For a while now, we have been inundated with news of breaches across the entire spectrum – from the enterprise to the public sector and it seems it wouldn’t abate anytime soon. The defacto reactionary measures put in place to mitigate polymorphic threats has failed immeasurably and it will be strategic to delve into other playbooks in our zest to finding holistic solutions to this malaise. Patterning the present threat landscape imbuing counterterrorism strategies will aid quick detection of anomalous behaviour.
Intrusion detection strategies have always focused on system vulnerabilities, and thereby ascertain immediate threats and not strategic patterns. When you take an introspective look at the current threat landscape, which in itself is quite fierce, it demands strategic-level insights of the all-encompassing threat which includes but isn’t limited to newer tactics, techniques, and procedures. When the Cyber Kill Chain was promulgated to serve as a yardstick for cyber-intrusion detection a while back, intrusions were quite mild as compared to now.
Experts have over time slanted their perspectives on how the Cyber Kill Chain is functionally analogous to the Terrorism Kill Chain which I agree with to a larger extent. The insights garnered during cyber-analysis – aggregate patterns, overlapping indicators, predictive threats reports is in similitude to strategic-level counterterrorism analysis but with the exception that cyber-attacks spring up faster and in bigger proportion than terrorism. Employing counterterrorism tradecraft can have a primal effect on the cybersecurity landscape.
Gathering intelligence is the pivotal fuel that drives operations, and cybersecurity operations must be equipped with tools and techniques for collecting attack data in addition to remediating attacks. Spotlighting the aggressor’s kill chain especially polymorphic-centric based threats, the defender is equipped with not just the ability to foil current attacks but to forestall future occurrences while also hardening its defensive posturing. Besides employing the intelligence cycle, other worthy of note counterterrorism intelligence practices are:
- Centre of Gravity Analysis
- Analysis of Contending Hypotheses
- Predictive Analysis
- Preliminary Analysis
There’s need to set this straight, IT professionals are not counterterrorism experts due to the fact that there’s a lack of formal intelligence training in the IT sector and there’s need to address the skills and capabilities gap. With Strategic Intrusion Analysis (SIA) being fused with counterterrorism intelligence tradecraft, cyber-resilience will be ensured and it will enable C-Level decision-makers to inculcate bespoke solutions into enterprise-wide risk management and governance processes.