Dailydave mailing list archives
Counter-Insurgency in the Cyber Domain
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 14 Apr 2015 12:27:19 -0400
Like many of us I feel sometimes like John Nagl when it comes to pointing out that we are engaged in what looks and feels like Counter-Insurgency in cyberspace, although we are acting like we are not. As background, I spent my early years working for the Defense Department, so the way "War Writ Big" is done is built into my headspace. And for the past decade I've run Immunity, which is one of the few pure-plays in the offensive space, but is still a small insurgent by any standard. For the past couple of months I've been working on adapting the modern counter-insurgency treatises to our area of expertise. Let me quote from Nagl'srecent book <http://www.amazon.com/Knife-Fights-Memoir-Modern-Practice/dp/1594204985> in the chapter dedicated to trying to change the Army from a "Sweep and Clear" methodology to a "Clear, Hold and Build" counterinsurgency methodology. /"Only the population could identify the insurgents in their midst, and they would do so only if they could be certain that they would survive the experience."/ Recently Sony and GitHub have both come under attack from nation states who want to enforce a censorship regime on them. What the US has to offer these companies is a Sweep and Clear methodology. No doubt it is clear to both of them and any interested observers that they may not survive the experience of an ongoing conflict. To move to a "Clear Hold and Build" strategy in cyberspace we need a complete shift in focus. The first step is the least popular, and the most difficult: We need to establish comprehensive situational awareness, with as many layers as we had in An-bar province. Satellites, Drones, SIGINT and HUMINT all played into building a picture in Iraq and "Find, Fix, Finish, Analyze and Disseminate" (F3EAD) can be just as devastatingly effective in the Cyber Domain. However, just as in Iraq, building real situational awareness requires partnering with a vastly different culture. In this case, Google, Microsoft, Apple, and other companies, many of whom are not based in America, are directly at odds with the USG when it comes to cyber policy. The recent administration push <http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html> to implement "split key" cryptographic escrow on top of Apple and Google is just one example. Even if implemented perfectly and painlessly, Google and Apple will always remember it as an injustice forced upon them, one that puts them at a severe disadvantage in foreign markets. Unfortunately, the first step of Counter Insurgency (c.f. Kilcullen's work) is asking yourself what kind of State you are trying to build and whether that is even possible. We have not done even this. It's time to do it now, and to begin building support for a comprehensive USG and allied effort to perform proper Counter Insurgency in cyber. If you want to collaborate on a policy (and random thoughts) document for this, let me know and I'll see about sharing my current Google Doc on this with you, or just come visit me at the bar at INFILTRATE <http://www.infiltratecon.org/>. :) Thanks, Dave Aitel CEO Immunity, Inc.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- Counter-Insurgency in the Cyber Domain Dave Aitel (Apr 14)