cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Know thine enemy

We, in security, have to think like our adversaries.

 

And they are many.

 

We have to think like phishers, and scammers, and virus writers, and intruders, and nuisances, and nation state actors. We have to guess what they might do next.

 

It gets challenging.

 

But it has to be done. Just because most of our attackers are teenage mutant ninja wannabees with no creativity using slavishly derivative attacks that amount to little more than "door shaking" doesn't mean that we can assume they all are. A few of them are creative, and the others replicate those attacks. And some of them are organized criminal gangs with layers of expertise and protection. It's foolish to assume otherwise.

 

I live in an area with a large left-wing population who feel it necessary to protest pretty much every government action (and many government inactions, as well). (No, I do not digress. I have a point.) There is also a large population of drunken louts who feel it necessary to express displeasure at every loss of an important hockey game. (The only limit to this is the inability of our local team to get into important series.) Therefore, over time, we have had a number of riots in our fair city. The police have not always handled them well. Whenever they have not, public inquiries have been held. And the police have learned from their mistakes. Our police now have tactics to handle riots, and a large range of strategies to prevent riots from starting in the first place.

 

For the past three months, protests have been going on in Hong Kong. (For the purposes of this essay, it doesn't really matter whether those protests are valid or not.) The Hong Kong police, who have, over decades, built a fairly sterling reputation, in this period of months demonstrated some riot control tactics, but apparently only one strategy: brute force. (While brute force is useful when trying to use a distributed network to attack a symmetric encryption key, historically it has a less than stellar track record when dealing with dissent.)

 

The Chinese Communist Party leadership, refusing to make any concessions (this is, after all, the culture that gave us the expression "lose face"), has been trying to intimidate the population of Hong Kong by "leaking" video of army troops "training" to deal with rioters. The videos frequently show stalwart troops facing simulated protesters (whose numbers usually are smaller than those of the stalwart troops). The troops will stand fast, and then charge at the "protesters," who generally break and run at the first sign of a charge. (I've role-played the "belligerent" in police training. It's hard to maintain belligerence in that role.)

 

I am reminded of the lyrics from the song "War is a science" from the musical "Pippin":
"And the enemy (in blue),
Will undoubtedly pursue,
Because that's what you depend upon an enemy to do."

 

If you only practice having the adversary run at the first sign of aggression, that isn't training for improv. It's simply memorizing the stage marks for a scripted play. And if the "enemy" doesn't know his lines, you're in trouble.

 

I strongly suspect that some time (and the indications are that it will be well before what seems to be a likely October 1st deadline), Beijing, having failed to reduce the protests by proxy, will send in the army. At that point we will likely see a hundred thousand not-very-well trained soldiers from the "People's" army confronting a couple of million protesters who seem to get more determined at every attempt to contain them. The army will have discipline and weapons. But the protesters have developed a distributed large scale leadership that, six months ago, most observers would have thought impossible. The government has undertaken increasingly nasty attacks, but the protesters seem to have the ability to change both strategy and tactics every time out. What do you say about a movement that successfully uses both oil and water as themes for its protest?

 

I do not foresee a good outcome if the army is sent in. For all their success in the protests over the past months, the weapons and pure force behind the army are too great. But the army, without realistic training and an understanding of the reality of the actual adversary, will be unprepared for what they will face--and that, unfortunately, will mean bloodshed and pain, rather than control. Tiananmen Square will look tame by comparison.


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
0 Replies