A framework for uncertainty
Cyberattacks are characterized by uncertainty. The irony of most of the best practices in cyber defense is that we try to tackle uncertainty with known best practices. When we're up against smart and determined attackers, best practices may not be what we need. For many cyberattacks, strategy and tactics need to evolve alongside the response for defenders to match the strategy of the attacker.
We can characterize this situation as one where there is not only uncertainty but also adversity. That is, since the attacker and defender play a discoordination game, the attacker is intentional in their avoidance of detection, and intentionally tries to not play the game of the defender. In this section, I will focus on the most recent version of the Cynefin framework, developed by David Snowden as a generic management framework for handling uncertainty, and discuss specifically the role of constraints within it and use the recipes in the recent field guide...