It was Donald Rumsfeld who said ‘There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. These are things we don’t know we don’t know’ and it is these elements of unknowns we will be considering in an article out in the next edition of Digital Forensics which is relative to OSINT [Open Source Intelligence].
As anyone in our developed society would agree, we live in a complex world which is reliant on technology, infrastructures and those sub-components which both carry, and communicate information in compatible electronic forms – and in this new age methodology of presenting information objects, we have developed a profiled approach in which individuals, and businesses are happy to ‘accept’ we are working to the formation of rules based on the known knowns. In other words, the good people of the world have evolved to trust that we have no unknowns in existence, and so work alongside the assertion of endowed knowledge – in this main, this group is made up of a cross-spectrum of individuals who are comfortable with the status quo and the accepted sociological order associated with right-minded individuals.
On the other side of the divide there are members of our vox-pop who recognise that if they could acquire an understanding of the things we don’t know which are unknown, these objects of knowledge could manifest in an opportunity to leverage the higher position, and seek to exercise exploitation to underpin a part, or complete objective – this group does tend to be far removed from the aforementioned, and in the majority of its membership is made up of Cyber Criminals, Hacktivists, Black/Grey Hats, and a very small number of imaginative and forward thinking Security Professionals – and it is this form of ignorance that is allowing the criminal fraternity to be so very successful in this modern age of cyber criminality, and this dictates a new way of thinking which we have yet to evolve to accommodate a real understanding of what insecurity really is – time to change has arrived, and we must form into the next defensive position of Black Hat thinking before it is too late..
Professor John Walker FMFSoc FBCS FRSA CITP CISM CRISC ITPC
Visiting Professor at the School of Science and Technology at Nottingham Trent University (NTU), Visiting Professor/Lecturer at the University of Slavonia[to 2015], CTO and Company, Director of CSIRT, Cyber Forensics, and Research at INTEGRAL SECURITY XASSURNCE Ltd, Practicing Expert Witness, ENISA CEI Listed Expert, Editorial Member of the Cyber Security Research Institute (CRSI), Fellow of the British Computer Society (BCS), Fellow of the Royal Society of the Arts, an Associate Researcher working on a Research Project with the University of Ontario, and a Member, and Advisor to the Forensic Science Society
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.