Chairman & CEO of root9B Technologies, Inc.
What do J.P. Morgan Chase, Target, Home Depot and Sony have in common? The answer is despite spending hundreds of millions of dollars to secure their networks, each of them were victims of nefarious hackers.
They are examples of the ominous, new threat facing our country and our private sector institutions.
Nation-State cyber adversaries are executing strategic targeting of networks and systems critical to the security and economy of the United States. Our Nation and its regulatory leadership must recognize that both current and new cyber policy will not protect companies, shareholders, depositories or critical infrastructure. We must change our approach.
Recent events suggest that corporate America is responding to legally driven cyber security adherence, e.g. PCI Compliance. While any defense process to stem the wave of attacks is favorable, our nation must come to grips with the fact that our adversary is utilizing military grade offensive measures against a civilian defense posture. Can we really expect an academically trained citizen to engage a Nation State actor in what has now been officially deemed a domain of warfare? Our Nation’s Cyber-defenders are currently equipped with automated and passive technologies and are being asked to defend against a sophisticated and dynamic human adversary. Traditional passive cybersecurity strategies will continue to fall short against these advanced adversaries. There must be a defense-in-depth strategy and a paradigm shift to train and equip defenders to execute active cyber defense and adversarial pursuit (HUNT). This new strategy places a human defender against a human adversary, supported by both automated and active capabilities to hunt advanced adversaries within proprietary networks.
Cybersecurity, specifically network defense, requires multiple layers of complex, integrated, and simultaneous functions responsible for ensuring infrastructure security against exploitation, denial of service attacks, and intelligence operations. As evidenced by the recent breaches within the financial and retail markets, traditional network defense efforts are unable to keep pace with the exponential increase in malicious cyber activity. Realizing this, the cybersecurity community must make a significant move to meet the challenges of today’s sophisticated and targeted network attacks.
Traditionally, cyber defense teams react to intrusions with passive mechanisms and antiquated processes focused on containment, cleanup, and recovery. For example, after a network compromise is uncovered, a series of standard operating procedures are executed post-incident to secure the host and avoid network degradation or data loss. However, often unintended consequences occur when these actions alert attackers to their discovery and result in more complex techniques being employed by the adversary. While this approach may thwart the specific detected network breach, the reactive nature of this strategy ignores overarching vulnerabilities and the likelihood of a larger network compromise.
Network security through passive mechanisms is no longer a guarantee and there must be a paradigm shift in cyber defense strategies to include proprietary network active pursuit and adversary engagement. This starts with training defenders to understand an attacker’s mindset, tactics, tendencies, and exploitation strategies. In addition to our traditional KYC or know your customer mantra, we must add a KYA mantra, know your attacker! Equipped with this knowledge, cyber defenders must then be provided the tools to conduct real-time defensive operations to mitigate vulnerabilities, counter threats, and detect unknown intrusions. The solution will not be found in an intrusion detection system (IDS), a sturdier firewall, or anti-virus products. The game changer in the next phase of cyber defense is executing interactive cyber operations and proactively searching for an adversary. Network defenders need to be equipped with a unique toolset, based on advanced capabilities, and trained to execute operations within proprietary networks. Equipped with technical capabilities and real world expertise, network defenders can function as an enterprise-wide interactive unit to deter threats as part of a more comprehensive defensive network posture. The bottom-line is that deterrence, which should be the ultimate goal of a defensive strategy, will not be achieved through reactionary response. The community must answer the adversary’s sophisticated and agile ability to target and compromise critical networks with equally sophisticated and agile defensive capabilities.
About the authors:
Eric Hipkins is the founder and Chief Executive Officer of root9B. Mr. Hipkins is an accomplished cyber and intelligence professional with over 25 years of specialty experience in advanced cyber and technical intelligence operations. Mr. Hipkins is a military veteran with extensive experience across the Department of Defense and commercial community.
John Harbaugh is the Chief Operating Officer of root9B. Mr. Harbaugh has more than 25 years of diverse experience within the cryptologic and intelligence community as both a member of the U.S. Military, and as a senior executive for NSA.
Mike Morris is the Chief Technology Officer of root9B. Mr. Morris has over 13 years of experience in intelligence operations. Mike is the chief architect behind the design and integration of root9B’s Active Adversarial Pursuit platform, and has been an integral member for shifting the nation’s prospective on cybersecurity.
About the company:
root9B is a leading provider of advanced cybersecurity services and training for commercial and government clients. The company is based in Colorado Springs, CO, and has built the most advanced team of certified cyber network operators and security specialists, focused on advanced adversary pursuit.
