Your New Cyber SOC Isn’t Enough. You Need A Mindset
There were no cyber SOCs when Sun Tzu wrote “The Art of War” more than 2,500 years ago. But the ancient Chinese warrior’s old principles can empower new cybersecurity attitudes and approaches to fighting our newest wars in the digital realm.
And make no mistake: today, we are at war in the 5th Domain. Bombs aren’t exploding and people aren’t dying, but what we build, where we heal, who handles our money, and even when we flip on a light switch are all under continuous attack by smart, motivated, and resourceful cyber adversaries from around the globe who look to cripple our society.
Our way of life is under assault, and how we can fight back is the vision behind my upcoming book, “All The War They Want: How To Break The Rules And Stack The Deck.” And our defense begins with focusing not on the latest gadgets, but on our mindsets. The way we think about this problem will play a huge role in the final outcome.
Be Adaptable, Agile, and Aware
Traditional approaches on how to fight in this digital dimension are doomed to fail, because conventional wisdom is predictable, and predictability is exploitable. We must have the ability to adapt rapidly, and not simply follow rules. In that sense, we need to be more of an organism than an organization. We must be agile and aware while aiming at the end result of actual defense and deterrence.
Today, the typical approach falls well short of that ending. Far too often, we settle for security compliance, which means that we’re simply doing what we’re supposed to do, today. But that should only be a checkpoint on the road to maturity (which means that we’re doing what we’re supposed to do every day) and effectiveness (what we’re doing every day actually works). Most organizations never get to maturity, let alone effectiveness.
To start that journey, our evolving processes must be rooted in consistent principles. Sun Tzu offers three key ideas that can help us identify challenges and opportunities as they form in this new battlespace. They are:
- Know the environment. If you’re going to climb a mountain, fight a battle, solve a problem, or face adversaries of any kind, the more you know about the terrain you’re operating on, the better off you are. Knowing the environment is your starting point, and you build outward and upward from there.
- Know the enemy. The key to success in special operations and asymmetric warfare is to be able to put yourself in the position of your adversaries without demonizing them. You must be able to see the situation through their eyes without your emotions clouding your view, because looking at it from their perspective will enable you to better predict, prepare, respond, and defeat them.
- Know yourself. It doesn’t matter how tough you are. Eventually, you’re going to run into someone who’s tougher. Once you truly understand that, it frames the way you engage in fights from that day forward. You no longer fight for sport, you fight only to win. Your survival is at stake.
Your opponents already are executing such principles, and succeeding in doing so in ways that are two-fold. There is intelligence preparation of the battlefield, where cyber adversaries are gaining information that would be needed ultimately to lead to future attacks; and there is operational preparation of the environment, where our foes are positioning to be able to execute larger, more complex attacks.
We’re Already Under Attack
The reality of this ongoing war was infamously demonstrated in the recent SolarWinds debacle, where the simple insertion of malware into code was both operational preparation of the environment and intelligence preparation of the battlefield. It allowed for the execution of attacks via that code and the simultaneous collection of troves of data.
That attack defined industrial, geographic, and political boundaries, and it reached virtually every corner of our society. It crystallized that this is a problem not just for our government or specific industries, but for all of the American people. Yet, there’s a lack of ownership of this threat.
We can’t believe this problem is unsolvable, or someone else’s problem to solve. Rather, you and I and our fellow Americans can and must reject the status quo, band together as a special operations unit to fight this asymmetric war and win it, and successfully defend our way of life.
If your answer to this challenge isn’t a “Hell, yes!” then it is a no. Total focus is the only way to solve difficult problems like this. Tech won’t be enough to win this war; we need tenacity, thought, and teamwork. I hope the book inspires us all.
Centralized Visibility – Distributed Control: C- Suite leaders and a cyber resilient Ecosystem in critical business sectors
Ever wonder how effective your cyber program is? You definitely should. As senior leaders you have a fiduciary responsibility to manage risk but as leaders in the defense industrial base, state government, energy, critical manufacturing, financial services,...
If you’re still waiting for a cybersecurity 9/11 or a ransomware Pearl Harbor to punch us in the gut, wake up. The equivalent has already happened. More than one, in fact. Maybe SolarWinds and Colonial Pipeline1 didn’t have the same devastating visuals of...
As DIB companies navigate increased regulations and cybersecurity threats, they should turn to managed security service providers (MSSPs) as trusted advisors. What is an MSSP? Similar to a managed service provider (MSP), an MSSP acts as a trusted advisor to your...