Opinion: Understanding your adversary

Our columnist suggests his detractors take 'The Hillary Test'

By Ira Winkler

June 1, 2006 12:00 PM ET

Recommended

Computerworld - The most fun aspect of writing my Computerworld.com column is reading the hate mail. It gives me a look inside the minds of people who think differently. Occasionally I learn why I was off-base about something, or I get information that helps me build out my understanding of a topic. More frequently, I see how people think, or how they don’tthink.

I recently delivered a column on the current administration's abuse of the NSA for domestic-spying purposes. Unfortunately, most of my detractors never made an attempt to address the underlying facts, or to understand the argument being presented. The majority of those e-mails began with statements along the lines of "you're an idiot!" and went on to make assertions about my politics based on what they believed to have read in the column. (There were a few who claimed a minor typo compromised the entire legitimacy of the article, but anyone with much Usenet or mailing-list experience tends to dismiss the deductive abilities of that sort of correspondent.) [Typo was mine, Ira; sorry about that. I did enjoy reading those e-mails, though. -- Angela G., Ira's editor.]

Correspondents who can't frame their criticisms coherently are amusing -- until I imagine them out in the field managing IT security, and then I start to worry. You'll never be a good security manager unless you understand why your adversaries think the way they do. You don’t have to agree with them, but you need to know the logic underlying their actions.

For example, when I investigate a computer intrusion or an espionage attack, I must figure out as much as I can about the assailant's motivation and skills. Is this a script kiddie who just wants the "prestige" of breaking into a system? Or is the attempt part of an espionage operation by a foreign intelligence agency? If the criminal party is an insider, are they malicious or are they greedy -- do they want to wreak havoc, or do they want money?

Why must I understand my adversary? I need to guess the resources they might put into their crimes. I need to figure out if they are sophisticated and might be going for valuable information, or they are just randomly fishing around. I need to know if I should check whether they might have put time bombs in the system, or if they got what they were looking for and left. I need to determine if they might be if they might have put backdoors in the system, or if they might have insiders supporting the efforts.

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

ira winkler

Additional Resources

WHITE PAPER

EFD vs. HDD - What You Need to Know

Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.

WHITE PAPER

Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009

The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.

WHITE PAPER

Eight Criteria for Server Load Balancing

Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.