Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

What Will Your Opponent Think Tomorrow?

Cyberwar Games

Cyberwar Games

I recently stumbled on the story of Tim and Alex Foley, two young men who were born in Canada, grew up in Cambridge and who learned in 2010 that their mom and dad were spies working for Vladimir Putin’s SVR foreign intelligence agency—the Russian Federation’s successor to the Soviet Union’s KGB.

Tim and Alex found out about their parents’ double-life the hard way. Returning home after celebrating Tim’s 20th birthday, the FBI stormed their home as Operation Ghost Stories came to an end with the detention of ten spies, including Anna Chapman.

The Foleys’ story is a study in the world of cloak-and-dagger intrigue that is alive and well despite the fall of the Iron Curtain. Yet, beyond fascinating accounts of the personal toll taken by such dedication to a cause, the article made an important point that bears noting for today’s CISOs: an excellent security program is drudgery; it takes a long-term, goal-oriented commitment; it takes time and a slavish attention to detail. Most important, an excellent security program doesn’t seek to simply amass an historical account of what the enemy has done, but to gather information and insights that help to anticipate what they will do.

In an interview after his return to Russia, Alex and Tim’s secret agent father Andrei Bezrukov (his real name, not Donald Heathfield) put it well when he said, “The best kind of intelligence is to understand what your opponent will think tomorrow, not find out what he thought yesterday.”

A friend who spent a four-year enlistment as a U.S. Navy intelligence specialist recounted some of the lessons he learned at the outset of his training. The first was that every scrap of information the enemy could gather brought you into clearer focus. He recalled how satellite imagery of Soviet military installations showed well-used footpaths crisscrossing lawns—a sign that soldiers were taking shortcuts rather than staying on sidewalks and suggesting a lack of discipline and morale, and that rust on naval vessels demonstrated a lack of maintenance and readiness. These were good things to know in the event that the Cold War became hot.

Such clues could mean the difference between an adversary that was merely going through the motions and one that was vigilant and prepared for any scenario. Which description defines your readiness for a cyberattack?

If your security program is focused on reacting to news of the last data breach, you’ve all but ensured that you’ll fall victim to the next data breach. And if you rely on a written information security plan (WISP) that gets updated once a year, that’s precisely what can be expected to happen. A WISP may be required for compliance, but pages in a binder on a shelf aren’t doing you any good when a hacker comes knocking at the firewall door.

That is why cyberwar games are essential to preparing for and preventing hackers from attacking your network. By gathering information and using the hacker’s playbook to better anticipate their next move, the savvy CISO can see what vulnerabilities exist before they are exploited; the savvy CISO can disrupt the hackers’ kill chain before an attack commences; the savvy CISO can understand what the opponent will think tomorrow and take steps to thwart that move today.

In a constantly evolving threat environment a static security plan is no plan at all. The Foleys’ parents went to great lengths to embed themselves in American culture and society, but the article says the playbook from which they operated was a “catalogue of espionage clichés.” The techniques they and their comrades used to collect and pass along intelligence were well-known, and the FBI was able to keep the team of ten spies under surveillance—and act in advance in order to prevent them from doing any real damage to national security.

That’s an example the savvy CISO will do well to follow.

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.


Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.