ArchiveOODA OriginalSecurity and Resiliency

Opportunity Lost? FBI enters corporate networks as if they are their own

When you advocate for cooperation and then act unilaterally, does that make future overtures more or less likely to resonate?

WASHINGTON — The United States said on Wednesday that it had secretly removed malware from computer networks around the world in recent weeks, a step to pre-empt Russian cyberattacks and send a message to President Vladimir V. Putin of Russia.

A big ‘win’ right?

For as long as I can remember, and I’ve been doing this a long time, the government has been preaching the importance of “public-private” partnerships and “information sharing.” Those are two things that have basically been in every national strategy or policy document dealing with cybersecurity since we started making them. But this latest action really makes one wonder what the point of establishing a supposedly mutually beneficial relationship with the government actually is, if they’re just going to do whatever they want, regardless of your considerations.

The government accessing private systems without system owner knowledge to take action is not new. It is of course perfectly legal, but then so is asset forfeiture, but that doesn’t always make such actions right or just. The government has no earthly idea what your IT infrastructure looks like, operates, or supports. They have no idea if their actions could cause problems. Problems they’re not going to have to deal with. And should the people responsible for these systems find themselves called on the carpet for the actions of a third party who just happens to work for the Department of Justice, the number of SACs or AUSAs who show up to advocate on their behalf is likely to be zero.

It is not as though there isn’t a public-private threat-response model with a track record that could have been used instead. Somehow the courts, cops, and industry all managed to work together – confidentially and leak-free – to thwart the actions of bad actors. It’s been going on for years. In fact, the government could have gotten a two-fer if it had gone down this path: The rapid elimination of a threat, and proof positive that collaboration has value.

Instead, we have industry adding “Rule 41” to their incident response playbooks, and deleting InfraGard meetings from their calendars.

Working with public information, at this early date, we don’t really know the full impact of these actions. Digital exigent circumstances used to be half a joke in the early days, but speed could very well have been of the essence and the risks justified. I think any fair critic would be happy to change tack were that proven true. And having been in government I know the level of effort a (flaming) hoop jumping that had to take place for this action to become reality.

But no one who has spent any length of time in this business can look at these developments and not think that there are other models we need to consider beyond martial and enforcement. Just because the modern industry’s roots can be traced there doesn’t mean that’s where its future lies. Maybe that’s civil defense, maybe that’s public health, maybe it’s something else. But if we don’t start exploring them in earnest, the only thing I know we can look forward to is more of this.


Become A Member

OODA Loop provides actionable intelligence, analysis, and insight on global security, technology, and business issues. Our members are global leaders, technologists, and intelligence and security professionals looking to inform their decision making process to understand and navigate global risks and opportunities.

You can chose to be an OODA Loop Subscriber or an OODA Network Member. Subscribers get access to all site content, while Members get all site content plus additional Member benefits such as participation in our Monthly meetings, exclusive OODA Unlocked Discounts, discounted training and conference attendance, job opportunities, our Weekly Research Report, and other great benefits. Join Here.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency


The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

Michael Tanji

Michael Tanji

Michael Tanji spent nearly 20 years in the US intelligence community. Trained in both SIGINT and HUMINT disciplines he has worked at the Defense Intelligence Agency, the National Security Agency, and the National Reconnaissance Office. At various points in his career he served as an expert in information warfare, computer network operations, computer forensics, and indications and warning. A veteran of the US Army, Michael has served in both strategic and tactical assignments in the Pacific Theater, the Balkans, and the Middle East.