Iron Rain: What Defines a Cyber Insurgency?

Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

“A fool pulls the leaves. A brute chops the trunk. A sage digs the roots.” – Pierce Brown

The western world is currently grappling with a cyber insurgency.  The widespread adoption of the “kill-chain” coupled with the use of memory resident malware has fueled the cyber-attack wild fire.  The security architectures mandated by regulators and standards bodies are collapsing. History does repeat itself.   One should study the evolution of insurgencies to better grasp the nature of cybersecurity 2018. 

In the Red Rising Trilogy, Pierce Brown introduces a military tactic that could only work in a world where humans live on multiple planets and asteroids. We won’t spoil the book completely (go read the series, it’s awesome) but for the purposes of this blog an Iron Rain can be defined as a mass invasion tactic. Enemy fleets gather outside the atmosphere of a planet and use pods or other drop ships to launch an unbelievably overwhelming military force on a planets populace.

It’s overwhelming. It’s instant and if you mis-react you are doomed to fall to the Iron Rain. Just like with cyberattacks. It must be stated that attacks are not stand alone and in many cases they are simply part of a larger “Iron Rain” effort. If you follow the strategy behind most nation state attacks you quickly start to realize that these efforts resemble insurgency tactics more than they do standard military ones.

What defines a cyber insurgency?

The Department of Defense Joint Publication 1-02, Department of Defense Dictionary of Military and Associated Terms (Washington, DC: U.S. Government Printing Office [GPO], 12 April 2001), defines an insurgency as “an organized movement aimed at the overthrow of a constituted government through the use of subversion and armed conflict.”

In cyber terms “an organized movement aimed at the disruption of cyber systems and through subversion and armed cyber conflict.”

The goals of the cyber insurgency may vary however the following conditions must exist for a cyber insurgency:

  1. You must have a common entity or authority against whom your actions are directed
  2. You must have the tools of cyber insurrections themselves: and the systems to launch attacks against the entities.
  3. The cyber insurgents must be willing to use cyber force against their targets. This element distinguishes a cyber insurrection from intelligence gathering purposes.

As a former U.S. Marine we were taught to think differently. We were taught to think like the enemy and take it to them when needed. The Marines have a history of doing more with way less we take pride in it. Just like infosec teams. Over the last few years it has become apparent that our enemies are emboldened and becoming more aggressive. We must shift thinking and tactics to begin to turn the tide. Just like every battlefield Marine. Intel changes, things move and fast people’s lives are at risk.

It is fundamental that cybersecurity professionals take a page from the annals of irregular or low intensity warfare to better understand how to combat this threat.  This article is meant to begin an open discussion on how we as defenders can best modernize our strategies of cybersecurity. Much of the strategic tenants below are derived from The Marine Corps Counter Insurgency Manual or FM 3-24 MCWP 3-33.5 and adapted to the world of cyber.

Over the course of this series we will discuss strategies to help combat cyber counterinsurgencies.

To effectively discuss cyber insurgencies we must discuss the idea of irregular warfare.

Low intensity warfare or irregular warfare is a violent struggle among state and non-state actors for legitimacy and influence over the relevant populations. Irregular warfare favors indirect approaches, though it may employ the full range of evasion and other capacities in order to erode an adversary’s prevention, detection, and response capabilities.

When counter insurgents attempt to defeat an insurgency, they perform a range of diverse methods intended to counter an insurgency. Leaders must effectively arrange these diverse methods in time and cyberspace to accomplish strategic objectives. The various combinations of these methods with different levels of resourcing provide each team with a wide range of strategic options to defeat an insurgency.

“Effective cyber counterinsurgency operations require an understanding of not only of available cyber security capabilities but also the capabilities of the adversary.”

 The tasks counter insurgents perform in countering an insurgency are not unique. It is the organization of these tasks in time and space that is unique. For example, financial organizations may employ strategy to align and shape efforts, resources, and tasks to support strategic goals and prepare for specific attacks on their institution. In support of this goal, good strategies would normally emphasize security cooperation activities, building partner capacity and sharing threat intelligence.

Business leaders and security leaders must have a dialogue to decide the optimal strategy to meet the security needs of the organization the team is supporting. Different capabilities provide different choices that offer different costs and risks.

Unified action is essential for all types of involvement in any counterinsurgency. Unified action is the synchronization, coordination, and/or integration of the activities of entities with cyber security operations to achieve unity of effort. Your organization must have a unified approach to cyber operations.

We must begin to think collectively as an organization. The time for siloed decisions is over. The time for unified action is here and we must unify our strategies to combat the ongoing cyber insurgency.  On July 19, we will be releasing the Cb Quarterly Incident Response Threat Report (QIRTR) where we survey dozens of our IR and MDR partners per ground truth in cyber.  The results will be interest to you and your organization. Stay tuned! 

The post Iron Rain: What Defines a Cyber Insurgency? appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?