Before my last deployment (quite a while ago, thankfully) my unit was training on a variety of tactics to make us all more effective in an operational setting. That’s the long way of saying we were all getting PT'd repeatedly and learning how terrible we were at stopping the bad guys, luckily we all got better as time went on. Anyway…
One of the most valuable lessons we learned from working with the guys in some of the more “special” operational roles was that things shouldn’t be fair.
In other words, the bad guys didn’t play fair…Why should we?
How could we expect to win if we played nice and everyone else was moving with no holds barred?
I literally had a very crusty, very angry Master Chief say to me “if you ain’t cheating, you ain’t trying.”
Then we got PT'd again anyway, thanks to his acute observation of the squad’s failure to move on the threat fast enough, hurray push-ups. But nevertheless, his message came through (many, many push-ups later).
We got very good at cheating. We would do everything from placing sugar packets under rolling obstacles on the obstacle course so they didn't move and we could move faster, or shoving extra ammunition magazines in every conceivable spot on our persons we could find. One guy sounded like he had been eating ammo for his morning cereal he jingled so much when he walked, but he always had rounds long after the bad guys had run out. Once we had the concept down that in an operational setting, the bad guys weren’t playing fair – neither should we; our unit started winning more and taking the heat to the bad guys. By the time we left for deployment we were very good at stacking the odds in our favor and we continued this for the whole of our operational time.
It should be the same way in the cyber security setting. Your team and your security folks should be comfortable with cheating the bad guys out of a win. Can your team set up collection points and bogus assets that can be hacked so you can gain intel on the bad guys, if so then heck yes. Are you able to funnel traffic to a place where you “own” the connections and can “see” everything, then yes. Do that. Grab the chess board and turn it around so you can move the chess pieces into a place where you can game the system, be deceptive, funnel traffic, do anything operationally or technically that gives you the edge, cheat and win.
Use technology that gives your team or organization the upper hand. Inspect all your traffic, use more powerful analytics, honeypot, encrypt everything, whatever you can do to “cheat”. Find some way to be better than the adversary. Don’t play fair, ever. Cheat the enemy out of their tactical advantage.
You can be guaranteed that the bad guys would (and probably are) doing this very thing to your networks, users, and applications. Why the heck shouldn’t you? Cyberspace is a live fire operational environment, it’s a war zone that almost every person and certainly every bit on the planet touches in some way. Accepting that concept and embracing every possible advantage you and your team can come up with is a key to gaining tactical ground, which will lead to a strategic advantage.
You want to win in the cyber battlespace, cheat…