Coding is Maneuver
And a few other very rapidly delivered thoughts and
axioms on Cyber Warfare
Jim Stogdill
CTO, Gestalt
jstogdill@gestalt-llc.com
www.limnthis.com

1. Coding is Maneuver
It needs to turn when you push the stick

From a blog post that seemed
to resonate

In Physical Domain You
Have:
Air + Physics +
S.H. Physical
Assets

But, in Cyber...
• The Domain is Code
• The “platforms” are code
• And “the stick” inputs are often code
You can’t make up for crappy code with supremely
performing physical assets in a domain without any.

What kind of code?
• Coding an exploit for a newly discovered
vulnerability
• Adding a new attack vector to an existing
tool
• Creating on-the-fly visualizations for newly
discovered or suspected attack vectors
• Defending an exploit (patching in real time)
• Modifying an attack tool to mask it’s OS
• ...

So, in the Cyber Domain,
technological agility will matter
even more, because there will
be no compensating physical
assets.

2. Cyber SA is Different
But it should be related to the geo-spatial battlespace

How do this...

this...

and this...

relate to this?

If you were the JFACC,
wouldn’t you want to
know?

For the public Internet, are you
prepared to use things like
Quova and Plazer
(commercial / public) to find
out where network devices
are?

Are you building a “Cyber
MIDB” that can cleanly
integrate with the one with
physical targets?
(you’ll want your COI talking to the C2 COI)

3. Culture Matters,
you can’t do this on an island & it’s not your Internet

Would you hire this
guy?

Do you have a problem
with these?

Do you think callsigns
should be:
Goose
Maverick
Viper

Instead of:
r0m1
&
Sp3w

don’t let cultural
“signals”
get in the way

SOF has a very different
culture for important reasons,
maybe Cyber will evolve one
too.

Get out in the world,
participate in
Communities of
Practice

Attend stuff like this:

And this:

Subscribe to this:

And figure out how to get this guy engaged and
believing in what you are doing and he’ll join your
Civil Cyber Patrol

Otherwise, you are so
gonna get

4. You’ll Have to Use
Open Source
Or, Coding is Still Maneuver

To use this

And this

And, of course, this
(You don’t want to have the only hackers
on the planet whose attack can be
identified coming from Solaris!)

Finally, all that other stuff could
theoretically be bought, but...

Participate to get stuff you
can’t otherwise get, to gather
intelligence on what everyone
else is doing, and make sure
you can change your source
code fast when you need to.

And, to wrap up, a few
questions to ponder...

Does 8th AF heritage imply global strike on public public /
sovereign networks?

If so, Are you learning by doing; playing Cowboy’s and
Cossacks?
If you aren’t bumping into them,
you ain’t learning.

During Bosnian intervention redux flying missions
out of Aviano...
Do you know what you would do if Serb-
sympathizing Russian hackers “Estonia’d” Italy?
Would you be prepared to help your ally?

Are we thinking about cyber power the way they
thought about air power?

With as many as a million machines in botnets, who
owns them? Are some state owned? Can the
exploits be exploited without having to build them?

If you had to guess, whose cyber force do you think has
more American educated pHD’s in uniform? US Cyber
Command or Chinese PLA?

Are you considering how to incorporate Social Engineering
into your attack vectors?

And...
Why not call it the EOC
(effects operations center)?
-and-
Will there ever be a JFCCC?

Oh, just one more thought
experiment...
If this were Cyber’s1948 and
we were standing up the
USCF, how would we organize
it to focus on all of the
missions?
TCF? SCF? CMC?

Thanks!
Jim Stogdill
jstogdill@gestalt-llc.com
www.limnthis.com