A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


The Art of Cyberwar: A Foundation and Framework for the Development of TTPs - Kevin L. Johnson (ShowMeCon 2019) (Hacking Illustrated Series InfoSec Tutorial Videos)

The Art of Cyberwar: A Foundation and Framework for the Development of TTPs
Kevin L. Johnson

ShowMeCon 2019

Cyberspace is a warfighting domain, on par with other warfighting domains: Land, Sea, Air, and Space. It is a force multiplier, securing and enhancing the effectiveness of other domains and their missions. It is also the world's newest warfighting asset that demands attention; defensive and offensive as well as tactical and strategic. When I took on this endeavor, many have often asked, how can I cover such a broad and enigmatic topic? Particularly, when so many still argue over the definition of cyber, how, where and when it should be applied? Who should be in charge of it and when command and control is delegated. Someone(s) has made this more complex than it needs to be. The realization of cyber and its proper application has been long overdue for the laying of plans. Cyberwar is an integral part of war, Sun Tzu having already laid the groundwork.Sun Tzu said: 1. The art of war is of vital importance to the state.2. It is a matter of life and death, a road either to safety or ruin.There is much to be said about the correlation between the Art of War and the Art of Cyberwar; however, that being said this not a replacement for the Art of War nor is it an evolution. It is simply, like its namesake, a framework and foundation; empirical guidance on what is important and why. The Art of Cyberwar starts with the 'Tenets of Cyberwar'. And, comparable to Sun Tzu, "The General that harkens to my counsel and acts upon it, will conquer: let such a one be retained in command! The General that hearkens not to my counsel nor acts upon it will suffer defeat: let such a one be dismissed." The Tenets of Cyberwar are: Reduce the Threat Surface (Reduce/Eliminate Access, TRU Encryption: 'in-Transit, at-Rest, in-Use', Defense-in-Depth, Deny by Default/Allow by Exception), Cyber Terrain, Defensive Cyber Operations (DCO), Offensive Cyber Operations (OCO), Threat Actors, Legal-Ease, Cyber Partners and Emerging Technologies. It is these key tenets that help highlight the importance of cyber in war, in its element, cyberspace. Cyberspace is a key tenet of kinetic success - on and off the battlefield. Cyberwar targeting and attack does not exist in a battlefield vacuum! In Cyberwar, all cyber services (Financial, Medical, Alert Systems/First Responders: Fire, Police, Ambulance, Industrial, SCADA, Transportation, Communication Networks, Supply Chains, etc.) are all impacted. In addition, to the military aspect!An attack by a threat actor/adversary does not and will not limit itself to battlefield targets; at one time, separation between battlefield and the actual nation state was dependent on where the actual battle was fought with the location of the battlefield taking the biggest negative impact. However, it is no longer the situation. Anyone, anywhere, with the right capabilities, resources and skill sets can impact any country without co-location to the country or battlefield. The Art of Cyberwar requires a change in how countries prosecute their wars, how they plan and prepare, and how they determine and define war. The world is already at war. Some countries know it; others simply don't or don't want to believe it and getting up to speed is the true challenge. It is a mission impossible. But, unlike the old TV series and recent movies, every country, company and infrastructure must start with the basics the best offense is a good defense. In cyberspace, they who attack without the benefit of good defenses is mutually assuring their destruction.

Bio: Mr. Kevin L. Johnson has worked in the communications-computer career field well over 35 years; to include, but not limited to: tactical radios/teletypes, mainframes, PCs, Servers, LANs and WANs. He's developed technical solutions, built, managed and secured networks, performed Certification and Accreditation (C&A), assessed communications-computer system's security, readiness, and sustainment, digital transformation, network defense, cyber operations, cyber mission planning, and was a part of a great team of Subject Matter Experts (SMEs) producing one the of DoDs first Fully Operationally Capable (FOC) Cyber Protection Teams (CPT). Mr. Johnson's current title is: Senior Cyberspace Security Specialist; performing varied functions as: Project Manager, Action Officer, Technical and Security Assessment Team Lead, and Artificial Intelligence (AI) Strategic Team Lead. He is responsible for providing and advising leadership, project partners, stakeholders, and customers on the best way ahead. His recommendations are based on current cyber polices, trends, emerging technologies, current threats and industry best practices.

Back to ShowMeCon 2019 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast