So, solider or cop? War or Crime? Or both?
I ask this question of my own self after reading (and enjoying) Michael C. W. Research's recent posts on security framed in the context of Clauswitz. Thinking it through, though, I began to wonder if war is the context information security should frame itself. After all, as an info security practitioner, you are denied both first strike and retaliation with like force. Hampered by a bureaucracy, limited by budget and laden with metrics of questionable value, you perform awareness and outreach to a resistant, often resentful community that harbors potential adversaries. When the adversary attacks, your response is defensive, forensic, and heavily regulated. In the initial analysis, it sounds more like a cop than a soldier.
Like Mr. Peterson, I recently finished reading Robb's Brave New War. Robb describes the decline of wars between states or their proxies and the rise of the global guerrilla. The global guerrilla uses system disruption and open source warfare to break down the brittle security systems of organized and highly interdependent states. Mobile and rapidly adapting to changing tactics, this adversary is usually hidden in the state it is trying to hollow it out, cooperating with or participating in transnational organized crime. Now that threat sounds more familiar; Robb describes the phishing marketplace as a example of open source warfare.
Is War now Crime? Is the infosec defense model Clear Hold Build or Broken Windows?