General security

Cyber Threat Assessment Template For Special Forces

Dan Virgillito
June 9, 2015 by
Dan Virgillito

The growing number of cyber threats highlight the risks that US critical infrastructure and Special Forces face. Once considered weak in nature compared to other offenses, cyber-attacks are now potential weapons of destruction, and are considered as high-power tools of massive attacks.

Armed forces now increasingly rely on networks, systems, and servers for communications and information, so their ability to operate is fatally compromised when these systems suffer a sustained cyber-damage. In addition, the extent of communication and information technology in intelligence systems, weapons, and satellite means more endpoints are available for cyber-criminals to target.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

The US Special Forces face several kinds of attacks that target operations, including insider attacks, malicious hardware, cyber-espionage, heists, and APTs (advanced persistent threats). These and other cyber-attacks are devised to cause direct harm to personnel and platforms, as well as damage functioning by hamstringing critical systems.

Threat Assessment Template

Special Forces have to be prepared to defend against cyber-attacks with concerted actions across whole governments, which should involve the use of the country's unique range of capabilities as well as collaboration with the private sector. However, Special Forces face a number of challenges in their lines of effort, some of which include the following:

  • Shortage of talent: Effective control requires passive vigilance over the evolving threat landscape. One of the requirements to do this is to employ active intelligence analysts and data mining specialists; armed forces face competition from the private sector when it comes to recruiting top talent.
  • Difficulty in identifying attack source: The problem with combating cyber warfare is that it can be difficult to identify the source of the threat. It need not even be a country. It can be a cybercrime gang recruited by a Special Force from another country. These gangs even pose the risk of procuring and activating nuclear weapons, which makes it difficult to execute an effective response.
  • Sophistication and rapid pace of change: Cyber warfare attacks are evolving quickly and becoming more sophisticated in nature, which is a burden on Special Forces responsible for combating cyber crime. An example is the Turla campaign that remained active for quite some time and nobody noticed it until security firms started to look at it more carefully. All the targets of the tool were countries in the West, and the platform was created with sophisticated components and techniques that made it appear as work of a well-resourced nation state.

These challenges dictate that Special Forces need to adopt a strategy that takes into account overall national equities and interests, and meet the threshold of effective outcomes and needs relative to the challenges created by such a landscape. As a result, the three forces (National Mission Forces, Combat Mission Forces, and Cyber Protection Forces) need to gather intelligence about nation states that would help perpetrate cyber-attacks that turn out to have as dangerous implications as real-world terrorist attacks in terms of damage to the nation's integrity.

What this means is that Special Forces would face major decisions about how they use networks, systems and critical endpoints in the course of conducting their operations. Considerations will need to include:

  • Given the factors, how should Special Forces balance their cyber-operations across the private sector, law enforcement, and military groups?
  • What can be done to get support from international cybersecurity firms?
  • How can Special Forces cybercrime units reduce the need to seek help from international cybersecurity teams?
  • Do Special Forces need to focus more on vulnerabilities in civilian critical infrastructure, and can it be a 'softer' target for cyber criminals than the systems and infrastructure used by Special Forces itself?

Adversaries closely monitor what Special Forces do and which of their operations are related to cyber space. Then they go about attacking their networks and systems with the aim of causing disruption and, if possible, steal critical data that can be sold to other nations.

Security policy to combat adversaries

Maintaining data and infrastructure security requires Special Forces to adopt a robust approach to cyber security. Security policies should be structured and based around the following distinct measures to empower offensive strategies against hostile cyber-criminals:

Proactive sensitive data protection

Sound security practices are based on the principle of action rather than reaction. That means security efforts must be highly proactive in safeguarding critical infrastructure and data, which means: keeping on top of cyber threats that exist because of politics; fixing vulnerabilities arising from private suppliers; and making sure that compensation controls are cited properly. Special Forces can also consider implementing data-centric security to better protect sensitive data from adversaries.

Anonymous sharing of big data

Special Forces cybercrime units and project managers can use anonymity when sharing data externally. For example, their department may hold a dataset containing sensitive data in a particular data store, and produce an anonymous version of the same dataset to be used separately by external bodies. This reduces the risk of inadvertent data disclosure and makes the data less attractive to cyber warfare gangs, who are looking to grab their hands on data that is linked to a particular source.

Fast monitoring of DoD information networks

One of the mandates of Special Forces cybercrime units is to defend Department of Defense information networks. These networks are driven by virtualization and cloud technologies, which are creating networks that consist only of ones and zeroes in the cyber-world. With everything going virtual, a single vulnerable endpoint damages the entire network. Unlike the real world, which is divided into nations and states with geographic boundaries, the cyber space consists of layers existing in the capabilities and number of networks, systems, and devices. As a result, it's important to cut down the time it takes for Special Forces to chase their tails in cyber space; this can be done through proactive monitoring and intelligence feeds that reveal anomalies to stop outside incursions when it matters the most.

Ensure proactive compliance for protection against insider threats

Insider threats arise when a person with authorized access to Special Forces resources, including information, networks, systems, equipment and facilities, uses that to harm the cyber-footprint of Special Forces. Malicious insiders are one of the biggest risks as they can enable adversaries to plant boots behind the back and can compromise the most important endeavors of the nation. Proactive compliance should protect against these threats, provided it is based on threat detection programs that can identify the source of the attack before it matures. Audit trail of network operations can also be used to identify how the threat is operating, and can be used to make better compliance policies in the future.


As cyber-resources used by Special Forces continue to expand in scope and geographic area, it has become convenient for cyber-criminals to inflict catastrophic damage. While this comes with several sets of challenges, recommendations mentioned above can help Special Forces develop the right mindset to protect their resources and the nation's integrity. Addressing these threats early can prevent a security event from being a threat to national security.

Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.