Post RSAC and diffusion of People, Process, Operations, and Operational Capability (TTPs etc...) heads up for businesses from Nation-State Players ;)

Started as an update, but I think (who cares what you think dude! ;) :D - thought I'd preempt the peanut gallery :D :) ) that this may be important enough for people debating and formulating forward security strategy. Trying to keep this short, simple, realistic without FUD (well, there are times we still get apprehensive when we realise where scenario can go and how relatively easily and cheaply and unknowingly things in scenario development can go to hell-chaos-bad things in real life (scenarios should not be science fiction nor hollyweird fiction, but should point out degrading and collapsing into possible and even probable damage and loss ,, of money, business revenue, real property, services, functionality,, and saddest of all, human life. :( )

Pause here for moment to indulge in fear, anger, angst, depression, denial, Kubler Ross (?) stages of grief and mourning,,, and then pick oneself up,, dust off the dirt and blood,, and 'on full packs and back on the grinder again' ;) :D

In Cyberwar - amateurs study technology, pro's study people who use technology - paraphrase of "In war, amateurs study tactics, pro's study logistics." :) :D

Would you beat on a tank with barehands? Prob get shot down by supporting infantry or other tank in formation before getting within 20 meters. Can't really effect the commander-gunner-driver-loader,,, but ah,,, mess with their command and control,, and one could impact an entire armoured formation. ;) :D ,, and then add 'kinetic impulse' or direct toward same. :o ;) :D

This is how even a good team, a good organisation can *effed* with, the 'shooters' and frontline folks can't be really distracted or interfered with,, ah, but get their command and control confused and giving contradictory direction/information,, and badguys can cause 'blue on blue' fratricide,, e.g. have friendly MBT fire on each other, or in a more personal meothodology,, use Aikido-Judo-Jiu Jitsu techniques of using an opponent's mass, energy, power and capabilities against them,, why bridges and stairwells (from medeival to modern times) can be deadly for massive forces,, Thermopylae anyone? (until bypassed and negated)

Re conventional systems of defence, fixed fortifications are easily bypassed by mobile strategy and Patton's comment. Fixed fortifications are pretty useless in two ways,, one which is fix defenses in solid immovable 'mental cement' and posit all actions to support inflexible positions,, so no proactive, no active or barely any, and no adaptive,, fixed reactive and conventionally so. Badguys in cyOps-psyOps - sciOps use this, take advantage of rigid, inflexible and easily scouted/reconned fixed fortification mentality and efforts to bypass and/or 'take out' fixed positions. Modern warfare in micro (guerilla/iregular) and macro (blitzkrieg/omg) has shown this lesson over and over again where 'control over assets is the power to destroy those assets and not who owns them.' ;) :D

Post RSAC,, 1) if you are fixated on fixed defenses, SIEM SOC, Threat intelligence, Perimeter, blinky boxesk magic software, cloud backup and recovery, etc ... you may be guilty of fixed fortification thinking,, counting on 'maginot line defense' theory to try and get 'attac kers' to do frontal assault human wave attacks against your defenses,, the 'good' ones won't. ;) They'll sit and brew a cuppa and talk over best way to take down, isolate, degrade, twist position against you,, even if they have to set the 'countryside on fire' to smoke out the positions (also works pretty well for breaking into survival bunkers being sold now ;) :D ) . Fixed positions are so last gen,, this applies to networks, systems, etc... If anyone would like a different strategy, we can engage and go into it.

Interesting film, Zero Day, and for businesses and implications for same for future (possible or probable? ) Nitro Zeus level implications for DR, Risk, and Operations? Never going to happen? Let us hope so,,, what was that about "hope is not a strategy"? l)( :D https://dailycaller.com/2016/07/07/the-us-literally-used-to-have-an-onoff-switch-for-iran-called-nitro-zeus/

many many years ago,, col. john boyd came up with easy concept of OODA loop and also what we paraphrase for fighting in air combat and now cyber,,, Yes, having a better jet helps,, but having experienced fighter pilots and support systems for them helps more,, People, Process, Operations (jet fighter models and tech/machines). Cyber is a continuous process and not, repeat not, maginot line sentry posts and geewhiz tech tools (they can help,, like machine guns, caneras, arc lights, radar, capacitive and acoustic sensors,, ) which need people to operate,, no autoguns (unless one is willing to shoot 'innocents' and prob eachother,,, ) PEople can start you right or wrong in diection,, "so your strategy is to build a high tech fortress and man the walls and send out patrols and guards? but you have no SAMS/MANPADS/deep tunneling detection,, and anyone can pretty much get in? " Or in other wordds,, really good castle and fortifications,, but kinda passe/obsolete,,, in near modern terms,, Dien Bien Phu much? (The original strategy was sound re firebases, but then someone got 'ambitious' and was also a poor general :P )

Also,, defenders react slowly (part of why reactive is slow and loses initiative in combat and in chess,, and in battle chess ;) ) and building defensive tools are slow (1,000,000 lines of code to defend against 120 lines of malware? ':) :S ) Most defensive products (are probably ) stolen/pwn'd before leaving the factory and weps designed to negate/bypass/ignore/defeat/degrade/destroy/disrupt/drift/etc... such and any such that are bought by 'targets',,, easy enough given basic tradecraft (and bad guys/blacks and greys share and cooperate too ;) :D ) to obtain insight, code, process, etc...

Fairly open 'secret' that nation-states are the big players when it comes to cyber weapons,, and that spin off or diffusion of 'packages', TTP, and personnel to nation state supported or shielded actors and group may be akin to 'arms trade' and activities,,, question is will large multinational companies develop or be the new 'defense contractors' in the cyber arena? ;) :D

'and the panda is a bear,, so many bears out there and more coming,,, ' ;) :D

"Sweet dreams are made of these, who am I to disgree,,,, " Dreans/Nightmares.