Cyber CounterIntelligence Tradecraft Certification
- Published: Sunday, 13 November 2016 10:03
Pre-requisite course: Cyber Intelligence Tradecraft Certification course first.
With the expanding importance of the comprehensive and timely need for intelligence for nations as well as businesses, the student will explore the essential elements that make up the intelligence cycle with a focus on how these pivotal points are exploited. As part of this class, the exploration of the continued importance of critical thinking as well as out-of¬the-box analysis will be heavily leveraged to improve the critical-thinking skills of the students. As cyber topics continue to evolve, the increased importance of cyber intelligence is growing and as such the protection of our intelligence cycles will expand as well; emphasizing the growing need to ensure our processes are not compromised in a cyber-dominated landscape. Cyber Counterintelligence is one aspect and possibly one of the most crucial topics at the core of protecting our collection efforts. The potential for active defense or offensive cyber counterintelligence operations will be covered.
The course will rely heavily on individual research and group discussion to explore the world of cyber counterintelligence, and where applicable, make use of the student’s ability to do independent thinking and analysis of in-class problems assigned through weekly discussion threads. This course focuses on open source intelligence and adversaries while creating online personas to assist in data collection and information extraction. This introductory course examines open source intelligence collection as well as the availability and use of OSINT tools. Students will be able to understand the use methods of only anonymity, the fundamentals behind cyber persona development, enrollment in various social media sites and applications, and how these current methods can be employed in their organizations to assist in operational cyber security, their defense against adversaries, and passive data collection. The establishment of cyber personas takes patience and time to create a credible resource. Parallel activities occur through the outline above. Treadstone 71 maintains separation from the client as required maintaining confidentiality of methods and processes.
Sitreps and current intelligence may redirect activities. The intent is to establish a program of cyber and open source intelligence that creates data streams for analysis. Data streams take the time to develop to establish links, trends, tendencies and eventually, anticipatory and predictive analysis. The desire is to move from a detective approach to one that is preventive while moving too predictive.
Cyber CounterINT1 - Cyber Infiltration, Information Operations, Information Support Operations National Counterintelligence Strategy, Standard Glossary and Taxonomy, Mission Based Counterintelligence, Counter Collection and Anticipation, Denial and Deception, Counter-Denial and Deception, Cyberspace, Open Source Intelligence, Methods of collection, Specific tools, Social media sites and enrollment, Methods of Social Media Research, Tools and Techniques, Social media demographics, Establish Priority Intelligence Requirements, Establish Information Requirements, Cyber Target Acquisition and Exploitation, Validation of target, Identify active adversary campaigns, Intent, Motivation, Goals, & Requirements, Passive data collection, Campaign development, Target sites, Enrollment, Tactics, techniques, and procedures, Intent, motivation, goals, and requirements, Vectors of approach, Courses of action, Elicitation and exfiltration
Cyber CounterINT2 - Perception as Deception, Social Psychology, Differences in Culture, Diversity, Hofstede Dimensions, Social Psychology, Reciprocity, Consistency, Social validation, Liking, Authority, Scarcity, Big 5 Theory of Personality, Information Warfare and Cyber Psychological Operations, Target analysis and message manipulation where applicable, Persona creation, establishment, maintenance, expansion (depending upon taking Cyber Intelligence Course), Data collection – recycle for Cyber CI updates/improvements, Authoring of blogs and articles for influencing, Placement of specific concepts and phrases
Cyber CounterINT3 – The Cyber Persona Layer, Persona creation and implementation, Cyber Persona Development and Maintenance, Character archetypes, Leveraging existing, Create new, Establish the storyline, Establish the plot synopsis, Story weaving and management, Snuggling, Collection, Linkages, trends, tendencies
Cyber CounterINT4 - Target profiles – dossiers, Target gap analysis, Define the mission so that it aligns with organizational objectives, Clandestine Collection Operation, Surveillance, Counter Surveillance, CI Activities, CI Analysis and Production, CI Analysis Reporting, Support Brief, Source Evaluation, Operational analysis report, Asset Evaluation, Support Package, CI Assessment, CI Campaign, Mission, Mission Management, Operations, Effects-Based Operations, Functions and Services
Cyber CounterINT5 - CI Insider Threat, Investigations, Prepare an estimate of the situation, Prepare the plan, Support Plan, Cyber Media selection, Internet OPSEC, Product development, Pretesting - determines the probable impact on the target audience, Production and dissemination of material, Implementation, Post-testing - evaluates audience responses, Feedback, Ten Commandments of Cyber Counterintelligence, Research and analyze methods of influencing adversaries from a variety of information sources
Lecture, Hands-on, Apprenticeship, in class exercises (Live Case Studies), student presentations, templates, course material—40 CPEs 5-days
All Case Studies use all methods, techniques, and tools referenced in the course material. The Case Studies used are straight from the headlines giving students real-world experience during the class.
The course runs over five consecutive days covering Monday through Friday afternoon. Students are expected to attend each hour of each day since the course is comprehensive with each day building upon the next. Days may start at 7:45AM. Breakfast, lunch, and afternoon snacks/tea are provided. Lunches are usually working lunches. Class minimum is 15 with a maximum of 25.
Course Fee, Course Lab, and Materials Fee (includes books, templates, structured techniques application, etc.).
This course combines lecture, research, and hands-on team assignments. Students need to bring a laptop (PC or MAC) that does not have corporate controls (tablets will not suffice). PCs work best
Breakfast and lunch served daily
Afternoon snack provided
Course material is not for resale or commercial use outside the end user license agreement. Course material may not be used for competitive purposes.
You must attend the full class in order to receive all course material and the certification. Certification is granted after completion of course instruction and hands-on application of the concepts in 3 to 4 team exercises. If a student leaves the class prior to course completion, neither the certification is granted nor is the course material covered after the student leaves made available. Lectures and associated material is posted each day after each lecture. This method supports the student in a just-in-time manner. This method ensures full understanding of the material without discovering course plot lines until the proper time. The course is architected to support a particular process flow and learning method.