Ex-FBI cyber sleuth: Government 'gets it,' but it will take time

LAS VEGAS — Online attacks are “the most significant threat we face as a society,” and the key to defending against them is to take the fight to the attackers, according to former FBI official Shawn Henry.

“Intelligence is the key to all of this,” Henry said July 25 at the Black Hat Briefings.

There is a major stumbling block to that approach, however. Those with the access to the intelligence are not sharing it. “The majority of what is happening is not heard outside of the classified environment,” Henry said.

Related stories:

'Destructive' cyber attacks ahead, NSA's Alexander warns

Cyber bill accents threat-info sharing, government IT monitoring

Henry, a recently retired executive assistant director who headed the FBI's response to cyber crime unit, said government is ready to change that.

“Government gets it,” he said. “They understand the threat. But the legislation, the policies, those issues are complex.” Creating a working environment with two-way sharing is a long-term process, but agencies have begun the process,” he said.

Henry, who now is president of Crowdstrike Services, echoed a common refrain in cybersecurity circles. “You've got to assume the adversary is in your network,” he said.

Effective security requires spotting intrusions and taking the fight to the adversary rather than merely responding to incidents. Although Information Sharing and Analysis Centers and other vehicles for information sharing have improved the use of information, they operate at human speed and critical information needs to be shared at network speeds to enable useful collaboration and response.

Despite the government's interest in the problem, in the near term the private sector is largely on its own. The National Security Agency defends the .mil domain, the Homeland Security Department defends .gov, but “nobody has authority to defend .com,” he said.


About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected