Finding The Hidden InfoSec Story

The Reconnaissance Troop Leaders Battle

Photo Credit: Defence Images via Compfight cc

Many years ago, at the tail end of the cold war, I was privileged to be the troop leader of an armoured reconnaissance troop based close to what was then the inner German Border in West Germany.  We spent days, weeks and months training to defend Europe against the soviet hordes that would roll across western Europe, heading for the Channel Ports.  Of course they didn’t in the end, and we ended up in a range of other, more regional, conflicts and operations.

One thing that has always stuck with me, however, are the common threads that characterise the Recce Soldier’s battle.   Now; older, though probably not wiser, I am repeatedly struck by how relevant these lessons are to the battlefield that has become known as cyberspace,and the security operations we employ to protect ourselves and our charges on a daily basis.

The first thing we become aware of is the contested nature of the environment.   Whilst we are continually seeking information for our own interests; we must be aware that we may also be providing it to the opposition.  Watching (and possibly being watched by) the watchers is something that we must all understand and embrace.

The second thing that becomes clear is the dynamic nature of the environment.  This is not just about actual movement, but is about active positioning and posture, based on an understanding of other players on the field, their aims and constraints.

Thirdly, we must clearly understand both our objectives and where we have freedom of action – at strategic and operational levels.  We must be in a position to seize the initiative in a fast moving situation without upsetting the strategic plan.

Finally, the recce battle is all about people, their intent, their capability and their limitations.  The environment in which we all  operate may exacerbate or limit our effect, but it is us and them, the people in the equation who provide the engine that drive the battle.

Effective information security management can give us enormous organisational intelligence and control of the environment we seek to protect, but we must ensure that we are aware of the other players in the space (friendly, hostile and neutral) and what they are doing (or seek to do).  We must be aware that other people’s initiatives may shape the environment as effectively as our own, and remain alert to what is actually happening, constantly retuning our picture of what is going on around us.

We must remain flexible and we must be prepared to take bold steps, knowing the boundaries within which we have freedom of action. We must be aware of our context, and not lose sight of our own objectives.

Finally, though technology is often a critical part of our infrastructure, we must not lose sight of the fact that it is the people in the mix who shape the battle.

Author: Tom Fairfax

Share This Post On