Cyber Intelligence

What constitutes intelligence? defines it as a capacity for learning, reasoning, understanding and similar forms of mental activity; aptitude in grasping truths, relationships, facts, meanings, etc.  It’s the second half of this definition that interests me; aptitude in grasping truths.

So, if we apply that to cyber threats, how successful have the mitigation methods been, specifically anti-virus and firewalls?  Is there a truth to be grasped?

Given the news on any given day, AV and firewalls haven’t prevented much.  Granted, people, companies and organizations would be negligent if they didn’t devote resources to AV and firewalls, but they have shown to be of little value.

“Insanity is doing the same thing over and over and expecting different results.”  That quote has been attributed to a couple of people (Albert Einstein among them), but its origins are murky, but it is appropriate here.

If, after years of running AV and firewalls, we haven’t stopped attacks, how do we continue to put our faith in them?  I think it’s because there aren’t any viable alternatives yet.

It is telling that a poll conducted of IT security professionals showed the large majority of them didn’t run AV at home.

Here’s to hoping something better comes along.


Asymmetric Warfare

Asymmetric warfare refers to a conflict where the opposing sides are mismatched in terms of resources. Asymmetric warfare in relation to cyber security and cyber conflict refers to the ability of lesser resourced entities to attack larger entities that they wouldn’t have the ability to attack without the force multiplier that cyber provides.

Emerging technologies create a security imbalance that favors the attacker. There are so many emerging technologies, defenders have to cover all available avenues of attack and new technologies are continually opening new avenues for attack. Attackers only have to pick one avenue of attack that isn’t defended and they’ll be successful. If the vector they chose for attack has been defended against, little to no new resources would be expended to change that vector once they discover the defenses.

It’s this basic imbalance that allows small terrorist groups or loosely grouped political hacktivists like Anonymous to attack much larger, better funded organizations.  Without a basic paradigm change in the way networks and computers are defended, these groups will continue to attack successfully.

As cyber security practitioners, we need to ensure we’re employing best practices and staying informed on the latest exploits.  It’s going to be a long battle.

Opening remarks

Cyber security is an ever-evolving field and there are innumerable blogs out there attempting to inform on this massive subject.  This blog is envisioned to be different.

This will not be a daily rant or a simple repackaging what others have already written. It will be in-depth analysis of evolving trends, major actors and attack vectors.  I will strive to make every blog a quality product by utilizing my experience from more than a decade actively working in the Information Technology field in many different disciplines. I will attempt to spotlight emerging areas and new attack vectors before they hit the mainstream media.

A little about my experience.  I started working with a computer when I was 11 years old.  I was far from a prodigy, but computers have held my attention and fascination for more than three decades.  The first time I logged in to the ‘Internet’ was back in the ’80s and I was presented with a completely text-based menu with five subjects to choose from.  Things have changed dramatically in the past 30 years.

When I left the U.S. Army in 1999, I started work as an IT contractor to the U.S. Government.  I have been exposed to, and worked, with many diverse systems and architectures over the years.  I am currently enrolled in a Cybersecurity Masters program with an expected graduation date of 2013.

I hope you enjoy what you read here.