Kinetic and potential are different states of energy that describe the capability of an object to do work. Kinetic energy results from an object in motion, such as a moving car. Potential energy comes from an object's position and may be converted into kinetic energy, such as holding a ball above the ground or a compressed spring. In countless applications scientists measure these forms of energy to better understand how an object will interact with its environment. We posit that these concepts can be applied to the cybersecurity world to apply and assess intelligence on indicators. This presentation will cover a concept for applying cyber threat intelligence to and evaluating indicators using the thermodynamic concepts of kinetic and potential energy. Indicators are often provided as and wrongfully labeled as “threat intelligence” despite providing no additional context. By evaluating these "energies," organizations can apply threat intelligence to indicators, evaluate their intelligence sources, and more efficiently defend their organization.

Kyle Ehmke is a threat intelligence researcher with ThreatConnect and has eight years of experience as a cyber intelligence analyst. Kyle is involved with ThreatConnect's research into Russian election activity and targeted efforts against Bellingcat, WADA, and others.

Back to Circle City Con 2018 Videos list