A few weeks ago I saw LTC John Nagl on the Daily Show which was entertaining and interesting but it was forgotten rather quickly as I’m not exactly a .mil kind of guy. I even saw the book he was touting at b&n today (I special ordered Brave New War and Demolished Man) but didn’t touch it due the potential for the acronym induced boredom it had.
And boy was I right. I discovered via Danger Room that the manual Nagl and Stewart hyped is freely available for download in PDF. Of course COIN stands for COunter INsurgency while FM stands for Field Manual. I know this because it’s in the glossary.
I only skimmed the FM and looked at the appendix and specifically the summaries at the end of each chapter. With that said, there are some very hip quotes that can be applied to infosec that put Sun Tzu to shame:
They [insurgents] also will do anything to preserve their greatest advantage, the ability to hide among the people. These amoral and often barbaric enemies survive by their wits, constantly adapting to the situation. Defeating them requires counterinsurgents to develop the ability to learn and adapt rapidly and continuously. This manual emphasizes this “Learn and Adapt” imperative as it discusses ways to gain and maintain the support of the people.
In this context I like to think of “the people” as users of a network. Certainly hackers do not work to gain support of users, but it should be a high priority for any security team.
One more just because it’s so easy and fun:
President John F. Kennedy noted, “You [military professionals] just know something about strategy and tactics and…logistics, but also economics and politics and diplomacy and history. You must know everything you can know about military power, and you must also understand the limits of military power. You must understand that few of the important problems of our time have…been finally solved by military power alone.” Nowhere is this insight more relevant than in COIN. Successful COIN efforts require unity of effort in bringing all instruments of national power to bear. Civilian agencies can contribute directly to military operations, particularly by providing information.
Certainly strat and tactics apply to security operations but economics and politics can also translate to the business drivers/politics and a necessary understanding of the core business. Or maybe I have a certain affinity towards JFK quotes.
It’s worth a skim and maybe some in-depth reading.