The Art of (Cyber) War
Michael Meis is associate CISO at the University of Kansas Health Systems. He gave a keynote on how the tactics detailed in “The Art of War,” one of the oldest and most successful books on military strategy in the world, are similar to those needed to battle cyber crime.
He outlined principles from the book and how those apply to current cybersecurity programs. The first is defining victory, which is just as important in cybersecurity as it is in traditional warfare.
“If you fail to define victory, I guarantee you will never reach it,” he said. “Defining victory in cyber is just as complex and difficult. Define what victory means to your organization. Develop a vision and mission statement … specifically for your security team.”
It’s also important to build teams around the idea of excellence, Meis said.
“With excellence, it’s the concept where everyone is there to do one thing — their job at the highest possible level,” he said. “When you instill these ideas, it sets a level of performance … and gives purpose to drive excellence … things that contribute to performance … to meet the victory definition.”
In addition, it’s important to know yourself and your enemy, he said. That means knowing your assets — for example, revenue generation and capabilities, your outcomes with people, processes and technology. That means knowing these things of your adversary, too.
Knowing your allies is important, Meis said. In cyber, that means third-party allies like vendors.
“Next, invest in coordination,” he said. “Become part of the organization. Our goals should be enable an organization to protect itself. We have to generate and support across the the organization. And coordinate outside of your organization.”
And lastly, avoid losing, Meis said. That means staying away from easy mistakes that give attackers an easy way in.
“You will be attacked, but you don’t have to lose,” he said. “This is where it’s important to invest in incident response capabilities, whether internally or bring in a third party. Invest in resilience. It’s important we can take a punch and get back up. That’s how we fight a battle and how we win a war.”
