Exterminating the Cyber Flea: Irregular Warfare Lessons for Cyber Defence

Traditional approaches to tactical Computer Network Defence (CND), drawn from the lessons and doctrine of conventional warfare, are based on a team of deployed security professionals countering the adversary’s cyber forces. The concept of the adversary in cyberspace does not fit neatly into the conventional military paradigms. Rather than fighting an identifiable foe, cyber adversaries are clandestine, indistinguishable from legitimate users or external services, operate across state boundaries, and from safe havens that provide sanctuary from prosecution. The defender also faces imbalances with rules of engagement and a severe disparity between the cost of delivering the defence and the attackers ability to deliver an effect. These operational conditions are more akin with Irregular Warfare (IW) than a conventional conflict. This paper proposes a new approach to CND, based on a review of the literature on IW. Rather than fight the battle alone, the CND team should concentrate efforts to persuade and empower network users to take responsibility for protecting the organisation’s critical data. This approach seeks to apply the lessons learnt from IW, where the resistance to the adoption of security best practices, intentional or otherwise, is the real adversary. This approach appears more likely to deliver long term protection from the current cyber threats than a process, which requires the identification and tracking of adversaries that are invisible and constantly changing.