Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 30 May, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Iron Rain: What Defines a Cyber Insurgency?

by The Gurus
June 17, 2020
in This Week's Gurus
Share on FacebookShare on Twitter

“A fool pulls the leaves. A brute chops the trunk. A sage digs the roots.” – Pierce Brown

 

The western world is currently grappling with a cyber insurgency.  The widespread adoption of the “kill-chain” coupled with the use of memory resident malware has fueled the cyber-attack wild fire.  The security architectures mandated by regulators and standard bodies are collapsing. History does repeat itself. One should study the evolution of insurgencies to better grasp the nature of cybersecurity in 2018.

 

In the Red Rising Trilogy, Pierce Brown introduces a military tactic that could only work in a world where humans live on multiple planets and asteroids. We won’t spoil the book completely (go read the series, it’s awesome) but for the purposes of this blog an Iron Rain can be defined as a mass invasion tactic. Enemy fleets gather outside the atmosphere of a planet and use pods or other drop ships to launch an unbelievably overwhelming military force on a planets populace.

 

It’s overwhelming. It’s instant and if you miss-react you are doomed to fall to the Iron Rain. Just like with cyberattacks. It must be stated that attacks are not stand alone and in many cases they are simply part of a larger “Iron Rain” effort. If you follow the strategy behind most nation state attacks you quickly start to realise that these efforts resemble insurgency tactics more than they do standard military ones.

 

What defines a cyber insurgency?

 

The Department of Defense Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms (Washington, DC: U.S. Government Printing Office [GPO], 12 April 2001), defines an insurgency as “an organised movement aimed at the overthrow of a constituted government through the use of subversion and armed conflict.”

 

In cyber terms “an organised movement aimed at the disruption of cyber systems and through subversion and armed cyber conflict.”

 

The goals of the cyber insurgency may vary however the following conditions must exist for a cyber insurgency:

 

  1. You must have a common entity or authority against whom your actions are directed.
  2. You must have the tools of cyber insurrections themselves: and the systems to launch attacks against the entities.
  3. The cyber insurgents must be willing to use cyber force against their targets. This element distinguishes a cyber insurrection from intelligence gathering purposes.

 

As a former U.S. Marine we were taught to think differently. We were taught to think like the enemy and take it to them when needed. The Marines have a history of doing more with way less we take pride in it. Just like InfoSec teams. Over the last few years it has become apparent that our enemies are emboldened and becoming more aggressive. We must shift thinking and tactics to begin to turn the tide. Just like every battlefield Marine. Intel changes, things move fast and people’s lives are at risk.

 

It is fundamental that cybersecurity professionals take a page from the annals of irregular or low intensity warfare to better understand how to combat this threat.  This article is meant to begin an open discussion on how we as defenders can best modernise our strategies of cybersecurity. Much of the strategic tenants below are derived from The Marine Corps Counter Insurgency Manual or FM 3-24 MCWP 3-33.5 and adapted to the world of cyber.

 

To effectively discuss cyber insurgencies we must discuss the idea of irregular warfare.

 

Low intensity warfare or irregular warfare is a violent struggle among state and non-state actors for legitimacy and influence over the relevant populations. Irregular warfare favours indirect approaches, though it may employ the full range of evasion and other capacities in order to erode an adversary’s prevention, detection, and response capabilities.

 

When counter insurgents attempt to defeat an insurgency, they perform a range of diverse methods. Leaders must effectively arrange these diverse methods in time and cyberspace to accomplish strategic objectives. The various combinations of these methods with different levels of resourcing provide each team with a wide range of strategic options to defeat an insurgency.

 

“Effective cyber counterinsurgency operations require an understanding of not only  available cyber security capabilities but also the capabilities of the adversary.”

 

The tasks counter insurgents perform in countering an insurgency are not unique. It is the organisation of these tasks in time and space that is unique. For example, financial organisations may employ strategy to align and shape efforts, resources, and tasks to support strategic goals and prepare for specific attacks on their institution. In support of this goal, good strategies would normally emphasize security cooperation activities, building partner capacity and sharing threat intelligence.

 

Business leaders and security leaders must have a dialogue to decide the optimal strategy to meet the security needs of the organisation the team is supporting. Different capabilities provide different choices that offer different costs and risks.

 

Unified action is essential for all types of involvement in any counterinsurgency. Unified action is the synchronisation, coordination, and/or integration of the activities of entities with cyber security operations to achieve unity of effort. Your organisation must have a unified approach to cyber operations.

 

We must begin to think collectively as an organisation. The time for siloed decisions is over. The time for unified action is here and we must unify our strategies to combat the ongoing cyber insurgency. On 19th July, we will be releasing the Cb Quarterly Incident Response Threat Report (QIRTR) where we survey dozens of our IR and MDR partners per ground truth in cyber.  The results will be interest to you and your organisation. Stay tuned!

FacebookTweetLinkedIn
Tags: CybersecurityTechnology
ShareTweet
Previous Post

A First Look at the North Korean Malware Family Tree

Next Post

Protecting Data in the Era of IoT

Recent News

SnapDragon Monitoring scam advice

Tips to Protect Against Holiday and Airline Scams

May 25, 2023
Access Segmentation & Encryption Management from MyCena

New security model launched to eliminate 95% of cyber breaches

May 25, 2023
KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

KnowBe4 Helps Organisations Battle QR Code Phishing Attacks With New Tool

May 25, 2023
Purple Logo, capitalised letters: SALT.

Salt Security Uncovers API Security Flaws in Expo Framework, Issues have been Remediated

May 24, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information