[Dailydave] Overwatch and Cyber War

dave aitel dave at immunityinc.com
Wed Aug 3 10:54:58 EDT 2016 

<overwatch picture>

Overwatch <http://imgur.com/gallery/VkkGb>has swept the nation! In
particular, it's swept the small cadre of hackers that makes up Team
Cyber, to the point where you can make random professional connections
on any server Blizzard sends you to. A couple nights ago I talked about
INFILTRATE with some people while we shot at each other with imaginary
dragon arrows. And I wanted to talk here about the Overwatch story a
bit, because I think it describes a lot about how our dear friends in
Government Policy Circles see cyber.

Like a lot of stories, like Avengers, or really any movie ever,
Overwatch has a team of super-powered heroes wearing super-gear trying
to either protect or attack various super-weapons, like a "doom
gauntlet" or some super bomb on a floating cart. But the actual game is
about team dynamics. It's maybe 20% individual skill and 80%
communication and coordination. Like all modern games or sports there's
a "meta-game" of picking which strategy to use against the other team,
and the right "meta" changes at different levels of skill - a team of
novices is simply not going to be able to take advantage of the minute
shifts in game balance provided by a flanking strategy. 

Look at US Cyber Policy? What do you see but a focus on the "Doom
Gauntlets" of 0day and the "Payloads riding on the floating carts" of
Intrusion Software. If only we could hold another meeting on
vulnerability disclosure? Did you know cars have vulnerabilities? If
only we could protect ourselves from having BAD people hacking our
clearly outlined critical infrastructure but also make sure BAD people
don't communicate freely over Twitter but also GOOD people should be
invulnerable when in their hotel rooms in Ethiopia!

The thing about the meta-game of cyber war (or Overwatch) is that it's
impossible to describe in an hour long meeting at the CFR. And as much
as everyone likes to make fun of Dilbert-Artist Scott Adams
<http://blog.dilbert.com/post/148152679301/experience-is-overrated> for
suggesting on Twitter that "most things can be learned in an hour-long
meeting with top experts", that's exactly how our policy circles want to
work. Let's get some "top subject domain experts" in a room for an hour
with two policy people and then at the end they will make a decision by
redefining some things as good and some things as bad and let's see how
that works.  

So, very briefly here, I'd like to talk about the "meta-strategy" of
what in the US is known as "salami slicing" as far as Cyber War goes.

<genji picture>

One thing that you cannot do in most areas of conflict is
over-specialize. But the cyber domain is different. It rewards
overspecialization to a huge degree. If all my team does is Java
middleware, and we've got ten years of experience on only that, we can
hack any company on the planet without breaking a sweat. If I do only
ONE bugclass on Solaris of all things but I do it with the ease of
breathing, then I can hack anything as well. If I am the world expert on
cross site scripting then I will have a shell on kernel.org, guaranteed.
The struggle between all the groups with these levels of specialization
is purely about communication and coordination. There's no Doom
Gauntlet, or maybe there's only Doom Gauntlets or the Gauntlet is you or
something. Analogies always break down at inconvenient points.

When you see high level people in the US Financial world interact with
Spook world for the first time (often at INFILTRATE
<http://infiltratecon.com/>) they're amazed at this level of
specialization. "She spent 10 years on X.25?" they'll say, with a sort
of half-amazement-half-disgust in their voice. What I always hear is
that the high-skill-and-resource cyber meta-game is not what they expected.

-dave
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160803/f4df0542/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: overwatch.jpg
Type: image/jpeg
Size: 1470333 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160803/f4df0542/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: genji.jpg
Type: image/jpeg
Size: 613133 bytes
Desc: not available
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20160803/f4df0542/attachment-0003.jpg>

More information about the Dailydave mailing list