Haiku #6 Double edged swords
Malware, Trojan, worm
Credential spray, brute force, tor
Tools? Weapons of war?
Most tools, whether we think about it or not, have at least two potential purposes; one legitimate and one not. Most people’s actions can be perceived similarly. A phrase that comes to mind when thinking about how to describe this is “one man’s terrorist is another man’s freedom fighter”.
When put in this context, the tools we develop must be considered carefully. What will happen if our good intentions go awry or someone else subverts them for their own plans that do not match ours? Current payloads and delivery mechanism may not have been developed as anything other that a way to conduct malicious activity, but when we think about it, all that attacker is doing is imposing their will on a target system. That’s a modern variation of Clausewitz’s definition of war: imposing your will on your enemy through violent means.
No matter what the context, a common theme is that most people and groups (no matter how altruistic outward appearances) tend to gravitate towards actions that suit their own self-interest, first. And actions that benefit others, second. This is just practical. Therefore when we consider new development, the thought process (whether taken as a security measure or just good development) must include a period of time in which the ideas of how a system, product or object could be manipulated for malicious purposes and how much we can influence or alter that outcome.
As we’ve seen in current events and throughout history, weapons developed by people who want peace can, in the wrong hands or used the wrong way, cut back at the wielder in unexpected ways.
This blog is primarily a way for me to collect and share thoughts about cybersecurity, my profession for over 20 years. Since I also like to write, I’ve organized it by the haikus that I’ve written (in the order written and published on LinkedIn and various other social media outlets). I enlisted in the Marine Corps as a Morse Code Interceptor in May 1995. Throughout my initial schooling, I was introduced to two critical foundations of information security: binary language and cryptology. After initial training I reported to Officer Candidate School in September 1996. Upon completion of initial officer training, I reported to Communications Information Systems Officers Course, which reinforced lessons learned in the cryptanalysis training and fostered a deeper understanding of networks as a whole. For three years, I applied these lessons on numerous deployments throughout the Far East, managing the installation of various types of networks for numerous exercises. In February 2001, after completing my initial active duty contract with the Marine Corps, I accepted a job at Booz Allen Hamilton. While working as a government contractor, I worked on satellite communications projects at Headquarters Marine Corps (HQMC) C4 and United States Pacific Command J6. When I reported to HQMC Manpower and Reserve Affairs (M&RA), I led a software development and securing of a large-scale ERP with over 100 spin-off supporting applications. Subsequently, I served at 4th Marine Division as the AC/S G-6 managed the RMF (formerly DITSCAP/DIACAP) integration of over 40 remote, temporary connections to the Marine Corps Enterprise Network. At every duty station since becoming a communications officer, I have been directly involved in securing networks. While in Japan I focused on deployed networks throughout Asia. Later I worked on securing networks in Southwest Asia and as the Information Assurance Officer for Manpower and Reserve Affairs. I’ve worked on cyber workforce development policy for the Reserve component while on the Joint Staff and at Marine Forces Reserve. What I’m truly passionate about is the art of articulating information technology requirements to C-level leadership both inside the Department of Defense and in commercial industry. As a career cyber security Marine, I see the next great challenge as keeping the population informed on current and emerging threats and wants to devote his professional life to teaching others in that area. My certifications include CISSP, GSLC and Security+. I earned a Bachelor of Arts degree in Spanish from DePauw University in Greencastle, Indiana and a Master of Arts in Romance Languages from University of New Orleans. Through my experience and higher education, I also enjoy mentoring other technical professionals and those who aspire to greater technical expertise in Spanish and French as well as English. I live in Covington, LA with my wife Nedra and our spoiled pack of wild hounds: Rex, Reina, Hogan and Henry. View all posts by John Keenan
Originally published at http://johnkeenanoncybersecurity.wordpress.com on January 27, 2020.