IDF Hackers Test Readiness In Israel For Cyberattacks

cold fjord points out a profile in Al-Monitor of Israel's cyber-defense group, formed to test the country's defenses to electronic warfare and information theft. Groups, really, since it's run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks. Says "Capt. A": "We are constantly preparing for the next war or the next drill. And in between, we may have some fun dissecting the system and drawing conclusions together. The idea is to instruct the monitoring bodies, [and] to make them understand what they should look for and how to respond."

Why So Serious

[girlintraining]

Groups, really, since it's run blue-vs-red style, with constant scenario preparation and intrusion attempts. The two (anonymized) leaders of the Blue and Red teams talk about the mind-set and skills that it takes to be in their unit, which they point out is not the place for soda and pizza hijinks.

And with that comment, they just admitted how screwed they are. And the irony is, they probably don't realize it, and even if pointed out (as I will now do), they'll steadfastly deny it.

Being good at hacking requires two things. Firstly, the ability to upload into your skullmeats vast amounts of seemingly meaningless information, trusting that later context will give it meaning and purpose. You need to be able to open up a thousand page tomb, and in under a week, hoover-vac that into your brain. This is the primary required ability for you to be good at hacking. Without it, no matter how much of a creative genius you are, you will find yourself quickly outpaced by your peers who can do this. Computers are enormously complex, and networking them adds yet another layer of complexity. Being able to rapidly absorb and retain a working knowledge of these interactions in complex systems is a job requirement.

However, that is only half the equation. The other half is to be able to see all of that, and yet arrive at a different conclusion than all the other guys. You can be a good administrator or technician if you can simply absorb large amounts of data, but you are going to royally suck at hacking if you arrive at the same conclusions they did. Hackers are both walking encyclopedias, and have a funny habit of belching out random facts and then stringing them together in a way that nobody else has, probably without being aware of it. They pull theories together from dozens of different technical disciplines, finding that thermodynamics and heisenburg uncertainty somehow jam really well with why those styrofoam containers of ramen, regardless of the amount of water put in them, invariably overflow in the microwave. And they'll do this while working out some chunk of complex code in their head absent-mindedly.

You cannot achieve this zen-like state of abstract concentration needed to hack while taking what you're doing as seriously as this guy. You can't have a military attitude to what you're doing -- you can't be focused on the risks, on the enemy, on the stakes. You need to be able to take all of that, and forget it. The only thing you need to do, is solve the problem. You need to work that problem, and you need to do it with a style of thinking that... frankly, scares the hell out of people in authority or in the military... because they don't understand how you could care less who you're fighting, as long as you get to fight back in some way that's.... wait for it... Nifty.

Israel... I like you, I really do. So please, reassign this guy to something more in line with his attitude... like ordinance technician. Don't put him in charge of a cyberwarfare unit... that's like putting Martha Stewart in charge of flight operations on a carrier. It's just sooo not playing to their strengths.