For those of us practitioners in the cybersecurity space who have tracked policy concepts, one that has been around forever is the idea that good guys from government may one day need to take action in privately owned computers. Since the late 1990’s, concepts have been considered like the idea of a self propagating piece of good code (a worm) that would gain access to infected computers and patch them or take other action to fight bad guys in privately owned computers. Now for what seems to be the first time in history the US had done this (previously court orders had been issued to do things like send kill commands to a botnet, but this is bigger, it is fixing computers!). Views on what this may mean are provided here.
We strongly encourage every company, large or small, to set aside dedicated time to focus on ways to improve your ability to understand the nature of the significantly changed risk environment we are all operating in today, and then assess how your organizational thinking should change.
As an aid to assessing your corporate sensemaking abilities, this post summarizes OODA’s research and analysis into optimizing corporate intelligence for the modern age.
In this week’s OODAcast we interview Ray Wang, CEO of Constellation Research. Ray is a great leader, evidenced by the people he has attracted to his firm. I know many of his team and can say for a fact that they are people who can do just about anything they want (which means they are in a position to pick their boss). Ray is also an entrepreneur, and in this OODAcast provides context anyone thinking of starting out on their own should consider. One of many anecdotes he provided was an insightful recap of a conversation he had with his then boss at Forrester Research, George Forrester Colony, which made it clear to Ray that he faced a choice. He could work at a place that wanted to motivate him to be as average as possible or he could go out on his own and create his future himself. It takes a type of bravery to do what Ray did next, a type of bravery very likely at the core of any entrepreneur.
Something is different in the geopolitical situation today. The reasons are probably a combination of factors that include the pandemic, the rise of the global grid of cyberspace, plus the payoff of years of planning and strategic moves by our adversaries. But whatever the reasons, the world today is more complicated and more dangerous than the world of just a year ago, and in many cases the risks being faced by open societies have never been seen before. The changes are so significant, OODA recommends all business leaders take stock of the geopolitical situation and assess how the nature of these changes should impact your business strategy.
“The world is a more dangerous and complicated place than it was just a year ago. Your corporate strategy and defensive posture needs to reflect that”
Lisa J. Porter has successfully lead some of the world’s largest and most critical technology efforts. Her career started with a focus on academic rigor in pursuit of some of the toughest degrees, a B.S. in Nuclear Engineering from MIT and a PhD in Applied Physics from Stanford. She would later lecture at MIT and then became a researcher for DARPA related projects, eventually becoming a DARPA program manager. Dr. Porter would later lead NASA’s Aeronautics Portfolio, would become the first Director of the Intelligence Community’s IARPA, became President at Teledyne Scientific and an EVP at In-Q-Tel, and then was named to be the Deputy Under Secretary of Defense for Research and Engineering, an office which is essentially the CTO for the entire Department of Defense.
OODA Network members are invited to participate in a monthly video call to discuss items of common concern to our membership. These highly collaborative sessions are great ways for our members to meet and interact with each other while talking about items of common interest. We also use these sessions to help better focus our research and reporting on member needs. To encourage openness of discussion, these sessions take place with Chatham House rules, where participants are free to use the information in the meeting but are asked not to directly quote or identify other participants. But we did capture a gist of discussions for the benefit of members who could not attend in person.
Lessons In Leadership, Intelligence Analysis, and Geopolitical Trends From Retired LTG Robert Ashley, former Director of DIA
Lieutenant General Robert Ashley, USA (ret) was the 21st Director of the Defense Intelligence Agency (DIA). He retired in November 2020 after over 36 years of active-duty service as an intelligence officer. He had previously served as the Army’s lead for all intelligence (the Army Deputy Chief of Staff, G-2), where he was the senior advisor to the Secretary of the Army and Army Chief of Staff for all aspects of intelligence, counterintelligence and security. During his long career he commanded organizations charged with gaining insights into adversary intentions and making them actionable for decision-makers. This included work overseas including six combat tours in Iraq and Afghanistan as a squadron, brigade commander, and Deputy Chief of Staff for Intelligence (J-2). Other tours included assignments leading intelligence for the Army Joint Special Operations Command; United States Central Command; and for all US forces in Afghanistan. He also led Army intelligence training and education.
Updated Executive’s Guide To Quantum Safe Security: Take these steps to make your enterprise quantum proof
This is an update to our Executive’s Guide to Quantum Safe Security, based on a new round of research that has included interviews of OODA Network experts, technology providers and senior executives in enterprises. Quantum Computers will bring new power to adversaries. But when? And what can you do now to mitigate that threat? This report provides insights that can drive your action today.
Lessons In Leadership From Ellen McCarthy and Her Journey From Junior Analyst To The Most Senior Echelons of the Intelligence Community
Ellen McCarthy is a highly accomplished and distinguished executive whose career started as a junior analyst and ended up reaching to the very highest echelons of the US intelligence community. In this OODAcast we explore lessons learned from her journey, capturing insights that can inform actions for those at any stage of a career.
This post provides executive level context and some recommendations regarding a large attack exploiting Microsoft Exchange, a system many enterprises use for mail, contact management, calendar/scheduling and some basic identity management functions. This attack is so large and damaging it is almost pushing the recent Solar Winds attacks off the headlines. Keep in mind that till this point, the Solar Winds attack was being called the biggest hack in history. So this is a signal that the damage from this one will also be huge.
It is not just the technical team that will have to respond. Executives everywhere should consider their action plans. This post will help you kickstart that.