In fact, you may be aware that papers and approaches like Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains by Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin, Ph.D. were inspired by the desire to move "left of boom" regarding IEDs.
In this post I will highlight elements from the interview which will likely resonate with those working digital security problems.
- The threat "shares information globally," and engages in an "arms race" with defenders, sometimes by "sitting in front of a computer" devising the latest tools and techniques.
- The adversary can introduce changes to tools and techniques in weeks and months, not years or decades as was the case with conventional or strategic weapons.
- For a "meagre expenditure," the adversary can impose "huge costs on defenders."
- The goal of the security program (i.e., JIEDDO) is to provide commanders freedom of maneuver to conduct operations (business) in an IED environment.
- "If you're worrying about the device, you're playing defense." Don't focus only on the device, put pressure on the networks (of adversaries who design, build, and operate the weapons.)
- Intelligence plays a key role in defeating adversaries. Winning involves applying "lethal pressure, "along with government techniques. "It takes a network to defeat a network."
- Defeating the device attracts the most attention and funding, but training users and attacking the network must also be pursued. Training involves ensuring that operators are using countermeasures effectively and appropriately.
- JIEDDO shares threat intelligence in unclassified form so industry partners can devise countermeasures. The unclassified documents are backed by a classified appendix that describes how troops deploy countermeasures in operational settings.
If you'd like to see examples of the IEDs encountered in the field and some US countermeasures, check out the first segment.