#BlackHat: FBI says learn network defence from SWAT

Powered by SC Magazine
 

Use your home field advantage.

The strategies used to fight adversaries in the real world are not much different than ones used to battle attackers in the cyber realm, the former executive assistant director of the FBI told a standing-room only crowd during the keynote Wednesday at the Black Hat conference in Las Vegas.

Shawn Henry, who now is president of security firm CrowdStrike, opened his talk with a brief reel, set to blaring music, of the FBI's Hostage Rescue Team training.

 

He said the tactical approach this elite squad takes to rescue people can be applied to deterring hackers.

"We shouldn't always reinvent the wheel," he said. "The theories are very similar, and I think we can learn a lot," he said.

Black Hat 2012 coverage

 

Henry called the threat of computer network intrusions "the most significant threat we face as a society," other than weapons of mass destruction. Throughout his talk, Henry leaned on the fear card, sometimes referencing 9/11, the threat of cyber terror and the possible loss of life through attacks on critical infrastructure.

To fight back, security professionals must be aware of the hacker before they strike, he said. To do this, organizations must lean on intelligence -- strategy, information collection, analysis and execution -- and adversary identification.

"You have home-field advantage," Henry said. "They don't know the network the way you do."

He urged the crowd to focus less on the traditional metrics -- how many hackers did we stop? -- and instead concentrate on things like prevention and threat information sharing. 

"If your bonus is tied to [the traditional metrics], that's not going to be a lot of Christmas presents," he said.

Henry also offered other suggestions, such as letting the intruders think they are being successful and permitting them to steal dummy data. He also recommended not allowing certain data to be reachable via the internet and to step up logging efforts, which he described as the cameras of the virtual world.

Not everyone, however, was on board with Henry's military intelligence-style encouragement for corporations to take the initiative to study its opponents, which he said can range from lone-wolf disgruntled employees to organized crime syndicates to nation-state spies.

"I lose my cool when I hear [government] people...say the private sector must step up," said Marcus Ranum, who added that the private sector is not qualified to conduct counter intelligence operations. That should be the government's job, he said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


#BlackHat: FBI says learn network defence from SWAT
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 884

Vote