Should the US Use Hidden Data to Warn Industry of Attacks?

Uploaded on 2015-09-16 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Law, BUSINESS-Services-IT & Telecoms, BUSINESS-Services-Health & Welfare, BUSINESS-Services-Financial, BUSINESS-Services-Consulting, BUSINESS-Production-Utilities, BUSINESS-Production-Manufacturing, BUSINESS-Production-Energy

Cyber%20Attacks.jpg

Enterprise & Industry Accounted for over 70% of U.S. Cyber Attacks in 2014

When attribution in cyberspace is debated and discussed, most of the focus has been on whether the US government should take an offensive strike against cyber attackers. But recently, a different angle has surfaced: What’s the government’s role in leveraging the “Dark Web” — the Internet underworld inaccessible to the uninitiated — to give private-sector organizations a heads-up they’re in the crosshairs of adversaries?

The answer is pretty straightforward: Tipping your hand could mean compromising your sources close to the adversary and disrupt a valuable information-gathering process, said Shane Harris, Daily Beast senior intelligence and national security correspondent, speaking Sept. 1 at IBM’s i2 Summit for a Safer Planet in downtown Washington.

In the case of the Sony Pictures Entertainment hack, the US was fairly quick to publicly attribute the hack to North Korea. Less than a month following the cyberattack that leaked the entertainment conglomerate’s emails and financial information, the FBI issued a statement saying it had “enough information to conclude that the North Korean government is responsible for these actions.”
The hack was devastating — and humiliating to Sony. But what would have happened if the US government knew what the hackers were planning and had tipped off Sony? “You’d burn your sources in North Korea,” Harris said. 
So, with its vast trove of knowledge, should the government ever warn private-sector organizations about relevant chatter on the Dark Web sooner? There’s no straightforward answer.

The question is “whether the government has a responsibility to help its citizens or its corporations,” said Matthew Wong, director of intelligence for Flashpoint, who spoke with Nextgov a day after the event. “And sadly, the act of helping sometimes causes undesired effects. If you help a company, you’re risking your sources and methods, so that’s why the government sometimes doesn’t help citizens and companies even though it has the power and ability to do so,” he said.
Wong elaborated further: “You can have a short-term gain now, if you use this intelligence to protect this asset, and then you lose the long-term gain of intelligence and you potentially lose the ability to leverage that information to protect yourself in the long term.”

The conundrum about whether to notify intended targets about malicious activity isn’t new. During World War II, the UK cracked the Germans’ Enigma code, but to conceal its knowledge of the code, the UK had to sit idle, allowing certain “hazards” to occur, Wong said during the panel. (Alan Turing, the British mathematician who worked for UK’s code-breaking unit, is famously credited with cracking the Enigma code; however, Polish intelligence had years prior cracked the same type of messages.)

That strategy allowed the UK to gather more intelligence and study its adversary, gleaning valuable information and eventually winning the war.

“Just because we have the intelligence to stop every intrusion doesn’t mean we should,” Wong said.
DefenseOne: http://bit.ly/1goB6py

« Getting Hotter: China vs US Cyberwar
Russia & China Use Hacked Databases to Find US Spies »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Bishop Fox

Bishop Fox

Bishop Fox is a leading authority in offensive security, providing solutions ranging from continuous penetration testing and attack surface management to product and application security assessments.

eSentire

eSentire

eSentire is the authority in Managed Detection and Response Services, protecting the critical data and applications of organizations from known and unknown cyber threats.

SharkGate

SharkGate

SharGate provide a cloud-based website security solution to protect websites from being hacked.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

SCIPP International

SCIPP International

SCIPP’s courses are based on internationally recognized best business practices for security awareness, for both technical and non-technical staff and to comply with regulatory mandates.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

iQuila

iQuila

iQuila is a virtual overlay network which runs on top of an existing network. It creates a secure software enabled layer 2 connection across the internet or any public or private cloud.

Rezilion

Rezilion

Rezilion is a stealth mode cyber-security start-up developing a cutting edge technology that makes cloud environments self-protecting and resilient to cyber-attacks.

Rocheston

Rocheston

Rocheston is an innovation company with cutting-edge research and development in emerging technologies such as Cybersecurity, Internet of Things, Big Data and automation.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Stacklet

Stacklet

Stacklet provides cloud governance as code platform that accelerates how Global 2000 manages its security, asset visibility, operations, and cost optimization policies in the cloud.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

KnoTra Global

KnoTra Global

KnoTra Global is a next-generation Managed Service provider with a portfolio of services including Cybersecurity Solutions, Network Management, IT Leadership, and Day-to-Day Helpdesk and IT services.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

CyRiSo

CyRiSo

CyRiSo is a cyber security consulting company with a focus on 'as-a-service' services for the most pressing challenges of cyber security.