Cleary and when I was a little bit about me and then I'll kind of jump off in a thing So I was asked to come out here by Nico to talk about my Recent experience with Cyber Command I just left Cyber Command not too long ago and I had to tell Nico I said well I really can't talk about Cyber Command specifically what I did or where I was or what I did while I was there But I could maybe talk about the military planning process in the abstract Use some examples and and one of the things that's why that quote on there is you know plans are nothing planning is everything The military we we plan and execute operations and that's sort of our our our backing That's what we do The community that I'm that we're trying to talk to the community that now that cyber is the big buzzword And we're trying to figure out how to work through it is this community to try and figure out how We start bringing the two together and that sort of leads into the next slide There's a lot of talk about cyber warfare Cyber warfare right now is kind of being made up of the hacker community and the military The military's spin on it right now and the way that we're trying to do business Is the policies that have come out? We released a new cyber policy and the five pillars of the things we're going to focus on is pretty much defensive in nature And rightfully so the military's job first and foremost is to defend defend the United States And I was also execute sort of missions that were directed to by you know our senior leadership The hacker community brings a whole new perspective to that because really arguably you guys were here first There's some things that the military's done for a long long time that we're really good at This is a new domain and we're trying to figure out how to operate in it And it's kind of the bringing together of the peanut butter and the jelly to make something that we're going to coin cyber warfare in the beginning and What I experienced in the last couple years is how The two communities may be talking past one another the military were very rigid We're very a hierarchical we do things very linearly The hacker community is much more dynamic much more free thinking and it's trying to understand And I think when when we bring these two closer together One of two things are gonna have to happen either the hacker community when they want to support the operations that we do We're gonna have to figure out our planning process and then Understand what they do and then bring it to us or Maybe we're gonna realize that the way that you guys do business and how those things will be brought to bear to support Our operations, maybe we have to in the military come up with a new planning process a new way of thinking through the a new language a new a new Way of stepping through it so that you guys can come and leverage what we do Good morning everybody How many people here are new to DEF CON raise your hands Okay Those of you don't know My name is priest those of you heard this. I apologize. I'm the designated asshole for DEF CON I'm the mean man who's going to come find you When you're fucking up Please don't fuck up. I really don't want to see you We like it here. This is a nice venue We love the guys where we were before but like I said, this is a nice venue I really don't want to be here Sunday saying this is why we can't have nice things That said He's drinking light beer that kind of scares me. It was bought for me. I didn't buy that somebody brought it to me by the way That's a good cover story. Yeah Good cover story What I'm here to tell you number one is like I said, please don't fuck up Number two we were having something called the blood code drive How many people here know what the network ninjas are or the ninja party raise your hands Okay, for those of you who don't know one of the most awesome parties at DEF CON is a ninja party Their leaders come down with a rare blood disease We're having a blood drive slash contest today from 12 o'clock to 5 o'clock Doesn't matter what blood type you are if you will if you could please donate a pint of blood Please be smart about it. Don't drink before Don't drink booze after Rehydrate yourself Don't go run a mile or something like that. I have to do it, but if you can do it It would really not only help barcode What to help everybody else who needs blood? There's a picture floating around a barcode if you take a picture of yourself giving blood There's a raffle going on Couple of prizes are one is a skateboard signed by a lot of cool people Two is we will take you in a behind-the-scenes tour of DEF CON So we'll take you behind the green curtain and you get to the little man pulling the levers And like I said, we would really appreciate your help. They do a lot for us barcode I know personally is a really cool guy and would really help them out and would really help a lot of other people who need blood So there's a picture of me floating around. I was the first guy to do it Let's see if we can't make a good good showing good at the blood drive So that's it guys. Thanks. Sorry. No I was just behind the green curtain a minute ago. There's really nothing back there but I got some beer and some finger food and stuff like that but So I wanted to kind of give a little bit about how I got here and what I sort of learned along the way and and what I mean by that is sort of the progression of Becoming a military planner and something to learn from that is we're all sort of products of our environment I mean everybody in this room came from some different background They have different experiences in their life that got them either to this room or to what they do and You know being a being a planner was is no different So starting off I started my career as a maintainer working on f-18s Young kid working on hornets. It was really cool. It was a really cool job playing around But what I learned is just because you know how to fix something doesn't mean you know how to use it From there I went to I actually got an opportunity to go to the Naval Academy And I played rugby and although I got my ass handed to me pretty bad academically in able Academy I did pretty good in rugby and one of the things you learn sort of at the academies is that with enough pressure around You know peg will go into a square hole So then I went to my first ship I was a surface warfare officer and on my first ship I was the anti submarine and anti surface warfare engagement officer Which means I either put torpedoes in the water or put harpoons and other ships And when you got there as again as a planner or an executor the lesson I took away from that was even though that you're you're important of the mission You don't necessarily know what the guy to the left and the guy to the right are you are doing? But you do know that if they don't do their jobs, you can't do yours From there I went to I was the officer in charge of a landing craft attachment worked with the Marines quite a bit Which is an experience all in itself And I always said that landing craft that a lot of people didn't even know we still have Because it was sort of a World War two era kind of thing The good thing there was it was sort of like be it was an I always tell everybody was an 18 month episode of Cale's Navy was the most fun I ever had it was kind of like we were like pirates We got to cruise around and just do goofy stuff with very little adult supervision, but Working with the Marines I found very very painfully that when they say things are gonna happen it happens and they happen to the minute So the whole idea of being able to given a set of orders and execute on a timeline is Critically important to them because if you don't people die landing craft in particular The whole idea is you hit a beach as rounds are coming down and you have to be there to the minute the round stop landing So the Marines have a safe environment to run under the beach From there, I actually lateral transferred in the intelligence community I went to the office naval intelligence for my first tour and the idea was they were trying to this is what started my technical background They were trying to take intelligence officers make us a little more cyber savvy and then push us out in the environment So when I showed up and I I learned I was going to be doing this job sort of cold The network the guy was going to be working for in the IT division said hey You know the office naval intelligence is brand new building We have the largest ATM network in the country and I walked in I said You I only saw the one ATM in the lobby when I came in here and The and the guy literally turned and looked at me and he rolled his eyes and he was like holy crap Are you kidding me? This is the guy who's going to be defending our networks So they pumped just dollar and I mean I went to like every sans class there was and these hacker courses It just went completely over my head But the idea was to learn how to speak the language not necessarily be a keyboard operator But just understand the environment and there's an officer be able to take what you again What you guys are doing the IT professionals are doing to sort of translate it to leadership be the intermediary there From there because the market was so good I ended up jumping out was in DC at the timing went to the private sector Went to go work for spartan I learned that it's being a defense contractors a much much different world than being a military officer or in the government for that matter Their priorities are different You know at the end of the day they're in it to make money and that's kind of the game. You got to play This was around the oh six time frame came around and the surge was getting to happen and as I was still a mobile reservists I mobilized and I went to the joint special operations command and everybody knows what those guys do now Courtesy of you know, it's put in bin Laden in the ground But there were some things that I learned there The JSOC community was a really really cool community and I always said it was sort of being an outsider coming into it It was sort of like being the water boy on a Super Bowl team, you know You got to be on the sideline you got to see things But you weren't going home with any of the cheerleaders after the game and you know, you didn't get the ring So you didn't get any of the credit But also in that community is an outsider come into the inside even as a help You realize that there were communities within communities that you necessarily weren't a part of Which sort of leads me so from there I went back to the defense world and then about two plus years ago I got mobilized again to go to US Cyber Command and what I realized as a planner there that my background with all those different Experiences really set me up pretty well The most important one was the being an outsider an insider community, you know what they do there Especially the people that support us is still very much a click and you're not always necessarily allowed into that click Like I said, I just got back from Iraq too long ago And you know, I feel a little more nervous in this room than I did when I was over there But somebody in the audience would say oh Chris, you just got back. It got so much worse after you left I don't know what you're talking about But we were coin in this kind of thing and and when I say one of these things is not like the others we out there doing operations I read Rod Beckstrom's book The Starfish and the spider and he talked about, you know, the whole Decentralized thing and we're trying to put in a different context And we would start kicking around this idea of sort of the deer hunter and the sniper Especially I think it relates to this community pretty well So deer hunters and snipers have some things in common and for the most part, that's the weapon system they use You can find a rifle the exact same rifle that a marine sniper would use the m40 such and such 380 caliber But so many grain bullet and you could probably find a lot of deer hunters that are as good Maybe better at sometimes with that weapon system from hitting a target. You could set a Plate out at 800 meters and probably put those guys right next to each other for the most part They might be able to take that plate down So in the execution of the tool the execution of the weapon system There might not be a lot of differences there where the differences come in is why they're trying to shoot that plate And then I sort of put the pictures up there of this the rifle scopes, you know So the deer hunter is out there for one purpose one person only he's there to hit a deer He's out there during deer season He's wearing his hunter orange and at the end of the day He hope his bags is limit so you can come home take his you know beef jerky or a deer jerky or whatever it eats I don't eat deer And then you know feed his family the military sniper on the other hand could be out there for a multitude of reasons You even though he's looking through that guy through the scope His job might just be to report that he's there his job might be able to shoot him at a particular time that enables some operation afterwards How he got there is another difference That particular military sniper what if he's a Navy SEAL and he had a halo into the environment the high altitude low opening jump Maybe he scooped in maybe he was delivered by a helicopter. Maybe he's been out there a week The so the differences are not necessarily in their capabilities. It's in that the planning that went through to get him to that environment And why he's there, you know, his job might not be to pull that trigger at all And I find that kind of in the community where we are now when we talk about stratics strategy and tactics The military that the government sort of working from the top down most of the conversations We're having right now about big policy issues big cyber strategy issues You know how we're going to try to use strategy to use cyber in the future and at the bottom this community is really working on Tactics and and I wouldn't go so far as to call them tactics no offense to anybody in the room But a tactic per per joint pub per definition is something that's used in combat Which is what makes the military very different even from the intelligence community And now that kind of leads into my next slide So when I say those two things are not necessarily the same these two things are not necessarily all that different So you know on the left of the slide I got kind of the military kind of what it what an operation center might look like and on the right of slide as a hacker Doing certain things and there's countries out there They're obviously leveraging the guy on the left a lot better than we are not that we should or shouldn't be doing that And I'm up here definitely not advocating for you know, sort of the citizen soldier concept But there are some countries out there who do necessarily advocate and push some of their hacker communities in that direction To support operations So when we start developing tactics techniques and procedures, which is I know there's a lot of probably government military in the room Who understand what those are and there's sort of a hacker community that doesn't the analogy that I use for that is again I like using the kinetic example of using maybe a firearm and I imagine there's a lot of guys in this room that have shot a gun before a Procedure and a technique are the ways you would use that gun So like for instance when you learn to fire a gun a procedure is how to load it how to clean it how to strip it and more Importantly if you're using it and say in a combat situation for round jams How to jam how to unjam it very quickly and get back into the fight a Technique for using that gun might be how you hold it kneeling laying down, you know guys who shoot pistols There's the you know the Ossolese stance and the weaver stance. That's a technique A tactic is how that guy would use that gun in a combat situation with other people and I think where this community starts Needing to do a little bit better out is trying to figure out how a bunch of you guys operate together To sort of deliver some sort of effect or some end state I knew to capture the flag here where teams of guys work towards a common objective And we've seen some other nation some other Prominent group the I guess the lull sex and the anonymous of the world sort of do things at least with some sort of end state in Mind that's the way the military operates But I want to talk about the offensive cyber thing And I know that the brief was originally coined offensive cyber and I want to get away from that for a minute for a couple of reasons only do it was you know, I'm not from cybercom trying to try to Say that we we should be doing offensive cyber to try to explain to you what the military does or how we would use this capability In the future Well, we operate the Department of Defense operates with an expectum of conflict And the reason I say that is because you know with those with those blocks at the top stable peace unstable and search See general war you can look at the world right now and see that we're in one of those categories all over the place And within each of those categories we have operational themes So as an example one of the operational themes peaceful military engagements what we do there's you know, you would say most of the countries in the world that we're in a we're in a period of sort of a peaceful coexistence with and especially our allies our partners we do training we do You know recovery operations when we need to things like arms control counter-drug When we start moving up the level a little bit limited intervention is actually the one I'd like to talk about the most and one that I'm going to talk about again not to in the limited As I go through some more slides, but a limited intervention is a specific Operation to achieve an end state a clearly defined end state limited in scope Sort of those examples there, you know a neo is a non combat evacuation operation the Marines do those all the time Going to environment. Maybe it's breaking down. You got to get some American citizens out of there How are they going to do it? Strikes and raids strikes and raids I think we're beginning to see now and we might see more of and as we start thinking through this This is this might be how we classify these kinds of operations I got a slide come up in a little bit where I talk about studs next just as an example But I would classify that as a strike or a raid for whatever for whoever did it Why ever it was done it was done with a limited scope to achieve a certain objective and then kind of end the operation Peace operations kind of self-explanatory. There's lots of reasons. We're in peace operations Irregular warfare Again on a regular warfare you could see that kind of in how we support either a regular warfare or go to fight irregular warfare You know Iraq and Afghanistan have sort of devolved into a regular warfare They kind of came from major combat operations and sort of going backwards and in the spectrum of conflict The real the military's goal is as we plan operations to execute through that spectrum of conflict is to take it from the right of That spectrum and bring it to the left. We're there to take Violent actions and bring them and hopefully by the time we leave we're in a period of stable peace or at least we've left it Better than we found it I'm sure we could have a lot of arguments about the things that we're doing now And if we're going to leave places better than we found them, but that's the idea. That's our intent. That's what we're going there So within the whole spectrum of conflicts you got the elements now I know this is kind of an eye chart and I apologize for that And this is mostly for the people that afterwards you want to go through the slides and read through them a little bit more But within any of those operations I just showed you on the last slide The kind of things that we would do there Are represented here so that you know, we have offensive defensive stability and civil support operations Now how you weight those gun gun going back to that last slide Is What kind of makes that operation that operation, you know, obviously up to the right of the slide and major combat Operations offensive things are the main reason we're there you're there to you know We're the we're the Department of Defense and I used to get in this This argument with some of the other partner agencies we've worked for and they'd they'd look at us and they'd say man You military guys all you want to do is break things and I'd send up there my uniform and I go Yeah, that's that's what we do. We break things You know, you don't ask an F-18 pilot to drop picnic baskets in another country. He has you know He has kinetic weapons. He drops bombs and JDAMs and you know shoots down airplanes That's what he does that is his domain and he's his whole job is to get better at that The idea was so when we get into information operations and you know C&O being one of the pillars of information operations military planners the guys who are going to plan in that environment are thinking through how to support these kind of Spectrum of conflict with a different, you know operational themes and we're going to achieve some commanders and state in there We're going to do things that leverage both offensive defensive stability and civil support So I guess what I'm trying to get people in this audience away for I wish the media would get away from this is that as the Cyber capabilities start to evolve. They're not just there for offensive reasons. We do those for a lot of different reasons And now I'm going to break down some examples, you know shriever war game shriever war game something that started a couple years ago I participated at last last year. It's out here actually in Las Vegas, Nevada Which is a cyber slash cyber space space slash cyber space war game where we get to better with a lot of Inner service partners a lot of multi agencies and Multi-nations to come up with a war game space cyber space kind of all work through it trying to leverage these others capabilities to achieve some kind of end state Learned things about it, but you know, it's done under the context of peaceful military engagement and for the most part with stability in mind Here's the Stuxnet thing. I want to talk about and again not knowing anything about Stuxnet other than what I've read in the media What you could argue is there's somebody pissed off at the Iranians and for whatever reason there Concerned about a particular capability that they had and they came up and in my mind I'd call it a strike because it was limited scope It was designed specifically with one thing in mind and that was to grade the Iranian weapons program With no particular follow-on action at least none that none that we've seen to date But once it was executed and you could say completed It was it was it was over, you know, like I said to date. We've seen no follow-on action But under the scope of limited intervention. It was something that that whoever did it decided to do Russia versus Georgia we talk about this one all the time And this is the first time when everybody wants to go to the call cyber warfare Oh, we saw the Russians do cyber warfare against the the, you know Georgia, Estonia and in one other country at the different times different periods But when you look at that the actual cyber attack most people in this room say what was a denial of service attack against some You know government websites Big deal. Well, yeah, but if you look through it in the context of whatever military plan or put that together What it was done. It was done to enable some other action It was done to get the Georgians to turn their head for a minute and say why is my banking system going down? And whoa, where'd that tank come from? You know, so when we talk about information operations For the most part information operations are done to enable other things They're not done with the effect that we deliver there whatever it is and when you talk about information operations There's five pillars mildex IOP computer network operations Ops sec and One other somebody help me. I'm sure somebody in the room knows what the fifth one is. It's escaping me right now That's why we're there. That's why we do it All right, so this next slide before I hit the slide key. I'll take a sip here to commenters So before I hit the next slide, I got to kind of intro the next slide for a minute So talking about the military planning process is again why I came I want to kind of walk you through that and just get an understanding of what it the I'll call it the ass pain that military planners go through because it is not easy It is very painful. You get beat up quite a bit And it's it's way harder than executing and that's not to insult anybody who works on a keystroke on the other end of it But it's the thing that takes that's the longest pole in the tent and if it's not done, right? It's how things get f'd up and we've seen we've seen good examples of operations We've seen bad examples of operations, but it's the planning that makes that possible So I wanted to walk you through an example and because I couldn't really talk to a real-world example I have to talk to this one. Okay, so pause for effect All right So all right, so live free die hard. First of all, I love this movie I know when it first came out a couple years ago. It was oh my god hacker. It was a Look what look what they can do. Look how f'd up things are And that was the first the first context of looking at that movie looking it through the lens of only a Cyber attack on the United States But when you start breaking it down and I start talking about you I did this did Hollywood do their homework and once I became a planner and started thinking through another context if you take The cyber side away from it and you think of it just how that guy executed that operation It actually It kind of makes for a nice case study So first of all the movie was based on an article farewell to arms written by this guy John Carl and who basically wrote an article talking about The vulnerabilities of our critical infrastructure and it was written like ten years ago So it was kind of not I'm saying it was wasn't in ahead of its time But it was written before critical infrastructure was really on everybody's lips The movie itself, you know focus on the execution. It was this Thomas Gabriel the bad guy who went in it was taken down our infrastructure and you know the fire sales other stuff But when you when you really look through the movie In my mind, it was a very well. Well executed information operations campaign to achieve some end state now Of course Bruce Willis gets involved. He fucks everything up and takes down the bad guy But had Bruce Willis not been in the movie this guy would have pulled off what he did And if you looked at how he sequenced his operation He actually did it in a pretty good way and again take please take the the technical things that he did off the table It's just for a minute say that the technical side of the operation were possible He sequenced them in such a way that he really you know, they kind of pulled it off So I say part of a bigger plan and I always wish there could be a live free diehard prequel I mean nobody would go see it there be a handful of people that go see it But it would be that kind of the recruiting of Thomas Gabriel to pull off this operation against the United States Because everybody's seen the movie right? I can't imagine there's anybody who hasn't seen the movie. All right good I don't want to have to explain the movie But uh, you know in the beginning after they entered after they you find out who Thomas Gabriel is basically you find out He's a disgruntled government employee who tried to show the government how screwed up the art security was and of course He's blackballed and threw out into the wild and then all of a sudden he's executing this operation And I'm like holy shit. Where'd he get all that stuff? Where'd he get that truck? Where'd he get those helicopters? You know, where did those where did those French ninjas come from those? You know That guy had to have some bank he had to have some funding The in the beginning of the movie does it does a kind of a decent job at least It's only in the credits only in the first three seconds of when they're going out and they're they're kind of got that computer You know we've access to defense access to financial access to transportation I'm like, okay So they kind of hinted it a little bit what we'll call the preparation of the battle space going into the movie But holy crap that guy had to have a ton of money and to pull all that stuff off I mean for guys of you in this audience who do this stuff You know that that of all those things that they were trying to access that would it take years to execute that operation? I'm not only from a financial point, but you know the access and the sequencing and the rehearse all that other stuff It just wasn't done on the fly so I always say and I hope there's no French in the room But I thought it was like oh, so if the movie could have been he was approached by the French here's some French ninjas It'll be your muscle will give you your money and yeah We want you to destabilize the United States of America and oh by the way You'll get to take all that money home But if you looked at the movie in the context of a much bigger campaign It would have been the operation to destabilize the United States and there was probably some follow-on action After he conducted that operation that maybe there was another sequenced operation that was going to happen behind it You know the next movie. What was the thing that was going to happen after this guy? Brought the government to kind of its knees for the most part So we start thinking about how they did that again. I chart and I apologize for this You know operational design planners live in this world planners take commanders intent Run them through a bunch of filters and come up with some plan on the other end And for those that I'm sure there's a lot of people in this room that are familiar with this And I'm sure there's some some people that aren't from a planner's perspective This is our this is our TCP IP stack. So I know I know a little bit of a little bit of technology So when I sit through most of the conferences in here, it goes right over my head, you know Technology like a 1-0 whatever and I would expect some of the planning process for people who aren't familiar to go over your head And just from a you know from an abstract perspective Wow, why do they have to do those things that doesn't make sense to me and at beginning? I don't I don't disagree with you But when you when you become a planner and what I would argue is there's a lot of people out there that are that Think there are planners and I thought I was a planner when I showed up just by the fact that I was a military officer that had done amphibious landings and done, you know harpoon engagements and yes There is a planning perspective to that but it's not military joint operation planning and execution Planning, which is a whole different animal and you kind of learn that the painful way the first time You go to present something and they ask you a million questions like oh, I didn't think of that and you get beat up So as you look at that slide from sort of the left to the right, you know operational art That operational art we coined in the military is is based on your experience And based on the way that you kind of know certain capabilities work and certain things work together You're able to use that put some plans together that kind of make sense and throw them out the other side to your leadership to Buy off on one of the things that that we're finding out in cyber is it's difficult for us military planners to understand this new Capability, which is why it becomes painful at times Not only for the reasons it's hard to explain to military leadership what it is that you guys do But it's also difficult for us to quantify the effects of what you guys do which makes leadership a little bit hesitant to maybe execute on operations so When you start doing sort of this mission analysis you get into this effects based planning And what that is is on the right side of the slide you sort of see the military end state Which is what you want done, you know What are you trying to do and as I'm going to kind of relate this back to the movie? I'm going to kind of jump between planning and jump between the movie Military end state if you and I got another slide to talk to us in a second was You know destabilize the United States or ultimately in the movie It was he was going to get into wood lawn and steal all the the financial data that was being backed up there Well to do that Knowing that the end state is you got to look at your target and I'm going to move to the right side again And go to center of gravity center of gravity analysis is something that takes the most time for what we're doing because that ultimately leads Us to where we want to deliver our effects center of gravity usually so Clausewitz defines it as you know the hub of all power movement on which everything depends So when you break that down a center of gravity you get critical capabilities And you can do this in a lot of different ways and maybe just for an example We'll say like a you know an air defense system well an air defense system its critical capabilities has got the missile It's got the launcher. It's got the radar and the radar is broken And you know it's got a detect radar track radar fire control radar. It's got people It's got power. Those are all the things that make that system operate well based on that It's got critical requirements each one of those systems and has requirements that makes it function You know the radar needs power it needs people the missile needs a view of the horizon You know there's a lot of different things that it would need And then when you start looking at the critical requirements you start identifying critical vulnerabilities and the vulnerabilities are to take down any of those Critical capabilities to that would affect the center of gravity so an example of you know the radar if I can Destroy the tracking radar because it's physically loaded located somewhere which again makes it vulnerable to attack I'm able to take the the weapon system offline And maybe never had to hit the missile or never had to go out of the people or if I can keep the people from getting to the Site to operate it well then the site can't operate so there's a lot of different ways we think through that But as we start piecing it together when we've identified our critical vulnerabilities those become our objectives Those become the things that we're trying to target the things we're trying to deliver our effects to so our in our effectives then Our objectives we assign an effect to it and in the most case in the title 10 world Which is very important to distinguish the effects become degrade deny destroy disrupt his feet And that's the way you know we're there to break it or deliver an effect to do to again degrade its ability to operate And that effect will then become a task Hey your task is to deliver this kind of capability against this target to degrade this thing And it's kind of a and you get into an oota loop where they one continues to support the other Which leads us into the joint operations planning process For those in the new room who do who are familiar who have participated in it you realize just how painful this is This is for a planner a lot of sleepless nights a lot of getting yelled at by very senior people and a lot of hair Pulling out to junior people to get them to try to understand what you're doing You'll bring a lot of people to the table to kind of for a Common purpose, you know it and again the thing to understand from the from the hacker community is this is very linear You know you get some commander that says I need you to do X and then you take that that Tasks you've been given and you go into a mission analysis phase and you all sit down with the guys at your pager And you're like holy crap. How are we gonna do this? And you start thinking of all the different things you need to execute and then once you have some of your facts And I got some slides that talk about this in detail You know develop co is your wargaming out and obviously something gets approved and but not all the time executed It's the other thing to understand you even planters plan we plan all the time. That's all we do I mean, there's somebody somewhere right now probably planning to invade Canada because they've got nothing better to do But that's what we do So when you look at that so the mission analysis again, which I said is the most painful part of the process This is when you're trying to piece together what you're trying to do and then trying to revert back to the movie I call it some things in red to say, you know when Thomas Gabriel was approached by the French So I'll jump into that for a second and was asked to go do X Y and Z Well, he teased think okay if he wants me to go do this and they're gonna let me you know do this fire sale How I'd go about doing it and he came up with some in spot, you know some implied and essential tasks And he really had to look at our center of gravity or his adversary center of gravity And what makes us tick and when he was going through this and I'll call bring it up in a second He really determined that if he could get to the US government and kind of bring them to her needs It would enable him to do something else Commanders the CCIR's fees not familiar. That's commanders critical information requirements Again, if this was the prequel of the movie and he was trying to execute on this his list of information requirements Probably would have covered this whole wall because you guys all know from the community all the different targets He was trying to hit and all the different ways to get in there would have just been you know A laundry list of things that he would have taken Probably more like years to get his hands on not to mention who built the truck all the other stuff The Monday the spec requirements bill a truck out the helicopters the French ninjas all that stuff Took a lot of time So again, so if we looked at the same slide the mission a task kind of construct for His center of gravity analysis, you know, he was going after the United States government Which is which was the target you are capabilities there You know banking law enforcement first responders all the things that make a government function the critical requirements to that Are you know, so you got finance or you got banks you got communications? You know, you got telecoms So you you can see the things on the slide and the critical vulnerabilities what he was going after because there are so many different targets I just kind of sum up here There were you know, obviously physical vulnerabilities He was going after technical vulnerabilities and it's sometimes procedural vulnerabilities things that he could he could initiate that just through Procedure drove his target to do something and I have a slide that lays that out in a second And then his of course as he went through the movie. He said well to do that I'm going to target critical infrastructure With the with the effects being to depending on the critical infrastructure Disrupt, discreet destroy at some point, you know, he blew up the Although it was a kind of a call follow-on mission when he blew up the power plant to try and kill agent McLean He sequenced to an event and then I guess that the tasks varied by target So co-development This is where kind of where the rubber meets the road So now you've you've gone through your mission analysis You've gone back to your boss and say hey boss. You told me to do this. This is what I think you told me to do Do you still agree with that? He'll go. Yeah, I told you once okay Thank you for repeating back to me what I just told you to do which that sometimes really pisses him off And then you start getting into a coa and you'd be presenting these coas back to him And I have a slide on what makes a coa a coa and To do that, you know When you coas and we say that you know adequate feasible acceptable distinguishable because you always bring the butt You got to bring the boss more than one option and those options have to be somewhat different so he can you know Pick one and and sometimes I like to joke I mean you guys seen the Simpsons movie when he puts all the the coas in front of him He kind of leads them to the one that he wants him to pick that's kind of done too because you'll say hey Sir these are all your coas but this is really the one we think you should go with and you know You paid us to do this job and we think we're we're somewhat smarter than you go with this one And some for the most part this will do or they'll modify him or send you back It just becomes painful But if you have to think about again back to the movie what he was trying to do The objectives The major forces requirements you so now these figured out what he had to do and how he wants to do it That's when he would have gone back and said hey French Overlord the guy who asked me to do this. I need to build this truck. I need this kind of access I'm gonna need a lot of walking around money because I need to buy people On the inside to either write code for me or give me access You know I need a big I need some you know walking around money And then he would have gone back said hey, but for me to execute all this This is the kind of time I'm gonna need two years or six months or whatever his time frame was and then based on what let's say Your commander was trying to do sir. We'd like to do that, but it's gonna take us six months I mean say well you don't have six months I might have to go to another kind of operation Because time is of the essence or if time is not of the essence will I execute? I think if you look at the Stuxnet is an example in Wired magazine would a really good article on this You know way back when when Reportedly the Israelis asked the Americans for you know a kinetic bomb to do it and they said no they said oh crap Well, we need another way to do this if well, I'm not saying it was the Israelis, but uh whoever did it So I'll strike that from the record Whoever did it they said hey some cyber geeks. Sorry no offense anybody room said hey We've got this way of maybe trying to do this. It's got a long lead time It's gonna take a lot of time to execute and we got to do all these steps and somebody said well Yeah, time is kind of on our side so go ahead run with it But I can tell you whoever was planning on doing whatever probably had some follow-up operation just in case that didn't work And in case time go to the essence that there was some probably follow-on action to deliver the same kind of effect From there you get to you take all your coas and then you start war gaming them out and then you know with these Potential Decision points and branches and sequels that's really important because every every act everything you're gonna try and execute in You'd need if it doesn't work or if it doesn't go down the way you want you have to have some kind of Follow-up position or you got to stop the operation Excuse me Let's in based on that then I'm gonna kind of walk you through What I call Gabriel's plan and this is this is kind of where the rubber meets the road in the sense that Whenever you're trying to accomplish something and you and you've got your your commander's end state and you've got your hey This is how I think we're gonna accomplish it then you've got a sort of sequence in because what you find is The sequencing of the operation is really what makes the operation the operation and I say that's sort of the difference between maybe this community Saying the hacker community in the military is again. We're very hierarchical or very linear We do things one things after another because that's the way we do business So again going back to the movie. I kind of carved the movie up into three major lines of operation the first one was sort of I'll call house cleaning and that was hey what else what are the final things I need to execute on the operation and You know he was killing off all his help because he didn't want those guys screwing things up The next one was the fire sale because in the movie. They sort of coined That's what the government, you know halfway through the movie thought was going on It was a major terrorist attack to take down our infrastructure and just screw things up Just because somebody was disgruntled at us and they wanted to you know bring down the United States Would the third line of operation be in wood lawn? And if you guys remember the movie wood lawn was really the whole reason he was there It wasn't necessarily to do the fire sale It was to enable his his ability to get access to wood lawn and steal that offer that information The fire sale was what he just kept everybody busy with so he could execute something else Which is why I coined this as a information operations He used non-kinetic effects to enable his end state or his kinetic operation But in the movie which was also cool He he would synchronize kinetic and non-kinetic things at the same time to enable one another So as we start moving through the operations in the different phases Phase zero was all his prep that he was doing to finish the environment You know he was collecting all his last his last intel getting his last source code And then he started tying up all his loose ends before he executed That's when he's killing off all those programmers because those are the guys that the loose ends if I leave them lying around Maybe they'll screw me up which of course, you know still in the punchline everybody see in the movie Knows that's exactly what happens with you know Bruce Willis his help of course So he eventually got to a certain point where he said hey, I'm ready to execute the operation I think I've done my leading into it. I'm ready to go and you know He executes phase one and the first thing he does the attacks transportation and at that point people just see it for what it is Wow, it's a big transportation glitch. They're not putting two and two together But eventually it's well, wait a minute Traffic goes down here and the FAA is reporting something over here and Amtrak went down over there. Whoa This is not this is not a Coincidence, you know, we're under attack and they they label is under attack and people start freaking out He moves from there. I thought a nice line. So let's get him outside for some fresh air And he goes after the anthrax alarms and when he sets off the anthrax alarms now everybody's getting out of the building again It's a it gives him some more breathing room It gets the government out of the building it allows him so I think he displaces at this point He moves from one point one place to another It gives him some time and space to get ready for his next thing But what you learn later in the movie is that was a very specific Operation required to achieve his end state. They also show that scene you jump to the Social Security Administration It doesn't mean anything at a time and they show people leaving that building That way, you know, he that's one of the buildings he needed to evacuate because that was really his target But when all the buildings evacuate that doesn't really mean anything to the government because everybody just left their building So where's the target? So once he evacuates that building now He he goes for after a kinetic operation which he goes in and he seizes the building the people are all out He it's a you know relatively limit light is on security puts his goons in there His goons go take down all the security guards and then prep for his next operation, which means I'm in the I'm in that Server room. I've downloaded my malware. I'm ready to start receiving the download which executes stage two Stage two was he goes and he attached the financial market now from the fire sale line of operation. It makes a lot of sense It's the fire sale. Oh, everything must go. We're gonna go after financial We're gonna go after power gonna after electric so under that line and the government's thinking as well This is just a big huge cyber attack. This is just a big huge terrorist attack on the United States But in his operation that was required because that's what's triggered the download From the financial district to his target where his guy was waiting to receive the payload and In here, we'll talk about our first branch or sequel. So as a military planner, I'd say well That has to happen that download from from the Wall Street to my target has to happen If I can't do it non-kinetically to support the fire sale, I might have to have a sequel set up to do it Kinetically so maybe in the movie if that didn't work. He had some kinetic strike bombing on Wall Street a Attack on up something in that area that would have had the same effect And he would have had guys on call to say, hey, you know that failed We're gonna go to sequel one which is the kinetic attack on Wall Street again to drive the same operation Because of that didn't happen. Yeah, the fire sale would have gone down It would look like a terrorist attack and it might have enabled the let's say the French's plan to Destabilize the government the fire sale would have gone through but his whole plan then of being able to go to Woodlawn And steal that information would have failed So at our point if that doesn't happen the operate the operation for the most part is a failure So then he the download begins, you know this he gets this download at 20% kind of thing And at that point is when the decisions made to send his girlfriend out to the power plant facility and take it down Now I watched the movie three or four times and I'm like why the hell did he take down the power? It doesn't make any other sense and then it kind of hit me as well as the sort of the trifecta on the fire sale It sets the rest of the fire sale down which would again in my opinion I think he did have to sort of cover his tracks. I'm gonna do the fire sale. It makes sense They're expecting it. It's one of those things. They'll think we'll go and it's gonna take them so long to figure out That why I was really here was to get into Woodlawn was to steal this information and before you figure any of this out I'm gonna be gone in Paris more than likely You know hanging out with all my money But at the end of the day, you know the mission wasn't complete and why wasn't it complete because in my opinion He didn't do his work on his first line of operation Which says you know other than the fact that I know that this line of operation is supposed to kill all these bad guys I don't think he thought through it enough with a proper sequel in place It said if something horrible goes down I might have to put a lot more effort into tying up my loose ends. He doesn't McClain gets in there McClain, you know screws everything up and it kills the operation So if you think of that in a sequenced event from an IO planner That's how we would have to present to our leadership a campaign leadership But I said yeah, go ahead that makes sense to me execute So as I'm kind of getting the hook to get off the stage I want to I want to leave with this Everything I just said is in joint pubs And for those of you who kind of want to learn more about the way the military operates, you know Go check out these joint pubs are all there actually some of them come in little cliff notes they're online and For those of you who want to sequence operations or figure out how you're going to enable certain things again Understanding how the military operates is sort of really important to the subject and I think when you come to us Understanding our process as we try and make realms, you know come into conferences like this understand your processes We'll start taking you know things that take weeks and months and years and maybe we'll start getting them down to days and Hours or minutes and with that That's the end of my talk. I hope you guys liked it and I guess I'll be across the hall for questions