The context is something that could radically turn a bad event to something manageable or even interesting. If we consider how much the threat landscape changed, as did the context where security operates, we realize we are facing one of the most complex and articulated wars of the century – the Cyber War.
As stated in so many articles, newspapers and blogs, cybersecurity is grounded on three pillars, without which it would be impossible to articulate a valid response: people, technology and process. These pillars are key to defining any new concept for protecting cyberspace.
What is cyberspace? Noted author William Gibson coined the phrase in his 1984 novel, Neuromancer, defining it as “…. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding…” More than three decades ago he somehow anticipated the complexity of the entity where we exchange all manner of information.
Cybersecurity practices have been adopted and inherited by military organizations, mainly focusing on defense capabilities. The military is structured to attack and defend different landscapes with different capabilities: Air Force protects air space, the Navy protects the seas, and the Army protects land. What happens when it comes to defending cyberspace? What does the military need most in order to address this complex threat landscape?
The military may have a strong “war” background, but when it comes to cybersecurity it still needs to develop a strategy to win.
Military organizations have a different operational model compared to civil industries with dynamics that don’t necessary follow what cybersecurity practices demand. The military usually experiences a high turnover rate forcing them to rely heavily on very structured and defined processes and procedures. Skills, background and experience are not necessarily taken into account with everything being documented. For example, an entry-level Security Analyst solely relies on policy and procedures in place, which is not the most effective method of fighting a cyber war where experience to know how and what to analyze is crucial to support the decision process.
In 1950 the U.S. Air Force invented the OODA (Observe, Orient, Decide, and Act) model to understand and describe the cognitive process of pilots. Typically, humans make decisions based on what they see and understand from their surroundings, evaluate the consequences of the events and act accordingly. Visibility is critical to taking the right action at the right time.
Everything starts with what we see and how fast we react to negative events. The more information available the easier it is to handle the “fog of war” — the uncertainty in situational awareness.
When it comes to protecting cyberspace, the real challenge is in providing an analyst the right information, in the right context quickly, to allow effective detection and mitigation of the risk to the organization they are protecting.
In this scenario, when a different analyst with different skills and background follows up on the case, they still have the same clear, indisputable and accurate information (the context) available to support the decision process. Visibility is crucial to getting the right data.