Case Study: Analyzing the Evolving Ukraine Cyber Attack(s)

Photo of Bill MillerAbstract: Ben Miller helped author both public and private reporting on the Ukraine Cyber Attack in December 2015. However, unlike some other cyber events, the situation in the Ukraine has continued to evolve. More recent events have shed additional light and both provide some clarity but also many ambiguities that leave people with even more questions. Namely, why has this taken so long to stop? What areas has it spread to? What can be learned from this? What happened in the Ukraine and can it happen here? We will methodically walk through what we know, what we don’t know, and what we think. We will also discuss items for consideration as a response from a North American standpoint. Throughout, we will capture the lessons learned and perhaps lessons that were not learned, but that should be learned. This session will highlight some useful tools, feeds of information, contact points, guidance documents, or other information that you will find useful as you think about the impact of such an event in North America.

Ben’s presentation will be followed by a Q&A and discussion session. Tim Yardley will help facilitate that session.

About the Speakers:

Ben Miller is Director, Threat Operations Center at the industrial cyber security company Dragos, Inc. where he leads a team of analysts in performing active defense inside of ICS/SCADA networks. In this capacity he is responsible for performing a threat hunting, incident response, and malware analysis mission for the industrial community. Previous to his role at Dragos, Inc. Ben was the Associate Director, Electricity Information Sharing & Analysis Center (Electricity ISAC) and led cyber analysis for the sector. He and his team focused on leading edge cyber activities as they relate to the North American bulk electric system. Ben was recognized as instrumental in building new capabilities surrounding information sharing and analytics in his five years at the E-ISAC. Prior to joining the E-ISAC, Ben built and led a team of 9 focused on Network Security Monitoring, forensics, and incident response at a Fortune 150 energy firm. His team received numerous accolades from industry and law enforcement. During this time he also served in a CIP implementation project and various enterprise-wide mitigation programs. Ben has over 18 years’ experience and currently holds the CISSP and GIAC GREM certifications.

Ben has served in various roles including both planner and player roles in GridEx I, II, and III. He served as a member of the NERC Cyber Attack Task Force, an acknowledged contributor to NIST SP 800-150, a panel member of the NBISE Advanced Defender panel, and adviser on CI Advanced Defender Training program. Ben is an accomplished speaker in various venues including SANS, ICSWJG, ShmooCon and others. Ben also helps run Charmsec; an informal ‘citysec-style meet up’ located in Baltimore.

Tim Yardley is the Associate Director of Technology and a Senior Researcher at the Information Trust Institute at the University of Illinois at Urbana-Champaign. His primary duties focus on defining the vision and direction for applied research through emerging technology as well as conducting research to address the core mission of the Institute. His research is focused on trustworthiness and resiliency in critical infrastructure, with particular focus on cyber security in systems like the power grid and telecommunications. Through development of advanced testbed environments, Mr. Yardley helps to apply research to prove out theory and validate those efforts prior to field deployment, speeding the process of technology transition and the realism of fundamental research. His work covers a variety of areas, including control systems, telecommunications systems, critical incident response, and simulations of real-world systems. Other areas of interest include health technology, mobile system security, financial systems, and dynamically tailored environments. Beyond research, he is involved in security assessments, external relations, national working groups, technology development and transfer, and entrepreneurial activities. Through being an active contributor in open-source projects around the world and having come from industry, Mr. Yardley provides a unique perspective with a proven track record of solving difficult problems.