Modern Cyberwar Requires Offensive Tactics, Says Ex-FBI Official

Security experts should engage hackers proactively and stop using obsolete metrics.

by / July 26, 2012
Image from Shutterstock

LAS VEGAS — Today’s security experts should engage hackers proactively and adopt better tactics, according to Shawn Henry, former FBI executive assistant director. The bad guys are so advanced these days that old cybersecurity methods won’t cut it anymore.

That was the gist of Henry’s keynote speech Wednesday, July 25, at the annual Black Hat security conference in Las Vegas. Henry, now president of the security technology company CrowdStrike, gave IT security pros tips on how they can be more effective “cyberwarriors” on an escalating digital battlefield.

To start, people must abandon the obsolete security metric of trying to stop adversaries from breaching the network — the hackers are already there. “If that’s the measure you’re using now and your bonus is tied to that, there are not going to be a lot of Christmas presents,” Henry joked.

The new metric? Measuring how long it takes after a breach to identify and mitigate the threat.

IT security pros can take a page from the FBI’s book when it comes to cyber-counterterrorism. They should engage digital hackers the same way federal officers engage criminals physically. Logging a cybercriminal’s activity on a network, for example, is analogous to using a video camera to capture a criminal’s activity in the physical world. This is one way to gather intelligence, in addition to analyzing what data the criminal is taking or tampering with.

“We can be proactive on our network,” Henry said. “There’s a lot we can do to create a hostile environment for the adversary to operate in.”

Offensive tactics include corrupting data to trick attackers so they steal the wrong or inaccurate information. Defensively, if an agency identifies who the enemies are and what they’re after, the agency can move data elsewhere or restructure the network to change paths.

Public-private partnerships also enhance an agency’s intelligence network and its ability to defend sensitive assets, but Henry said there was room for improvement. Currently most public-private information sharing is done at “human speed,” which is ill-suited to swap millions of pieces of data quickly. The security community must learn to expand its sharing capabilities.

These methods and partnerships are ideal in a world that gets more dangerous every day — a world that many agencies and companies are slow to adapt to.

Henry said he’s met with CEOs who misunderstand the gravity of the cybersituation, and he’s often seen them become victims of financially crippling breaches.

Corporate leaders and citizens need to be proactive and diligent against cyberthreats before it’s too late.

“There are terrorist groups online now calling for the use of cyber as a weapon,” Henry said. People must act now before enemies learn how to compromise critical infrastructure networks, like those that affect access to water. “I believe that if we wait, it’s too late.”

He knows that the general public is dangerously unaware of the majority of breaches and their effects. When people hear about website defacements, stolen passwords and depleted funds, they’ve only heard of the tip of the iceberg, but Henry knows what happens below the waterline.

“The vast majority of what’s happening in this space is not heard by people outside of the classified environment.”

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.

Platforms & Programs