The strategies used to fight adversaries in the real world are not much different than ones used to battle attackers in the cyber realm, the former executive assistant director of the FBI told a standing-room only crowd during the keynote Wednesday at the Black Hat conference in Las Vegas.
Shawn Henry, who now is president of security firm CrowdStrike, opened his talk with a brief reel, set to blaring music, of the FBI's Hostage Rescue Team training.
He said the tactical approach this elite squad takes to rescue people can be applied to deterring hackers.
"We shouldn't always reinvent the wheel," he said. "The theories are very similar, and I think we can learn a lot," he said.
Henry called the threat of computer network intrusions "the most significant threat we face as a society," other than weapons of mass destruction. Throughout his talk, Henry leaned on the fear card, sometimes referencing 9/11, the threat of cyber terror and the possible loss of life through attacks on critical infrastructure.
To fight back, security professionals must be aware of the hacker before they strike, he said. To do this, organizations must lean on intelligence -- strategy, information collection, analysis and execution -- and adversary identification.
"You have home-field advantage," Henry said. "They don't know the network the way you do."
He urged the crowd to focus less on the traditional metrics -- how many hackers did we stop? -- and instead concentrate on things like prevention and threat information sharing.
"If your bonus is tied to [the traditional metrics], that's not going to be a lot of Christmas presents," he said.
Henry also offered other suggestions, such as letting the intruders think they are being successful and permitting them to steal dummy data. He also recommended not allowing certain data to be reachable via the internet and to step up logging efforts, which he described as the cameras of the virtual world.
Not everyone, however, was on board with Henry's military intelligence-style encouragement for corporations to take the initiative to study its opponents, which he said can range from lone-wolf disgruntled employees to organized crime syndicates to nation-state spies.
"I lose my cool when I hear [government] people...say the private sector must step up," said Marcus Ranum, who added that the private sector is not qualified to conduct counter intelligence operations. That should be the government's job, he said.
This article originally appeared at scmagazineus.com
Copyright © SC Magazine, US edition
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.