Cyber Attacks and the Cold War's North Vietnamese Air Force

Cyber dog-fights are here. Is your security stack up to the challenge?

In the late 60’s, the Cold War and Vietnam War were in full swing and the North Vietnamese Air Force, flying Soviet Mig fighter jets, were taking out US fighter jets at a ratio of 10 to 1.  Fearing that the Soviet Union was wielding a massive competitive advantage in fighter jet technology, US military leaders executed a plan to acquire and disassemble a Soviet Mig-21 fighter jet that they got on loan from Israel.  

From January through April of 1968, US Air Force personnel at Area 51 went through every nut and bolt of the aircraft only to conclude that it was equipped with mostly average technology.  While it did have some strengths compared to the US counterparts, they weren’t significant enough to explain the vast out-performance by the other side. The result of the investigation concluded that "competitive advantage came down to the training and effectiveness of the pilots in the cockpit and their ability to operate as a team in the air.” The US promptly responded with a dog-fighting program:  TOPGUN. It worked and more air battles were won by the US.

Fast-forward to today, with the “Internet as infrastructure” world that we now live in, we find ourselves operating within a very similar dynamic.  Our well-practiced adversaries execute their attacks with stealthy precision while we continue to approach the battle from the mindset that it is a technology problem.  

As their tools are confiscated and dismantled, we see time and again that their arsenal is not especially sophisticated.  They are winning because they command a high degree of expertise in their techniques and tradecraft, which largely revolve around exploiting human trust.  As the adversary continues to refine their techniques, the traditional response is to continue to purchase and deploy more technology.

At Verodin, we’re seeing a mindset shift amongst the cybersecurity brass.  We’re hearing customers say things like, “A quarterly pen-test is no longer good enough to demonstrate that we are effective at defending against the latest threats.”  Organizations are conducting extensive “security technology rationalization” projects.  They’re asking questions like, “how do I ensure my security stack will remain effective today, next week and next year?” and “how do we increase the frequency and relevance of our tabletop exercises and other training initiatives to make sure that our team is ready?”

It’s time to start preparing for the dog-fight friends.  Let’s move to streamline our technology to a stack that is manageable, reliable, and highly effective and redirect the freed up resources to our teams through relevant and continuous cybersecurity operations training so that the organization’s human instinct to trust is no longer viewed as a weakness.

Get started by taking a look at how Verodin Security Instrumentation Platform (SIP) can help your defensive team train and perfect their craft:

back to blog
No items found.
Business Need