Chapter 8. Security Chaos Experiments

Only in chaos are we conceivable.

Robert Bolaño, 2666

Experimentation seeks to derive new insights that were previously unknown about our reality, completing the feedback loop that is inherent in the scientific method. This dynamic cycle of discovery and learning is what drives scientific progress across every discipline. Experiments are the kindling for the eternal fire of our continuous learning, which is the only way as defenders we can realistically keep up with rapidly evolving environments. Experimentation is the focus of tier 2 in our resilience assessment from Chapter 2 for a reason: without simulating adverse scenarios to observe how our systems respond and adapt to deleterious conditions, we cannot conceive courses of action that can bolster systems resilience in a meaningful, measurable way.

SCE introduces the practice of rigorous experimentation that illuminates the resilience and security of a system in reality (not just in theory). As we discussed in Chapter 2, experimentation is far more than mere testing. Testing is the validation or binary assessment of a previously known outcome; we know what we are seeking before we go looking for it. In contrast, experimentation seeks to derive new information that was previously unknown, and these new insights inform our adaptations—the artifact of the final ingredient needed to brew ...