Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld
Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…
Chapter 4: Cyber Warriors.
Understanding who the cyber warriors are and their level of training is just as important as the techniques they use. Chapter 4 starts off with defining that there are two types of warriors: Those with no training (most of the current warriors) and those that are now getting trained. The scary part is that because cyber conflicts are becoming more prevalent and invasive, more specialists are needed.
The new cyber warrior will receive certifications (either from vendors and/or organizations) in 1) “general information security”, 2) “penetration testing” and 3) “forensics”. The most prestigious certificates will come out of the Certified Information Systems Security Professionals (CISSP®) but certificates from SysAdmin, Audit, SANS, GIAC and ISACA will also be required for cyber security jobs.
Cyber warriors are typically well-educated but formal education is usually not enough. Master degrees in computer science, engineering, information technology, etc. are required but so are practical knowledge and industry certificates. Today the main source of cyber warfare education is still from the military with National Security Agency (NSA) Center of Academic Excellence (CAE) oversight. After all the formal education is done, these warriors must constantly keep up with the latest attacks and computer technology changes by attending conferences, following blogs, etc. throughout the year. Finally, why experience is important in cyber warfare is that many attackers approach problems from non-conventional ways that are often dismissed or discounted in formal educational environments.
Cyber warriors are quite different from the traditional warrior. Stamina and physical agility is replaced by problem-solving skills, maturity and intelligence. Thus, age and physical conditioning has diminishing importance. The physical conditioning taught in a traditional boot camp is not necessary for cyber warriors. Most cyber warriors like isolation, sitting by their computers for hours and their non-traditional activities to clear their heads. If there was a boot camp, I wonder if the physical training would require the ability to bench press a 6-pack of Mountain Dew.
Just about every developed nation has or is developing cyber-warriors, but they are not the only ones. Corporations and organized crime have their warriors too. Because of the high demand for cyber warriors (for legal or illegal activities) it seems that somebody is willing to look the other way of past indiscretions in order to hire a cyber-warrior. Many times the black-hat hackers who have been caught are then recruited by law enforcement agencies to help find and defend against other attackers. Equally surprising that law abiding crackers (or white hat hackers) could slip over to the dark side for a chance for more money and notoriety.
The number and the sophistication of cyber warfare is going to increase. New warriors are being trained every day. In a recent article about cyber-crimes the FBI predicted that 2012 will be worse than 2011 which was worse than 2010. This should not be a surprise since gaining the knowledge and experience can be done from the comfort of one’s own kitchen table or bedroom desk.