Warning Intelligence and Critical Infrastructure

If you are a security professional looking for a fantastic read… something foundational that you might have overlooked, I suggest Cynthia Grabo’s “Anticipating Surprise: Analysis for Strategic Warning”

Grabo book

Grabo reportedly wrote the book in the early 70s, but it remained classified until 2002. There are some fantastic concepts that help the security professional get out of the techno-centric run-the-software mindset and into a “think ahead” approach. (It is amusing that I am saying its useful to look back in time in order to alter perspective for effectively moving ahead.)

Here’s a great quote:

The philosophy behind indicator lists is that [an adversary] in preparation for [an attack] will or may undertake certain [activities], and that it is useful for analysts and collectors to determine in advance what these are or might be, and to identify them as specifically as possible.

At the risk of oversimplification, this means that if you are defending critical infrastructure, you would think through what an adversary may attack, and how that attack might come — getting into the specifics.

For example:

What facilities are the most important (to you, to the country, to specific customers)? What equipment is used at those facilities? How is that equipment connected to a network? Who has access to that equipment? What known vulnerabilities affect that equipment? and so forth.

In my experience, few defenders are systematically thinking in this way… have a read.