Tag Archives for " Cyber Defense "

Battling Cyber Hackers with Public and Private Cooperation

Battling cyber hackers with public and private cooperation

Battling Cyber Hackers with Public and Private Cooperation

Battling cyber hackers with public and private cooperation

Except those who are simply not following the consistent data breaches across silicon tech and online retail, Battling cyber hackers seems a never-ending standard we all have to live with.

Cyber security is growing more important and complex, but the government seems to be lagging behind in proper protection and security steps, leaving some of our most vulnerable secrets at risk.

WikiLeaks as already proven itself adept at hacking into servers and posting information, some of it classified, to the general public without fear of retribution.

The hacking group Anonymous has already proven itself more than adept at hacking into almost any server and website with only a minimal amount of time, and only recently someone managed access into North Korea’s Internet only to discover the citizens have access to a total of 28 sites.

What is interesting to note about the two previous examples is these are private citizens who are using less than advanced techniques to reach into sites and even an entire country.  If this is possible, why then does the government hesitate to do the same in battling cyber hackers?

Political appointees and cronyism is a likely start.  Deep pockets make for strong connections.  In battling cyber hackers, we need stronger, more secure servers and networking is certainly possible, but if the best and most reasonable choice is from a polar political party or outside of a sphere of connections, influence and activism, other choices will be made out of political necessity and prevention of political suicide.

The Problem in Battling Cyber Hackers

China and Russia.  Both countries may feign interest in the U.S., particularly because we import so much from China, but there is too much evidence of malfeasance on the part of China and Russia with our secure servers.  The government knows the two countries are there, but very little is done about it until well after the breach is discovered.  By then, naturally, it is too late to do much except backtrack and learn what happened.

Most will immediately assume there are no solutions, throw hands up and condemn the entire situation to hackers who will in no time cause serious havoc throughout the governmental networks and Internet.  There are solutions, sound and valid, which are not as difficult to find as one may think.

Battling Cyber Hackers

Tap the Public Sector

Let’s not get into the public/private argument, but instead focus on what is important – the security needed in battling cyber hackers.  The private sector often is not as limited to budgetary constraints and limitations like some governmental agencies.  Some agencies certainly do not lack funds or funding each year, but other, small and more insignificant agencies may.  After all, there is a U.S. Halibut Commission as well as many other small groups in the territories and such.  Chances are these groups do not have the same degree of cyber security as the Supreme Court.

Fight Fire with Fire in Battling Cyber Hackers

Many years ago, a young hacker’s punishment was to create a program wherein should another hacker gaarch.com/talent-acquisition-executive-sein entrance into the system, the system would not allow the hacker to exit.  Thus, the hacker was held, in a sense, until found and taken into custody.

We have the similar capabilities, and more importantly, the people to do it.  Rather than be passive with cyber warfare, enact more punitive solutions.  Turn back to the above-mentioned suggestions for a set of plans, programs and solutions to combat and punish those who would enter U.S. cyber space without permission.

This is not by any means a complete list of options that can be used.  Instead, we elicit your suggestions and ideas.  What are some possible sectors we could use for cyber security, and how can we be more aggressive on battling cyber hackers – offensive and defensive?

Facing New Cyber Warfare Tactics – Implement CCI Methods

Facing new cyber warfare tactics

Facing New Cyber Warfare Tactics - Implement CCI Methods for IoT / Infrastructure

Facing new cyber warfare tactic

Cyberspace is an official battlefield for almost a decade in many states. According to a series of data breach investigations report (2013-2016) of Verizon facing new cyber warfare tactics, despite cyber criminals remain a major actor category in causing data breaches, the significant participation of nation-states and state-affiliated groups in cyber-operations is not to be underestimated.

The operators in the latter category do not simply target short-term monetary gain, but in-depth and persistent penetration to attain strategic objectives, notably the advanced persistent threat (APT). Our businesses, government, and military are facing new cyberwarfare tactics used in economic espionage, geopolitical campaigns and remote sabotage attempts. High profile events in recent years ranging from the Chinese APT1 eavesdropping over 140 international companies, Russian APT28 implementing asymmetric warfare against Georgia and Ukraine between 2008 and 2014, to the DNC email hacking in the recent US presidential election and Olympic Games (Stuxnet) sabotage incident in 2010, contribute to the rapid development of cyber intelligence landscape.

Methods in Facing New Cyber Warfare Tactics

Thus, in this troubled water, not only the digital assets and intellectual properties of private companies are under constant surveillance of ​cybercriminals but also public critical infrastructures and new Internet of Things connected data and devices are at stake. Highly skillful and resourceful actors enthusiastically collect intelligence through sophisticated hacking tools, computer worms and network mapping technologies.

This intelligence collection empowers malicious actors to succeed in striking companies and governments. One key underlying factor for successful risk mitigation is not only to catch up with the ‘hardware’ technological advancement, but also the software in facing new cyber warfare tactics to analyze the pattern, identity and objectives of the intruder so as to effectively counterstrike intelligence collection of the adversary.

Facing new cyber warfare tactics by implementing CCI methodsThus, adopting military doctrines such as decoy, deception and deterrence to detect and mitigate cyber risks becomes a valuable cyber counterintelligence (CCI) strategy for both private companies and states. In the tactics, techniques, procedures (TTP) guidelines implemented by the U.S. Department of Defense (DoD) Joint Chiefs of Staff, at least four major intelligence collection methods can be identified in cyberspace. Intelligence can be collected through human (HUMINT), open-source (OSINT), signal (SIGINT) and geography (GEOINT).

Based on these notions, the security researcher, Robert Lee, suggests two approaches to apply these concepts in CCI policy making: defensive CCI and offensive CCI.

The former recommends regular red team assessment to evaluate both internal network vulnerabilities and external threat landscape. The latter is about setting up honeypots and sock puppets to interact with the adversary so as to achieve deception and delay effects. Both approaches require a comprehensive understanding of the internal networks, operations and procedures about one’s own organization. Ideally, one optimal CCI employment involves a mix of active and passive intelligence gathering to understand the potential adversaries.

Assessments in Facing New Cyber Warfare Tactics

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

In other words, it implies the hybrid application of conducting internal and external assessment as well as interacting with the intruders. Hence, the organization can be better prepared in facing new cyber warfare tactics by drafting its response plan and internal policies with more concrete scenarios, evidence, and more significantly, grasp of the tactics of the adversary.

Facing new cyber warfare tactics CCI methods

In addition, internal analyst and general employee training is a prerequisite for the successful implementation of CCI strategy. On the one hand, improving the security awareness of general employees is an important, yet underestimated, means to prevent initial network compromise. For example, the victims of APT1 mostly started by falling prey to spear phishing which eventually caused successive large-scale data breaches. Educating employees to be cautious of unverified and false web information addresses the most vulnerable human factor in cybersecurity trust chain.

On the other hand, the training of in-house analysts has to be rigid and unconventional. They must be able to identify, evaluate and distinguish accurate intrusion data to defend the organization. Putting themselves into the adversary’s shoes is a crucial perspective to anticipate the interests, objectives and strategies of the intruder. It also prevents them from being misled to well-crafted falsified data.

To optimize the performance of the duties of in-house analysts, a number of emerging cybersecurity vendors in deception technology like TrapX, Attivo and Cymmetria develop products and solutions adapted to this specific need. Through setting up decoys and buffering zones such as honeypot servers, sandbox and other buffering mechanisms, the defending organization can maximize the counterintelligence efforts to study the attacker.

In conclusion, adopting CCI perspectives in facing new cyber warfare tactics is an imminent issue for companies and governments to cope with constantly evolving and sophisticated cyberattacks. After all, the information security solutions of major vendors in the market target a more general public having relatively less security challenges than institutions dealing with multi-billion digital assets, IoT networks, and critical infrastructure. Installing ubiquitous anti-virus/ spyware detection software is the earliest phase in defending one’s institution.

In case of constant aggressive network breaches that their existing cybersecurity solutions and internal policies are ineffective, even defenseless, against the adversary, it is time to consider integrating CCI tactics and perspectives into the institution’s cyber defense strategy.

If the states are involved in attacking private entities, for what reasons companies should not introduce CCI to their management?

Whether you are a manufacturer, hardware or software vendor, or defense contractor, you MUst have the best talent available who has a TSI and /or active security clearance to work in cyber defense and cyber counterintelligence.  NextGen has served companies with identifying and recruiting cyber analysts, red / blue / purple team engineers, and more.  

Cyber security executive search firms