Note: This post is for academic and professional awareness only. It explores real-world drone capabilities to highlight emerging security risks- not to promote or enable unauthorized use. If you try any of this without legal clearance, you are not a red teamer- you are a future federal inmate. Bad actors already think this way. The point is to make sure defenders do too.

Anyways,

The other night on the SimplyCyber public-speaking discord I presented my second talk on drones, and decided I would submit this to several CFPs after some suggestion. Anyways this is the long-form of that talk and the youtube series I haven't posted yet.

First off, I didn’t invent anything. I didn’t design these drones, I didn't come up with concepts. I just started paying attention a long time ago.

I dabbled in hacking in high school. A lot of wardriving. Not glamorous, but when you grow up where broadband is rare, mapping SSIDs becomes more necessity than curiosity (ethical? Probably not, but I was 16). That was my entry point into wireless recon: driving backroads, antenna strapped to the dash, logging APs in CSV files just to see what was out there.

I come from the John Robb / Brave New War school of thought (as you know reading any of my earlier posts). I read Global Guerrillas early, followed Robb’s work, and viewed most of my polisci and intel coursework since 2007 through that lens: hybrid warfare, networked insurgency, collapse by system failure, resilient communities and distributed redundancy, etc. It was clear even back then that drones would play a central role in that kind of conflict e.i., cheap, distributed, and hard to defend against.

Back in 2013, I watched a geology grad student use a DJI Phantom to map pit mines in Africa. She demoed it during a remote sensing class, flying autonomous loops and generating 3D terrain models. That stuck with me. I’d already been following 3D printing by then but couldn’t afford to get involved in it at the time, but I watched it evolve. Same with drones. I tracked both fields for years before I had the tools to build anything myself.

Since then I’ve worked in supply chain, federal procurement, defense contracting (not in a cool capacity), and eventually cybersecurity. I’ve also spent time as an artilleryman, a HAZMAT responder, and a bar bouncer, so I’ve seen problems from more angles than just behind a keyboard

I call it a renaissance because we’re not witnessing the birth of drone warfare. We’re witnessing its decentralization, and radical acceleration.

Drones aren't new. Militaries have been flying UAVs since the Cold War. What’s changed isn’t that unmanned systems exist- it’s who can use them, how fast they evolve, and how cheap they’ve become to build and deploy.

What was once the domain of nation-states is now accessible to individuals with a soldering iron, a 3D printer, and a GitHub account.

This is a renaissance in the same way the original Renaissance was: not a moment of invention, but of transformation. Knowledge spreads. Tools get democratized. Power shifts. The ability to conduct long-range reconnaissance, deliver kinetic effects, or passively monitor RF emissions has moved from classified facilities to backyards, garages, and online developer communities.

The means of production and the operational imagination have expanded simultaneously. Everyone has access to what was once elite capability and they're modifying it, scaling it, and sharing it in near real-time. It’s being driven by open systems, not closed ones. The innovation isn’t coming from defense firms with classified contracts. It’s coming from YouTube builders, Telegram tinkerers, and volunteer engineers adapting civilian tech for battlefield use.

A few years ago, “drones” meant military hardware or hobbist camera rigs. Now it means a Raspberry Pi sniffing Wi-Fi from a rooftop, an FPV quad crashing into a trench with a $50 warhead, a fixed-wing platform flying GPS waypoints across denied terrain, or a hobbyist designing a glide kit for a salvaged munition. It means 3D-printing a nosecone overnight to mount a directional antenna. The term no longer describes a tool- it describes a method.

Why Ukraine Mattered

We saw flashes of what drone warfare could become during earlier conflicts; ISIS using modified quadcopters to drop grenades, Azerbaijan deploying loitering munitions against Armenian armor, but it was Ukraine that turned tactical experimentation into a global proving ground.

Since 2022, Ukraine has served as a live-fire lab for the evolution of unmanned systems. Every kind of drone has been deployed there: off-the-shelf DJI quads for recon, FPV racers wired for direct hits, fixed-wing scouts for artillery spotting, and long-range autonomous platforms used for deep strikes. What matters isn't just the variety- it’s the scale, speed of adaptation, and open-source nature of the tooling.

You’re seeing warfighters iterate in real time. Build kits tested one week show up in Telegram channels the next. 3D-printed fins, gimbals, and bomb releases. GoPro cameras wired to cheap transmitters. Raspberry Pi modules mounted inside low-end airframes. It’s not just DIY, it’s distributed innovation under pressure.

The closest analogy is post–World War I aviation. That war introduced aircraft into conflict. But it wasn’t until the interwar years- when doctrine caught up with capability that we saw the full impact: long-range bombers, close air support, carrier ops. Ukraine is playing the same role for drones. The technology existed before, but doctrine hadn’t yet hardened around it. Ukraine forced that shift.

And because the whole world was watching; militaries, hackers, hobbyists- none of it stayed regional. What worked in Mariupol or Bakhmut became global in weeks. Tactical drone use became a global conversation.

“What can be done with a drone is limited only by the laws of physics and imagination.”
                                                                                                                                           — Me, in Discord, last year

again, I’m not breaking new ground here. The idea of using drones for passive surveillance, Wi-Fi recon, or even offensive cyber operations isn’t theoretical. It’s been done. Multiple times. Publicly. There are writeups, case studies, and forensic artifacts to prove it. Case in point:

U.S. Financial Services Company Targeted by Hackers Using DJI Drones
Drone Hacking with Raspberry-Pi 3 and WiFi Pineapple: Security and Privacy Threats for the Internet-of-Things

But most of what’s out there is focused on small quadcopters with short flight times, noisy rotors, and limited reach. Effective, yes, but constrained. They hover close, land nearby, and require real-time operator oversight. That model works for brief engagements or tactical hits. It doesn’t scale for deep recon or long-duration surveillance.
That’s where the platform I'm working on comes in.

What I’m working on is a fixed-wing VTOL drone that merges two roles: Perch and Stare- a rooftop passive node that blends into its environment- and Warflying- a long-endurance, autonomous aerial reconnaissance platform. It launches vertically, transitions to fixed-wing flight for efficiency, loiters silently while collecting, and can land itself with precision to begin passive collection.

Everything is off-the-shelf. Nothing exotic. Raspberry Pi. RTL-SDR. GPS. 3D-printed mounts. Open-source software.

This isn’t an experiment.

It’s a working system. The war-driving payload has already been validated on ground and vehicle-based runs over the past two decades. The airframe has been demonstrated online numerous times. This is not a speculative concept. It’s a modern threat vector that already exists in practice, just under different names, using different tools.

My goal here is simple: take what’s already been proven possible and build it into something longer-range, more autonomous, more repeatable, and more operational.

If you're defending networks, this is your wake-up call.
If you're red teaming, this might soon your toolkit.
If you're a threat actor, well, you might already be using it (and you're a bad person).

This is the Drone Renaissance. The sky isn’t empty anymore. It's part of the attack surface.

The original idea behind Perch and Stare was simple: don’t loiter, don’t hover, don’t make noise. Land. Power down.

Watch and listen.

That’s it.

Drones built around this concept aren’t meant to be visible or agile. They're meant to disappear into the architecture. Rooftops, ledges, canopy lines anywhere that grants a line-of-sight view or scanable APs.

These platforms are typically small multirotors equipped with lightweight payloads: a Raspberry Pi, an SDR, a GPS module, and some kind of storage or uplink path. Once deployed, they cut thrust and enter a low-power state. From there, they operate as passive nodes collecting Wi-Fi beacon frames, observing signal strength patterns, even logging BLE traffic in some builds.

Some versions have launched Evil Twin attacks or executed MITM traffic capture using preloaded scripts. Others go further by spoofing SSIDs, forcing deauths, or intercepting device reauth handshakes for offline cracking.

But the real power of Perch and Stare isn’t the payload. It’s the operational profile.

A motionless node on a rooftop likely wont trip a camera system. It doesn’t cross badge readers. It doesn’t need to penetrate a  traditional security perimeter. It doesn’t even need a stable uplink. It just needs proximity and a few hours of proximity to your infrastructure.

What makes this model work and what makes it hard to detect is its absolute minimalism. No RF noise beyond passive scanning. No movement. No transmissions. It’s quiet by design.

The only real constraint? Range.

Multirotors don’t travel far. They drain power fast. They’re loud in low ambient environments and can get flagged on security cams when descending into high-walled zones. Once you factor in limited flight time, they’re best used for short-range, urban insertions.

What I’m working on now is removing that constraint.

By moving this concept onto a fixed-wing VTOL platform, I’ve taken the same operational profile- silent, low-power, passive- and given it endurance, altitude, and range. Now the same Perch and Stare function can be executed dozens of kilometers away from the launch point, deployed autonomously, and extracted without line-of-sight piloting.

This isn’t replacing the original concept. It’s building upon it.

Most organizations defend laterally.

Their security models focus on horizontal boundaries, entry points, physical perimeters, credentialed access, and VLAN segmentation. Wi-Fi audits happen at the floor level. Sensors live inside the walls. Defense stops at the edge of the building.

Those signals don’t respect drywall. They don’t stop at windows. They don’t care about fence lines or property boundaries. RF propagates in all directions- out, up, and through.

A drone doesn’t need to be in your lobby to hear your network. It just needs to be within range of your signal leakage. And modern buildings leak RF in all directions, especially upward. Rooftop glass, HVAC exhausts, high-rise balconies, poorly shielded conference rooms all act as transmission points for signals you didn’t mean to share.

The real failure isn’t that these platforms exist. It’s that most threat models don’t account for them.

Drones operate in an airspace that corporate security rarely monitors. There’s no alarm for a small fixed-wing platform flying 100 feet overhead. There’s no alert for a passive SDR that logs your Wi-Fi SSIDs from a rooftop. And unless you're explicitly looking for thermal or EM signatures, there’s nothing to detect a powered-down node collecting quietly for hours at a time.

Meanwhile, the data they collect is actionable. It maps real-world network exposure. It shows which access points are misconfigured. It identifies signal overlap between secured and guest networks. It reveals infrastructure you didn’t even know was active.

The goal of this platform is straightforward: build a low-cost, autonomous drone that can collect wireless broadcast metadata at altitude, over range, and without operator input. No manual piloting. No remote control. No onboard transmission. Just launch, fly, log, land, and recover.

The platform is the Flightory Stallion V2: a fixed-wing vertical takeoff and landing drone with long flight endurance and a modular frame. It lifts vertically from constrained spaces, transitions to efficient horizontal flight, and can loiter or land on rooftops for passive surveillance. VTOL is non-negotiable: if you're landing on HVAC units or narrow rooftops, you need the precision of vertical descent.

The core payload is built around a Raspberry Pi 4, running headless Linux. It manages scan cycles, GPS sync, log storage, and power management. No GUI. No bloat. Just scripted recon and timed scan intervals.

Sensor Stack:

• RTL-SDR Blog V3: tuned to 2.4GHz (5GHz is doable with adjustments), logs beacon frames from Wi-Fi access points
  
• VK-172 USB GPS module: attaches geolocation data to each scan event
• Omnidirectional antenna: 3D-printed mount, positioned to minimize coupling and RF noise
• High-capacity SD card: stores raw logs in CSV and KML formats
• USB power bank or direct LiPo tap: selected based on mission profile and weight budget

The entire payload is bracketed using custom 3D-printed housings to reduce vibration, shield RF interference between modules, and maintain clean cable routing inside the fuselage. Every component is modular. Every bracket is replaceable. The design is meant to be iterated.

Mission Workflow:

1. Flight path planning: waypoints defined using GPS overlays and RF interest zones
2. Vertical takeoff: launched from a parking deck, field, or rooftop
3. Autonomous flight: scans begin at altitude, metadata is timestamped and stored
4. Optional perch phase: drone lands on a predefined rooftop and enters passive mode
5. Recovery or exfil: either lands on return, or continues logging until operator recall

The goal is for no live data is transmitted during the mission. Everything is stored onboard. Post-flight, logs can be processed through Kismet, GIS overlays, or custom visualization scripts to generate heatmaps of SSID coverage, signal leakage, and AP misconfiguration.

This purpose of this drone isn't to interact with anything. It shouldn't transmit. It shouldn't connect. It shouldn't probe, inject, or interfere.

It will listen.

Specifically, it will passively capture broadcast metadata from wireless access points- data that is already being emitted into the environment by design. These are the same beacon frames that Wi-Fi networks send out continuously to announce their presence. Every device sees them. The drone logs them.

Each scan cycle produces records like this:

• SSID (network name—hidden if not broadcast)
• BSSID (MAC address of the access point)
• Channel (operating frequency)
• Encryption type (WPA2, WPA3, Open)
• Signal strength (RSSI, relative to drone position)
• GPS coordinates (lat/lon from onboard module)
• UTC timestamp (synced at time of log)

These records are stored in both CSV and KML formats. CSV supports post-processing and filtering. KML enables quick geospatial visualization using tools like Google Earth, QGIS, or custom RF mapping overlays.

In a single flight, the system builds a top-down RF footprint of a target area revealing exactly how wireless signals bleed across floors, rooftops, and adjacent properties. From the air, patterns become visible that ground-based audits can’t detect: overlapping coverage zones, unsecured guest networks bridging into production space, directional antennas leaking off-axis, and APs broadcasting into public spaces that were assumed to be shielded.

And hopefully it does all of this with zero touch.

There’s no handshake interception. No deauth packets. No packet injection. Nothing that would trigger intrusion detection systems or trip alarms. This is pure signal intelligence, gathered passively from the air by a node the network never sees.

In dense urban environments, even a short 10-minute flight at moderate altitude can yield hundreds of SSIDs, dozens of networks, and enough metadata to map out which access points are misconfigured, duplicated, or extending beyond their intended coverage zone.

And from a red team perspective, that metadata becomes targeting intelligence, just look at Wigle for an example. From a blue team perspective, it’s a visibility gap most orgs didn’t know existed or ignore.

This platform doesn’t work without additive manufacturing, aside from the 3D printed airframe.

Off-the-shelf components rarely fit together cleanly, especially when you’re mounting SDR modules, antennas, GPS units, and Raspberry Pi boards inside an airframe designed for hobbyist payloads. Vibration causes data loss. RF coupling skews signal strength readings. Poor cable routing introduces interference. In flight, small mechanical problems become mission failures.

3D printing solves all of it.

Every component on this drone is mounted in a custom-printed bracket, modeled for exact dimensions, tuned for flight weight, and optimized for electrical separation. Brackets snap into the Stallion V2’s fuselage with precision-fit tolerances. The designs isolate power rails, suppress RF bleed between the GPS and SDR, and lock down fragile USB connections under vibration load.

Need to swap antennas? Print a new housing with different polarity.

Need to adjust the Pi orientation to improve airflow? Redesign in CAD, reprint, remount in the same day.

These aren’t cosmetic mods. They’re structural integrations; if the payload isn’t bolted on. It’s embedded. This matters in flight. A misaligned antenna drops signal fidelity. A loosely mounted SDR vibrates under G-forces and corrupts logs. Poor grounding turns telemetry into noise. A field-ready platform can’t tolerate that kind of failure chain.

With 3D printing, you can fix those problems without a machine shop.

It also makes the system replicable. STL files can be shared, remixed, adapted to different airframes. If you have a printer and a few spools of filament, you’re not just building a drone, you’re building an RF recon lab you and others can iterate on in however long it takes to refine and print the new parts.

Ten years ago, this kind of platform belonged in a white paper like the one I posted earlier in this post. Today, it’s a week of building, less if you have more than one printer running hot and nothing but free time.

Not because the laws of physics changed. Because everything around the drone did.

The war in Ukraine proved that DIY drones are viable in active combat zones. What started as hobbyist gear has evolved into battlefield infrastructure equipped with ISR (intelligence, surveillance and reconnaissance) payloads, shaped-charge warheads, and telemetry links built from repurposed consumer hardware. They’re cheap. They work. And they’ve rewritten the doctrine for how small, expendable platforms are used in contested environments- which might include all environments if you adhere to the concept of grayzone/ 5th gen warfare theory.

That mindset bled into security research.

At the same time, the open-source ecosystem exploded. GitHub is now full of wireless recon tools, SDR drivers, automated attack frameworks, and Raspberry Pi-based flight controllers. STL files for precision brackets, gimbal mounts, and airframe mods are published on demand. Discord channels replaced vendor support.
The barrier to entry has collapsed. And the window of exclusivity is gone.

You no longer need proprietary hardware or closed documentation. You need commodity parts, cheap compute, and time. That’s it.

We’re not looking at the future. We’re looking at an unevenly distributed present. This is what threat actors are already doing with less power, less range, and fewer constraints.

This platform just makes it modular, scalable, and autonomous.

This build is 100% legal. Every component is commercially available. The software is published under permissive licenses. And every technique has precedent- documented in security conferences, proof-of-concepts, and academic papers. This isn’t edge-case theory. It’s a repackaging of known tools into a more capable platform.
And that’s the inflection point.

The only difference between a red team recon platform and an adversarial payload delivery system isn’t code or hardware- it’s intent, and intent is hard to detect when the system never transmits, that said this platform could very easily and quickly be retooled for offensive cyber in which case it would be detectable and damaging.

Let’s be explicit up front: this would be illegal without authorization.

The FAA does not allow unlicensed drone activity over occupied buildings. (FAA Laws)  Cyber intrusion laws prohibit unauthorized access to networks or devices. But threat actors- by definition- do not care about regulatory frameworks when already engaging in illegal activity. So this is not a question of if someone could do it. It’s a question of how it would be done if someone already intended to act outside the law.

Here’s how I’d approach it if this were an offensive engagement and I was a very bad person who belongs in jail.

Phase 1: Reconnaissance and Planning
The target environment is mapped using publicly available satellite imagery, street-level photography, and open-source intelligence on corporate infrastructure i.e. Google Earth. The goal is to identify flat rooftops or exposed balconies near broadcast access points. HVAC clusters and utility boxes are preferred for concealment.

Building materials are considered- light-colored gravel, black tar, concrete slab. The drone’s upper surface is painted to match. Reflective components are masked. LEDs are disabled. The underbody is dulled to blend with overcast sky tones during ingress.

Flight plans are calculated to minimize noise, silhouette, and transit time. Launch occurs from a remote location, potentially inside a vehicle, using terrain masking to avoid detection.

Phase 2: Insertion and Landing
The drone executes vertical descent onto the target rooftop during a low-activity window—typically after 0200 hours. Weather conditions are selected for wind cover and low visibility.

Once landed, the platform enters a fully passive surveillance state. The payload is dark. No RF emissions. No movement. Scan cycles are initiated periodically using internal timers or a GPIO-triggered watchdog. Logs are written locally- no telemetry, no uplink.

From this perch, the drone collects beacon frames, SSID broadcast data, and BSSID metadata from nearby wireless networks. Depending on altitude and structure, this includes coverage from multiple floors and adjacent buildings. If configured, the system can also capture WPA2 handshakes during client reauth events.

Phase 3: Offensive Activation (If Escalating)
If the mission scope includes active exploitation, the same Raspberry Pi payload can run a secondary script set. With an additional Wi-Fi adapter capable of packet injection:

• Evil Twin attacks can be launched to impersonate legitimate SSIDs and attract client devices.
• Captive portal phishing can harvest credentials or fingerprint device types.
• Deauthentication attacks can trigger reconnect events for handshake capture.
• MITM relays can route client traffic through the drone and backhaul via LTE.

None of this requires physical presence on site.

Phase 4: Power Management and Endurance
During idle cycles, the drone enters deep sleep. Wake intervals are adjustable, a scan every 10, 30, or 60 minutes. A lightweight 5W solar panel mounted flush to the fuselage can sustain these cycles for multiple days, depending on environmental light conditions.

Phase 5: Exfiltration and Recovery
After a predefined mission duration say, 12 hours, 48 hours, or longer- the drone powers up, acquires GPS, and takes off autonomously. Return-to-home logic guides it to a remote waypoint, dead-drop zone, or mobile recovery vehicle. If telemetry confirms the drone is compromised, it deletes logs and executes a soft crash.

If conditions prevent recovery, fallback logic lands it in a secondary location. Failsafe scripts can zero storage or overwrite logs. In some cases out of Ukraine, the drone self destructs via an overheated battery or worse, a small thermite or chemical charge- but on top of everything else, you're asking for several more major felonies and probably a terrorism up-charge on your already several felonies.

This post is written strictly for academic curiosity and professional awareness. I’m a security practitioner, not an operator. Everything discussed here is grounded in publicly available information and off-the-shelf hardware, with the goal of highlighting what I believe is an emerging and underappreciated risk vector in modern security models.

It also happens to feed my nerd ego and give me an excuse to go deep on something I’ve been fixated on since undergrad- because ADHD and hyperfocus are hell of a drug.

Let’s be absolutely clear: doing any of this without authorization is illegal. Deploying drones for recon or interference without FAA approval and without the consent of the property owner is a fast track to federal charges, not a hacker badge. We’re talking felony territory. Hard time. The kind of prison with fluorescent lighting, bad food, worse roommates, no Wi-Fi, and absolutely zero tolerance for “but I was just testing.”

I’m not the first person to think this up. And that’s the problem. Bad people are already thinking about this. Some of them are already doing it. The goal here is to make sure defenders are thinking just as creatively before this becomes standard playbook.

Think responsibly. Build legally. Get your Part 107.

Don’t be an idiot.

Security professionals must rethink their approach to modern threats. Today’s security landscape is no longer defined by traditional, large-scale conflicts. Instead, it’s shaped by gray zone warfare, cyberwarfare as non-kinetic fires, and decentralized, adaptive threats that operate outside conventional boundaries.

Robb emphasizes that most security failures stem from bad orientation—misreading the situation and relying on outdated mental models. Traditional security frameworks focus on control and centralization, but modern threats are networked, unpredictable, and constantly evolving. The solution? Shift toward resilience and decentralization, building systems that can absorb shocks and recover quickly.

Brose frames cyberwarfare as non-kinetic fires, highlighting that attacks on critical infrastructure and digital systems can achieve the same disruptive impact as physical attacks without ever firing a shot. Understanding cyber threats through this lens helps security professionals realize that cyberattacks are not isolated incidents—they're part of larger geopolitical strategies designed to destabilize and erode trust.

A key theme throughout is the importance of decentralized and redundant systems. Whether it’s microgrids in energy or distributed cloud storage in cybersecurity, resilience comes from removing single points of failure and ensuring critical operations continue even when parts of a system are compromised.

Finally, gray zone warfare—a space between peace and open conflict—has become the new normal. Threat actors exploit gaps in traditional security systems using tactics like disinformation, economic coercion, and cyberattacks. Security professionals must adapt by embracing layered defenses, understanding the political context behind attacks, and recognizing that the battlefield is everywhere.

The future of security isn’t about preventing every attack—it’s about anticipating disruptions, absorbing damage, and recovering faster

Open-source warfare and the rise of super-empowered individuals are redefining the nature of conflict in the modern era, blurring the lines between traditional warfare, cybersecurity, and politics. Historically, warfare was the domain of nation-states, fought on defined battlefields with formal declarations. Today, those boundaries have dissolved. Individuals and decentralized groups now have the power to disrupt critical infrastructure, manipulate public opinion, and even influence global events- all without the resources or formal backing of a state.

The concept of open-source warfare revolves around decentralized actors sharing tools, tactics, and knowledge in real time. This collaboration allows even small groups to achieve outsized impacts, whether through cyberattacks, disinformation campaigns, or improvised weaponry. The rise of super-empowered individuals- highly skilled actors who operate independently- further amplifies this dynamic. These individuals, using open-source tools, can influence or disrupt systems on a scale that was once unthinkable for non-state actors.

Gray Zone Warfare refers to actions that fall between peace and open conflict, where state and non-state actors use tactics such as cyberattacks, misinformation, economic manipulation, and proxy forces to achieve strategic objectives without triggering a conventional military response. These methods exploit ambiguities in international law, making them challenging to address effectively. Examples like Russia’s use of unmarked troops in Crimea and their cyber operations targeting Ukraine’s infrastructure to show how gray zone tactics are applied in real-world scenarios.

Systems disruption, a concept that focuses on targeting the vulnerabilities in critical infrastructure such as power grids, supply chains, and communication networks. As illustrated by events like the 2024 CrowdStrike software failure, even small disruptions in these interconnected systems can create cascading effects that impact millions. Systems disruption isn’t just about causing immediate damage—it’s about destabilizing societies by undermining the structures they depend on. This discussion draws on insights from John Robb’s Brave New War, which has proven prescient in describing how modern conflicts are increasingly defined by these vulnerabilities.

The societal and psychological impacts of these tactics are significant. When critical services fail, trust in institutions erodes, and the resulting instability can be as damaging as the disruptions themselves. As these strategies become more common, understanding their mechanisms and implications is vital for building more resilient systems.

Books Mentioned in This Episode:

📚 Brave New War by John Robb
📚 Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath by Ted Koppel
📚 Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg 📚 The Kill Chain: Defending America in the Future of High-Tech Warfare by Christian Brose

Modern conflict has shifted from traditional battlefields to interconnected systems, where decentralization and technology redefine warfare. Christian Brose’s The Kill Chain outlines how outdated, centralized systems hinder the U.S. military’s ability to respond to threats in a world defined by AI, automation, and cyber capabilities. Brose critiques the reliance on slow, hierarchical decision-making and legacy platforms, emphasizing the need for speed and adaptability in modern warfare.

Cyberwarfare, which Brose terms "non-kinetic fires," breaks free from conventional constraints like geography and resources. Attacks can be launched globally with minimal investment, prioritizing disruption over destruction. John Robb’s Brave New War complements this by focusing on systems disruption, where adversaries exploit vulnerabilities in infrastructure to destabilize larger powers. Cyberwarfare embodies this approach, allowing small groups or individuals to wield disproportionate influence with precision and minimal risk.

For cybersecurity professionals, these frameworks are essential. Understanding the kill chain’s emphasis on detection, decision-making, and action aligns directly with modern cyber defense. The future of security depends not just on technical solutions but on adopting the speed, adaptability, and strategic thinking that define today’s conflicts. The information age demands resilience and a deeper grasp of the strategies shaping both physical and digital threats.

You can read the blog post on the subject here

Unfortunately, scammers are everywhere these days, and they’re constantly finding new ways to manipulate people. It could be a fake charity asking for donations or a romantic interest trying to pull at your heartstrings, their tactics are designed to trick you into trusting them. It’s easy to think, “That won’t happen to me,” but it can happen to anyone. My great aunt, for instance, lost $45,000 to a charity scam because she genuinely believed she was helping build a church in Ghana. It wasn’t until she tried to wire another $100,000 that a banker noticed something was wrong and stepped in.

Scammers exploit trust, emotion, and often our personal interests (OPSEC OPSEC OPSEC). Take, for example, my college roommate who almost got conned while selling a laptop on Craigslist. She was contacted by someone claiming they needed the laptop for their son in Africa, a story that hit close to home for her since she had been on mission trips there, which I suspect was found out through looking at her social media. The scammer likely used that personal connection to try to make the story believable, hoping she wouldn’t question it. Luckily, she sensed something wasn’t right when they asked for money to cover shipping and backed out just in time.

Then there are romance scams which can be even more painful. In my hometown, a woman flew to the UK to meet a man she thought she had been in an online relationship with, only to realize he didn’t exist. Before she even made the trip, she had already sent him money, believing he needed it for his flight. Scammers in these situations spend months building trust before asking for financial help, making it harder for the victim to realize what’s happening until it’s too late.

The key to avoiding these situations is understanding how scammers operate. A great way to do that is by learning from two concepts: Pre-Incident Indicators (PINS) from The Gift of Fear by Gavin de Becker and the OODA loop developed by military strategist Col. John Boyd. De Becker emphasizes the importance of trusting your gut—our instincts are designed to protect us, but too often we ignore them. If something feels off, don’t rationalize it away, it’s probably off. Recognizing the early PINS, like someone pushing for urgency or refusing to take “no” for an answer, can help you catch a scam before it goes too far.

The OODA loop—Observe, Orient, Decide, Act—helps you take control of a situation by slowing things down. Scammers want you to feel rushed, so you don’t have time to think critically. The loop allows you to step back, assess the situation, and decide on the best course of action without being pressured into a decision.

The bottom line is this: scammers rely on confusion, emotional manipulation, and most importantly speed to achieve their objective. The more you can recognize their tactics, the better able you’ll be to avoid falling into their traps. If something feels wrong, trust yourself and take the time to verify the details.

Christian Brose's The Kill Chain fits into John Robb's Brave New War worldview through a shared recognition of how modern warfare is increasingly defined by technology, decentralization, and the exploitation of system vulnerabilities. Both authors articulate how traditional military doctrines and approaches are becoming obsolete in the face of rapidly evolving threats that leverage technology and asymmetric tactics.

In The Kill Chain, Brose emphasizes that the U.S. military must transition from an outdated model of warfare, which relies on heavy, centralized, and hierarchical systems, to one that is networked, decentralized, and automated. This is in direct alignment with Robb’s view of modern conflict, where networked actors—whether state or non-state—exploit the interconnectedness of global systems to disrupt, degrade, and destabilize powerful adversaries. Robb describes how global guerrillas use these networks to operate in small, autonomous groups, bypassing traditional state hierarchies to attack vulnerable infrastructure.

Brose and Robb both argue that the future of conflict is not about large, conventional forces clashing head-on. Instead, it’s about how fast and effectively forces can operate within a distributed, digital network that connects sensors, decision-makers, and weapons systems. Brose’s kill chain is a system designed to integrate these capabilities at speed, while Robb’s global guerrillas are adept at targeting the weak links in such systems to bring them down.

From Robb’s worldview, the ability of non-state actors and smaller forces to act quickly, adaptively, and asymmetrically is key. Brose, too, is concerned with the speed of decision-making and action in military operations. He emphasizes the need to automate parts of the kill chain with AI and autonomous systems to match the speed of modern threats, which aligns with Robb’s emphasis on networked, fast-moving actors who can outmaneuver larger, slower bureaucratic systems.

Robb’s systems disruption theory is central to Brave New War. It argues that future wars will be less about physical destruction and more about disrupting the complex, interconnected systems that modern states and societies depend on. In Robb’s view, global guerrillas don’t need to defeat a state militarily; they only need to disrupt the systems that allow the state to function i.e. power grids, communication networks, and financial systems. This strategy of targeting critical infrastructure with minimal resources is designed to create cascading failures, causing widespread chaos and undermining state power.

The Kill Chain echoes this vulnerability. Brose argues that the U.S. military’s overreliance on large, centralized systems, such as aircraft carriers and advanced fighter jets—makes it highly susceptible to disruption. Adversaries like China and Russia have focused on developing systems designed to disable or disrupt these legacy platforms by attacking their command-and-control infrastructure, sensors, and communications; the kinds of targets Robb’s global guerrillas would aim for in a conflict.

Both Brose and Robb emphasize the growing importance of cyber warfare as the key tool for systems disruption. For Robb, cyberattacks are the ultimate non-kinetic fires ( a term that suck with me after reading The Kill Chain) or a way for small, decentralized actors to create massive effects on a technologically advanced adversary by attacking the digital infrastructure that underpins its military and civilian systems. Brose describes how adversaries can exploit U.S. military vulnerabilities with cyberattacks, jamming sensors, blinding satellites, or injecting false data into decision-making systems, effectively breaking the kill chain before it can even begin.

Robb’s Brave New War is built around the idea of asymmetric warfare, where smaller, less powerful actors can challenge larger states by using unconventional tactics and low-cost, high-impact attacks. He also introduces the concept of open-source warfare, where tactics, techniques, and technologies are shared across decentralized networks of non-state actors, enabling them to rapidly innovate and adapt.

Brose’s The Kill Chain acknowledges this asymmetric threat but from the perspective of state-on-state conflict. He describes how China and Russia, instead of trying to match the U.S. militarily with traditional platforms, have adopted asymmetric strategies that focus on neutralizing America’s strengths. These adversaries invest in capabilities designed to disable U.S. power projection by attacking weak points in its command-and-control infrastructure, electronic warfare, and space-based assets. Brose’s warnings about this shift align with Robb’s vision of how smaller or less-resourced actors can use asymmetric tactics to outmaneuver and disrupt a more powerful adversary.

Additionally, Robb’s idea of open-source insurgency ties directly into the nature of cyber warfare, which Brose sees as critical in future conflicts. In Robb’s framework, tools for systems disruption, like cyber exploits, can be shared across a global network of actors, allowing even small groups to gain access to powerful technologies that can cripple a state’s infrastructure. Brose’s analysis echoes this by highlighting how easily cyber tools can be developed or acquired by both state and non-state actors, further amplifying the asymmetric potential of modern warfare.

Both Robb and Brose agree that the U.S. military must adapt if it hopes to remain competitive in the future of warfare. For Brose, this means breaking away from the obsession with legacy systems like aircraft carriers and embracing new technologies like artificial intelligence, automation, and space-based surveillance. He advocates for the U.S. military to move towards a distributed, networked system of warfare where the kill chain is automated and decisions are made at machine speed.

Robb’s prescription for surviving in this new environment is similar. He advocates for a more resilient, decentralized system, where the state adopts the same kind of adaptive, networked thinking that its adversaries use. For both authors, the future is about speed, agility, and flexibility, not overwhelming firepower or centralized control. In Robb’s world, the state that can out-think and out-adapt its adversaries will survive, while the one that clings to legacy platforms will be left vulnerable to systems disruption and decentralized attacks.

In Robb’s framework, non-state actors like global guerrillas use open-source tactics and systems disruption to paralyze more powerful adversaries, a strategy that is echoed in Brose’s analysis of how China and Russia are developing asymmetric capabilities to disable the U.S. military’s kill chain. Both authors warn that the future of warfare will be determined not by who has the most firepower, but by who can best adapt to the challenges of this networked, decentralized, and technology-driven world.

Recently, I finished this book on the way to WWHF. The Kill Chain: Defending America in the Future of High-Tech Warfare by Christian Brose is an examination of the United States’ military vulnerabilities in the face of rapid technological advancements and the shifting nature of modern warfare.

Brose, who served as the staff director of the Senate Armed Services Committee and as a senior advisor to Senator John McCain, leverages his insider perspective to offer a sobering critique of how the U.S. military is failing to adapt to the challenges of a new era defined by AI, automation, and cyber capabilities.

The “kill chain” concept refers to the sequence of detecting a threat, deciding on a response, and taking action to neutralize it. Traditionally, this process involved human decision-makers at each stage, but modern warfare demands faster, more automated processes. Brose argues that America's military kill chain is slow, centralized, and heavily reliant on legacy systems that are vulnerable to disruption.

The Kill Chain contends that the United States is locked into an outdated model of warfare, one that emphasizes traditional platforms like aircraft carriers, fighter jets, and tanks. These systems, Brose argues, belong to an era of industrial-age warfare that is quickly becoming obsolete in the face of information-age threats. Today’s conflicts are increasingly defined by “data, sensors, autonomous systems,” and the ability to leverage these technologies to achieve real-time decision-making and action; essentially, how quickly and effectively a military can complete its “kill chain.”

Brose paints a stark picture of how adversaries like China have studied the U.S. military's strengths and weaknesses and developed strategies to counter them. Rather than attempting to match the United States platform for platform, China has focused on developing capabilities that can exploit the vulnerabilities of America's complex, interconnected military systems. These capabilities include advanced cyberwarfare tools, electronic warfare systems, and precision-guided missile technology designed to target the weak links in America's kill chain.

The book explores how China’s investment in these areas is part of a broader strategy to neutralize America’s advantages. China has invested in anti-ship ballistic missiles that can target U.S. aircraft carriers, developed advanced electronic warfare capabilities that can jam or blind U.S. surveillance systems, and built extensive cyber capabilities to compromise American military networks. These developments challenge the dominance of the U.S. military, as they can render its traditional platforms ineffective before they can even enter the battlefield.

Brose makes the case that the United States is at risk of losing its strategic edge because it has not adequately adapted to this shift. The U.S. military's focus on maintaining and expanding expensive legacy systems leaves it poorly positioned to counter adversaries who are innovating more rapidly and adopting strategies that focus on disrupting America’s ability to respond effectively.

The Kill Chain does not shy away from critiquing the entrenched bureaucracy of the Pentagon and the defense-industrial complex. Brose highlights how the procurement process is bogged down by inefficiency, resistance to change, and an obsession with maintaining traditional platforms. He argues that this mentality has led to a situation where the U.S. spends billions on legacy systems that may never be effective in a future conflict.

Brose is particularly critical of the U.S. defense budget's emphasis on sustaining existing programs rather than investing in new technologies. He contrasts this with China’s approach, where the focus is on developing capabilities that can counter the United States’ strengths and exploit its weaknesses. This difference in strategic thinking, Brose suggests, has created a scenario where the U.S. could be outmaneuvered in a future conflict, not because it lacks resources, but because it has failed to innovate and adapt.

One of the more urgent messages in The Kill Chain is the need for the United States to integrate emerging technologies like artificial intelligence and autonomous systems into its military strategy. Brose argues that these technologies are not just enhancements to existing capabilities but are the keys to unlocking a new model of warfare where decisions can be made at machine speed.

In a world where threats emerge and change rapidly, relying on human decision-making in the kill chain can be a fatal flaw. Brose envisions a future where AI-enabled systems can identify, track, and prioritize threats autonomously, with human oversight serving as a guide rather than the primary decision-maker. This shift would enable the military to operate faster and more efficiently, adapting to threats in real-time rather than relying on slow, hierarchical chains of command.

Brose highlights that the private sector is already leading in many of these areas, with companies like SpaceX and Palantir driving advancements in AI, space-based surveillance, and data analysis. He advocates for greater collaboration between the Department of Defense and these innovative private companies, arguing that such partnerships are essential if the U.S. military is to harness cutting-edge technology and maintain its competitive edge.

Brose argues that America must embrace a new way of thinking about warfare—one that prioritizes speed, agility, and the ability to operate across a distributed, networked battlefield. This requires a willingness to take risks, to abandon the comfort of legacy platforms, and to invest in technologies that can make the military more effective in an era of information warfare.

He also emphasizes that the future of warfare will not be won by having more tanks or aircraft carriers but by building systems that can see, think, and act faster than those of adversaries. This means focusing on developing the infrastructure for autonomous drones, space-based sensors, and AI-driven analysis tools that can turn data into action in milliseconds

Gray zone warfare occupies the ambiguous space between peace and open conflict, where actors engage in aggressive activities that fall short of conventional war. These actions are designed to achieve strategic objectives while avoiding direct military confrontation and maintaining plausible deniability. Gray zone tactics exploit gaps in international law and norms, making it difficult for targets to justify a forceful response.

Cyberattacks have emerged as a quintessential tool of gray zone warfare, operating in the space with particular effectiveness. It allows state and non-state actors to inflict significant damage on adversaries without crossing the threshold that would trigger traditional military retaliation. This ambiguity makes cyberattacks especially attractive for those seeking to advance their interests while minimizing the risk of escalation.

Common gray zone tactics include cyberattacks, disinformation campaigns, economic coercion, and the use of proxy forces. In the cyber domain, these methods often target critical infrastructure, financial systems, and government networks. Such attacks can disrupt essential services, undermine public trust, and cause economic damage without physical destruction. The 2015 and 2016 attacks on Ukraine's power grid, attributed to Russia, are examples of this approach. By temporarily disabling portions of the grid, the attackers demonstrated their capabilities and instilled fear without triggering a military response.

The attribution problem inherent in many cyberattacks further aligns them with gray zone tactics where sophisticated actors can mask their identity, use false flag operations, or leverage compromised systems in neutral countries to launch attacks. Obfuscation creates plausible deniability, complicating diplomatic and military responses. Even when technical evidence points to a specific nation, proving state sponsorship to a level that justifies retaliation often remains challenging.

Russia's actions in Ukraine provide a clear example of gray zone warfare beyond just cyberattacks. The 2014 annexation of Crimea involved the use of "little green men, " unmarked troops that Russia initially denied were its own. This allowed Russia to achieve its objective while muddying the waters of international response. Similarly, Russia's ongoing support for separatist forces in eastern Ukraine, combined with its cyber operations against Ukrainian infrastructure, exemplifies the nature of gray zone tactics.

Cyber espionage operates in a similar gray area. While espionage is an age-old practice, the scale and scope enabled by cyber tools blur the lines between intelligence gathering and active measures. Massive data breaches like the U.S. Office of Personnel Management hack, attributed to China, illustrate how cyber espionage can have strategic implications beyond mere information collection.

The use of cyber tools for election interference represents another facet of gray zone warfare. Disinformation campaigns, hack-and-leak operations, and attacks on voting infrastructure can undermine democratic processes and sow discord without direct military involvement. The alleged Russian interference in the 2016 U.S. presidential election demonstrated the potency of these tactics in shaping geopolitical outcomes while maintaining a veneer of deniability.

Healthcare ransomware attacks are a prime example of gray zone conflict tactics, targeting critical infrastructure in a way that disrupts societies without provoking traditional military responses. By attacking healthcare systems, cyber-criminals, sometimes linked to state actors or allowed to act with certain restrictions from their territory, exploit vulnerabilities to cause significant harm, such as hindering patient care and sowing public fear.

These operations leverage the anonymity and plausible deniability inherent in cyberspace, allowing perpetrators to put pressure on adversaries covertly by "throwing sand in the gears". The increased targeting of healthcare facilities (in my opinion), following geopolitical events like the Ukraine invasion, underscores how such cyberattacks have become key tools in gray zone strategies, blurring the lines between peace and open conflict.

Protecting our data and systems is no longer just about preventing theft or disruption, it's about safeguarding national security and economic stability. The future of conflict is in cyberspace and cybersecurity professionals must see themselves on the front lines of this evolving form of warfare.

John Robb's "Brave New War" and his "Global Guerrillas" blog, despite being penned in 2007, remain eerily prescient reads for today's cybersecurity practitioners. Robb, a former Air Force officer turned analyst, dissects the evolving nature of conflict in a world where traditional power structures are increasingly vulnerable to decentralized, networked threats.

The core thesis revolves around what Robb terms "open-source warfare" a concept where loosely affiliated groups can share tactics, techniques, and procedures to wage asymmetric warfare against nation-states and large organizations. Sound familiar? It's essentially describing the modern threat landscape cybersecurity professionals grapple with daily.

Robb's analysis of how these groups can exploit systemic vulnerabilities to cause cascading failures is particularly relevant. He argues that by targeting critical nodes in complex systems - be it infrastructure, supply chains, or information networks , otherwise small groups can inflict disproportionate damage. This mirrors the potential impact of well-executed cyberattacks on our interconnected digital systems.

The book's exploration of "super-empowered individuals" those who can leverage technology to punch far above their weight is downright prophetic. In an era where a single hacker with the right tools can potentially cripple a multinational corporation, Robb's warnings feel less like speculation and more like a playbook for the threats we face.

What makes "Brave New War" particularly valuable is its focus on resilience and adaptability as key defensive strategies. Robb argues for decentralized, resilient systems that can withstand and quickly recover from attacks - a philosophy that aligns closely with modern cybersecurity best practices like zero trust architecture and defense-in-depth strategies.

For cybersecurity practitioners, "Brave New War" offers a broader context for understanding the threat landscape we operate in. It's not just about protecting networks, but rather it's about comprehending how those networks fit into larger, vulnerable systems that adversaries seek to exploit.

In a field that often gets bogged down in technical minutiae, Robb's strategic-level analysis provides a valuable big-picture perspective. It's a reminder that effective cybersecurity isn't just about firewalls and patches, it's about understanding the evolving nature of conflict in a networked world.

Is it a comfortable read? Hell no. Robb's vision of decentralized, networked threats exploiting our systemic vulnerabilities is downright unsettling. But it's precisely this discomfort that makes "Brave New War" a must-read. It challenges our assumptions, broadens our threat models, and ultimately makes us better prepared to face the brave new world of cyber conflict.

I highly recommend this book and following Robb.

Brave New War:
Amazon
John Robb:
Twitter

Robb's advocacy for resilience through decentralization has gained traction across various sectors, though implementation often lags behind recognition of its importance. The energy sector provides a prime example with the emergence of microgrids as a practical application of Robb's ideas. These small-scale, local energy systems can operate independently of the larger grid, enhancing community resilience against both physical and cyber attacks. The development of microgrids in Puerto Rico following Hurricane Maria demonstrates how decentralization can bolster communities in the face of natural disasters and potential attacks.
Widespread implementation of such decentralized systems remains a challenge. Regulatory hurdles, entrenched interests, and the inertia of existing infrastructure often impede progress. The tension between the recognized need for resilient, decentralized systems and the practical difficulties of overhauling established infrastructure highlights an ongoing struggle in realizing Robb's vision.

In cybersecurity, Robb's concept of open-source security has seen significant adoption. Information Sharing and Analysis Centers (ISACs) in various industries and the Cyber Threat Alliance exemplify this approach, facilitating the sharing of threat intelligence among organizations. This collaborative model allows defenders to share information and strategies as readily as attackers, creating a more robust collective defense.

The rise of bug bounty programs and responsible disclosure policies in the tech industry also aligns with Robb's vision of harnessing collective intelligence for defense. These initiatives have proven effective in identifying and addressing vulnerabilities before malicious actors can exploit them. However, the open nature of these programs also creates potential risks, as information about vulnerabilities could potentially be misused if not carefully managed.
Robb's emphasis on adaptive, network-centric defense has influenced military doctrine, with concepts like the U.S. military's "Multi-Domain Operations" reflecting a more flexible, interconnected approach to warfare. In the corporate world, the adoption of agile methodologies in cybersecurity represents a step towards the kind of adaptive defense Robb envisioned.

Despite these advancements, many organizations still struggle to match the speed and flexibility of their adversaries. The gap between the ideal of rapid, adaptive defense and the reality of organizational constraints highlights the ongoing relevance of Robb's warnings. Balancing the need for agility with the requirements of security and stability remains a significant challenge for many institutions.
The importance of building social capital, strong, trust-based networks within and between communities is particularly relevant in the face of information warfare and social media manipulation. Initiatives focused on digital literacy, fact-checking networks, and community resilience programs would ideally align with this aspect of Robb's thinking, but that has yet to be determined.

Robb's advocacy for localism and community empowerment has seen mixed implementation. Community policing initiatives and local emergency response teams reflect this philosophy, empowering communities to take an active role in their own security and governance. The rise of cryptocurrency and blockchain technologies represents an interesting development in this space, potentially providing tools for local economic empowerment and decentralized governance structures.

However, the trend towards centralization in many aspects of governance runs counter to Robb's recommendations. The tension between local empowerment and the need for coordinated responses to large-scale challenges present an ongoing dilemma in implementing Robb's ideas.

Implementation of Robb's proposed solutions face significant hurdles. Institutional inertia, short-term thinking, and the complexities of coordinating decentralized systems all pose challenges to realizing his vision of a more resilient society. Moreover, some of Robb's ideas, particularly around localism and decentralization, can be challenging to reconcile with the realities of an increasingly interconnected global economy and the scale of transnational threats.

Another idea present in John Robb's "Brave New World" is the the emergence of super-empowered individuals has reshaped power dynamics in ways that challenge traditional governance and security paradigms. While these actors have driven innovation and progress in many sectors, their outsized influence also presents significant risks to societal stability.

On the positive side, super-empowered individuals have been catalysts for transparency and technological advancement. Whistleblowers like Edward Snowden exposed government overreach, sparking crucial debates about privacy and surveillance. In the tech world, entrepreneurs like Elon Musk have pushed the boundaries of what's possible in electric vehicles and space exploration, influencing entire industries through sheer force of will and innovation.
The financial sector in particular has seen similar disruption. The anonymous creator(s) of Bitcoin, known as Satoshi Nakamoto, launched a revolution in digital currencies that's challenged traditional banking systems and concepts of value. This innovation has opened up new possibilities for financial inclusion and decentralized economic models.

However, on the flip side, social media platforms, while democratizing information flow, have also become breeding grounds for disinformation campaigns. Bad actors can now rapidly spread false narratives, manipulating public opinion and potentially destabilizing political systems. The speed and reach of these platforms often outpace traditional fact-checking mechanisms, creating an environment ripe for exploitation.

In cybersec, we see this as individual hackers and small groups have demonstrated an alarming ability to cause outsized disruption. The 2014 hack of Sony Pictures, attributed to a small team of North Korean-linked operatives, embarrassed a multinational corporation and created international tensions. More recently, ransomware attacks by groups like DarkSide have shown how a handful of skilled individuals can disrupt critical infrastructure and extort millions from large organizations.

The financial influence of super-empowered individuals has also shown a darker side. We've seen how a single tweet from a prominent figure can send shockwaves through entire markets, highlighting the precarious nature of systems vulnerable to individual whims. This volatility poses risks not just to investors, but to economic stability more broadly.
These developments present significant challenges for governance and security frameworks. Traditional power structures and regulatory systems were designed to handle nation-state actors or formal organizations. They often struggle to contend with the fluid, unpredictable nature of small groups, much less individual actors empowered by technology. The speed at which these individuals can act often outpaces the ability of institutions to respond effectively.

Looking forward, it's clear that new approaches to security and governance are needed. These must be flexible enough to harness the positive potential of super-empowered individuals while mitigating the risks they pose. This might involve rethinking regulatory frameworks, developing new models of public-private cooperation, and fostering digital literacy to create a more resilient society.

The trend of individual empowerment will likely accelerate as technology continues to evolve. Advancements in AI, biotechnology, and other emerging fields will likely create new avenues for individuals to exert transformative influenc not seen in previous generations.

Continuing with Brave New War by John Robb. The rise of open-source warfare presents us with complex challenges and opportunities. While it has undeniably empowered non-state actors and individuals, this openness also offers potential benefits for defenders and security professionals.

Open-source approaches have revolutionized cybersecurity efforts. Many defense strategies now rely on community-driven threat intelligence sharing and open-source tools. This collaborative model has allowed for rapid identification of new threats and the development of countermeasures at a pace that often outstrips traditional, closed security systems.

However, this same openness that strengthens defense can also be exploited by malicious actors. The freely available nature of many hacking tools and cyber warfare techniques means that sophisticated attack capabilities are no longer the sole domain of nation-states or well-funded criminal organizations. A skilled individual with internet access can potentially wield cyber weapons that were once the exclusive purview of government agencies.

This duality creates a constantly shifting security landscape. Defenders must remain vigilant, adapting their strategies as quickly as new threats emerge. At the same time, they can leverage the collective knowledge and resources of the open-source community to bolster their defenses.

The challenge moving forward lies in striking a balance and harnessing the innovative potential and rapid adaptation of open-source approaches while mitigating the risks they pose to security and stability. This may require a fundamental reevaluation of traditional security paradigms, focusing less on controlling information and more focus on networked resilience and adaptability.

As Robb noted, in this Brave New War, the ability to quickly adapt and learn from a distributed network may prove more crucial than conventional advantages in resources or manpower. This shift demands a new approach to security, one that embraces openness and collaboration while remaining clear-eyed about the potential risks.

Ultimately, open-source warfare has irrevocably altered the nature of conflict and security in our interconnected world. How we navigate this new reality will shape the future of global security for decades to come.

Continuing with John Robb's "Brave New War" which introduced a prescient concept that has become increasingly relevant in our interconnected world: systems disruption. Robb argued that in modern conflicts, targeting critical infrastructure could cause widespread chaos and undermine a state's ability to maintain control. This strategy, focusing on exploiting vulnerabilities in complex systems rather than engaging in direct combat, has proven remarkably accurate in predicting the nature of modern threats.

The core of Robb's insight lies in recognizing the inherent fragility of our interconnected systems. As societies have become more technologically advanced, they've also become more dependent on complex networks of infrastructure from power grids and water supplies to financial systems and communication networks. While these interconnected systems offer tremendous benefits in terms of efficiency and capability, they also present a significant vulnerability. A well-placed attack (or bad update in the case of Crowdstrike) on a critical node can have cascading effects, causing disruptions far beyond the initial point of impact.

Robb's concept goes beyond traditional notions of sabotage or infrastructure attacks. He recognized that in a world of complex, interdependent systems, relatively small actions could have disproportionately large effects. This asymmetry is particularly appealing to non-state actors or smaller powers who lack the resources for conventional military confrontations. By targeting key vulnerabilities in critical systems, these actors can potentially cause widespread disruption and chaos without the need for large-scale military operations.

The psychological aspect of systems disruption is another key element of Robb's analysis. He understood that beyond the immediate physical or economic impacts, successful attacks on critical infrastructure could erode public confidence in the state's ability to provide basic services and security. This loss of confidence can be as damaging as the physical disruption itself, potentially leading to social unrest or political instability.

Robb's foresight in identifying the potential for systems disruption has been validated repeatedly in recent years. Cyber attacks on power grids, ransomware targeting healthcare systems, and disruptions to financial networks have all demonstrated the vulnerability of our interconnected world, the Colonial Pipeline ransomware incident is a good example of this. These incidents have shown that Robb's concept of systems disruption is not just a theoretical construct, but a real and present danger in modern conflicts.

As our reliance on technology continues to grow, so too does the potential for systems disruption. The rise of the Internet of Things, the increasing digitization of critical infrastructure, and the growing sophistication of cyber weapons all point to a future where the risks of systems disruption are likely to increase rather than diminish.

In response to these threats, Robb emphasized the need for resilience in our critical systems. This means not just hardening defenses, but also building redundancy and adaptability into our infrastructure. The goal is to create systems that can withstand attacks or disruptions and quickly recover, rather than cascading into widespread failure.

The CrowdStrike incident of July 19, 2024 serves as a good illustration of the risks inherent in centralized systems, particularly as it relates to cybersecurity. CrowdStrike, a major player in the cybersecurity industry, experienced a critical software update failure that cascaded into a widespread outage affecting millions of devices across various sectors.

The incident began with a seemingly routine software update to CrowdStrike's Falcon platform. However, a misconfiguration in the update caused the security software to malfunction, effectively disabling endpoint protection for a vast number of clients simultaneously. This single point of failure in a centralized system rapidly escalated into a crisis affecting financial institutions, healthcare providers, energy companies, and government agencies. I experienced this first hand with my work laptop and later that morning trying to take the CCSP at a testing center as all the computers were BSOD.

Banks reported disruptions in transaction processing systems, hospitals faced interruptions in accessing patient records, and several power plants had to switch to manual operations due to concerns about compromised industrial control systems. The ripple effects of this outage highlighted how deeply embedded CrowdStrike's services had become in critical infrastructure across multiple industries.
What makes this incident particularly noteworthy is that it wasn't the result of a malicious attack, but rather an internal error, however this is what a crippling cyber attack could look like. This underscores a key vulnerability of centralized systems even without external threats, they can still fail catastrophically. The concentration of so many critical services under one provider created a single point of failure that, when compromised, had far-reaching consequences.

The CrowdStrike outage should serve as a wake-up call about the dangers of over-reliance on centralized cybersecurity solutions and systems. It demonstrated how the very systems designed to protect against disruption can themselves become vectors for widespread disruption when they fail. This incident reinforces the need for diversity and redundancy in critical systems, echoing John Robb's warnings about the vulnerabilities created by our interconnected, centralized infrastructure.

In 2007, John Robb's "Brave New War" introduced a radical new framework for understanding conflict in the 21st century. At the time, Robb's predictions may have seemed speculative, but they have since proven to be disturbingly accurate. Robb argued that the future of warfare would be dominated not by nation-states and traditional military forces, but by decentralized, networked insurgencies and super-empowered individuals who would leverage technology to disrupt societies in ways previously unimaginable.

This book, which I picked up as a freshman polisci major in 2007 shaded many of the papers I wrote, and as I sit here in 2024 writing this, the world has seen Robb's vision unfold in real-time. From the rise of ISIS to the ongoing conflict in Ukraine, from cyber attacks on critical infrastructure to the influence of tech billionaires on global affairs, the concepts outlined in "Global Guerrillas" have moved from the realm of theory to stark reality.

When Robb introduced the concept of networked warfare in "Global Guerrillas" in 2007, it represented a radical shift from traditional military doctrine. Robb envisioned a world where decentralized groups, operating without rigid hierarchies, would challenge state powers through adaptability and resilience. Today, this form of warfare has become the norm rather than the exception, with many parallels to what we see in the cybersec world.

The evolution of cyber warfare provides a perfect parallel to the rise of networked warfare in physical space. In many ways, cyber threat actors were the vanguard of this decentralized, agile approach that's now reshaping conventional conflicts. In cybersecurity, we've long observed how decentralized hacking groups and state-sponsored actors consistently outmaneuver more traditional, hierarchical defense structures.

Consider groups like Anonymous or the countless ransomware gangs operating today. They function as loose collectives, often with members spread across the globe, coordinating their efforts through encrypted channels and dark web forums. This structure allows them to rapidly adapt to new security measures, share zero-day exploits, and launch coordinated attacks that are difficult to attribute or counter.

This dynamic, which emerged in the digital worlds first due to the inherent nature of the internet as a decentralized network, has now manifested in physical conflicts. The ongoing war in Ukraine serves as a prime example of networked warfare in action, mirroring the tactics we've seen in cyberspace.

Ukrainian forces, bolstered by volunteer battalions and local defense groups, initially employed a networked approach that allowed them to effectively resist a larger, more conventionally structured Russian military. These decentralized units operated with high autonomy, making decisions on the ground without waiting for orders from a central command. This flexibility proved crucial in responding to the fluid and unpredictable nature of the conflict, especially during the early days of the 2022 Russian invasion.

However, the effectiveness of Ukraine's networked warfare tactics didn't go unchallenged. As the conflict progressed, Russian forces began to adapt, albeit slowly and at great cost. This adaptation underscores a key aspect of networked warfare - it's not a silver bullet, but rather a constantly evolving approach.

Russia's shift became evident in several ways. They increased autonomy for frontline commanders and adopted smaller, more mobile units. Their information sharing improved, though still not matching Ukraine's speed. The integration of mercenary groups like Wagner, which often operated with more autonomy than traditional military units, allowed for more flexible tactics. Russia also ramped up efforts to disrupt Ukrainian communications through enhanced electronic warfare capabilities.

This evolution mirrors what we see in cybersecurity, where threat actors and defenders are locked in a constant arms race of tactical innovation. The side that adapts faster and more effectively gains a temporary advantage, until the other side catches up. As many of us know, the attackers almost always have the advantage.

The lesson here isn't that networked warfare doesn't work, but rather that its effectiveness depends on continual evolution and the ability to stay one step ahead of the opponent. Ukraine's initial success came from being more adept at networked operations than Russia. As Russia has slowly closed that gap, the conflict has entered a new phase where both sides are employing elements of networked warfare.

This dynamic isn't unique to Ukraine. We've seen similar patterns play out in various conflicts around the world. The rise and fall of ISIS demonstrated how a decentralized network could rapidly gain territory and influence across multiple countries, challenging traditional state powers. Their use of social media for propaganda and recruitment mirrored tactics used by cyber threat actors.

In Mexico, drug cartels operate through highly decentralized networks that extend their influence across vast territories and even into international markets. This structure makes them incredibly resilient and difficult to dismantle, much like persistent cyber threat groups.

The 2020 protests and riots in the United States saw decentralized groups like Antifa rapidly mobilize and coordinate actions across multiple cities, often outmaneuvering more hierarchical law enforcement structures.
The prevalence of networked warfare poses significant challenges to traditional military and security structures in both cyber and physical domains. State actors are being forced to adapt, moving away from rigid command hierarchies towards more flexible, mission-oriented command structures. However, this adaptation is often slow and hampered by institutional inertia.

In cybersecurity, defenders often find themselves playing catch-up, constrained by organizational hierarchies, compliance requirements, and the need to protect vast attack surfaces. The "assumed breach" mentality that's become prevalent in cybersecurity is a tacit acknowledgment that networks will be compromised, the goal is now to detect and respond rapidly rather than trying to create an impenetrable perimeter.

This mindset has carried over to physical conflicts. Ukrainian forces, adopting an approach similar to modern cybersecurity practices, operate under the assumption that Russian forces will break through at some point. Their networked structure allowed them to rapidly detect incursions and respond flexibly, much like a well-designed incident response plan in cybersecurity.

The line between cyber and physical warfare will likely continue to blur. The skills and mindset required to operate effectively whether you're a cyber defender or a military strategist are remarkably similar. Adaptability, decentralized decision-making, and the ability to function as part of a resilient network are becoming the core competencies of modern conflict, regardless of the domain.

The success of networked actors in recent conflicts, both in cyberspace and on physical battlefields, underscores Robb's prescient understanding of how technology and social dynamics would reshape modern warfare. However, it also highlights that networked warfare isn't a static concept, but a dynamic, evolving approach that requires constant innovation to remain effective.

As the 21st century marches on, the ability to operate in a networked, decentralized manner and to continually evolve these tactics will likely become even more critical in determining the outcome of conflicts, both large and small, in all domains of warfare. The challenge for both state and non-state actors will be the continuous adaptation and innovation to stay ahead in this new generation of warfare.

In 2004, the internet was a different world. Social media was in its infancy, smartphones didn't exist, and the web was still very much a digital frontier. It was in this context that I stumbled upon Mike Outmesguine's "Wi-Fi Toys". In 2004 was a teenager with more curiosity than sense, thumbing through a book that would unknowingly pop into my memory as I relearned a lot of networking basics.

"Wi-Fi Toys" was like a cookbook for tech mischief, filled with projects and was a gateway to a world of possibility.
My pride and joy, and magnum opus of this time in my life was a war driving rig cobbled together from a basic laptop which was little more than a word processor with a WiFi card slot. I'd modified a wireless card with some coax cable and solder, a DIY hack that made me feel like a proper nerd and a skill I regrettably let lapse until last year. This setup became my trusty sidekick, mapping WiFi networks in my hometown long before I understood the privacy implications. This setup came in handy a few years later when my family disconnected the internet when I went off to college.

The irony? While I was unknowingly engaging in actual network exploration, I thought I was hot stuff for accessing IRC via telnet on school computers. I wince thinking back on my misplaced pride, then again, I was barely 16 and found something no one else around me was doing, and considered it like a game.
The book delved into antenna theory, which like soldering, I wish I remembered more of now that I've gotten into HAM radio. The DIY antenna projects, Pringles can designs, cantennas, biquad builds were more than just fun tinkering. They provided real-world lessons in signal propagation and gain, offering a ground-level understanding of wireless networking's physical layer whether I realized it or not.

Today, the only projects from the book that might still hold water are the antenna designs and possibly the solar WiFi repeater concept. But even these are largely outclassed by off-the-shelf products for most applications. The DIY solar repeater, while an interesting project, would be a security nightmare in today's landscape. You might argue it could be useful for a farm in an area with no cell service, but even that's a stretch given solutions like Starlink. One project I vividly remember was the car-to-car video conferencing setup. By today's standards, it was about as elegant as a brick phone, but back then? The idea of video calling between moving vehicles blew my mind. It was peak "because we can" energy, the kind of wonderfully impractical experiment that defined that era of tech tinkering.

But here's the kicker, and my biggest regret. After high school, I put all of this aside. This passion, this knack for hands-on tech exploration, got shelved as I pursued other directions. It wasn't until years after college that I rediscovered my love for tinkering with technology. Looking back, I can't help but wonder: what if I'd recognized this passion for what it was? Where might I be now if I'd nurtured that spark instead of letting it smolder?

Don't get me wrong, the experience wasn't wasted. That ground-level understanding of how networks function? It's been invaluable in my cybersecurity career which I didn’t even plan on getting into until 2019, even as the technical details have evolved and I had to learn more than just the absolute basics. "Wi-Fi Toys" taught me to think creatively about technology, to understand systems by building and occasionally breaking them.

I keep this book on my shelf now, a sort of personal time capsule. It reminds me of an era when the internet still felt like uncharted territory, before it became the highly regulated, security-conscious space we have today.

For anyone just starting in tech or cybersecurity, the projects in "Wi-Fi Toys" might seem quaint or even ancient. But the underlying lesson? That's timeless. Get your hands dirty. Dive deep into systems. That kind of hands-on understanding is crucial, even if the tools and challenges have changed. Like most things, the only constant is change. What's cutting-edge today will be obsolete tomorrow. The real skill isn't in mastering any particular technology, but in cultivating that curiosity and adaptability that helps you keep pace with that constant change.

My past with "Wi-Fi Toys" taught me something crucial: it's never too late to rekindle an old passion. Sure, we can't turn back the clock to those Wild West days of the early internet. But that spirit of curiosity, that drive to take things apart and see how they tick? That's something we can and should carry forward.

So my advice, borne from experience: recognize your passions. Nurture them. And if you've let one lie dormant, don't be afraid to dust it off and see where it leads. It's never too late to make up for lost time.

The AHA, speaking for nearly 5,000 hospitals, has some legitimate beefs with CISA's proposed rules. They're not totally off base, but some of their arguments need a reality check.

First, the valid concerns. The AHA's gripe about multiple, overlapping reporting requirements from various agencies is spot on. It's a bureaucratic goat-rodeo that helps no one. Hospitals shouldn't need a team of lawyers just to figure out who to tell when it goes off the skids. CISA should take the lead in harmonizing these requirements across federal and state levels. One streamlined system would make compliance easier and improve the quality of incident data.

The AHA is also right to highlight the operational burden during an active cyberattack. When ransomware's encrypting patient records, the last thing a hospital needs is to get bogged down in paperwork. The suggestion to simplify initial reporting and follow up with details later is sensible. It strikes a balance between immediate action and thorough documentation.

However, the AHA's arguments start to fall apart with their resistance to the 72-hour reporting window is frankly crap. Nobody's expecting a full post-mortem in three days. It's a simple notification that something's amiss. If the mouth breathers at the TSA can manage this timeframe, hospitals can too. This early warning system is vital for mitigating the attack and minimizing fallout.

The AHA's hand-wringing over two-year data retention is equally misguided. Cyber investigations aren't CSI episodes wrapped up in an hour. Sophisticated attackers can lurk in systems for months or years. Historical data is crucial for understanding their tactics and plugging vulnerabilities.

Their emphasis on the burden to smaller hospitals, while understandable, misses the forest for the trees. Cybercriminals don't discriminate based on hospital size. In fact, smaller institutions often make softer targets. Instead of pushing for broad exemptions, the AHA should be advocating for targeted support and resources to help smaller hospitals meet these critical standards but that costs money, and money is tight.

Money, now that's clearly a sticking point. Yes, effective cybersecurity and incident reporting cost money. But you know what costs more? Getting your entire system locked up by ransomware or facing massive lawsuits over breached patient data. It's time for healthcare executives to wake up and smell the malware. Cybersecurity isn't an IT problem, it's an existential threat to their operations. Maybe it's time to redirect some of those bloated C-suite salaries into actual security measures.

The AHA's fear of legal and reputational risks from incident reporting, despite CISA's anonymity assurances, seems overly paranoid. Properly anonymized data can provide crucial insights without exposing individual institutions. This isn't about naming and shaming; it's about building a collective defense against evolving threats. The call for stronger anonymity guarantees in reporting is crucial. Hospitals need to know they can be honest without painting a target on their backs for lawsuits or reputational damage, however if criminal negligence is involved it should be known about and there should be punitive measures, in my opinion.
 
Healthcare is under constant, sophisticated cyberattack and many of these incidents exploit known vulnerabilities that could be mitigated with better defenses, due diligence, and information sharing. The AHA's resistance to comprehensive reporting requirements is short-sighted and potentially dangerous.

CISA may or may not be be a lot of things but it isn't the enemy here. They're trying to build a coordinated defense against threats that are only getting more sophisticated and dangerous. The AHA and its members need to be part of the solution, not roadblocks to progress.

Instead of fighting these necessary measures, the AHA should be working with CISA to refine and implement them effectively. They should be pushing for more resources, better training, and streamlined processes, not trying to water down critical security measures. In the end, this isn't just about compliance or avoiding fines. It's about protecting patients, safeguarding critical infrastructure, and maintaining trust in our healthcare system. The AHA needs to recognize that healthcare is critical infrastructure and a component in national security and that these reporting requirements, while challenging to implement, are essential for the long-term health and security of the entire sector.