Moscow Rules: The original protocol for operating in the presence of adversaries can be applied to cyber defense

allendullesLessons learned from US agents who operate in enemy territory have been captured for years and transformed into a code of conduct popularly known as “Moscow Rules.” Those old rules existed for a reason. Real-world experience proved their effectiveness when agents had to operate in the presence of adversaries.

Since modern cyber defenders are also frequently required to operate in the presence of adversaries there are lessons from these old Moscow Rules relevant to cyber defense.

With that as an introduction, the following is a modified list of the old Moscow Rules designed to help the cyber defender under fire.

Consider these as “Moscow Rules for Cyber Operations”

  • Do not trust your gut. Your gut is not used to the manmade creations of cyberspace.  Instrument, measure, monitor and seek to confirm everything.
  • Do not trust any single source of information. Seek multiple sources, especially sources from outside your organization.
  • Design your cyber defense monitoring system to bring all sources together for “big data” analysis. This includes structured network and computer derived information and also unstructured feeds from advisory reporting, vulnerability reports, social media and specialized cyber intelligence feeds.
  • Backup everything of importance to your mission, and keep unalterable logs. This will save you, again and again.
  • Understand your actions are being observed. Your adversary is watching you watch them; you are never completely alone.
  • Every device in your system is potentially under opposition control. Your VOIP phone, your Telepresence system, your laptop, tablet and even cell phone, are all potentially compromised. Architect your enterprise to ensure penetrated systems are detected, isolated and their comms grounded.
  • Even in the complex heterogenous world of modern enterprise IT you can find boundaries and control points. Know where they are and how to leverage them to your advantage. Establish rules at every gate.
  • Protect your most important data, knowing that its loss could destroy your business. Other things need to be protected, but you likely can’t afford to treat everything the same.
  • Don’t harass the opposition. You want to enhance your defenses and keep them out. You do not want to embolden/encourage hatred. You want them to go away. More than likely you are not good enough at defending your own enterprise to even think of doing anything offensive. Save that for the government.
  • Keep your options open. Understand your adversary is a thinking, creative entity that will react and surprise you. The team you push out of your system may be replaced by a much more sophisticated team.
  • Know your tradecraft and make sure your entire team does as well (many exemplars and best tradecraft practices are available, a favorite of mine is the community produced Consensus Audit Guidelines).
  • Training and education of your workforce is important, but it will fail you. Even with all the training in the world your workforce will eventually be deceived by creative, determined adversaires. Know that right now a user somewhere in your organization is doing something they should not be.
  • Be careful about outside consultants. The cyber defense field, unfortunately, attracts charlatans who assert that they have special knowledge of how to defend. The only way to vet experienced cyber defenders is to have either observed their past performance first-hand or to get first-hand reports by those you trust.
  • Pick the time and place for action. Move fast to protect your most important info. Take actions to keep your adversary off balance. Build plans in well thought out ways to raise all other info defenses on your schedule.
  • Understand the human tendency to forget about the threat as soon as the current attack has been mitigated. Do not fall victim to this cyber threat amnesia. When not under visible attack, study, prepare, and test your own defenses.

Have you had responsibilities for defending an enterprise in the face of adversaries? Does the list above resonate with you, or is any part of it out of whack with your experiences? I would appreciate your thoughts.

Sign up for your free CTOvision Pro trial today for unique insights, exclusive content and special reporting.

CTOvision Pro Special Technology Assessments

We produce special technology reviews continuously updated for CTOvision Pro members. Categories we cover include:

  • Analytical Tools - With a special focus on technologies that can make dramatic positive improvements for enterprise analysts.
  • Big Data - We cover the technologies that help organizations deal with massive quantities of data.
  • Cloud Computing - We curate information on the technologies enabling enterprise use of the cloud.
  • Communications - Advances in communications are revolutionizing how data gets moved.
  • GreenIT - A great and virtuous reason to modernize!
  • Infrastructure  - Modernizing Infrastructure can have dramatic benefits on functionality while reducing operating costs.
  • Mobile - This revolution is empowering the workforce in ways few of us ever dreamed of.
  • Security  -  There are real needs for enhancements to security systems.
  • Visualization  - Connecting computers with humans.
  • Hot Technologies - Firms we believe warrant special attention.

 

Recent Research

What The Enterprise IT Professional Needs To Know About Git and GitHub

3D Printing… At Home?

Tech Firms Seeking To Serve Federal Missions: Here is how to follow the money

Creating The New Cyber Warrior: Eight South Carolina Universities Compete

Mobile Gamers: Fun-Seeking but Fickle

Update from DIA CTO, CIO and Chief Engineer on ICITE and Enterprise Apps

Pew Report: Increasing Technology Use among Seniors

Finding The Elusive Data Scientist In The Federal Space

DoD Public And Private Cloud Mandates: And insights from a deployed communications professional on why it matters

Intel CEO Brian Krzanich and Cloudera CSO Mike Olson on Intel and Cloudera’s Technology Collaboration

Watch For More Product Feature Enhancements for Actifio Following $100M Funding Round

Navy Information Dominance Corps: IT still searching for the right governance model

solid
About Bob Gourley

Bob Gourley is the publisher of CTOvision.com and DelphiBrief.com and the new analysis focused Analyst One Bob's background is as an all source intelligence analyst and an enterprise CTO. Find him on Twitter at @BobGourley

  • Jeff Stutzman

    Bob, well done as usual. These are lessons in both defense, and also opsec and as importantly, emotion. –Jeff

  • Nicole Furness Berg

    Hmmmmm……. Common sense? It’s too simple, yes, there is thinking involved, this where people get complacent n outsource their brains:)