Planning for ‘Cyber Fallout’ After the Iranian Nuclear Deal
By Jessica ‘Zhanna’ Malekos Smith
Link to the article that is referenced: https://www.justsecurity.org/61067/planning-cyber-fallout-iranian-nuclear-deal/
Within this article, I worked on some projects looking at these incidents for threat assessment purposes. They are spot on within their assessments for sure. The real nuggets are in the last few paragraphs.
“Going forward, as the Federal Government collaborates with ICT providers and other private sector industries in sharing more threat and vulnerability information, a stronger emphasis should be paid to teaching behavioral and predictive threat analysis techniques.”
“While a good Cyber Mission Force Team understands the opponent’s operational capabilities and tools, a great team distinguishes itself by also leveraging its cultural knowledge of the opponent. Without sufficient cultural awareness and historical context, U.S. cyber operations will not anticipate attacks or deploy countermeasures to maximum effect. Building a country-calibrated cyber strategy will better protect networks and ‘defend forward’ against cyber threats.”
This is something I had been saying and taught leadership about in 2014 when I worked at the USAF’s 67th Cyberspace Wing. It is something that I have advocated for amongst cyber intelligence analyst and shops; knowing all of the cool tech side of the house is fine, but at the end of the day, it still boils down to a person sitting behind a keyboard and a decision maker (at least when dealing with nation-state actors) who is directing the planning and giving the order to conduct an attack. You have to take this to a step further beyond cultural knowledge and historical context. These are just two pieces of the puzzle. If you can determine who the decision makers are, then you have to do that human factors analysis and profiling of the decision makers, - this will help complete the picture and could even help determine what decisions may be made in regards to their targeting and what they may do. If you know what a person is willing to do and what their right and left limits are, then you gain a better understanding of what will affect their decisions and to what degree they are willing to go.
#M20AssociatesSME #SME #CyberFallout #CyberSecurity #CyberIntelligence #ThreatAssessment