Mitigating Cyber Risk

Cybersecurity is now a top-ranked risk at the board level and every organization needs a strategy to monitor and mitigate the risk.  Mitigating cyber risk depends on a sound starting point and an ongoing process of intelligence-driven active defense. You can only mitigate those risks that you know and understand.

Aucsmith Consulting Cyber Security

To understand cyber risk, you have to understand cyber conflict.


 In our “information age,” cyberspace is the enabler of commerce and a critical component of national power.  In his age, Alfred Thayer Mahan described the sea as a "great highway" passing in all directions, a domain of trade and international communication with tremendous social and political importance.[1]  He observed that certain lanes of travel, seaports, and communication routes will inevitably be preferred over others, and become recognized as "trade routes," which over time can have a significant influence on national and international commerce, and the course of history.[2]  Cyberspace is the “great highway” of our age.  It too has “ports” (e.g., data stores, sensors, weapons, and commercial systems) and “trade routes” (e.g., fiber optic cable and satellite links).  It too is a contested space where others try to exert control and influence.

Conflict in cyberspace shares much in common with conflict in the other domains, such as the sea.  We have learned from other domains of conflict that the only way to defend your domain is to know your adversaries capabilities and intentions.  This requires an active process of intelligence.  To not have an intelligence capability is to grant your adversary complete freedom of action where defense is impossible.  To understand and mitigate cyber risk, one has to know and understand the capabilities and intentions of ones adversary with the goal of mitigating cyber crime risk.

[1] Alfred Thayer Mahan, The Influence of Sea Power Upon History. 1660-1783. [With Maps and Plans.] (Charleston: British Library, Historical Print Editions, 2011), 25.

[2] Ibid.


A Theory of War in the Cyber Domain: An Historical Perspective

What would Von Clausewitz have said about cyberspace?

Rethinking Cyber Defense

​We have been trying to create secure systems for over thirty years and have never yet succeeded.  Perhaps we are going about it wrong.

The Technology and Policy of Attribution

​Why attribution is so difficult yet achievable in many circumstances.