A Strategic Shift in Information Security
The information security community has for a long time been using the medieval strategy of building castles to secure territory; better known as defense in depth. The strategy of defense in depth, while still very effective, does have its weaknesses. The digital arena is very fluid environment, and adversaries have adapted their strategies to deal with defense in depth. It is the age old problem of “If you build a better mouse trap, you end up with smarter mice.”
A new reality in information security has developed that it is now a matter of when, not if an organization is breached. This new reality compels an information security organization to search for new strategies to deal with an evolved adversary. Many organizations are now adopting contemporary military strategic thinking to help them address these new threats. Lockheed Martin was the first organization to start the move towards adopting contemporary military strategic thinking, with their paper on the Cyber Kill Chain. Other organizations has further adopted other current military strategies including those of Operational Security (OPSEC), Terrain and Plane, Intelligence, and the OODA Loop. This presentation will discuss these contemporary military strategies and how they can be implemented in the digital realm.