Before I begin, I have to disclose that I attend a lot of conferences. I love continuing education and interacting with fellow infosec professionals. I also struggle with #badgelife, which is your efforts to collect as many badges from #Infosec conferences as possible, the pride of my collection would be three Mr. Robot DEFCON badges. Through my experience, I have seen a large amount of my peers that scoff at the “buzzwords” words that get thrown around by vendors and solution providers to get the attention of their consumers. While I agree that those terms should not be thrown around, I also believe its important to provide the uneducated material so that they can learn if the term actually has substance or is smoke and mirrors.
One of the big ones is “cyber kill chain.”
What is the “cyber kill chain?” It’s actually an adopted phrase. The “kill chain” is originally a military term used to describe how an enemy attacks a target. In 2011, Lockheed Martin released a paper coining the “cyber kill chain” phrasing to describe how a malicious actor operates in the cyber environment.
The steps outlined are:
- Command and Control
- Actions on Objectives
So, should I care? The answer is yes, but within the context of your organization. These steps accurately portray the attacker intent in most situations, and this gives you a roadmap to build your defense in depth around. The cyber kill chain is a great narrative and allows you to sell information security’s value to a broader audience, but just don’t get caught up in the buzzword and buy the “snakeoil” solution.