Estrogen Mafia Training (20): Laws of Cyber Warfare

How can you protect your world and the future, facing new security threats in cyber space? The realm of Cyber Warfare combines several sciences together: Military, Psychology and Technology. Meet a new branch of knowledge.

Law 1: Remember, you are weak, the adversary strong

There was a time, when many young men entered the Army, even mandatorily, to gain basic military skills, and they were prepared for a service to protect their national values of freedom and sovereignity for their whole life. Armies exist to this day, and military art is still teached – but the world changed substantially, and the importance of ground forces is decreasing, in favor of cyber warfare. Almost any part of modern military is now connected with electronics, networks, computers and processors. Every day, every minute, IT in the military penetrates deeper and deeper, and so grows its importance.

Future wars will be fought with steadily decreased human participation on the battlefield. Have a look at wide use of UAVs (drones) today already – both opposite sides will want to avoid human casualties, because it looks badly in the news. Moreover, it seems advantageous to use technology, instead of humans with limited abilities.

But there is no general conscription to gain basic cyber warfare skills. For example, many people can use physical arms – but how many of them are able to protect their data environment efficiently, or even to hack a device, to surpass an electronic protection? To unblock their iPhone?

How many of this advanced users do you know? If you don’t work for a IT company, probably little. And the rest can’t help to defend their companies and countries in a case of emergency.

The result is disturbing: whole countries are insufficiently prepared for uncertain future, filled with those cyber threats. And the same applies for companies. Of course, there are IT departments with skilled operators in every company. But if a CEO or boss has no concept, knowledge and understanding of the issue, his “soldiers” will never be as efficient as they could be, and vast money spent for cyber security will partially wane.

Law 2: Respect and know your adversary, like a friend

Your employees work only for money, it is their motivation, and they often care only a little about the happiness of their company. But the opposite side is completely different: they are the elite volunteers. Intellectual, ingenious, talented, determined, loving their work, extremely skilled. They are the most dangerous adversaries. They were raised with computers from the low age. Their life is in cyber space and they love any challenge.

Nobody has to push them into work. They sit hours and hours in front of their computers, days and nights, voluntarily, just to have work done, just to fulfill themselves. They are willing to work for free, if anything or anybody offers them a fun, a realization, a mission. It is their world, not ours – let’s admit it. They move through it swiftly and quickly, with perfect knowledge of any corners, they move in the light. We just struggle to make basic tasks slowly, and we wander around, missing all the critical information and skills.

And imagine, that one day they’ll decide, they are motivated or persuaded, to choose your company as a target. That will be no fun anymore. The media describe this people as foolish youngsters, but the truth is completely different: they are elite professionals, and it is not wise to underestimate them. You should respect them, if you want to survive on the cyber battlefield and to save your values.

Go out and meet them, know them, familiarize with them, even become friends with them. Learn about their thinking, motivation, values, stances, approach, opinions. You have to become one of them literally, to see the world the same way, to see possible security holes.

Law 3: Limit your reactions to an attack

Usually, an action is followed by a reaction. But in the cyber warfare, this approach is completely wrong and can bring much more damage, than the basic incident. So if an incident occurs, the worst reaction is to fight back.

“Black Flag Operations” existed for centuries, but there is a big difference: to fake an identity today is the simplest task. It’s in the best interest of your adversary, to persuade you, that the attacker is someone else. Then, two sides fight each other and weaken themselves, they are distracted, and the original adversary waits patiently, saving his powers for a surprising offensive, or uses the commotion to another strikes.

To spend time and energy with investigating possible culprit and trying to revenge is not only useless, but also dangerous, because you could manufacture a strong and angry opponent from a third side, if the false evidence was carefully planted and you eat this bait. So there should be a general policy: there is never a culprit, no blame and suspicion.

Nothing happened. Keep control. Don’t get provoked for some rash actions.

Declare to your surroundings, that you will make no counter actions against anybody, that you have no assumptions and suspicions, that this was only your mistake and you blame nobody for it. Assure everybody of not attacking back, and keep this word. If everybody would keep this rule, any effectivity of all black flag operations could become history.

Law 4: Don’t hide behind firewalls, be mobile

Firewalls are like bunkers – they provide the feeling of false security. But famous theoretist of political power Niccolo Machiavelli said, that these stable defense positions only bring disadvantages, and no fortresses should be built.

If you hide behind walls of a bunker, it becomes your prison. The enemy can choose time, direction and way of attack, and you can only wait, worried. Forces should stay mobile. Go out, read articles about Cyber security, meet hackers and be friendly to them.

Adjust your philosophical perception of data, victory and loss, safety and danger. Consider the value of your data as low as possible, try to imagine their loss in advance, and persuade yourself that they are not critical for your life. Only the data you don’t have can’t be stolen, only non-existing data you can’t lose and be damaged of it.

So don’t rely on any alleged protection too much, and search for additional means of protection from unexpected sides. More unorthodox you will be, more your defences will hold and you can survive in a hostile cyber environment. And it also brings new perspective on things. Think outside the box. No firewall can be 100% – there is always the human factor as a basic security threat.

Law 5: Count with human weakness

The science of “Social Engineering” works quite simply – instead of breaking into someone’s computer “hard way”, you lure the password from the user. So it’s a typical example of using the soft power, advanced psychology and human weaknesses. The people are easy to persuade and deceive, to do exactly, what an attackers wants.

People will be the weakest link of cyber security – always. It is so easy to forget all precautions and make a bad click, or forget the rules and open a bad email attachment. Count with this weak link in advance.

Law 6: Women as ultimate assets

Believe it or not, but women will be very efficient soldiers in cyber warfare. Why? Because this strange battlefield is mostly non-material. Soft-power plays an important role here, and it means, that psychological, emotional and sensitive matters are critical. Women have that needed “feeling” of things, that sixth sense.

Cyber security is not only a software solution. As you can see, there is also an important part of psychology, for example, for Social Engineering prevention. In battle between technology and emotions, emotions will always win. Female operators will be the only, capable of defeating whole armies of foreign and domestic hackers, including military hackers. Female assets will be feared, and hard to defeat (perhaps just by another women). Properly instructed female operators are aces in any cyber defense.

So diverse your IT security teams, and support women in your IT department as much as possible – with good wages and pleasant work place.

Conclusion

If you want to keep the safety of your environment, you personally have to become an IT security asset. Be informed, careful, don’t hide behind illusions, discover the power of female unique qualities on the cyber battlefield.

The certain way to defeat all threats is to have no data. This quote is important to know, because it provides you an option. And human soul loves options, it helps her to smile again.

With your cyber skills, you can contribute to the national safety and world stability too. The present world is challenged by new, most serious security threats, and all of us are now responsible for keeping our countries safe in the upcoming age of cyber warfare.

Alan Svejk - alansvejk@alansvejk.com

alansvejk@alansvejk.com