Re: U.S. Joint Forces Command releases new irregular warfare vision

[Jarrod Frates <jfrates.ml () gmail com>]

On Wed, Mar 25, 2009 at 11:06 AM, Rob, grandpa of Ryan, Trevor, Devon
& Hannah <rMslade () shaw ca> wrote:
> There is something inherently odd about that statement, and intent.  As in any
> area of security, how can you protect against threats you don't know about as
> effectively as against threats you do know about?  Not to say that you can't
> attempt to protect against the unknown (and you should), but doing it at the same
> level doesn't seem possible.  (Or wise, in terms of cost/benefit analysis and risk
> management.)

I don't think that conducting irregular warfare necessarily means
going into an unknown situation any more than regular warfare means
going into a known situation.  Ambushes and feints are part of regular
warfare, and can certainly make for significant unknowns to the
battlefield commander.

Special forces for most nations focus a great deal on irregular
warfare: infiltration, intelligence gathering, sabotage, subversion,
assassination, and guerrilla tactics.  The specialization goes beyond
typical small-unit tactics to include blending in with the local
scene, and that sometimes means dressing up as a local or as a tourist
to be able to walk through urban environments without attracting
attention.  When active in combat, they are better at hit-and-run
raids than are normal infantry, who are often loathe to give up ground
they've fought to take.  However, as good as they may be, a typical
special forces unit would find it a challenge at best to hold off an
entire battalion.  Massed formations are where regular forces come in.

The US military has focused for most of its existence on conventional
warfare.  It takes a long time to make shifts in tactical doctrine
that have an effect on the strategic level.  Snipers were used in
every war from the Revolutionary War through Korea before the Army
established a permanent sniper presence.  Vietnam began to teach the
importance of guerrilla warfare, and follow-up experience in Central
America and the Philippines reinforced the lessons. Irregular and
urban combat in Iraq and Afghanistan solidified this not only in the
military but in the public and, more importantly, in Congress, and now
the focus is how to adapt our regular forces to better handle this
"new" threat.

The security industry is similar, albeit a bit faster to move.
Learning how the black hat operates and emulating that allows us to
respond to the unconventional tactics that they use.  Whereas the
hacker used to be thought of by many at best as an underground geek of
little relevance to the real world and at worst a low-life, many of
them are now sought out and indeed have attained minor celebrity
status.  Firewalls, account privilege limitations, passwords, and
encryption are our conventional warfare, dealing with the masses who
would otherwise walk in and take what they want.  IDS/IDP, DEP, ASLR,
and other mechanisms are our answers to the irregular warfare of
mangled protocols, improper code execution, overflows, and manipulated
input that the specialist uses to remain undetected or multiply
available resources, and increasingly, sides are adopting the tactics
of their opponents to remain viable, with white hats looking for
programming flaws in malware and black hats creating their own
defenses analogous to antivirus and intrusion detection.

In both the warfare and security realms, conventional warfare will
continue to slowly evolve but has reached a high level of maturity,
but developing irregular warfare and its is where the focus will be
for some time to come, and the battlefield will even out as all sides
come to a more complete understanding of the intricacies therein.
-- 
Jarrod Frates
GAWN, GCIH

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.