Page 74 - Cyber Warnings
P. 74
The fourth major lesson for CISOs from the world of military strategy is not to take on every
challenge head on. Often a more indirect approach that comes at a problem from the side is far
more effective and less costly. In military terms, often that maneuver is literally to the side as in
a flanking maneuver that goes around a strong enemy defense to attack from a much weaker
point at the side or rear. One of the strongest proponents of this approach was Sir Basil Liddell
Hart who wrote at great length about the indirect approach and also emphasized the
23
psychological versus just the physical element of coming at the enemy in an unexpected way.
A CISO will not normally be physically moving to the side of an attacker, but can surprise them
by having unexpected defenses or monitoring in place.
The Chinese strategist Sun Tzu placed a heavy emphasis on trying to deceive your foes to bait
24
and lure them. A modern CISO can accomplish much the same with honey nets, virtualization,
and software defined networking among other techniques. It does take more than technology; to
deceive an attacker, a defender must understand what the defender expects to see and feed
25
those expectations. If an attacker is occupied by attacking systems that are not really there, it
is relatively easy to understand and contain them.
A CISO can also do more than build honey nets, a CISO controls the physical hardware and
architecture and so can deliberately create a geography and environment hostile to attackers.
Miyamoto Musashi, a famous Japanese Samurai, advised that a warrior should strive to force
26
the enemy into inconvenient situations. A CISO can accomplish this in cyberspace by
architecting business systems so they allow necessary business functions while making life
extremely difficult for attackers, even once they penetrate the outer defenses. There are many
promising technologies and approaches on the horizon that can accomplish this from a
technical perspective.
Lesson 5: Flexibility and Resiliency Often Bring Success
A fifth major lesson for CISOs from military strategy is the importance of flexibility and resiliency.
Flexible forces are required if a CISO is going to be able to respond dynamically to an attacker
much like a defender on the ground in a combat situation must be able to rapidly shift forces
from point to point to respond to different enemy probes and attacks. Sun Tzu went so far as to
state that a commander should have normal and exceptional forces that can change roles in the
27
middle of a battle from fixing an enemy force to maneuvering and vice versa. For a CISO this
could involve personnel who can transition to different roles as crises and attacks develop.
Critical systems must be evolved and developed to “know” when they are in a secure state, and
when they are not. This is being done today by establishing a baseline for the system that is
monitored and alerts when the state is altered.
By building a dynamic ability to perform root cause analysis of what has caused the deviation,
systems will be able to potentially suspend activities for a time and return itself to the secure
baseline. The result of the analysis would be fed to an intelligence center for analysis and
subsequent action for other systems if required.
74 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
