
Navigating the Fog of War: A Programmatic Approach to Capturing and Communicating Relevant Insights from Rising Geopolitical Tensions
John Doyle, Certified Instructor
Simone Kraus, Senior CSIRT, Orange Cyberdefense
The increasing use of strategic threat modeling to prioritize an organization's finite defensive resources has led to CTI teams implementing strategic workstreams and even building a comprehensive organizational cyber threat profile. In light of growing need for CTI support to strategic functions, practitioners cannot afford to overlook lessons from emergent geopolitical flashpoints. Regional outbreaks, military conflict, and other geopolitical escalations often will have direct and indirect effects on an organization's business operations and existing growth strategy. A series of predictable intelligence needs will emerge in the lead up of a conflict through its finality, which CTI teams can service through a programmatic approach that minimizes disruption to its production cadence.
This talk seeks to use the Russia-Ukraine war as a case study on how CTI teams can determine relevance and impact throughout rising geopolitical tensions, delving into third and fourth order effects. The talk will examine threat actor dynamics, ranging from targeting decision calculus to capabilities and frequency employed to how baseline understanding is apt to shift from a preconceived understanding of normal MO. It will discuss the potential for an emergence of new cyber threat actors to appear that were not previously tracked like GRU Unit 29155 operators.
Attendees will be pressed to reconsider their assumptions around appropriate messaging, cadence, and workflows relating to relevant threat actors baselines from the onset of rising geopolitical tensions to full-fledged war. Additional discussion points will include the use of situational reports (SITREPs), how and when to adjust threat profile prioritization, transforming geopolitical situational context to technical understanding, and establishing a cross-functional tiger team.
The talk concludes by challenging the audience to think about how a China-Taiwan conflict may impact its organizations, similarities in approach, and how this type of geopolitical event varies from what transpired during the Russia-Ukraine conflict, acknowledging China's more prominent global influence and blowback potential to most organizations.
View upcoming Summits:
SANS Cyber Threat Intelligence Summit 2025
Navigating the Fog of War: A Programmatic Approach to Capturing and Communicating Relevant Insights from Rising Geopolitical Tensions
John Doyle, Certified Instructor
Simone Kraus, Senior CSIRT, Orange Cyberdefense