Get Moving and Keep Moving to Stay Secure on the Network

Stephen Corcoran
Col. Stephen P. Corcoran USMC (Ret)
August 3, 2016 • 4 min read

When you receive incoming fire in a tactical battle, you have three options: return fire and suppress, move, or do both simultaneously. It is painful to be in the beaten zone of incoming fire. That dynamic is termed “being on the X.” Today, U.S. and global IT infrastructure is “on the X,” constantly under fire from a variety of bad actors.

The pain of these attacks is not physical, but does have a deep financial impact. The Center for Strategic and International Studies estimates that criminal hacking has an impact of $375 to $575 billion annually, and that number will steadily rise each year. As the threats and consequences increase, so will the investment and cost for countermeasures. For now (and the near future) there is not an option to “return fire and suppress” in the cyber domain, so only one other option exists: move and move often.

Get mobile by any means necessary

The military has a way of simplifying complex dynamics with clear and concise language that gets to the essence of the matter. They become mantras and they become solutions. One such maxim that would serve the IT sector well:  Never give up mobility, and if you are not mobile, get mobile by any means possible. In the IT sector, this means keeping your users and information constantly on the move and constantly hidden in your network environment.

In the last several years, with the steady migration toward advancements in cloud technology, new possibilities are emerging for getting and keeping IT infrastructure virtually “on the move.”  By combining best–of-industry practices with the new advances in cloud technology, previously static and vulnerable IT infrastructure starts moving around the globe rapidly, providing an adversary with a very complex problem to solve.

The cloud enables the ability to establish minimal infrastructure virtually. The use of unique algorithms and routing capabilities creates a dynamic where an adversary cannot determine the geo-location of the user or the infrastructure, nor the origination or destination of the data. In the process of transit, the data rapidly “hops” and stays cloaked as it traverses the network, making it so difficult to track or hack that it isn’t worth the effort or within the capability of a criminal enterprise to do so.

Countering a determined actor with mobility

I often give presentations on these “keep moving” concepts to organizations without a military background, and they are sometimes challenged by them. I like to end with my experience as the father of two sets of twin boys, three years apart. If you want to see a complex problem evolve rapidly, watch when four little boys get their own ideas in their heads in a public park and go rapidly in four separate directions. The power of staying mobile is not lost even on the casual observer. It’s hard for dad to pick which of the four “targets” he’s going to go after, vividly illustrating how hard it is for bad actors to figure out where a constantly moving and constantly hidden target is on the network.

Mobility is essential to countering a determined actor. Information security investment is currently at $75 billion a year and is expected to grow to $170 billion a year by 2020, according to a recent Gartner Report. For minimal investment and the smart leveraging of existing infrastructure, a very dynamic security posture can be created and obtained. The key is to adopt the philosophy and the mantra of ”staying on the move” and pursuing options to avoid detection on the network. The numbers speak for themselves. The costs and consequences of network attacks are rising; so get moving and keep moving to get out of the beaten zone.

Stephen Corcoran
Col. Stephen P. Corcoran USMC (Ret)
Chief of Cyber Strategy
Col. Steve Corcoran (Ret.) is the chief of cyber strategy at Telos Corporation.
Read full bio

Subscribe to Our Newsletter

Although we may use your information for targeted marketing and advertising, as described in the Privacy Policy, we will never sell your information to any third party.