I’ll begin with some background on a diverse career. I was commissioned as an Ensign in the US Navy in May of 1991 with a designation to become a Naval Aviator. Navy flight school has a student pipeline with the characteristics of a slinky. I happened to enter at a time of “smashed slinky,” which meant I had about 15 months to wait. This delay allowed me an opportunity to crank out a master’s degree in electrical engineering at Rensselaer Polytechnic Institute in Troy, NY. While I was earning my master’s degree, many of my peers (other incoming flight students) were stationed down in Pensacola, FL (the cradle of Naval Aviation) with jobs ranging from “pool cleaning officer” to “coffee mess officer.” I am so glad I could do something productive during that waiting period. My grand plan was to fulfill a childhood aspiration of becoming an astronaut, an ambition shared by many other young naval aviators.
Space shuttle door gunner was never going to be in the cards for Ensign Zomar. I was, however, selected into the jet pipeline. The Navy’s options for a flight student in the jet pipeline back then were F-18 Hornet’s, F-14 Tomcats, EA-6B Prowlers and the S-3 Viking. The S-3 Viking had the nickname “Hoover” because it sounded like a vacuum cleaner. Unfairly, the Hoover was not the most sought after choice. I remember my final training flight radio call in the landing pattern, “Skyhawk 730, abeam, gear hanging in the breeze, oh please god don’t give me S-3’s!” Yep… The S-3 Viking was my new gig. This turned out to be a blessing in disguise as the S-3 Viking was a blast to fly and consisted of a great community of people, many of whom remain my good friends.
It’s been over 20 years since I’ve been in a cockpit, but the training I received is still imprinted in my brain. Why is that? Well, my career pivoted into Cybersecurity after my glory days as a Naval Aviator. To this day, I have not had a sequence of training or experience in Cybersecurity the likes of which were instilled in me during my flight training. Reason being, aviation is a mature craft, Cybersecurity is not! Aviation is a mature craft; Cybersecurity is not!
Aviation is a mature craft because of its extended history (over 100 years old). The history of aviation has created procedures that, in many cases, were born of very unfortunate circumstances (often the loss of human life). We had a term for this in the Navy, “procedures written in blood.” Cybersecurity is not nearly as mature due to its abbreviated life span (not much more than 20 years old) and there is nowhere near a common standardized procedure doctrine. A common disposition in Cybersecurity is that security analysts will miss a crucial event because of the increasingly vast sea of noise being generated by disparate tools. Or, significant events being dealt with haphazardly to try and keep up with the noise.
When I reflect upon flight training, I realize that cockpit arrangement has an optimized configuration for consuming and acting on information presented to the pilot. Often, split second decisions are required to maintain the safety of a flight. Less critical, but still timely, are things like reaching your destination on time and verbal coordination. The location of instruments in a cockpit are positioned with specific priority, optimization of eye movement in relation to the frequency and relevance to the activities of a pilot. The demand for this comes from what is called the “scan”. The scan is the sequence of a pilot’s eye movement, surveying the cockpit as information is received necessary to operate the aircraft.
I mentioned before the need for maintaining safety of a flight; getting to a destination and coordinating with everyone involved. In a mature craft like aviation, a sequence like this is not random. There are experienced pilots that arrived at these conclusions time and again over the course of many years. And low and behold … a formalized mantra evolved; AVIATE, NAVIGATE, COMMUNICATE! I heard and echoed this mantra throughout my training and operational flights as well as in preparation for flights.
Cybersecurity has no mantras, no standard procedures, for a given event. Maybe it is because the Cybersecurity world does not have the equivalent of an aircraft crash. The closest parallel is a security breach resulting in stolen credentials, data exfiltration or monetary loss. However, there just hasn’t been enough history to grow the craft of Cybersecurity to the maturity level of aviation. If airplanes were flown with the craft maturity level of Cybersecurity the commercial airline analogy of a “mantra” would be … minimize cost and make my company money, don’t crash and get passengers on the deck safe at destination 5% of the time. A military pilot analogy would be … kill the enemy, crash and get back to base 5% of the time.
More to follow … much to discuss on efficiencies in the cockpit and lack thereof in the SOC.