5.29.24 / Wade Hansen
It was a strange thing to be shot at.
The emotions one feels as the alarms sound and rockets careen closer are a mix of fear, indignation, adrenaline-fueled exhilaration, and sadness. I was not surprised by the attack – as an intelligence officer deployed to Iraq, I knew we were surrounded by insurgent elements with both the means and the motive.
In Iraq, I was part of the world’s most powerful warfighting force. We had amazing resources at our disposal – sophisticated technologies to detect and neutralize rockets, Predator drones to patrol the skies above, training, weaponry, and blast walls to protect the personnel deployed to our contingency operating base. Yet, some rockets still made it through. On Iraq’s roads, improvised explosive devices that cost a few hundred dollars to make took down million dollar Mine Resistant Ambush Protected vehicles and ended human lives.
Clashes in cyber space reflect a similar asymmetry. A Deloitte survey suggested that cyber security spending amounts to around $2500 per employee per year or $25 million for a company with 10,000 employees. Yet, each year thousands of these companies fall victim to hackers, who conduct attacks with little more than an internet-connected laptop.
Among the factors that led to a reduction in the violence in Iraq starting in the 2007-2008 timeframe was a unified counterinsurgency strategy. Building upon lessons learned in Vietnam and other guerilla-like conflicts in the annals of military history, General David Petraeus led a team that rewrote the book on asymmetric conflict: US Army Field Manual 3-24: Counterinsurgency.
Among the themes that apply to combatting both physical and cyber insurgency are:
Unity of Effort: In the cyber domain, we recognize that we are all interconnected by definition on the Internet. We aim to unify effort through groups like the Cyber Security Summit, ISACs and ISAOs, InfraGard, Cloud Security Alliance, and others. We confer with each other at RSAC, BlackHat, Defcon, and B-Sides to stay abreast of trends and developments.
Secure the Populace: People are the greatest vulnerability any entity has – and the greatest strength. They are susceptible to social engineering, phishing, and a variety of other schemes that bypass technology controls. Insider threats are a major threat. Just as no amount of force could win the hearts and minds of the Iraqi people, it takes soft power – education, training, and leadership to get buy-in from the rank-and-file members of our organizations to remain vigilant from cyber threats.
Intelligence: The goal of intelligence is to shift from reacting to an attack to preventing an attack – to “get left of boom.” While there is no crystal ball to see the future, analysis of trends in tactics, targeting, and attack vectors can help cyber defense teams to focus on the most likely and worst-case scenarios – and guides the allocation of resources to control these risks. In other words, cyber leaders need to know the details of breaches at analog companies. How did the intruders gain access? How did they expand privileges? Who are the threat actors? What motivates them? Do they target a particular industry? Why? Arming oneself with this knowledge allows a cyber leader to take action to reduce the likelihood of being similarly victimized.
Conceptualizing the cyber threat landscape as analogous to the battlefield of Vietnam, Iraq, Afghanistan, and the other historical guerilla-style kinetic conflicts punctuates the reality that the world is already at undeclared war in cyberspace. Corporations can no longer be bystanders – they’re under attack from online pirates, counterculture vigilantes, and nation-state sponsored hacking units. Bleakly, there will likely be no end to this war – unity of effort, vigilantly securing the populace, and continued commitment to intelligence operations must be part of the strategy for dealing with this reality.
Wade Hansen, Director / Great Lakes Region, Flashpoint
Wade is the senior representative to the Great Lakes region for Flashpoint, a global threat intelligence firm. In this role, he helps companies solve complex intelligence problems related to cyber and physical security threats, and fraud.
Prior to joining Flashpoint, Wade was a U.S. Air Force cyber intelligence officer, and led cyber threat intelligence operations for the National Security Agency defensive cyber operations directorate. Other military assignments focused on counterterrorism operations and asymmetric warfare and included a deployment to Iraq in support of a Navy SEAL team.
Following active duty in 2016, Wade was based in Saudi Arabia, where he helped American companies connect with partners and opportunities in the Middle East.
Wade holds a Master of Business Administration from George Mason University, a master’s degree in intelligence studies from American Military University, and a Bachelor of Arts in Middle East Studies/Arabic from Brigham Young University.