#BlackHat: FBI says learn network defence from SWAT

Powered by SC Magazine
 

Use your home field advantage.

The strategies used to fight adversaries in the real world are not much different than ones used to battle attackers in the cyber realm, the former executive assistant director of the FBI told a standing-room only crowd during the keynote Wednesday at the Black Hat conference in Las Vegas.

Shawn Henry, who now is president of security firm CrowdStrike, opened his talk with a brief reel, set to blaring music, of the FBI's Hostage Rescue Team training.

 

He said the tactical approach this elite squad takes to rescue people can be applied to deterring hackers.

"We shouldn't always reinvent the wheel," he said. "The theories are very similar, and I think we can learn a lot," he said.

Black Hat 2012 coverage

 

Henry called the threat of computer network intrusions "the most significant threat we face as a society," other than weapons of mass destruction. Throughout his talk, Henry leaned on the fear card, sometimes referencing 9/11, the threat of cyber terror and the possible loss of life through attacks on critical infrastructure.

To fight back, security professionals must be aware of the hacker before they strike, he said. To do this, organizations must lean on intelligence -- strategy, information collection, analysis and execution -- and adversary identification.

"You have home-field advantage," Henry said. "They don't know the network the way you do."

He urged the crowd to focus less on the traditional metrics -- how many hackers did we stop? -- and instead concentrate on things like prevention and threat information sharing. 

"If your bonus is tied to [the traditional metrics], that's not going to be a lot of Christmas presents," he said.

Henry also offered other suggestions, such as letting the intruders think they are being successful and permitting them to steal dummy data. He also recommended not allowing certain data to be reachable via the internet and to step up logging efforts, which he described as the cameras of the virtual world.

Not everyone, however, was on board with Henry's military intelligence-style encouragement for corporations to take the initiative to study its opponents, which he said can range from lone-wolf disgruntled employees to organized crime syndicates to nation-state spies.

"I lose my cool when I hear [government] people...say the private sector must step up," said Marcus Ranum, who added that the private sector is not qualified to conduct counter intelligence operations. That should be the government's job, he said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


#BlackHat: FBI says learn network defence from SWAT
Tags
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  26%
TOTAL VOTES: 415

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 195

Vote