The cyber killchain: wrong, but is it useful?

All models are wrong, but some are useful. The trick is to determine in what circumstances a model may be useful. This is where mistakes are made.

Today I was at a seminar on cybersecurity in the context of individuas, and I asked the speakers about whether the cyber killchain is useful in the context of personal cybersecurity or if there are other models that are more appropriate.

What surprised me was the attitude of one of the speakers towards the model itself – something along the lines of:

“I think we need to get away from the militarisation of cyber security*”

(*I’m paraphrasing because I can’t remember the precise words used, but that was the meaning conveyed).

I don’t know if there is a science to deciding if a model is useful, but I feel confident that the provenance of a model is not the best discriminant. It’s tempting to say an idea born in the military is going to be too militaristic in perspective, but ideas move between fields all the time, and in this era where interdisciplinary approaches yield the most progress, I think the default position should be it doesn’t matter where it came from, what matters is how we can use it.

Yes, the cyber killchain concept came from the military industrial complex. Does that mean it has no place in the civilian non-enterprise Internet?

If there was a better model, then great. But if not, something is better than nothing, and the cyber killchain is something. The stages (Recon, Weaponisation, Delivery etc) are understandable, relatable, relatively generic, and I suspect they could kind of map to the individual context. Maybe they wouldn’t map well, but it would be a start. It would be something.

It seems to me like the current offering to concerned individuals doesn’t amount to much more than a laundry list of horror stories (“you know what happened to this person? Well first they revealed their birthday, and then the scammers used that to get their phone number, and then bla bla bla”), and a list of chores (“always update, always backup bla bla bla”).

Why doesn’t that work? Because there is no model, so there is no comprehension. I think that’s why it doesn’t stick and people are left exposed.

And then they are told that they are to blame because they didn’t do all their chores.

Maybe they need to hear more horror stories…

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s