My Authors
Read all threads
Tonight I found myself thinking about how it's been awhile since I submerged myself in the sort of academic works on intelligence that were essentially my professional incubator. So I read this piece comparing "APTs" and Russian illegals. (1/7)…
The authors are U.S. counterintelligence professionals with significant experience on Russia and some experience in teh cyberz. And while I very much want to find compelling parallels between cyber actors and illegals, I find the overall argument comparatively weak. (2/7)
The argument's Achilles' heel IMHO is that it attempts to too thoroughly align the phases of an illegals operation to the general stages of the cyber kill chain. Relatively weak points of similarity are used to justify broad alignments, which I feel dilutes the argument. (3/7)
I think a better focus would be congruence between specific operational acts (as opposed to whole phases) undertaken by illegals and APTs. While the article's body focuses on phases, this chart focuses much more on specific acts and thus is the strongest part of the whole. (4/7)
At the end of the day, I can appreciate the novelty of saying "An illegal engaging in X act is very similar to an APT engaging in Y act". But the utility of such parallels are limited given the very serviceable existing body of thought on how CNO is conceived/executed. (5/7)
Admittedly, I was disappointed that the most substantive guidance offered was that "combatting APTs requires insider information". That's simply an extension of the CI concepts of penetration and tradecraft analysis to CNO - extensions already well-known and in practice. (6/7)
Still, explicitly highlighting the value of CI concepts for cyber threat intel does please me. I personally feel much of the methodologies for delineating and tracking specific CNO actors borrow from counterintelligence analysis, with that fact rarely being given its due. (7/7)
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Horkos

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!