Combat ID in Cyberspace

Cybersecurity threats represent one of the most serious national security, public safety, and economic challenges we face as a nation.

-2010 National Security Strategy

As Dr. Frederick Chang, former NSA Director of Research, warns :

… cybersecurity is fundamentally about an adversarial engagement. Humans must defend machines that are attacked by other humans using machines.

In adversarial engagements, the ability to tell friends from foes in crucial.  Robert Hesser and Danny Rieken  explain the central role of combat identification in traditional warfare in “FORCEnet ENGAGEMENT PACKS: “OPERATIONALIZING” FORCEnet TO DELIVER TOMORROW’S NAVAL NETWORK-CENTRIC COMBAT REACH, CAPABILITIES . . . TODAY.”  Note: FORCEnet is a 41 meg file.

A recent article entitled Combat Identification in Cyberspace in the Small Wars Journal discusses Combat ID in the context of cyberwarfare, with a particular emphasis on email.  Combat ID in email?  This is email, not guns and bombs.  The recent loss of the F-35 emphasizes the importance of the cyber engagement.  Morever, as Hesser and Rieken observed, data processing systems are now central to modern US combat operations.

Current email defenses are built upon “cyber hygiene“, which is training to avoid being taken in by spearphishing emails. The authors of Combat Identification in Cyberspace make a crucial observation about the disconnect between email defenses and email technology:

Email is, by design, two-faced. It presents one face to the worldwide email system. It presents a completely different face to the email recipient. The duplicitous design of email makes it ideally suited to undetectable deception. Our adversaries understand and exploit this duplicity. The U.S. does not understand this duplicity and ignores it. By failing to understand the email cyberspace, the U.S. has ceded the email attack surface to our adversaries.

Telling friends from foes isn’t just a problem for warriors in combat — it is a major problem in cyberwarfare, too.  Email is a key battlefield of cyberspace. At Iconix, our goal is to make the spearphishing vector less effective. Spearphishers deceive people into making bad email decisions that compromise security. IT needs to help employees make better email processing decisions. That is where SP Guard comes into play. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner.

You can contact us at  408-727-6342,ext 3 or use our online form.