The ideological threat – “The Terroristic Hydra”

 An ideological system’s pervasive nature makes it not only an effective means to cultivate a like minded society for benevolent purposes, but can also be utilized to foster a formidable threat.  The fact that it is the facilitation of a belief system that empowers the individual by way of appealing to a sense of commonality without the requirement of strong leadership creates a strong, yet disjointed force.  Further, this does not allow for a single leader to be unseated in order to squelch an ever growing threat.  Instead what exists is a plethora of like-minded disconnected individuals with the same fervor and goals as their peers.  The Internet has facilitated this very concept beyond the boundaries of what was possible not even ten years ago.

A formidable force multiplier – The Internet

 The interconnected web of networks, computers and users has allowed the individual voice, and manifesto, resound beyond the bounds of the audible and onto the web browsers of millions of computers around the world.  In short, a single individual can now broadcast a given message to exponentially more people than ever before by way of the Internet.  Information is a singular payload in the above example; this could easily be viruses, malware, spyware, crimeware or anything a targeted group of individuals can be socially engineered to accept.

Social networking & the blogosphere influence

 In light of the capabilities of a single individual stated above, the most powerful facilitation tools are the now ubiquitously known social networking websites, blogs and mini-blogs now sweeping the mainstream.  It is practically impossible to find a single individual, group or organization in the civilized world that has not been involved in, created or contributed to a social networking website or blog of some kind.  Even select federal agencies have harvested information freely posted on these given sites for correlation with their data stores.  The unleashed power of the rogue and uncensored is now more than ever permeating the homes and minds of societies worldwide, and most importantly, by way of free will.

Evolving threats and threat vectors

 The dynamic nature of the cyber threat makes for a complex and imperfect defense methodology.  Conventional computer viruses used to be the epitome of cyber promiscuity.  Then came the “worm” virus which allowed for a rapid propagation of itself to other proximal targets.  As of late, the even more surreptitious and clandestine malware threat has created an even more difficult hurdle for security professionals to overcome.  Not only does this lascivious beast infect a host by utilizing age old Trojan methodology, it stays dormant until its master activates (or detonates) it to do his or her bidding which can be anything from information sabotage or theft to reconnaissance and surveillance.  Further, this entire initiative can achieved from the security and safety of a home computer in a non-extradition country.

 Email has been and still is one of the main facilitators of propagation but in more recent times, compromised web servers and websites have been a principal source of infection.  Even some of the most trafficked and trusted websites have been used to serve unwitting visitors malicious binaries.  The most basic, yet effective, tactics are accomplished by use of social engineering and rely on the relative ignorance and naivety of the targeted user.

PSYOPS, malicious propagandists and social engineering

 The user is still the most “hackable” system to date.  Between misdirection, appealing to a sense of justice or simply exploiting greed, an adversary can accomplish, acquire, sabotage or surveil just about anything.  PSYOPS, or psychological operations are tactics employed to influence a target audience’s value systems, belief systems, emotions, motives, reasoning, and behavior. Target audiences can be governments, organizations, groups, and individuals, and are used in order to induce confessions, or reinforce attitudes and behaviors favorable to the originator’s objectives.

 Coupling the above methodologies, it is undeniable that the perfect storm is imminent.  Take a singular individual with a motivation.  Give that individual the ability to attract like-mined individuals by way of the Internet and the various tools already built and at his or her disposal.  Add the ability to proliferate an electronic looking glass inside the walls of his or her adversaries allowing unfettered access, knowledge and intelligence.  The outcome is nothing less than cataclysmic.

A holistic approach to securing environments

The Intelligence aspect

 There is no alternative for security; however, the old adage of “an ounce of prevention is worth a pound of cure” is supremely accurate with regard to the concept of intelligence.  Considering the above potential, the obvious first step is the identification of such a threat or in some cases, the potential threat.  In every post-mortem review of a past incident, the signs of the impending event were present, but perhaps simply not clearly identified or recognized as detrimental.  The key methodology behind any good preemptive strategy is the ability to discern current, possible and imminent threats.  This comes with a cohesive and comprehensive awareness of the competitive landscape, geopolitical temperature as well as the tacit and explicit knowledge of what could happen, be sabotaged, stolen or corrupted.  Once this is known, the ability to misdirect, confuse and even reveal an adversary becomes highly feasible.  As with any organization, government or military, it is a communal effort to effectively collect the potentially viable information, distill it into actionable intelligence and properly disseminate it to the suitable decision makers.  It is then and only then can a proactive organization assess, organize and deploy their security stance.

 Security aspect

 From a military perspective, if a given bastion understands where, when and how the siege is due to occur, the defenses can be organized accordingly and resources that would otherwise be spread thin can now be focused.  Unfortunately, the majority of security initiatives come from a canned regulatory standard or worse yet, a compelling event that results in “knee-jerk” reactive behavior.  The compelling event may be an external attacker exploiting a known flaw or an insider which has breached policy ultimately leading to the incident.  Whether it is compliance or regulatory standards or a compelling event, most security programs try to cover all vectors with some kind of “ample” security which from the viewpoint of a targeted attack, usually do fairly little to stifle the attacker’s efforts.  Static systems, as dictated by most compliancy standards, simply can’t address a dynamic threat.  Foreknowledge of an impending threat can enable a security professional to adapt to and preempt an attack accordingly.  This can be done by developing sophisticated security policy and protocol coupled with advanced training techniques.

Efficient business flow vs. consistent and effective security & intelligence

 As with any process that is not expressly a profit center or revenue generating, the total cost of ownership versus the return on investment must be evaluated.  Further, with any security process there is a speed cost which if unchecked, can disrupt business operations and in some cases be more harmful to the organization than the very threat it was employed to shield against.  In numerous occasions, organizations purchase overly sophisticated security technology which are well beyond the organizations scope and scale, or in some cases simply not required.  Proper decisions on what effective security tools, measures and resources are necessary come from defining the very risks they are engaged to minimize.  Beyond this, what risks are simply not worth addressing?  A sixteen year old script kiddie attempting to shutdown a server to gain reputation among his peers does not require the organization to invest in a several hundred thousand dollar firewall cluster.  Inversely, a professional hacker backed by resources and harboring a burning desire to sabotage an organizations activities resulting in downtime costs in the millions is certainly worth the investment.  It is simple math.

 In order to assess an organization’s dynamic DEFCON (Defense Readiness Condition), the operations of a given organization must be taken into account when addressing intelligence and security needs.  If a given organization has nothing of value to lose, the probability that it is currently being targeted for attack is low. Should that same organization develop any valued intellectual property in the next few years, that very same probability of being targeted logically begins to rise.  And with the rising probability of risk, so should the intelligence and security efforts accelerate accordingly.  Further should that given organization sell its intellectual property, the probability of risk lower and so on.

Conclusion

Between the omnipresent threats and ever growing risks to the safety and integrity of our world, it is fundamental that organizations comprehend the correlation between intelligence and security and their inextricable symbiotic relationship.  The dynamic nature of the opposition is one that cannot be ignored.  Conventional security systems must be adaptable and be competent to respond to the continuous intelligence gathered, refined and disseminated to the individuals tasked with what has become nothing less than a monumentally daunting task.

 The next logical step is a constructive dialog on priorities among policymakers, intelligence professionals, security thought leaders and the public. Consensus will be difficult to achieve, but common ground from which to build can and must be found.