I have been musing for some time over the Active Defence Debate. Whilst this is a subject that has been implicit in (effective) security strategies since time began, it still seems rare to see active defensive strategies being deployed effectively in all but the most forward thinking Information or cyber security strategies.
By Active Defence, I am not talking about “following an attacker back down the line” but about configuring and managing information architectures so as to enable organisations to actively respond to and hunt down issues within their own infrastructure. I use the term issues advisedly; these events are not always driven directly by people, and may simply arise from a set of circumstances.
There appear to be several reasons for this though two seem paramount. Firstly, the legal and, to some extent, moral constraints which limit direct counter attack act as a significant barrier for many who have the will to engage attackers in an offensive posture but are uncertain about their boundaries and limits of exploitation. More significantly, many organisations lack the confidence or knowledge to take an active posture in the context of Cyber Defence and rely instead on static defensive architectures – often purchased out of a box.
Speaking at a recent event in London, I was interested to hear one of my co speakers (an august american) talking about cyber “adversaries” rather than cyber threat. Though there is a valid argument that threat and adversaries are different things, in some respects, his approach was instructive as it reinforces the fluid nature of operations in cyberspace. Operations in cyberspace, whether associated with defence,exloitation or attack, are all about movement. We should be under no illusion that if we fail to acknowledge this movement, we will be at risk of being outmanoeuvred.
I am reminded of some concepts we can draw from defence doctrine and lessons proven in a Kinetic Environment. The concept of manoeuvre warfare for example – developed by an Englishman and used to great effect by many protagonists in the mid to late 20th Century seeks to shape a battlefield through movement. Interestingly, though often seen as 20th Century kinetic doctrine, the principles underpinning manoeuvre warefare are not new. As an example, their application underpinned the English Victory at Flodden Field in September 1513 and has played a part in many other decisive battles throughout ancient and modern history.
As the principles of manoeuvre warfare have served planners in the kinetic sphere well for many years, so too can they help us simplify the challenges associated with defending this invisible, intangible environment that has become known as Cyberspace.
As an example: If we apply just one of the core manoeuverist concepts: “Find, Fix and Strike” we find a tool that can help us take a proactive posture with respect to Cyber Defence – regardless of our size and role. This affects more than just technology, and if everyone within an organisation:
- is tuned to the identification of threats, risks or even adversaries,
- understands clearly how to respond and if necessary to contain threats and events when they occur, and
- is confident that incident management structures and plans will enable the organisation to sieze the initiative in defeating these threats using legal means within the organisation or its environment,
then an active defensive posture begins to look much more manageable and cost effective.