6. The Skill of Cybersecurity: Adversarial Thinking 125 6.1 Adversarial Thinking Defined “And here Alice began to get rather sleepy, and went on saying to herself, in a dreamy sort of way, ‘Do cats eat bats? Do cats eat bats?’ and sometimes, ‘Do bats eat cats?’ for, you see, as she couldn’t answer either question, it didn’t much matter which way she put it.” - Alice’s Adventures in Wonderland by Lewis Carroll Certain academic disciplines are synonymous with a particular way of thinking (see Table 6.2). In order to excel at them, you must possess a particular mindset. Take, for example, the discipline of mathematics. Mathematicians start with axioms and then make logical inferences to prove theorems. They use proof techniques like proof by induction, proof by contradiction, and direct proofs, all of which require rigorous logical thinking. Therefore, logical thinking and the discipline of mathematics go hand-in-hand. Another example is the discipline of computer science. Computer scientists design algorithms. Algorithms are a sequence of detailed instructions for solving abstract problems. Algorithms accept inputs and produce correct outputs. The best computer scientists excel at algorithmic thinking, and this is the distinctive characteristic of the discipline. The discipline of cybersecurity also requires logical and algorithmic thinking, but these are not its primary emphasis. Because of the centrality of hackers to cybersecurity, adversarial thinking is the hallmark of cybersecurity and what distinguishes it from other disciplines. The skill of adversarial thinking is essential for cybersecurity, and those that excel at it will do well in the field. It is the fundamental skill of cybersecurity. Table 6.2 Hallmarks of academic disciplines. But what exactly is adversarial thinking? When the term is used, in many cases it is not defined at all, taking it for granted that adversarial thinking merely means thinking like a cyber adversary (i.e., a hacker). However, this raises the obvious question, what is unique about the way hackers think? If we cannot answer this question accurately, we cannot hope to impart it and assess it. The discipline of cognitive psychology studies the mind and what it means to think, and it can help unpack what it means to think like a hacker. Robert Sternberg is a well-known cognitive psychologist who proposed a theory of intelligence called the triarchic theory. The triarchic theory identifies three distinct aspects of the intellect and is similar to a tripart theory of the mind developed by Aristotle millenia before him. Sternberg’s three
RkJQdWJsaXNoZXIy MTM4ODY=