Moscow Rules for CISOs / by Modern Adversary

  1. Rely on face-to-face meetings

  2. Assume nothing

  3. Never go against your gut; it is your operational antenna

  4. Technology will always let you down

  5. Murphy is right

  6. Any operation can be aborted. If it feels wrong, it is wrong

  7. Once is an accident. Twice is coincidence. Three times is an enemy action

  8. If your gut says to act, overwhelm their senses

  9. Pick the time and place for action

  10. Build in opportunity, but use it sparingly

  11. Everyone is potentially under opposition control

  12. There is no limit to a human being’s ability to rationalize the truth

  13. Keep your options open

  14. Use misdirection, illusion and deception

  15. Hide small operative motions in larger non-threatening motions

  16. Float like a butterfly, sting like a bee

  17. Always be in a private setting when handing over items of value

  18. Whenever carrying items of value (i.e. microfilm) carry them camouflaged for immediate discard

  19. Don’t harass the opposition

  20. Be non-threatening: keep them relaxed; mesmerize!

  21. Keep any asset separated from you by time and distance until it is time

  22. Maintain a natural pace

  23. Stay consistent over time

  24. Vary your pattern and stay within your profile

  25. Establish a distinctive and dynamic profile and pattern

  26. Make sure they can anticipate your destination

  27. Go with the flow; use the terrain

  28. Take the natural break of traffic

  29. Lull them into a sense of complacency

  30. Let them believe they lost you; act innocent.

  31. Avoid static lookouts; stay away from chokepoints where they can reacquire you

  32. Use of sign and counter-sign to signal (pins, chalk) that surroundings have been reconnoitred and coast is clear to proceed to rendezvous

  33. Use of dead letter drops, and other “tradecraft”

  34. Never travel directly to a rendezvous, never taking a single taxi to destination

  35. Select a meeting site so you can overlook the scene

  36. Execute a surveillance detection run designed to draw them out over time

  37. If the asset has surveillance, then the operation has gone bad

  38. Only approach the site when you are sure it is clean

  39. Be aware of surveillance’s time tolerance so they aren’t forced to raise an alert

  40. If an alert is issued, they must pay a price and so must you

  41. Don’t look back – you are never completely alone

  42. When free, in Obscura, immediately change direction and leave the area

  43. Break your trail and blend into the local scene

  44. After the meeting or act is done, “close the loop” at a logical cover destination