Ex-FBI cyber sleuth: Government 'gets it,' but it will take time
LAS VEGAS — Online attacks are “the most significant threat we face as a society,” and the key to defending against them is to take the fight to the attackers, according to former FBI official Shawn Henry.
“Intelligence is the key to all of this,” Henry said July 25 at the Black Hat Briefings.
There is a major stumbling block to that approach, however. Those with the access to the intelligence are not sharing it. “The majority of what is happening is not heard outside of the classified environment,” Henry said.
'Destructive' cyber attacks ahead, NSA's Alexander warns
Cyber bill accents threat-info sharing, government IT monitoring
Henry, a recently retired executive assistant director who headed the FBI's response to cyber crime unit, said government is ready to change that.
“Government gets it,” he said. “They understand the threat. But the legislation, the policies, those issues are complex.” Creating a working environment with two-way sharing is a long-term process, but agencies have begun the process,” he said.
Henry, who now is president of Crowdstrike Services, echoed a common refrain in cybersecurity circles. “You've got to assume the adversary is in your network,” he said.
Effective security requires spotting intrusions and taking the fight to the adversary rather than merely responding to incidents. Although Information Sharing and Analysis Centers and other vehicles for information sharing have improved the use of information, they operate at human speed and critical information needs to be shared at network speeds to enable useful collaboration and response.
Despite the government's interest in the problem, in the near term the private sector is largely on its own. The National Security Agency defends the .mil domain, the Homeland Security Department defends .gov, but “nobody has authority to defend .com,” he said.