Cyber Security and the OODA Decision Loop

Jonathan Trull, Chief Information Security Officer


According to Robert Coram, author of the book “Boyd: The Fighter Pilot Who changed the Art of War:”

John Boyd may be the most remarkable unsung hero in all of American military history. Some remember him as the greatest U.S. fighter pilot ever -- the man who, in simulated air-to-air combat, defeated every challenger in less than forty seconds... Still others think of Boyd as the most influential military theorist since Sun Tzu... Later in life, he developed a theory of military strategy that has been adopted throughout the world and even applied to business models for maximizing efficiency.

Most applicable to information assurance, Boyd is credited with the development and advancement of the OODA decision loop of observe, orient, decide and act. This decision loop, as shown in the image below, is cyclical and continuous. Once a decision is made and action taken, the decision loop begins from the beginning with real-time, continuous feedback from the other decision points. Depending on the complexity of the task, the decision loop can be completed in days or micro-seconds.

View Boyd’s Decision Loop here.

Although somewhat simplified, according to Boyd, the side that completes the OODA loop the quickest, wins.

Unfortunately, in the cyber security world, our adversaries are oftentimes completing the OODA loop quicker than an enterprise’s defenders. It’s not uncommon for our adversaries to have more accurate and timely information about our networks and assets than we do. In fact, one of the U.S. federal government’s largest cyber initiatives, known as the Continuous Diagnostics and Mitigation Program, is focused on closing this gap by increasing the speed at which our information security professionals progress through the OODA loop (http://www.dhs.gov/cdm). As part of the CDM program, sensors are placed strategically throughout an organization’s networks to collect real-time information on attacks and the status of the organization’s assets. This information is then indexed, correlated, and presented to highly-trained cyber security professionals for action.

At Regis University, our goal is to equip you with the tools needed to complete the OODA loop quicker than your adversary. In Regis' information assurance course, you will receive a mix of both theory and practical application. Upon completion of the program, you will be equipped with the knowledge, skills, and abilities to lead a team of enterprise defenders in completing the OODA loop faster than your adversaries and thus ensuring the security and privacy of the organizations you are hired to protect.

References: Coram, R. (2004) Boyd: The Fighter Pilot Who Changed the Art of War. New York, NY: Back Bay Books.