Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

What Will Your Opponent Think Tomorrow?

Cyberwar Games

Cyberwar Games

I recently stumbled on the story of Tim and Alex Foley, two young men who were born in Canada, grew up in Cambridge and who learned in 2010 that their mom and dad were spies working for Vladimir Putin’s SVR foreign intelligence agency—the Russian Federation’s successor to the Soviet Union’s KGB.

Tim and Alex found out about their parents’ double-life the hard way. Returning home after celebrating Tim’s 20th birthday, the FBI stormed their home as Operation Ghost Stories came to an end with the detention of ten spies, including Anna Chapman.

The Foleys’ story is a study in the world of cloak-and-dagger intrigue that is alive and well despite the fall of the Iron Curtain. Yet, beyond fascinating accounts of the personal toll taken by such dedication to a cause, the article made an important point that bears noting for today’s CISOs: an excellent security program is drudgery; it takes a long-term, goal-oriented commitment; it takes time and a slavish attention to detail. Most important, an excellent security program doesn’t seek to simply amass an historical account of what the enemy has done, but to gather information and insights that help to anticipate what they will do.

In an interview after his return to Russia, Alex and Tim’s secret agent father Andrei Bezrukov (his real name, not Donald Heathfield) put it well when he said, “The best kind of intelligence is to understand what your opponent will think tomorrow, not find out what he thought yesterday.”

A friend who spent a four-year enlistment as a U.S. Navy intelligence specialist recounted some of the lessons he learned at the outset of his training. The first was that every scrap of information the enemy could gather brought you into clearer focus. He recalled how satellite imagery of Soviet military installations showed well-used footpaths crisscrossing lawns—a sign that soldiers were taking shortcuts rather than staying on sidewalks and suggesting a lack of discipline and morale, and that rust on naval vessels demonstrated a lack of maintenance and readiness. These were good things to know in the event that the Cold War became hot.

Such clues could mean the difference between an adversary that was merely going through the motions and one that was vigilant and prepared for any scenario. Which description defines your readiness for a cyberattack?

If your security program is focused on reacting to news of the last data breach, you’ve all but ensured that you’ll fall victim to the next data breach. And if you rely on a written information security plan (WISP) that gets updated once a year, that’s precisely what can be expected to happen. A WISP may be required for compliance, but pages in a binder on a shelf aren’t doing you any good when a hacker comes knocking at the firewall door.

That is why cyberwar games are essential to preparing for and preventing hackers from attacking your network. By gathering information and using the hacker’s playbook to better anticipate their next move, the savvy CISO can see what vulnerabilities exist before they are exploited; the savvy CISO can disrupt the hackers’ kill chain before an attack commences; the savvy CISO can understand what the opponent will think tomorrow and take steps to thwart that move today.

Advertisement. Scroll to continue reading.

In a constantly evolving threat environment a static security plan is no plan at all. The Foleys’ parents went to great lengths to embed themselves in American culture and society, but the article says the playbook from which they operated was a “catalogue of espionage clichés.” The techniques they and their comrades used to collect and pass along intelligence were well-known, and the FBI was able to keep the team of ten spies under surveillance—and act in advance in order to prevent them from doing any real damage to national security.

That’s an example the savvy CISO will do well to follow.

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...