Observation-Orientation-Decision-Act Loop (OODA)

sNET is a distributed network deception management solution. sNET succeeds because it does to the attacker what the attacker does to you. sNET gets inside the attackers OODA loop. What is an OODA loop? Ask Col. John Boyd.

American military thought owes a debt to Col. John Boyd. As a fighter pilot back in the dark days of the Cold War, Boyd suffered a staggering insight. Saber jets in Korea were out-killing MiG-15s 14:1, but the MiG was the better plane. What was happening, Boyd reasoned, was that American pilots were getting inside of the enemy's Observation-Orientation-Decision-Act loop. Simply, this "loop" is the continuous mental sequence of men in battle. Each OODA iteration is in essence a thinking-to-acting synapse; a "decision cycle."

When you get inside the enemy's OODA loop you disrupt his ability to cope with a changing situation. You do this by destroying his orientation to reality in two ways. First you destroy his original understanding of the situation - his pre-attack reality. Then you deny him the ability to construct a new understanding of reality while he is under attack. Once you get inside his decision cycle you can create a chaotic state of mind, where no understanding, no order can be constructed; where there is for him only uncertainty, confusion, panic, and despair.

The OODA loop analogy strikes to the heart of what's wrong with network security. Today's network defenses are like the Maginot Line, like a wall. The wall sits there, waiting to be attacked. The wall does nothing while the attacker makes his preparations. The wall is visible, it begs to be understood in its entirety; and once it is understood, the attacker can be sure there will be no surprises. And if the wall is the centerpiece of the defense system, then defeating the wall essentially defeats the whole system.

So it is with today's firewall-heavy network defenses. Even if the defense system has other components like intrusion detection, these typically operate piecemeal, doing their own thing. Reliance on the firewall means that network security's own OODA loop is derailed by a successful attack. What do we do now? Where is he? What is he doing? The attacker retains the precious advantage of operating inside of the defender's decision cycle.

Contrast this with the sNET defense concept. sNET waits for the attacker to penetrate the firewall, then it attacks him. It attacks him through deception and manipulation. The internal or external attacker is detoured to a decoy, which is an integral part of a distributed deception network. By the time he realizes his error it is too late. Now it is the attacker whose reality has been disrupted. Now it is he who doesn't know where to turn, or how well he has been tagged, or whether he has been tracked down all the way to his lair halfway around the world.

Foreword by Dr. Michael Vlahos



To go back to the main site... click here to close window!

Back to top

© Copyright 2001  sNET Systems Corporation.  All rights reserved  |  Site designed by: Jesi Forte