nCircle.com >> 360 Security

« Live from Blackhat.... | Main | SCADAGard SIG To Be Established »

TK's comments on BlackHat 2005 Keynote

This years Blackhat keynote was given by Mr. Gilman Louie and he and I share something in common as we both started early in our careers in the computer game industry. The difference is that he has been much more financially successful ☺ and for that I think that is awesome. I’ll say it again, Information Security is just IT with an active opponent. ☺

He touched on a few things in the Keynote that I want to offer a counterpoint to and hope that the readers will research these topics on their own because they are fundamental to the elements of design when your task is to author or be a part of a successful Information Technologies Security System.

The three that I want to cover are:
The OODA loop introduced to us by the late Col John R. Boyd;
Friction in the system as a negative attribute;
Policymakers are clueless.

-- OODA Loop --
Just as he said, OODA stands for Observe, Orient, Decide, Act.
A superior competitive strategy is the ability to turn your OODA loop faster than the opponent and to “get inside” their OODA loop. This is a topic that has been written about in many business journals, sports strategies, and continues to ring true with military strategists.

The problem with Mr. Louie’s brief analogy (to someone unfamiliar with Boyd’s work) is the context of its usage in the keynote. The fact of the matter is that from an IT security perspective, there is no offensive posture as there is with Jet Fighter tactics and so I would like to clarify how an OODA loop would successfully be applied to a IT security strategy. To be fair, Mr. Louie did clarify that it is the business that is properly using the OODA loop with their competitors and not IT security. (Rock on Mr. Louie)

The words Observe, Orient, Decision and Action are self explanatory but where they sit in terms of the game play is the context that needs to be clarified. Lets break these OODA elements out in to their natural classes: Observe and Orient fall in to the Intelligence bucket and the Decision and Action fall in to the Execution bucket. We have the classic Intelligence versus Execution. Systems that are out of balance will exhibit extreme ends of the spectrum which are an “INFORMED non-EXECUTION” and an “UNINFORMED EXECUTION”. (I’ll blog more on this balancing act later)

If you want the biggest bang for your buck when applying the OODA loop to your IT Security defense, think about what processes or technologies you have in the system as a whole that help you Observe and Orient and how those are working with the systems or people that need this intelligence to execute. If you remain ALWAYS ahead of your adversary in terms of intelligence and execution, you will make your position unassailable. The trick is to think of these OODA terms in a pre-incident and pre-flow type of context. The coupling of this discipline at the time of flow or attack is too tightly coupled to yield a high degree of accuracy. For example, this is the basic design problem currently with IPS in that the OODA loop is too tightly coupled and many of its criteria parameters are far too closely related to the adversaries input.

-- Friction as a negative attribute to a system –
At more than one point in the talk Mr. Louie kept refereeing to the “removal of friction” in the system so I assume that this notion is important to his beliefs. He also stressed that “speed” is important and noted examples where slowness drive him nuts.

In systems theory, friction is not always a bad thing. Here I go with context again. ☺ The deal is that the transfer of “energy” (or it may be the transfer of knowledge as a byproduct of transit relationship) or the concept of friction can be a very positive attribute to use in system design. The real culprit that Mr. Louie should be identifying is inefficiency. I can build a low friction system that has very low efficiency which is not a good thing.

I can think of many systems that have been around for millions of years that depend on the concept of friction but we won’t get in to those here now, will we?

-- Policymakers as being clueless. –
There seemed to be an overtone that the people making the decisions were not well informed and more important to Mr. Louie’s point, I heard frustration in his voice with regard to the policymakers’ ability to seek the proper intelligence for their decision making. This goes back the OODA loop again where the policymaker needs better Intelligence (Observation and Orientation). ☺ While this all may be true or even true most of the time, I want to put something out there for everyone to consider.

Boyd himself said that there are do-ers and there are say-ers. In a nutshell, the do-ers are people who do things that really matter to the common good of the whole and in their hearts have a great deal of integrity. The say-ers are people who say things and their actions are aimed at their self promotion and sometimes at the expense of their integrity. I find, as does Boyd, integrity is job one and if you can’t trust yourself, game over, go back to bed.

(warning: blanket statement) The argument that a policymakers are just clueless people who don’t know anything is not a very responsible claim. While it may be true, the real question is if they are a part of my system, how do we get to steady state and a high level of efficiency.
I recall my as a teenager thinking that my teachers and parents were clueless, I recall as a young engineer thinking that my manger and the executive team were clueless, and we continue to see criticism toss out at leadership on the grounds that they are uninformed. Common theme? What is broken here is trust and communication between the adjacent layers. In game theory, this is key and to speak in a language that is most efficient to me, you need to find a way through communication and trust to establish a non-zero-sum game with these policy makers. Job one is to make sure there are communication and trust factors in place. If either fail at any point in time, a zero-sum game relationship will form.

Thanks for listening,
--tk

Reference:
Game Theory Ref.
http://www.gametheory.net/html/books.html

Boyd Books
http://www.sci.fi/~fta/boyd_books.htm

Blackhat ‘05
http://www.blackhat.com/

Posted on July 27, 2005 11:44 AM |

Search


About

This page contains a single entry from the blog posted on July 27, 2005 11:44 AM.

The previous post in this blog was Live from Blackhat.....

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]