CIS Podcast: Cybersecurity Where You Are Ep.4

Dynamics of Cyber Defense...an Ongoing, Repetitive Process

Part 1 of a 2-part series

Technology is ever-changing AND ever-evolving, creating an uncertainty amongst cybersecurity professionals – the defenders – in their pursuit of an effective cyber defense strategy. The uncertainty of the defender can justifiably be attributed to the uncertainty of the attacker. In this week’s Cybersecurity Where You Are podcast, hosts Tony Sager and Sean Atkinson introduce cyber defense as a risk-based process to reduce the overall probability and impact that a cyber-attack will have on an organization.

Cyber defense never ends

Cyber defense refers to the ability to prevent cyber-attacks from infecting a computer system or device; it involves anticipating adversarial cyber actions and countering intrusions. There’s no “one-size-fits-all” when it comes to cyber defense protocol or strategy. However, a good cyber defense strategy should aim to protect, prevent, detect, respond to, and recover from external and internal attacks. As technology expands, the complexity of cyber-attacks also evolves, forcing cyber defense initiatives and defenders of such, to do whatever they can to keep up.

In a perfect (cyber defense) world, we’d know where the adversaries are, and know when and how they plan to attack. The problem with cyber defense is that there’s no one event per se, no singular ending in sight, and no heroic invention that’s going to thwart every single attack. Cyber defense never ends. To put it bluntly, a perfect system that eliminates all cyber risk does not exist, and it never will. On the flip side, cybercriminals aren’t perfect either.

OODA loop process

The OODA (Observe, Orient, Decide, Act) loop is a repetitive four-step decision-making process that focuses on gathering information, putting that information into context, making the most appropriate decision while also understanding that changes can be made as more data becomes available, and then taking action. Originally applied to combat operations during military campaigns, the process explains how agility and repetition can overcome raw power in dealing with human components.

The OODA loop is especially applicable to cybersecurity and cyber defense where agility and repetition (by the defender) potentially overcomes that of the attacker.

Cyber defense is an information-driven machine. It’s about being able to repeatedly take in information, take action, and then do things over and over and over again...kind of like the 1993 film, Groundhog Day. While the repetition may in fact seem like Groundhog Day, what’s actually taking place is the OODA loop process.

Fog of More

While cyber defense is an abstract model, cybersecurity defenders have to actually do concrete things. It initially comes down to having a plan in place and asking the right questions:

  • What data do we have?
  • Where is it?
  • What do we do with it?

Asking the right questions (for clarity) eliminates the Fog of More (coined by Tony Sager, of all people) – the overload of defensive support (i.e., more options, more tools, more knowledge, more advice, and more requirements, but not always more security).

Then, cyber defense involves creating policies and strategies based on data analysis, or business impact analysis, looking at regulations and compliance, threat intelligence, and how risk is being managed. The compliance perspective is two-fold: looking at cyber defense standards and procedures, and then thinking about the adversaries and gaps within an organization’s system.

It's safe to assume that bad guys are good at their jobs, but they're not perfect. However, the current ever-changing threat landscape only requires attackers to be right "once," while defenders need to be right all of the time. While the latter is not realistic, an effective cyber defense program requires defenders to gather information and data, put that data into context, make decisions, take action, and then REPEAT, REPEAT, REPEAT.

Episode Resources: