Security Experts:

Connect with us

Hi, what are you looking for?


Black Hat

Black Hat: Ex-FBI Agent Tells Private Sector to “Step It Up”

Black Hat 2012

LAS VEGAS – BLACK HAT USA – The Federal Bureau of Investigation revamped its approach to fighting terrorists after 9/11. Corporate America can apply those lessons to protect the networks from cyber-attackers, a former official told attendees at Black Hat security conference.

Black Hat 2012

LAS VEGAS – BLACK HAT USA – The Federal Bureau of Investigation revamped its approach to fighting terrorists after 9/11. Corporate America can apply those lessons to protect the networks from cyber-attackers, a former official told attendees at Black Hat security conference.

Attacks have changed, and anyone can now launch a cyber-attack, but organizations haven’t changed the way they view security or do business, Shawn Henry, the former executive assistant director of the FBI and currently a president of CrowdStrike Services, a division of security startup CrowdStrike, said in his keynote speech on the first day of Black Hat in Las Vegas. Until March 2012, Henry was responsible for all of the FBI’s criminal investigations worldwide, including the cyber-investigations, critical incident response group, and international investigations.

Shawn Henry Black Hat KeynoteThere needs to be a new “paradigm” in how business views security, Henry said, and the best way to do that is to take the lessons learned from protecting the physical world. The actual tactics used to launch the attacks may be different, but the theory is the same, he said. The threat from computer network attack is the most significant threat—after weapons of mass destruction–facing society, he said.

“The adversary knows that if you want to harm civilized society — take their water away, do away with their electricity,” Henry told attendees.

So much of the data integral to personal lives and the organization’s intellectual property is stored on the network, Henry said. When attackers breach the network, it’s the data being held hostage and the life of the organization that is at risk. A company could lose a decade worth of research in a matter of days with a single attack, Henry said.

“Today, with a $500 laptop and an Internet connection, anyone anywhere can attack anyone, anywhere,” said Henry. Many CEOs still haven’t accepted the new reality yet, asking why their organizations would be a target, he said.

The FBI had to change their approach and tactics after 9/11, becaise it was clear the terrorists were already inside the country, and the best way to to catch them was to work with other intelligence agencies to gather and share better intelligence, Henry said. By the same token, the private sector has to accept that companies can’t keep focusing on protecting the network perimeter but acknowledge the adversaries are already inside.

Once that is acknowledged, the question is why organizations aren’t looking for the adversaries on their networks, Henry said. Looking for adversaries rely on the organization collecting information about what is happening on the network. But organizations can also think about creating a hostile environment for the adversary.

Henry described using “denial and deception,” such as allowing cyber-criminals to steal outdated or wrong data, or just not putting certain types of data on the network in the first place.

To catch the adversaries, organizations must focus on intelligence, Henry said. They need to think strategically, collect information, analyze the situation, and execute, he said. Organizations need to be focusing on granular intelligence, to be able to share high-quality information about the attacks, the origin, and even the entity behind the attacks.

“We need to understand who the adversary is,” Henry said, “because if we understand who they are, we can take proactive measures.”

He was very quick to assert that his repeated statements for the private sector to “step up” and be proactive about cyber-threats did not mean he was advocating hacking back against the originators of the threat (as that would be illegal). Instead, he believed that intelligence sharing and partnering with other organizations were important tools.

Some attendees weren’t swayed by Henry’s impassioned call to action to “stand side by side to protect that line between good and evil.”

Information sharing is not as effective if the government is sharing information the public already knows about, Kurt Baumgartner, a researcher at Kaspersky Lab told SecurityWeek. The government has to provide actionable and worthwhile intelligence, and that really hasn’t been the case so far. However, the government is trying to change that to give more valuable information, Baumgartner said.

At a session after Henry’s keynote, Marcus Ranum, chief of security for Tenable Security criticized the premise that the responsibility for network defense was on the private sector and not the government.

“I lose my cool when I hear people from the government, or formerly from the government, say the private sector needs to step up,” Ranum ranted, adding. “Providing for the common defense is what the government is supposed to do.”

Written By

Click to comment

Expert Insights

Related Content


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...