How Do You See the Intersection Between Software Engineering and Cyber Tactical Operations, and What Motivated You to Pursue Expertise in Both Areas?
SCRIPT TACTICS: Software engineering is the pinnacle of cyber tactical operations. You cannot perform cyber operations without software tools built by software engineers. But you also cannot use cyber tools without cyber operators. Being knowledgeable in both areas is the key to building well-designed and effective tools for the job. Wars of the future will still be fought with men and guns; however, the definition of the front lines will change when cyber actors come into play. From defending critical infrastructure to waging offensive operations, all of those critical operations will occur from anywhere. My desire to pursue expertise in both areas comes from a culmination of my enjoyment of all things software and the unique applications in which you can apply them. Software engineers are the magicians of the modern world. You can make anything you want happen with the right time, energy, and knowledge.
Can You Discuss a Project Where You Utilized Your Software Engineering Skills to Enhance Cyber Tactical Operations Effectiveness? Where Would You Place It in the Battlespace?
SCRIPT: My most recent project involved reverse engineering a binary using Ghidra. I determined this binary used an old version of SSL and was susceptible to the Heartbleed vulnerability. By writing a Python script to set up a raw socket connection to the target machine and send a “bad packet,” I forced the server to send back some data. Then, with Wireshark capturing the data, I sifted through the response and found some useful data. I would place this in four areas of the battlespace:
- Reconnaissance
- Resource Development
- Initial Access
- Exploitation
C, Python, and Rust Seem to Be the Languages That Most “Cyber Tactical” Operators Utilize. What Methodologies, Languages, or Frameworks Do You Follow When Developing Software Solutions for Cyber Tactical Operations, and How Do They Differ From Traditional Software Development Approaches?
C and Rust allow more low-level control on systems, specifically when working with the operating system kernel. Python is a great tool for prototyping or building applications where resource management is not much of a concern. With the exception of Python, C and Rust are more low-level languages, giving a developer more control over what they want to do with a system. It requires more effort, knowledge, and code to accomplish a task. When building applications that rely on system-level controls, C and Rust are the best options for low latency. Python is a great choice to prototype a pseudo-solution, though you will not have the same level of control as you would with C and Rust. Typically, a developer would follow frameworks laid out by the organization when designing their code; however, best practices would still apply.
How Do You Prioritize and Mitigate Security Risks When Designing and Implementing Software Systems for Cyber Tactical Operations?
SCRIPT: As a software developer, it is important to adhere to the organization and team’s guidelines for risk. Each team has a different level of risk, and it is important to understand where each team stands. To mitigate security risks, sometimes just updating a package version is all you need to do. Other times, it requires code rewrites. It all depends on the risk itself.
Can You Provide an Example of a Challenging Security Issue You Encountered in a Project, and How You Addressed It Through Code?
SCRIPT: The Log4j CVE was a challenging security issue I had addressed in a previous project. Taking the time to go through every single dependency and update it with the correct version was a tedious task. Additionally, any sub-dependency that also pulled in Log4j needed to be updated manually, and we had to update how those dependencies were packaged so that they did not overwrite the version we specified.
THOUGHT PROCESSES
If You Had to Find a Target, What Are Your Tactics, Techniques, and Procedures?
SCRIPT: I would follow the MITRE ATT&CK framework. Specifically, I would spend most of my time doing reconnaissance. The type of target would dictate how I approach my recon. If it’s a known person, I would use any OSINT tools available to me, from a simple Google search to social media and more direct tools.
MITRE ATT&CK:
- Reconnaissance (this is the most important stage in any cyber process)
- Resource Development
- Initial Access
- Execution
- Persistence
- Privilege Escalation
- Defense Evasion
- Credential Access
- Discovery
- Lateral Movement
- Collection
- Command and Control (C2)
- Exfiltration
- Impact
Thoughts on Resistance Security in Cyberspace?
SCRIPT: As with most things, a good defense is as important as a good offense. Being able to deceive, subvert, and prevent your adversary from attacking you is paramount to normal operations. Standard security measures such as Zero Trust networks, SIEMs, backups, honeypots, and compartmentalized access are a must for operations.
What Are Your Thoughts on IoT?
SCRIPT: IoT devices offer a unique “sub-domain” within cyberspace. With all things in technology, they can be used for good and for bad. On one hand, these devices generally have poor security, remain unpatched, and offer modest services, mainly for monitoring systems or processes. However, these small devices can be weaponized and deployed in different locations to perform a whole host of operations, from reconnaissance to exploitation.
Any Operational Challenges in the Cyber Domain That You See?
SCRIPT: Some major challenges are the advancement of AI and eventually quantum computing. AI has the potential to make it easier to craft exploits and target less technical groups, causing mass havoc. Quantum computing has the potential to completely disrupt everything we know about security and encryption.
There’s an Importance in Cyberspace and Cybersecurity to the Resistance Movement and State Security Services. What Are Your Thoughts?
SCRIPT: The resistance movement and state security services create a cat-and-mouse game. People find ways to avoid detection while state security services find additional ways to detect people. Overall, this dynamic will create advancements and new ideas in how systems are secured, hidden, and exploited.
AERIAL VIEWPOINTS
What Narratives, Social Media, and Social Networks in Information Operations Scare You the Most?
SCRIPT: The ability to shift public perception of any topic simply by stirring the pot is something to be concerned about. A house divided cannot stand, and our adversaries know that all too well.
Topics Like Network Conformity, Pluralistic Ignorance, Majority Illusion. What Do You Think Is the Worst When It Comes to the Cyber Domain?
SCRIPT: I feel that Majority Illusion is the worst when it comes to the cyber domain. This can create a culture of complacency, and mistakes are made when people are complacent.
What Role Do Automation and Machine Learning Play in Your Approach to Cyber Tactical Operations, and How Do You Integrate Them Into Your Software Solutions?
SCRIPT: Machine learning is a great tool to assess large data sets when reviewing reconnaissance information. Additionally, automation is useful for setting up testing when doing rapid development.
How Do You Ensure That Your Software Solutions Are Adaptable to Evolving Cyber Threats and Operational Requirements in the Field of Cyber Tactical Operations?
SCRIPT: The agile methodology allows for small to medium-sized teams to move at a rapid pace and jump from requirement to requirement.
Have You Ever Collaborated With Multidisciplinary Teams, Such as Military or Law Enforcement Personnel, in the Development of Software Solutions for Cyber Tactical Operations? If So, How Did You Navigate Those Collaborations?
SCRIPT: I do not have experience in this realm. However, if I were put into a situation where I had to collaborate, I would do the following:
- Establish a “chain of command” for a point of contact. “Who do I contact for x issue, who do I contact for y issue, and so on.”
- Ensure teams are in sync with our objectives and goals. Daily or weekly meetings depending on the project and mission.
- Establish communication channels for collaborative work, such as Slack, Teams, or some chat tool.
- If something is unclear or questions arise, I would be sure to document everything, either in email or in the issue tracker we are using.
Can You Discuss a Time When You Had to Balance the Trade-Offs Between Performance Optimization and Security Considerations in a Software Project for Cyber Tactical Operations?
SCRIPT: During a release cycle, there was a task to try and optimize a section of code that was blocking when a specific size of data was received. One solution that was brought up involved multi-threading. After working on this solution for some time, it was discovered during the refactor that there were more underlying issues in the code that would cause the application to crash. The work to multi-thread was placed on hold while we addressed the crashing issue first. This fix ended up going out while the multi-threading was pushed back further.
CYBER GUERRILLA
Human Factors: Underground Guerrilla Cyber Tactics? What Are Your Thoughts?
SCRIPT: Underground guerrilla cyber tactics are a useful way to be disruptive in cyberspace. Unknown groups or surprise attacks can throw off your adversary. This is something that I feel we will see more of in the future. It could be a way for governments to allow hacking groups to operate while also having plausible deniability for their actions.
Hackers Funding Wars?
SCRIPT: This is an interesting topic. North Korea, for example, uses hacking as a way to supplement their GDP by stealing money from other countries or stealing assets and reselling them. Similarly to the previous answer, in a modern war, I could see nation-states “allowing” certain hacking groups to operate at their own free will to help throw off adversaries.
How Do You Stay Updated on the Latest Techniques and Tools in Both Software Engineering and Cyber Tactical Operations, and How Do You Incorporate Them Into Your Work?
SCRIPT: The short answer to this question is reading. As a software engineer, it is important to always be reading technical documentation, CVEs, open source code, news articles, and more recently, watching videos on topics. Keeping up with cyber news is a good way to stay up to date.
Can You Walk Me Through Your Approach to Designing a Software Architecture for a Complex Cyber Tactical Operations Scenario, Considering Factors Such as Scalability, Maintainability, and Security?
SCRIPT: Working with a team of individuals in any manner can be a complex problem. In the case of cyber tactical operations, it is important to have the following:
- Clear understanding of goals
- Listen to all team members
- Follow best practices
- Comments in code
- Adhering to good coding standards (this is language-dependent and team-dependent)
- Documentation
- Testing
- Scrutinize and review (respectfully) everyone’s work.
What Steps Do You Take to Ensure That Your Software Solutions Comply With Relevant Regulations and Standards in the Field of Cyber Tactical Operations?
SCRIPT: Teams need to have a standard operating procedure and a set of guidelines they adhere to before working on a project. When designing software solutions, these documents need to be taken into account during planning and task breakdown.
Can You Share a Situation Where You Had to Troubleshoot and Debug a Critical Issue in a Software System Deployed for Cyber Tactical Operations, and How You Resolved It?
SCRIPT: During a deployment of an application, there were some errors being thrown by the application for some unknown reason. It took some time to sift through the error messages, but eventually, the issue was discovered to be a spelling error in a configuration that was applied during a code merge. The main takeaways are to ensure that debug logging statements are set up properly and print clearly during different stages of deployment. Also, when doing merges for a deployment, extra care should be given to validate all code is correct.
How Do You Handle the Ethical Implications of Developing Software for Cyber Tactical Operations, Particularly in Scenarios Involving Potential Harm or Misuse?
SCRIPT: It is the duty of the software engineer to review two levels of ethics: 1. Their own personal ethics, which should be understood before an assignment begins, and 2. The ethics of the mission/project they are on. If those ethics do not align, I believe you should resign or recuse yourself from the project.
In Your Opinion, What Are the Key Skills and Qualities That a Software Engineer Working in the Field of Cyber Tactical Operations Should Possess, and How Do You Demonstrate Them in Your Work?
SCRIPT: The key skills a software engineer working in the field of cyber tactical operations should possess include the ability to adapt quickly and think of alternative solutions for problems they are facing. Too often, software engineers get pigeonholed into thinking one way is the only way to accomplish something, whether that’s a limitation from the team, themselves, or other forces. Additionally, being open to ideas other than your own is important as a software engineer.
Links to Script Tactics' work.