Operational Templates for State-Level Attack and Collective Defense of Countries

Conference:  BlackHat USA 2019



The presentation discusses the need to merge tactical, operational, and strategic levels of cybersecurity to defend organizations and nations in cyberspace. The concept of collective defense is introduced as a way to incentivize companies to collaborate and share information to mitigate common threats.
  • The problem of defending organizations and nations in cyberspace requires merging tactical, operational, and strategic levels of cybersecurity.
  • The concept of collective defense can incentivize companies to collaborate and share information to mitigate common threats.
  • Defeating detail, or divide and conquer, is a military concept that is currently being used to take down companies one by one.
  • Certain sectors, such as the electric power and financial sectors, are more amenable to sharing information due to their interdependence.
  • Escalation control and attribution problems must be considered when implementing strategies such as degrading, disrupting, and dissuasion.
The speaker uses the example of the 2004 US Olympic basketball team, which had the best players on the planet but lost to Argentina because they did not work together as a team.


The veneer of modern civilization is thin and brittle. Given sufficient will, it is disturbingly easy to systematically dismantle the functions of government and the cohesion which binds society together. Armies are maneuvering in cyberspace right now. State cyberspace, electronic warfare, and information operations forces wield massive power that, when combined, can overwhelm fragile infrastructure and disjoint defenses. We see ongoing targeting and increasingly intense probing of critical infrastructure on a global scale. The trend is toward operations of increasing scope and impact, from passive surveillance to disruption to destruction. We must acknowledge that the groundwork has already been laid for even more aggressive attacks, and that today's operations serve to prove and hone those capabilities. Enterprises and organizations attempting to stand as individuals against such threats will be defeated as individuals. Governments can help, but often stumble due to political indecisiveness, ponderous bureaucracies, and inability to focus beyond the near-term. We need collective defenses that match the agile, coordinated offensive techniques state forces can bring to bear. In this talk we examine templates for attacking and defending nations. Militaries have long used doctrinal templates – models based on known or postulated adversary doctrine – to support traditional kinetic warfare training and warfighting. The same approach works well for defending in cyberspace. We'll provide templates of ways threat actors could disrupt or defeat a country, considering various time horizons and degrees of attribution. You'll leave this talk with a playbook for how nations might be attacked and defended, a methodology for creating templates and scenarios useful for your own defensive planning, and an enhanced understanding of our collective vulnerability and the need for teamwork to overcome the problem.



Post a comment

Related work

Conference:  RSA Conference 2023
Authors: Eric Goldstein, Major General William Hartman

Conference:  RSA Conference 2023
Authors: Niloofar Razi Howe, Nathaniel Fick, H.E. Nathalie Jaarsma, Kevin Mandia, Wendi Whitmore