Home Unlabelled Offensive Cyber Ops - Opinion

Offensive Cyber Ops - Opinion

By
Wednesday, August 12, 2015
Read
Add Comment
This has been a hot topic I have seen discussed quite a bit on LI and in some very recent national newsworthy stories.  With that being the case I thought I would put down some of my quick thoughts on the subject so I don't have to keep retyping them.  Also I have shared these ideas with some colleagues who are much more actively involved in these type of things and I thought this thread would be a good point for further discussion by experts way more knowledgeable than me for the purpose of all of us learning more and/or gleaning new or varied insights.
For the purpose of what I state below I personally define "Offensive Cyber Operations" as ANYTHING that goes OUTSIDE of the organizational perimeter and is not PASSIVE in nature with the intent to isolate, identify, AND actively DISRUPT a perceived identified threat actor by acting on said entity in a DESTRUCTIVE MANNER.  
Please Note: For ANY type of Offensive Cyber Operation the organization wouldhave to at a minimum A) define identification of what this would mean, B) identify capabilities it would have to gain or leverage, C) identify and define rules of engagement (ROE), D) identify and define escalation and deescalation criteria and process. 
With that being said here are what I would think some “pros” would be:
Pros –
  • It allows an organization to gain more threat intelligence
  • It has the "potential", albeit very small, to discourage threat actors, again though I personally think there are too many variables to emphatically state that this would happen.
  • It gives the organization the "psychological satisfaction” that SOMETHING is being done. From a practical point this again is very questionable from an organizational psychology point it is important. 
  • It allows staff to refine and practice offensive cybersecurity skills and become better threat intelligence analysts, coordination, and information sharing.
Cons –
  • Requires (or at least SHOULD) precise attribution (which is in itself very hard to do)
  • Potential for collateral damage if attribution is not properly made or variables assessed.
  • Could and probably in many cases would exacerbate the situation by making attacking entity more resolved and “up the ante”.
  • There is no solid “rule-book” on how to go about this. Many theories floating around on offensive cyber operations but nothing definitively sanctioned and backed by legislation and local, federal, and international law.  There are some efforts in this area taking form but nothing cohesive and all agreed upon.
  • Could trigger exponential attacks not only on the entities involved but on similar entities within the same industry.
  • BIG ONE HERE – Could potentially be a large LEGAL LIABILITY factor, both from external sources and/or even from internal employees.
  • No ability to quantify or even qualify what success would be in this area. How do you define that first?  If you don’t have a way to define what a successful offensive operation is, and you have no way to measure it, how do you know if you are executing it correctly?  This would have to be operationally defined by the organization and that in itself would require a high level of expertise and agreement. 
  • High potential of NEGATIVE or MISCONSTRUED MEDIA ramifications which could seriously impact business operations, business stature, etc.
  • Distracts from the organizations true business model and goal (unless you happen to be a cyber security entity).  
  • Requires an increase in LOE in your Cyber Security operations let alone much more professional specialists in order to approach comprehensively and correctly.  
What do you think?  
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us