Posted Sep 10, 09:43 PM by ben
A few weeks ago I saw LTC John Nagl on the Daily Show which was entertaining and interesting but it was forgotten rather quickly as I’m not exactly a .mil kind of guy. I even saw the book he was touting at b&n today (I special ordered Brave New War and Demolished Man) but didn’t touch it due the potential for the acronym induced boredom it had.
And boy was I right. I discovered via Danger Room that the manual Nagl and Stewart hyped is freely available for download in PDF. Of course COIN stands for COunter INsurgency while FM stands for Field Manual. I know this because it’s in the glossary.
I only skimmed the FM and looked at the appendix and specifically the summaries at the end of each chapter. With that said, there are some very hip quotes that can be applied to infosec that put Sun Tzu to shame:
They [insurgents] also will do anything to preserve their greatest advantage, the ability to hide among the people. These amoral and often barbaric enemies survive by their wits, constantly adapting to the situation. Defeating them requires counterinsurgents to develop the ability to learn and adapt rapidly and continuously. This manual emphasizes this “Learn and Adapt” imperative as it discusses ways to gain and maintain the support of the people.
In this context I like to think of “the people” as users of a network. Certainly hackers do not work to gain support of users, but it should be a high priority for any security team.
One more just because it’s so easy and fun:
President John F. Kennedy noted, “You [military professionals] just know something about strategy and tactics and…logistics, but also economics and politics and diplomacy and history. You must know everything you can know about military power, and you must also understand the limits of military power. You must understand that few of the important problems of our time have…been finally solved by military power alone.” Nowhere is this insight more relevant than in COIN. Successful COIN efforts require unity of effort in bringing all instruments of national power to bear. Civilian agencies can contribute directly to military operations, particularly by providing information.
Certainly strat and tactics apply to security operations but economics and politics can also translate to the business drivers/politics and a necessary understanding of the core business. Or maybe I have a certain affinity towards JFK quotes.
It’s worth a skim and maybe some in-depth reading.
// :: books/ brainstorming
Commenting is closed for this article.
This work by http://electricfork.com is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
I lead an information security ops and response team. This site is a collection of interesting notes and brainstorms on the protecting from, detecting of, and responding to badness. You can read more about me or my site here.
You can subscribe to my blog via rss 
, or if you're looking for older items check out my archive of previous posts.
I organize a small infosec meetup in baltimore called charmsec. If you are looking for charmsec details you probably want to go here.
RSS
The only appropriate Sun Tzu quote I could dig up from my copy:
— Grant · Sep 11, 08:38 AM · #