Posted by Rick Holland on July 28, 2014
Does something like this sound familiar? "We need to find, fix, finish, exploit, analyze, & disseminate this intrusion set along the kill chain via force multipliers so we can observe, orient, decide, and act according to tactical, operational, and strategic priority intelligence requirements." I bet that part of it does.
These days it seems that we cannot escape military concepts making their way into information security strategy. Firms are attempting to implement the kill chain, and vendor-marketing headlines these concepts. I've contributed to it as well. See: "Force Multipliers - What Security & Risk Professionals Can Learn From Special Forces."
I think that it is important to keep in mind that we aren't the military and don't have the resources of the military. While military concepts can be useful, buzzwords won't secure your environment; you could become distracted and utilize your limited resources in the wrong manner. As I was sorting out my Black Hat calendar tonight, I fortuitously saw a talk that is very applicable to this topic: "The Library of Sparta," with David Raymond, Greg Conti, and Tom Cross. Here is part of their abstract:
"Many people in the computer security community use words like "OPSEC," "Kill Chain," and "intelligence-driven" without fully understanding the underlying concepts. Even worse, many show their ignorance by using military jargon incorrectly, thereby alienating clients, customers, and colleagues. These concepts are powerful and should not be ignored, but they must be well understood before they can be leveraged in your network."
I couldn't agree with these statements more and I look forward to listening to their talk. If you attend the session, look for me; I will be securing the perimeter in MOPP Level 4 (joke for military and fellow veterans).
Image source: Wikipedia