The following list is comprised of the Top 10 OODA Loop Original Analysis posts for 2021 as determined by the number of page views for each article. We also included posts that are still popular, achieving a “Top 10” number of views, but were not published this year. If you value our analysis, please consider a subscription (click here). One hundred percent of the subscription goes towards the curation of our popular Daily Intelligence Report and original topical analysis.
#1 – From Solar Sunrise to Solar Winds: The Questionable Value of Two Decades of Cybersecurity Advice
by Michael Tanji
While the Ware Report of 1970 codified the foundations of the computer security discipline, it was the President’s Commission on Critical Infrastructure Protection report of 1997 that expanded those requirements into recommendations for both discrete entities as well as the nascent communities that were growing in and around the Internet. Subsequent events that were the result of ignoring that advice, in turn, led to the creation of more reports, assessments, and studies that reiterate what was said before. If everyone agrees on what we should do, why do we seem incapable of doing it? Alternately, if we are doing what we have been told to do, and have not reduced the risks we face, are we asking people to do the wrong things?
#2 – A CTO’s Perspective on Technology Debt in M&A
by Bob Gourley
Technical due diligence is designed to identify the risks and opportunities of technology, including the technology developed and sold by the firm being evaluated, but also the technology being used to run the company. One of the critical factors which needs to be evaluated in any technical due diligence is the concept of Technology Debt. This report provides insights into technology debt from my perspective as an enterprise CTO turned due diligence professional. These lessons can help companies prepare for a future transaction to better position themselves for optimal outcomes. These lessons can also assist private equity and other investors in thinking through aspects of technology risk and identifying areas requiring additional focus prior to a transaction.
#3 – Putin’s Cyber OODA Loop is Tighter Than Yours
by Matt Devost (May 2018)
While hosting a delegation from France, Putin advised that to prevent cyber attacks, nations will have to establish international norms prohibiting such behavior: “This is what I can say about cyberattacks or war of words in the press and other issues. Action always causes a reaction. Always. If one does not want to get a reaction he does not like, rules for actions need to be set. When humanity invented nuclear weapons, everyone realized how dangerous it is and agreed on rules, which were aimed at preventing a tragedy. It’s obvious that cyber now is the most important field affecting millions of people. Let’s agree on how we work in it.” The action and reaction sentiment will resonate with the disciples of Colonel John Boyd, but there are several interesting aspects of that one statement to unpack.
#4 – OODA Loop – Top 10 Security, Technology, and Business Books of 2021
by Matt Devost
Welcome to the 2021 edition of my top 10 books of the year list. This year’s list includes 8 non-fiction and 2 fiction books as I believe fiction can always inform our perspectives on security, technology, and business. If I had to define one theme for this year, I would say it is “disruption” as many of the books that resonated with me dealt with past, current, and future disruption. In fact, this year I also developed a new presentation entitled “Surviving Exponential Disruption” so it is clear I’ve got disruption on my mind. Enjoy the list.
#5 – The New Enterprise Architecture Is Zero Trust
by Bob Gourley
Enterprise technologists use the term “Zero Trust” to describe an evolving set of cybersecurity approaches that move defenses from static attempts to block adversaries to more comprehensive measures that improve enterprise performance while improving security. When the approaches of Zero Trust are applied to enterprise infrastructure and workflows, the cost of security can be better managed and the delivery of functionality to end-users increased. Security resources are matched to risk. Functionality, security, and productivity all go up.
#6 – Supply Chain Resiliency Critical to Exponential Quantum Computing Innovation and Climate Change Response
by Daniel Pereira
The recently released documentary – Quantum Technology: Our Sustainable Future – is arguably one of the best thirty minutes you will spend pondering the future of technology and the challenges of climate change at the same time. We discovered the film while grappling with the idea of technological innovation grinding to a halt in the U.S. – over the course of the next decade – due to a prolonged, severe shortage in the availability of advanced semiconductors.
#7 – Russians and Chinese using human targeting – amongst other tools- to achieve security advantage in key emerging technologies by 2030
by Daniel Pereira
In late October, The National Counterintelligence and Security Center (NCSC) issued a report warning of China’s goal to achieve a technological advantage over the U.S. in certain key emerging technologies. Beijing’s long-term goal is a strategic advantage over the U.S. and its security interests by 2030 in areas such as biotechnology, genomic technology, artificial intelligence, and semiconductors. Russia is making strides in this direction as well, but is constrained by resources and has not made the level of commitment as the Chinese. Human targeting is highlighted as a tool used prolifically by the Chinese.
#8 – The Red Teamer’s Top Ten Books
by Mark Mateski (April 2015)
If might expect a red teamer’s top ten list of books to feature volumes on coding, hacking, and pentesting, you’re going to be surprised. In my view, the overarching principles of red teaming exist independent of any specific domain of application. Hence, my theme here is timeless patterns of cross-domain thinking, very much in line with the Red Team Journal Red Teaming Law #32 (“The Target”): “No matter what the nature of the game, the red team’s ultimate target should always be the opponent’s mind. Everything else is just technique.”
#9 – OODA Loop – Top 10 Security, Technology, and Business Books of 2020
by Matt Devost (December 2020)
It was a challenging year for my booklist. Beyond just the 2020 pandemic issues, I had a hard time narrowing down on thematic for this year, so the list is even more eclectic than usual. I’m still keenly interested in cryptocurrencies and blockchain technology, so I read several interesting books on Ethereum. Pure business books had less appeal this year as it seemed that business was being disrupted on multiple levels, whereas fiction seemed even more appealing as I tore through William Gibson’s Jackpot series amongst several others.
#10 – When It Comes to Political Warfare, China is at the Head of the Class
by Emilio Iasiello
Beijing appears to be engaging in political warfare where it is attempting to fester animosity between foreign governments that show favor to Taiwan, a threat to the long-standing policy of “One Country, Two Systems” with regard to the island. In a recent instance, a fake announcement appeared to be from Taiwan’s Presidential Office on Facebook that asserted that the Taiwanese government intended to accept contaminated wastewater from a Japanese nuclear power plant. A second incident occurred in December 2020 when Taiwanese authorities investigated two Taiwanese with ties to the Chinese mainland spreading a similar fake Presidential Office announcement that alleged U.S. and Taiwanese in involvement in protests in Thailand.
#11 – Cyber: The Art Of War
by Oki Mek (September 2020)
Foreign bad actors are conducting a covert cyberwar. The pace, frequency, and intensity of cyberattacks are now greater than ever. As the physical realm inevitably merges with the cyber one, forming a new kind of infrastructure, cyberattacks on this infrastructure can have a catastrophic impact on our energy, waste, water, transportation, and telecommunications facilities. Examples include the potential attack on infrastructures like distributed control systems (DCS) and supervisory control and data acquisition (SCADA) that monitor and control processes and plants with many control loops. Additionally, exploitation of supply chain vulnerabilities can substantially disrupt the way we live, work, and play. This piece dives deep into these topics and sheds light on optimal approaches while leaning on the lessons of Sun Tzu.
#12 – A CIA Officer and Delta Force Operator Share Perspectives on 9/11
by Matt Devost and Daniel Pereira
We started the OODAcast as a way of highlighting insights and lessons learned from leaders and decision-makers in the OODA Network including former intelligence community leaders and operators. Themes emerge throughout these interviews on topics such as how clearly the intelligence community warned of the pending attacks, the early preparedness of a response by the intelligence community, the role the agency played in the success of the early stages of the campaign in Afghanistan, leadership in a crisis, empowering your team and finding the right people to execute on a plan, clear decision-making while operating in a low information environment, situational awareness and the qualities and best practices of a true leader. In this article, we draw on perspectives from former CIA Officer and Congressman Will Hurd and former CIA and Delta Force operator Gary Harrington.
#13 – Zero Trust Will Yield Zero Results Without A Risk Analysis
by Junaid Islam
Over the past four years, there has been an avalanche of new Zero Trust products. However, during the same period, there has been no measurable reduction in cyber breaches. Zero Trust is a concept where an organization has Zero Trust in a specific individual, supplier, or technology that is the source of their cyber risk. One needs to have Zero Trust in something and then act to neutralize that risk. Thus buying a Zero Trust product makes no sense unless it is deployed as a countermeasure to specific cyber risk. Buying products should be the last step taken not the first. To help enterprises benefit from Zero Trust concepts here is a modified OODA loop type process to guide your strategy development and execution.
#14 – Is Digital Advertising the ‘Mother of All Money Laundries’?
by Tim Lloyd
Online ad fraud cost global brands and media companies $42 billion in 2019. Losses are projected to approach $100 billion worldwide by 2023, according to UK-based consultants Juniper Research. The integrity of the digital advertising industry has never been more in doubt. Just as the U.S. Treasury singled out fraud as the leading predicate crime for money laundering in its 2018 National Money Laundering Risk Assessment, proceeds from ad fraud are also reintegrated and rinsed via non-transparent, $336-billion digital media supply chains.
Black Swans and Gray Rhinos
Now more than ever, organizations need to apply rigorous thought to business risks and opportunities. In doing so it is useful to understand the concepts embodied in the terms Black Swan and Gray Rhino. See: Potential Future Opportunities, Risks and Mitigation Strategies in the Age of Continuous Crisis
Cybersecurity Sensemaking: Strategic intelligence to inform your decisionmaking
The OODA leadership and analysts have decades of experience in understanding and mitigating cybersecurity threats and apply this real world practitioner knowledge in our research and reporting. This page on the site is a repository of the best of our actionable research as well as a news stream of our daily reporting on cybersecurity threats and mitigation measures. See: Cybersecurity Sensemaking
Corporate Sensemaking: Establishing an Intelligent Enterprise
OODA’s leadership and analysts have decades of direct experience helping organizations improve their ability to make sense of their current environment and assess the best courses of action for success going forward. This includes helping establish competitive intelligence and corporate intelligence capabilities. Our special series on the Intelligent Enterprise highlights research and reports that can accelerate any organization along their journey to optimized intelligence. See: Corporate Sensemaking
Artificial Intelligence Sensemaking: Take advantage of this mega trend for competitive advantage
This page serves as a dynamic resource for OODA Network members looking for Artificial Intelligence information to drive their decision-making process. This includes a special guide for executives seeking to make the most of AI in their enterprise. See: Artificial Intelligence Sensemaking
COVID-19 Sensemaking: What is next for business and governments
From the very beginning of the pandemic we have focused on research on what may come next and what to do about it today. This section of the site captures the best of our reporting plus daily daily intelligence as well as pointers to reputable information from other sites. See: OODA COVID-19 Sensemaking Page.
Space Sensemaking: What does your business need to know now
A dynamic resource for OODA Network members looking for insights into the current and future developments in Space, including a special executive’s guide to space. See: Space Sensemaking
Quantum Computing Sensemaking
OODA is one of the few independent research sources with experience in due diligence on quantum computing and quantum security companies and capabilities. Our practitioner’s lens on insights ensures our research is grounded in reality. See: Quantum Computing Sensemaking.
The OODAcast Video and Podcast Series
In 2020, we launched the OODAcast video and podcast series designed to provide you with insightful analysis and intelligence to inform your decision making process. We do this through a series of expert interviews and topical videos highlighting global technologies such as cybersecurity, AI, quantum computing along with discussions on global risk and opportunity issues. See: The OODAcast