Is It Time To Go On Offense?
Steve King, CISM, CISSP
Cybersecurity Marketing and Education Leader | CISM, Direct-to-Human Marketing, CyberTheory
Banks have become big fans of offensive cyber-operations and the Federal government has gotten pretty good at it.
Why not the rest of us?
For the past 3 years beginning in the fall of 2016, the U.S. has had a team of offensive cyber-warriors conducting a cyber-battle with ISIS which has resulted in the destruction of the ISIS cyber-capability.
Joint Task Force ARES, under the direction of the NSA and U.S. Cyber Command have been executing a plan called Operation Glowing Symphony, that has successfully denied, degraded and disrupted the entire ISIS operation in cyberspace.
This effort has crippled media, propaganda distribution, recruitment and communications among ISIS troops and rendered their command and control system useless. It has been ultra-effective in scattering, disbursing and reducing the physical ISIS presence in the middle-east.
Instead of our college cybersecurity education programs focusing on cybersecurity administration and bureaucracy (see the MS Cyber program syllabus at the University of San Diego as an example), we need combat warriors trained in red-team exercises, full black hat hacking techniques and weapons-grade counterforce cyber capabilities.
Sure, there are risks - cyber-attacks could become more complex and increase in volume - yet, the opposite could be true as well - can it get any worse than it already is?
Enterprise Architect : Requirements Engineer : Systems Integration : Knowledge Operations : Solutions Consultant
5 年diversity (of tactics) is the mother of prevention (strategy)?
Software Supply Chain Security | DevSecOps | Application Security | Cloud Security | Risk & Vulnerability Management | Writer | Mentor
5 年It has always been a topic for many debates and great discussions on whether we should go for offence or stay defensive to protect our assets, estate and intellectual property.? It is not hard to find cases of state-sponsored or industrial espionage, which many governments may use to obtain intelligence either to promote or to counter-terrorism, activists to promote specific propaganda and the large organisations to steal intellectual property or to gain commercial advantage over the competition. For the rest of the population and small businesses, while they struggle to meet the demands of defensive strategies to successfully run their businesses and to get on with their lives, going offensive is just not an option, and commerce can never flourish in this way. With the acute skillset shortage that our industry faces at the moment, this is a battle that can never be won, where an adversary seems much powerful with all the resources to their advantage. At an extreme level, adopting offensive strategies may only result in an end to the civilisation that we are part of today; or result in a third World War which will be the cyber-warfare than the one being fought with the physical armoury.