[Dailydave] Counter-Insurgency in the Cyber Domain

Tue Apr 14 12:27:19 EDT 2015

Like many of us I feel sometimes like John Nagl when it comes to
pointing out that we are engaged in what looks and feels like
Counter-Insurgency in cyberspace, although we are acting like we are
not. As background, I spent my early years working for the Defense
Department, so the way "War Writ Big" is done is built into my
headspace. And for the past decade I've run Immunity, which is one of
the few pure-plays in the offensive space, but is still a small
insurgent by any standard. For the past couple of months I've been
working on adapting the modern counter-insurgency treatises to our area
of expertise.

Let me quote from Nagl'srecent book
<http://www.amazon.com/Knife-Fights-Memoir-Modern-Practice/dp/1594204985> in
the chapter dedicated to trying to change the Army from a "Sweep and
Clear" methodology to a "Clear, Hold and Build" counterinsurgency
methodology.

/"Only the population could identify the insurgents in their midst, and
they would do so only if they could be certain that they would survive
the experience."/

Recently Sony and GitHub have both come under attack from nation states
who want to enforce a censorship regime on them. What the US has to
offer these companies is a Sweep and Clear methodology. No doubt it is
clear to both of them and any interested observers that they may not
survive the experience of an ongoing conflict.

To move to a "Clear Hold and Build" strategy in cyberspace we need a
complete shift in focus. The first step is the least popular, and the
most difficult: We need to establish comprehensive situational
awareness, with as many layers as we had in An-bar province. Satellites,
Drones, SIGINT and HUMINT all played into building a picture in Iraq and
"Find, Fix, Finish, Analyze and Disseminate" (F3EAD) can be just as
devastatingly effective in the Cyber Domain.

However, just as in Iraq, building real situational awareness requires
partnering with a vastly different culture. In this case, Google,
Microsoft, Apple, and other companies, many of whom are not based in
America, are directly at odds with the USG when it comes to cyber policy.

The recent administration push
<http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html>
to implement "split key" cryptographic escrow on top of Apple and Google
is just one example. Even if implemented perfectly and painlessly,
Google and Apple will always remember it as an injustice forced upon
them, one that puts them at a severe disadvantage in foreign markets.

Unfortunately, the first step of Counter Insurgency (c.f. Kilcullen's
work) is asking yourself what kind of State you are trying to build and
whether that is even possible. We have not done even this. It's time to
do it now, and to begin building support for a comprehensive USG and
allied effort to perform proper Counter Insurgency in cyber.

If you want to collaborate on a policy (and random thoughts) document
for this, let me know and I'll see about sharing my current Google Doc
on this with you, or just come visit me at the bar at INFILTRATE
<http://www.infiltratecon.org/>. :)

Thanks,
Dave Aitel
CEO
Immunity, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150414/e6de9903/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20150414/e6de9903/attachment.sig>