INVITATION TO CYBERSECURITY 128 For book smarts, hacking involves detailed knowledge of many technical aspects of computing, including computer networking, programming, and operating systems. In Sternberg’s paradigm, this technical knack exhibited by hackers ties into the analytical component of their intellect. Their analytical gifts translate into an unusual facility with computers and technology. Having strong technical abilities is vital to hackers because this is the tool of their trade. Creativity is at the core of the hacker mindset—a phrase coined to highlight how hackers approach situations in unconventional ways. While fiction writers excel at creating original stories that capture the imagination, hackers excel at creating original exploits that manipulate technology in unexpected ways. Both are manifestations of the same root—they involve seeing the world in a unique way, and the ability to put disparate information together in a new form. While most technologists are concerned with making systems work, hackers are obsessed with pushing the limits of systems and exploring possibilities that most people would never consider. This aspect of hacking is the main connection between the pejorative way the term hacker is used today, and the original, complimentary term from a previous era which connoted a person’s uncanny ability to bend computers to his will. The practical component of Sternberg’s triarchic theory is the aspect of the intellect that involves planning, strategizing, maneuvering, and overcoming obstacles to accomplish goals. As we saw in Chapter 4, while script kiddies are known to indiscriminately fire point-and-click exploits at random in hopes of finding unpatched systems, more highly skilled hackers select targets, conduct reconnaissance, carefully plan their attacks, and meticulously cover their tracks. In general, hackers try to use their time and resources wisely, and they strive to outwit their targets. It is their practical intelligence that helps them anticipate defenses and obstacles so that they can accomplish their objectives and not get caught. Putting these insights together, we can derive a precise definition of adversarial thinking. Adversarial thinking is the ability to embody the technological capabilities, the unconventional perspectives, and the strategic reasoning of hackers. To the extent a person can do this, he will be able to compete with hackers on a level playing field (analytical), find and fix vulnerabilities before hackers have an opportunity to exploit them (creative), and anticipate future attacks and thwart attacks in progress (practical). If adversarial thinking is central to cybersecurity practice, then it must also play a key role in cybersecurity education. How is it being addressed in the classroom? Most cybersecurity curriculum guidelines stress the importance of teaching adversarial thinking, but they do not provide specific learning outcomes. This makes it difficult to know how to actually address it. Our definition provides the necessary precision to derive practical learning outcomes and assessments (see Table 6.4). Examining these learning outcomes, it is clear that the technological capabilities component of adversarial thinking is heav-
RkJQdWJsaXNoZXIy MTM4ODY=