Cyber Warfare – Truth, Tactics, and Strategies: Strategic concepts and truths to help you and your organization survive on the battleground of cyber warfare Kindle Edition

For those who are already steeped in the principles of warfare, Dr. Cunningham's book is a modern introduction to cyber warfare: the whys, the hows, and the significance for future engagements. It includes plenty of details about cyber attacks that have made the headlines in the past few years, as well as a few that didn't, and lays out the implications for defenders who may not realize they're on the battlefield (hospitals, shipping and logistics companies, and more). He covers everything from denial of service attacks to disinformation campaigns, with a stop along the way to explain why it's so hard to get autonomous vehicles secured.If you read nothing else, take chapter 7 to heart: the strategic plans for effective cyber warfare that should be in place as soon as possible. The security model most frequently dubbed "zero trust" in the industry today (and which Cunningham champions in his day job as a Forrester analyst) is described here more usefully as Edge and Entity Security. The most important point that will resonate with professional defenders is that the network will always be contested space, which is why entities need more verification and have an "edge" that travels with them in this mobile environment. The one argument that I found a bit jarring was the (correct) example of how zone segmentation proved disastrous as a strategy in Iraqi cities during that war, but later in the chapter, one of the cyber warfare strategies espoused was ... more segmentation. Turning your own users into "insurgents" by excessively restricting their movements and over-using authentication is a real problem that CISOs have to avoid when building a more defensible infrastructure.The most enjoyable part of the book for me was the commentary sprinkled here and there from Cunningham's own perspective (including the assertion that there is no real "artificial intelligence" yet). The one thing that would make this book even better is if he recorded the audio version himself.

I've been working in and around IT security for almost two decades now, and have slogged through so many books on how to protect your users' and customers' data that were painfully obvious, brutally boring, painfully technical, or a combination of those three.Chase Cunningham's book is none of those three categories. I actually ENJOYED reading this. It's accessible and relevant to everyone in the stack, from the junior analyst to the C-suite and board-level who see security as an existential matter for their organizations.There are a few different parallel themes here. First, IT-organizational: cloud; Zero Trust; and Automation/Operationalization. Man, I love that word. It's satisfying to say it out loud...But I digress. Those underlying themes are reinforced by the critical theme of Zero Trust: micro-segmentation.Full disclosure here: I work for Illumio, so I'm very focused on the whys and hows of micro-seg. I'm coming at it from half a decade of trying to protect networks from the inside out. I've seen Zero Trust go from being a vague and nebulous term to buzzwords to an industry-standard that organizations aspire to achieve.I digress again...If you are searching for a way to protect your environment, to be an important part of your organization's thought leadership in a critical transition from traditional methodologies that are ineffective and obsolete, then you should read this book. It's well-written and takes on a broad subject in an easy to digest format for all levels of knowledge, ability, and position.Whether you're directly responsible for security or running the company, this is a solid and essential read.

This is book is a must read if you are about to start re-engineering your organization's security controls using a Zero Trust framework. Chase does a great job preparing you to make the necessary leap and having you consider the issues that will confront you and your tech teams as you do a carefully planned phased deployment of ZT one win at a time. 4 bullets resonated the most with me in this book:1) Micro-segmentation is a key to survival. While traditional perimeter firewalls are still needed to apply boundaries to the infrastructure and set clear limits on where the delineation between controlled and uncontrolled space lies, the use of a firewall as the primary means of segmentation for modern infrastructure is too "big" to be considered micro-segmentation. It is not granular enough in nature to combat the highly dynamic and transitory tactics that modern threats employ.2) Legacy network segmentation tooling, or internal, external, and DMZ firewalls are a mismatch for today's infrastructure and cloud based networks. That old paradigm insists that the systems they are defending were only designed to filter traffic between physical devices (IP to IP) in a network or data center. No thought was given to the power that could be afforded to virtual servers and hosts within those newer workloads. Micro-segmentation done correctly will effectively create small, discrete zones or segments within each tier of an application, each user on the network, each device as it accesses a resource, and each packet as it transits the infrastructure.3) True micro-segmentation requires that there are dedicated security controls between the hosts, networks, users, devices, applications and between all controllable entities that seek access to the infrastructure.4) Micro-focusing requires a switch from defending high walls on the perimeter to one where the focus and optics are aimed in the core of the infrastructure and then maneuvered outward. Host based isolation, ring-fencing for data stores and databases, granular access controls, and vectored analysis that are based on behavioral anomalies are necessary to bolster defenses from the inside out.Our three main areas of concentration this year are Cloud First, Zero Trust, and Automation and this book ties them altogether nicely with an excellent summary of how we got where we are today and where we are going in the near future. Looking forward to the next installment from Chase.Cheers,K.C.

Well written and readable reflection on offensive cyber operations and a military take on the tactics, techniques and procedures required to stay in touch with adversarial developments.