SecurityCertified

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, July 2, 2012

Thoughts on Lessons from Our Cyber Past: The First Cyber Cops

Posted on 2:03 PM by Unknown
In May I was pleased to attend Lessons from Our Cyber Past: The First Cyber Cops hosted by Jay Healey at the Atlantic Council and featuring Steven R. Chabinsky, Shawn Henry, and Christopher M. Painter. The transcript as well as audio for the event are now online.

All of the attendees made great points, and I wanted to highlight a few.

Mr. Chabinsky:

I think that we’re getting to this point where we really have to reflect upon what risk mitigation looks like in this area, whether our policies that focus predominantly on vulnerability mitigation, are actually a successful long-term security model.

If you think of most security models, I think predominantly you’d find that they rely on threat deterrence, that the notion that the actor won’t act because there will be some penalty-based deterrent at the end of it – they’ll be captured, they’ll have some penalty. Here [in digital security] we have a model where people are predominantly focused on hardening the target, patching their systems. That’s not how we live in the real world. That’s called a fortress, right? I mean, the technology is not meant to be bunkered down.

And so it’s not surprising then, as we move further and further into this model of accepting devices that are not fortified and bunkered down, without a risk model that predominantly relies upon threat deterrence, we would fall further behind. I agree with that sentiment. As I've written before, Real Security Is Threat-Centric.

Mr. Painter emphasized that you need capacity, laws, and global cooperation to make a difference when fighting digital threats.

Mr. Henry:

What I wanted to do – because I’d talked to some people who were in the cyber space – what I wanted to do was to bring many of the things that we had done in the physical world successfully against organized crime groups and against terrorist organizations – white collar crime, public corruption cases – I wanted to take some of those investigative tactics and I wanted to apply them in the cyber realm.

Because I’ve always seen that there are actually more similarities between the physical space and cyber space than there are differences, and I can relate many things in the physical world to the cyber world, and vice versa. And I had a lot of experience working undercover operations and using authorized digital intercepts, using informants and the like.

That is an important point. I think law enforcement has made the most progress when they use old-fashioned infiltration methods and put less emphasis on technical measures to identify intruders.

Tweet

Email ThisBlogThis!Share to XShare to Facebook
Posted in threats | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • DojoCon Videos Online
    Props to Marcus Carey for live streaming talks from DojoCon . I appeared in my keynote , plus panels on incident response and cloud secur...
  • Practice of Network Security Monitoring Table of Contents
    Since many of you have asked, I wanted to provide an updated Table of Contents for my upcoming book, The Practice of Network Security Monito...
  • Mandiant APT1 Report: 25 Best Commentaries of the Last 12 Days
    Two weeks ago today our team at Mandiant was feverishly preparing the release of our APT1 report . In the twelve days that followed public...
  • Feedback from Network Security Monitoring 101 Classes
    At Black Hat in Las Vegas I taught two Network Security Monitoring 101 (NSM101) classes. This is a new class that I developed this year, a...
  • A Book for the Korean Cyber Armies
    I've got a book for the Korean cyber armies, North and South. That's right, it's my first book , The Tao of Network Security Mo...
  • What is Cloud?
    The slide at left was one of my favorites from Craig Balding's Cloud Security Ghost Story talk from Black Hat EU earlier this year. I ...
  • SQL Injection Challenge and Time-Based Security
    Thanks to this Tweet by @ryancbarnett, I learned of the lessons learned of the Level II component of the ModSecurity SQL Injection Challen...
  • Bejtlich Speaking at TechTarget Emerging Threats Events in Seattle and New York
    I will be speaking at two events organized by TechTarget , for whom I used to write my Snort Report and Traffic Talk articles. The one-da...
  • BeyondTrust Report on Removing Administrator: Correct?
    Last week BeyondTrust published a report titled BeyondTrust 2009 Microsoft Vulnerability Analysis . The report offers several interesting ...
  • President Obama Is Right On US-China Hacking
    I strongly recommend watching the excerpt on the Charlie Rose show titled Obama: Blunt Conversation With China on Hacking . I reproduced the...

Categories

  • afcert
  • Air Force
  • analysis
  • announcement
  • apt
  • attribution
  • bestbook
  • blackhat
  • books
  • breakers
  • bro
  • bruins
  • certification
  • china
  • cisco
  • cissp
  • cloud
  • clowns
  • commodore
  • conferences
  • controls
  • correlation
  • counterintelligence
  • cybercommand
  • cyberwar
  • dfm
  • education
  • engineering
  • feds
  • fisma
  • freebsd
  • GE
  • ge-cirt
  • hakin9
  • history
  • impressions
  • information warfare
  • ipv6
  • law
  • leadership
  • malware
  • mandiant
  • microsoft
  • mssp
  • nsm
  • offense
  • oisf
  • packetstash
  • philosophy
  • pirates
  • powerpoint
  • press
  • psirt
  • reading
  • redteam
  • reviews
  • russia
  • sans
  • sec
  • sguil
  • snorby
  • spying
  • threat model
  • threats
  • Traffic Talk
  • training
  • tufte
  • tv
  • ubuntu
  • usenix
  • verizon
  • vulnerabilities
  • wisdom
  • writing

Blog Archive

  • ►  2013 (16)
    • ►  September (1)
    • ►  August (1)
    • ►  June (2)
    • ►  April (2)
    • ►  March (1)
    • ►  February (3)
    • ►  January (6)
  • ▼  2012 (60)
    • ►  December (4)
    • ►  November (5)
    • ►  October (3)
    • ►  September (10)
    • ►  August (2)
    • ▼  July (6)
      • Israeli Agents Steal Korean Tech for Chinese Customer
      • Impressions: Three "Internals" Books for Security
      • Not Just Clowns, But Criminals
      • How to Kill Teams Through "Stack Ranking"
      • Thoughts on Lessons from Our Cyber Past: The First...
      • Thoughts on Air-Sea Battle Briefing at Brookings
    • ►  June (6)
    • ►  May (4)
    • ►  April (2)
    • ►  March (9)
    • ►  February (6)
    • ►  January (3)
  • ►  2011 (108)
    • ►  December (3)
    • ►  November (7)
    • ►  October (11)
    • ►  September (9)
    • ►  August (18)
    • ►  July (10)
    • ►  June (5)
    • ►  May (4)
    • ►  April (13)
    • ►  March (17)
    • ►  February (2)
    • ►  January (9)
  • ►  2010 (193)
    • ►  December (14)
    • ►  November (11)
    • ►  October (6)
    • ►  September (16)
    • ►  August (15)
    • ►  July (26)
    • ►  June (15)
    • ►  May (15)
    • ►  April (15)
    • ►  March (16)
    • ►  February (19)
    • ►  January (25)
  • ►  2009 (123)
    • ►  December (10)
    • ►  November (17)
    • ►  October (21)
    • ►  September (13)
    • ►  August (20)
    • ►  July (21)
    • ►  June (21)
Powered by Blogger.

About Me

Unknown
View my complete profile