Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

What Will Your Opponent Think Tomorrow?

Cyberwar Games

Cyberwar Games

I recently stumbled on the story of Tim and Alex Foley, two young men who were born in Canada, grew up in Cambridge and who learned in 2010 that their mom and dad were spies working for Vladimir Putin’s SVR foreign intelligence agency—the Russian Federation’s successor to the Soviet Union’s KGB.

Tim and Alex found out about their parents’ double-life the hard way. Returning home after celebrating Tim’s 20th birthday, the FBI stormed their home as Operation Ghost Stories came to an end with the detention of ten spies, including Anna Chapman.

The Foleys’ story is a study in the world of cloak-and-dagger intrigue that is alive and well despite the fall of the Iron Curtain. Yet, beyond fascinating accounts of the personal toll taken by such dedication to a cause, the article made an important point that bears noting for today’s CISOs: an excellent security program is drudgery; it takes a long-term, goal-oriented commitment; it takes time and a slavish attention to detail. Most important, an excellent security program doesn’t seek to simply amass an historical account of what the enemy has done, but to gather information and insights that help to anticipate what they will do.

In an interview after his return to Russia, Alex and Tim’s secret agent father Andrei Bezrukov (his real name, not Donald Heathfield) put it well when he said, “The best kind of intelligence is to understand what your opponent will think tomorrow, not find out what he thought yesterday.”

A friend who spent a four-year enlistment as a U.S. Navy intelligence specialist recounted some of the lessons he learned at the outset of his training. The first was that every scrap of information the enemy could gather brought you into clearer focus. He recalled how satellite imagery of Soviet military installations showed well-used footpaths crisscrossing lawns—a sign that soldiers were taking shortcuts rather than staying on sidewalks and suggesting a lack of discipline and morale, and that rust on naval vessels demonstrated a lack of maintenance and readiness. These were good things to know in the event that the Cold War became hot.

Such clues could mean the difference between an adversary that was merely going through the motions and one that was vigilant and prepared for any scenario. Which description defines your readiness for a cyberattack?

If your security program is focused on reacting to news of the last data breach, you’ve all but ensured that you’ll fall victim to the next data breach. And if you rely on a written information security plan (WISP) that gets updated once a year, that’s precisely what can be expected to happen. A WISP may be required for compliance, but pages in a binder on a shelf aren’t doing you any good when a hacker comes knocking at the firewall door.

That is why cyberwar games are essential to preparing for and preventing hackers from attacking your network. By gathering information and using the hacker’s playbook to better anticipate their next move, the savvy CISO can see what vulnerabilities exist before they are exploited; the savvy CISO can disrupt the hackers’ kill chain before an attack commences; the savvy CISO can understand what the opponent will think tomorrow and take steps to thwart that move today.

Advertisement. Scroll to continue reading.

In a constantly evolving threat environment a static security plan is no plan at all. The Foleys’ parents went to great lengths to embed themselves in American culture and society, but the article says the playbook from which they operated was a “catalogue of espionage clichés.” The techniques they and their comrades used to collect and pass along intelligence were well-known, and the FBI was able to keep the team of ten spies under surveillance—and act in advance in order to prevent them from doing any real damage to national security.

That’s an example the savvy CISO will do well to follow.

Written By

Danelle is CMO at Ordr. She has more than 20 years of experience in bring new cybersecurity technologies to market. Prior to Ordr, she was CMO at Blue Hexagon (acquired by Qualys), a company using deep-learning to detect malware, and CMO at SafeBreach where she helped build the marketing organization and define the Breach and Attack Simulation category. Previously, she led strategy and marketing at Adallom, a cloud security company acquired by Microsoft. She was also Director, Security Solutions at Palo Alto Networks, driving growth in critical IT initiatives like Zero Trust, virtualization and mobility. Danelle was co-founder of a high-speed networking chipset startup, co-author of a Cisco IP communications book and holds 2 US patents. She holds an MSEE from UC Berkeley.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.