July 25, 2012

Black Hat: Former FBI top cyber cop says defenders need to think more tactically

Henry tapped to run FBI's Washington Field Office
Henry tapped to run FBI's Washington Field Office

The strategies used to fight adversaries in the real world are not much different than ones used to battle attackers in the cyber realm, the former executive assistant director of the FBI told a standing-room only crowd during the keynote Wednesday at the Black Hat conference in Las Vegas.

Shawn Henry, who now is president of security firm CrowdStrike, opened his talk with a brief reel, set to blaring music, of the FBI's Hostage Rescue Team training. He said the tactical approach this elite squad takes to rescue people can be applied to deterring hackers.

"We shouldn't always reinvent the wheel," he said. "The theories are very similar, and I think we can learn a lot," he said.

Henry called the threat of computer network intrusions "the most significant threat we face as a society," other than weapons of mass destruction. Throughout his talk, Henry leaned on the fear card, sometimes referencing 9/11, the threat of cyber terror and the possible loss of life through attacks on critical infrastructure.

To fight back, security professionals must be aware of the hacker before they strike, he said. To do this, organizations must lean on intelligence -- strategy, information collection, analysis and execution -- and adversary identification.

"You have home-field advantage," Henry said. "They don't know the network the way you do."

He urged the crowd to focus less on the traditional metrics -- how many hackers did we stop? -- and instead concentrate on things like prevention and threat information sharing. 

"If your bonus is tied to [the traditional metrics], that's not going to be a lot of Christmas presents," he said.

Henry also offered other suggestions, such as letting the intruders think they are being successful and permitting them to steal dummy data. He also recommended not allowing certain data to be reachable via the internet and to step up logging efforts, which he described as the cameras of the virtual world.

Not everyone, however, was on board with Henry's military intelligence-style encouragement for corporations to take the initiative to study its opponents, which he said can range from lone-wolf disgruntled employees to organized crime syndicates to nation-state spies.

"I lose my cool when I hear [government] people...say the private sector must step up," said Marcus Ranum, who added that the private sector is not qualified to conduct counter intelligence operations. That should be the government's job, he said.

Similar Articles
Related Topics

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.