Security Experts:

What Will Your Opponent Think Tomorrow?

Cyberwar Games

I recently stumbled on the story of Tim and Alex Foley, two young men who were born in Canada, grew up in Cambridge and who learned in 2010 that their mom and dad were spies working for Vladimir Putin’s SVR foreign intelligence agency—the Russian Federation’s successor to the Soviet Union’s KGB.

Tim and Alex found out about their parents’ double-life the hard way. Returning home after celebrating Tim’s 20th birthday, the FBI stormed their home as Operation Ghost Stories came to an end with the detention of ten spies, including Anna Chapman.

The Foleys’ story is a study in the world of cloak-and-dagger intrigue that is alive and well despite the fall of the Iron Curtain. Yet, beyond fascinating accounts of the personal toll taken by such dedication to a cause, the article made an important point that bears noting for today’s CISOs: an excellent security program is drudgery; it takes a long-term, goal-oriented commitment; it takes time and a slavish attention to detail. Most important, an excellent security program doesn’t seek to simply amass an historical account of what the enemy has done, but to gather information and insights that help to anticipate what they will do.

In an interview after his return to Russia, Alex and Tim’s secret agent father Andrei Bezrukov (his real name, not Donald Heathfield) put it well when he said, “The best kind of intelligence is to understand what your opponent will think tomorrow, not find out what he thought yesterday.”

A friend who spent a four-year enlistment as a U.S. Navy intelligence specialist recounted some of the lessons he learned at the outset of his training. The first was that every scrap of information the enemy could gather brought you into clearer focus. He recalled how satellite imagery of Soviet military installations showed well-used footpaths crisscrossing lawns—a sign that soldiers were taking shortcuts rather than staying on sidewalks and suggesting a lack of discipline and morale, and that rust on naval vessels demonstrated a lack of maintenance and readiness. These were good things to know in the event that the Cold War became hot.

Such clues could mean the difference between an adversary that was merely going through the motions and one that was vigilant and prepared for any scenario. Which description defines your readiness for a cyberattack?

If your security program is focused on reacting to news of the last data breach, you’ve all but ensured that you’ll fall victim to the next data breach. And if you rely on a written information security plan (WISP) that gets updated once a year, that’s precisely what can be expected to happen. A WISP may be required for compliance, but pages in a binder on a shelf aren’t doing you any good when a hacker comes knocking at the firewall door.

That is why cyberwar games are essential to preparing for and preventing hackers from attacking your network. By gathering information and using the hacker’s playbook to better anticipate their next move, the savvy CISO can see what vulnerabilities exist before they are exploited; the savvy CISO can disrupt the hackers’ kill chain before an attack commences; the savvy CISO can understand what the opponent will think tomorrow and take steps to thwart that move today.

In a constantly evolving threat environment a static security plan is no plan at all. The Foleys’ parents went to great lengths to embed themselves in American culture and society, but the article says the playbook from which they operated was a “catalogue of espionage clichés.” The techniques they and their comrades used to collect and pass along intelligence were well-known, and the FBI was able to keep the team of ten spies under surveillance—and act in advance in order to prevent them from doing any real damage to national security.

That’s an example the savvy CISO will do well to follow.

view counter
Danelle is VP of Strategy and Marketing at SafeBreach. She has more than 15 years of experience bringing new technologies to market. Prior to SafeBreach, Danelle led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also responsible for security solutions at Palo Alto Networks, driving growth in critical IT initiatives like virtualization, network segmentation and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of an IP Communications Book and holds 2 U.S. Patents. You can follow her at @DanelleAu.