Security Experts:

Connect with us

Hi, what are you looking for?


Incident Response

What Will Your Opponent Think Tomorrow?

Cyberwar Games

Cyberwar Games

I recently stumbled on the story of Tim and Alex Foley, two young men who were born in Canada, grew up in Cambridge and who learned in 2010 that their mom and dad were spies working for Vladimir Putin’s SVR foreign intelligence agency—the Russian Federation’s successor to the Soviet Union’s KGB.

Tim and Alex found out about their parents’ double-life the hard way. Returning home after celebrating Tim’s 20th birthday, the FBI stormed their home as Operation Ghost Stories came to an end with the detention of ten spies, including Anna Chapman.

The Foleys’ story is a study in the world of cloak-and-dagger intrigue that is alive and well despite the fall of the Iron Curtain. Yet, beyond fascinating accounts of the personal toll taken by such dedication to a cause, the article made an important point that bears noting for today’s CISOs: an excellent security program is drudgery; it takes a long-term, goal-oriented commitment; it takes time and a slavish attention to detail. Most important, an excellent security program doesn’t seek to simply amass an historical account of what the enemy has done, but to gather information and insights that help to anticipate what they will do.

In an interview after his return to Russia, Alex and Tim’s secret agent father Andrei Bezrukov (his real name, not Donald Heathfield) put it well when he said, “The best kind of intelligence is to understand what your opponent will think tomorrow, not find out what he thought yesterday.”

A friend who spent a four-year enlistment as a U.S. Navy intelligence specialist recounted some of the lessons he learned at the outset of his training. The first was that every scrap of information the enemy could gather brought you into clearer focus. He recalled how satellite imagery of Soviet military installations showed well-used footpaths crisscrossing lawns—a sign that soldiers were taking shortcuts rather than staying on sidewalks and suggesting a lack of discipline and morale, and that rust on naval vessels demonstrated a lack of maintenance and readiness. These were good things to know in the event that the Cold War became hot.

Such clues could mean the difference between an adversary that was merely going through the motions and one that was vigilant and prepared for any scenario. Which description defines your readiness for a cyberattack?

If your security program is focused on reacting to news of the last data breach, you’ve all but ensured that you’ll fall victim to the next data breach. And if you rely on a written information security plan (WISP) that gets updated once a year, that’s precisely what can be expected to happen. A WISP may be required for compliance, but pages in a binder on a shelf aren’t doing you any good when a hacker comes knocking at the firewall door.

That is why cyberwar games are essential to preparing for and preventing hackers from attacking your network. By gathering information and using the hacker’s playbook to better anticipate their next move, the savvy CISO can see what vulnerabilities exist before they are exploited; the savvy CISO can disrupt the hackers’ kill chain before an attack commences; the savvy CISO can understand what the opponent will think tomorrow and take steps to thwart that move today.

In a constantly evolving threat environment a static security plan is no plan at all. The Foleys’ parents went to great lengths to embed themselves in American culture and society, but the article says the playbook from which they operated was a “catalogue of espionage clichés.” The techniques they and their comrades used to collect and pass along intelligence were well-known, and the FBI was able to keep the team of ten spies under surveillance—and act in advance in order to prevent them from doing any real damage to national security.

That’s an example the savvy CISO will do well to follow.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.


Twenty-one cybersecurity-related M&A deals were announced in December 2022.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.