INVITATION TO CYBERSECURITY 124 How likely are power outages? What acts of nature might occur and how frequently? But IT support is not enough. With intelligent adversaries, the probabilities of random events and acts of nature are immaterial. Adversaries will manufacture the perfect storm so that they can attack when their target is at its weakest. This world will still need the normal IT functions of data backups and emergency power supplies, but it will need a lot more (see Table 6.1). Figure 6.1 The essence of cybersecurity: computers and adversaries. Table 6.1 A comparison of IT and cybersecurity. Cyber adversaries are what differentiates cybersecurity from other academic disciplines such as computer science, IT management, and engineering. At its core, cybersecurity is an adversarial conflict between attackers (i.e., hackers) and defenders. In order to practice cybersecurity effectively, one must pay careful attention to what hackers are thinking. What are their objectives? How might they go about achieving them? This mindset is known as adversarial thinking. Perhaps because cybersecurity arose out of the technical discipline of computer science, there tends to be less emphasis placed on the human aspects of cybersecurity. The point of this chapter is to help correct that imbalance. This chapter hammers home the simple fact that without cyber adversaries, there would be no such thing as cybersecurity. In order to defend cyberspace, we need to think like our adversaries.
RkJQdWJsaXNoZXIy MTM4ODY=