Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Black Hat

Black Hat: Ex-FBI Agent Tells Private Sector to “Step It Up”

Black Hat 2012

LAS VEGAS – BLACK HAT USA – The Federal Bureau of Investigation revamped its approach to fighting terrorists after 9/11. Corporate America can apply those lessons to protect the networks from cyber-attackers, a former official told attendees at Black Hat security conference.

Black Hat 2012

LAS VEGAS – BLACK HAT USA – The Federal Bureau of Investigation revamped its approach to fighting terrorists after 9/11. Corporate America can apply those lessons to protect the networks from cyber-attackers, a former official told attendees at Black Hat security conference.

Attacks have changed, and anyone can now launch a cyber-attack, but organizations haven’t changed the way they view security or do business, Shawn Henry, the former executive assistant director of the FBI and currently a president of CrowdStrike Services, a division of security startup CrowdStrike, said in his keynote speech on the first day of Black Hat in Las Vegas. Until March 2012, Henry was responsible for all of the FBI’s criminal investigations worldwide, including the cyber-investigations, critical incident response group, and international investigations.

Shawn Henry Black Hat KeynoteThere needs to be a new “paradigm” in how business views security, Henry said, and the best way to do that is to take the lessons learned from protecting the physical world. The actual tactics used to launch the attacks may be different, but the theory is the same, he said. The threat from computer network attack is the most significant threat—after weapons of mass destruction–facing society, he said.

“The adversary knows that if you want to harm civilized society — take their water away, do away with their electricity,” Henry told attendees.

So much of the data integral to personal lives and the organization’s intellectual property is stored on the network, Henry said. When attackers breach the network, it’s the data being held hostage and the life of the organization that is at risk. A company could lose a decade worth of research in a matter of days with a single attack, Henry said.

“Today, with a $500 laptop and an Internet connection, anyone anywhere can attack anyone, anywhere,” said Henry. Many CEOs still haven’t accepted the new reality yet, asking why their organizations would be a target, he said.

The FBI had to change their approach and tactics after 9/11, becaise it was clear the terrorists were already inside the country, and the best way to to catch them was to work with other intelligence agencies to gather and share better intelligence, Henry said. By the same token, the private sector has to accept that companies can’t keep focusing on protecting the network perimeter but acknowledge the adversaries are already inside.

Once that is acknowledged, the question is why organizations aren’t looking for the adversaries on their networks, Henry said. Looking for adversaries rely on the organization collecting information about what is happening on the network. But organizations can also think about creating a hostile environment for the adversary.

Henry described using “denial and deception,” such as allowing cyber-criminals to steal outdated or wrong data, or just not putting certain types of data on the network in the first place.

Advertisement. Scroll to continue reading.

To catch the adversaries, organizations must focus on intelligence, Henry said. They need to think strategically, collect information, analyze the situation, and execute, he said. Organizations need to be focusing on granular intelligence, to be able to share high-quality information about the attacks, the origin, and even the entity behind the attacks.

“We need to understand who the adversary is,” Henry said, “because if we understand who they are, we can take proactive measures.”

He was very quick to assert that his repeated statements for the private sector to “step up” and be proactive about cyber-threats did not mean he was advocating hacking back against the originators of the threat (as that would be illegal). Instead, he believed that intelligence sharing and partnering with other organizations were important tools.

Some attendees weren’t swayed by Henry’s impassioned call to action to “stand side by side to protect that line between good and evil.”

Information sharing is not as effective if the government is sharing information the public already knows about, Kurt Baumgartner, a researcher at Kaspersky Lab told SecurityWeek. The government has to provide actionable and worthwhile intelligence, and that really hasn’t been the case so far. However, the government is trying to change that to give more valuable information, Baumgartner said.

At a session after Henry’s keynote, Marcus Ranum, chief of security for Tenable Security criticized the premise that the responsibility for network defense was on the private sector and not the government.

“I lose my cool when I hear people from the government, or formerly from the government, say the private sector needs to step up,” Ranum ranted, adding. “Providing for the common defense is what the government is supposed to do.”

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...