11 August 2010

Boyd on CyberWar

The hacking (cracking) attack on Google et al has caused a phenomenon that actually puts those companies and even countries at risk. Over the last year, the response by companies and countries to these cracking episodes has been to lock down their intranet/internet systems, filtering content and making access more restrictive. As an example, the Air Force Material Command, even after relenting on bans with certain types of social media, still enacts a robust filtering policy that continues to restrict blogs, wikis, and the like. Australia is even considering filtering incoming internet traffic echoing China and other totalitarian countries.

The giant risk of this fortress mentality is that it actually makes the organization less secure because it makes the organization less nimble. By enacting more security, an organization inevitably enacts more bureaucracy which creates friction and slows reaction ability to a grinding halt. This phenomenon is captured well in the Starfish and the Spider (I synopsize it here) and was a central tenet in John Boyd’s discussions on how armies win wars. I propose that rather than locking down access to the internet, organizations relinquish control and let employees, partners, and other supporter’s route crackers and malcontents via an organic set of decentralized tactics (this may already be taking place). Twitter is indeed mission critical. In cyber operations, observing, orienting, and acting faster than the adversary is the only way win.

No comments: