A Blue Shield and Red Sword

By day I carry a blue shield into the fog of conflict.  By night I sharpen and hone a red sword.  While I rarely take the opportunity to use a red sword against an opponent knowing how to use it helps me know where to best place a blue shield. They are clashing tools that should be understood and used with coherence.

Just as red teams should use reconnaissance, scanning, exploitation, maintaining access, etc., so should blue teams use reconnaissance, scanning, mitigation, maintaining authorized access, etc.  Why should the red team get all the credit for finding the unlocked doors when the blue team should be finding the unlocked doors and mitigating them first? While red teams often have the opportunity to focus on one target blue teams must defend all targets from multiple threats at all times.  The red team strikes where the blue team is not looking.

One is not better than the other, they just have different challenges to work with and they must work coherently to assess and mitigate the cyber lacuna.

The Cyber Lacuna Loses the Cyber War

Gaps in your information technology and related research can contribute to your team losing its cyber war to other teams with access to gap closing technology and research. At this point that statement should not seem so profound, but I still think it needs to be stated. Many of us sit on the sidelines speculatively arguing the existence of cyber war like activities, but do we truly understand the game.

I am not sure there is an end-game in cyberspace. The goal is not to win some arbitrary cyber conflict, but to maintain an advantage through continuous operations.  Most of time the advantage being sought will have little to do with anything cyber or the Internet. The cyber conduit is just one of many mediums where operations transpire. Gaining the advantage also does not necessarily mean that you have closed a gap for your team. You can take the advantage by creating and maintaining gaps in your adversary’s information technology or research.

You have to look no further than Stuxnet to see an example of a cyber-operation that conspired to create gaps in centrifuge technology so a possible nuclear research gap was maintained in Iran.  While the team that carried out the cyber-operation clearly had developed or gained access to some gap closing malware technology they were willing to give up that cyber advantage to presumably maintain a nuclear advantage over Iran.

We know the cyber weapons of mass destruction are out there, so we need to maintain focus on closing our own cyber gaps. We need to think strategically about our defensive cyber security programs.  We have to assess and develop target theories on where others would seek to exploit existing or create new gaps in our information technology or research.

The end-game is not in cyberspace; it's developing and maintaining the best people. Make sure the human element is not your cyber lacuna.

My thoughts may be unfinished and unrefined, but they are my own.

Lunch Line Security Theater

Back in 2010 at the first TEDxPSU event I was offered the opportunity by a very polite event worker to allow Bruce Schneier to step into the gap in the line in front of me at the lunch buffet. Earlier that morning I had been subjected to Bruce’s Reconceptualizing Security talk. Immediately I started assessing how I felt about the situation, wondering what the model was for dealing with it, and assessing what the reality was. My feelings were chasing for a model that would deal with the reality that was presenting itself.

I was eventually able to understand that the one person that I really wanted the chance to meet that day at TEDxPSU was going to be cutting into the lunch line in front of me. What possible security risk could there being letting Bruce Schneier cut in the lunch line? The reality of the situation said there would be little to no risk in allowing one of the event speakers to cut in line.  The model I had in my head said the social thing to do was be nice and welcome the opportunity and assumed the other event guests behind me in line would not object, at least publicly.

The reality said there was no risk.  The model said there was no risk. So, why did my feelings say there was risk?  I had not expected to run into Bruce in the lunch line. I was a little shocked, felt unprepared, and did not want to leave Bruce with a bad impression.

I did acknowledge the event worker and openly welcomed Bruce by name into the lunch line, but was unable to further engage Bruce as the buffet and rushing of the event worker provided an effective distraction. Although I was disappointed by the lost opportunity, later I was able to make it to the table where Bruce had eaten his lunch and was able to briefly say hi to him before he had to take a phone call. While I never really got to fully introduce myself to Bruce, I am not at all that bummed about it.  I now have a personal security theater story about the day Bruce Schneier cut in front of me in the lunch line.

Bruce started his talk that morning suggesting security is two different things, a feeling, and a reality.  The reality is that it’s not really that much of a risk to allow someone to cut in the lunch line, but you may feel a lot different about the security risk when it's Bruce Schneier cutting in line.

Blue Team: Close the Gap with Situation Awareness

Blue Team:

I left Pleasant Gap this morning to attend the Penn State Security Conference 2012 where I was able to hear Mick Douglas, a PaulDotCom.com Contributor, give his “Blue Team is Sexy: Refocusing on Defense” talk.  Right away Mick’s rant had me re-visualizing how much I love being on the Blue Team.  My takeaway from Mick’s message was it takes the right people that know their systems, applications, networks, and the right tools to use to defend the security gap.  Without the Blue Team there is a Cyber Lacuna in your Information Security Program.

See Mick Douglas’ Derbycon 2011 talk at Irongeek.com:

http://www.irongeek.com/i.php?page=videos/derbycon1/mick-douglas-blue-team-is-sexy-refocusing-on-defense-part-ii-all-you-baseline-are-belong-to-us

 

 

Situational Awareness:

Later this afternoon I got to attend the “Improving Your Cyber Security Situation Awareness” talk by Nick Giacobe, Research Technologist, College of Information Sciences and Technology (IST), Penn State. Nick jumped right into defining Situation Awareness as the state of human knowledge of entities within a volume of time and space, the comprehension of their meaning, and the projection of their status in the near future.

Through interviewing dozens of cyber security experts Nick was able to gather a comprehension understanding of what it takes to visualize the cyber security situation. Nick provided helpful insight into how a network or systems administrator can use the data from the systems, applications, networks, and the tools they use to improve situation awareness for practicing security analysts.  Nick tied it all together by demonstrating a data fusion process using visualization tools.

As I arrived back in Pleasant Gap tonight I found myself re-visualizing how I can use cyber security situation awareness to refocuse on defense and close the gap for the Blue Team.

Cyber Lacuna

This will be a space to fill in the gaps of my thoughts on Information Security. This has been in my mind for a while.

Cyber -
            A prefix that means computers, internetworks, virtual reality, the space where reality is augmented.

Lacuna -

              An empty space or a missing part; a gap.

Cyber Lacuna -
            The missing medium of computers, internetworks, the space where reality is augmented; a cyber gap.

Cyberspace lost.