Vasilis Katos at the 1st Athens Chapter ISACA Conference argued that we do not need cyber security experts, rather we need champions on the multitude of the different and complex areas that this domain encloses. He is not alone in believing this about experts. With the domain being new, hot and with commitment from Governments for financial backing of projects, the landscape is open for expertship claim. And since we are at the infant stages, many try to establish themselves as the strategists who set the pace, no matter how disconnected from reality they may be.
Whenever a new domain is introduced, until it is sufficiently comprehended people try to use analogies to make the connection. It is a no brainer then that since anything colored “cyber” starts to get a military approach, analogies with highly successful strategists of the past and relevant studies of them will appear. Think of it: Sun Tzu seems to fit every subject, from the battle ground, to sports, to (non military) management. I’ve seen efforts for both Sun Tzu (although far from a complete treatment) and Clausewitz and I am sure that others exist too. It is no wonder then that John Boyd and his OODA Loop would receive treatment too.
Since I found the OODA Loop concept interesting I set out to learn a bit more about it. This is not an easy task for a civilian for Boyd did not really leave much written work behind with the exception of a continually refined set of slides that when finalized took about 15 hours to present. To understand the loop, I read “A vision so noble” by Dan Ford. It’s chapter 2 contains a longer explanation of the OODA Loop than Wikipedia does and even includes a hand written sketch of it:
For a more understandable version of the loop see the Wikipedia drawing and article.
Boyd is mostly an attacker and not a defender and indeed one can find cyber similarites in his work, where in page 40 Ford uncovered from his boxes:
Infiltration
* Blitz and guerrillas infiltrate a nation or regime at all levels to soften and shatter the moral fiber of the political, economic and social structure. To carry out this program, a la Sun Tzu, Blitz and Guerrillas:* Probe and test adversary to unmask strenghts, weaknesses, maneuvers and intentions.
* Shape adversary’s perception of the world to manipulate or undermine his plans and actions.
Purpose
* To force capitulations when combined with external political, economic and military pressures.or
* To minimize the resistance of a weakened foe for the military blows to follow.
Do not all the above match Cyber Warfare aims? So there exists value in studying Boyd and his tactics, but not a one-to-one mapping as many would hope that would make the transition to a cyber domain easier. The OODA Loop is there, one has to understand that it is not completely linear (OODA means Observation, Orientation, Decision, Action but you are constantly in an observation state that provides feedback) and is valuable.
Boyd believed that People not weapons win wars. Not very far from the observation that a good friend has made that people and not machines get hacked or my belief that people are the actual cyber weapons.
A good 70 page book based on Ford’s MSc Thesis that definitely helps expand our thoughts on the matter.
Off to read “The Dynamic OODA Loop: Amalgamating Boyd’s OODA Loop and the Cybernetic Approach to Command and Control” now.
PS1: An earlier version of Ford’s book seems to be available on Lulu as PDF.
PS2: Boyd on management
Managing organized complexity 
