eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
LAS VEGAS The United States is at war in the cyber-theater, and its a pervasive threat that all Americans need to take seriously. Thats the message from a former, high-ranking FBI agent, who delivered a July 25 keynote address at the Black Hat conference here.
For 24 years, Shawn Henry worked in the FBI, and served in a number of different positions in the agency. His last position at the FBI was as the executive director, and he now is in the private sector as president of Crowdstrike services.
We need warriors to fight our enemies, Henry told the capacity Black Hat audience of more than 6,500 computer security professionals.
To start his keynote, Henry delved into the history of the FBI, which has investigated a number of different crimes throughout its history, ranging from illegal drugs, to organized crime to bank robberies. The agency has also focused on other issues, such as foreign spy rings, but the FBIs main focus during the last few years has been terrorism. Now, however, that focus is turning more toward the mounting threats from cyber-crime, cyber-terrorism and cyber-espionage.
In my career, Ive seen lots of similarities between the physical and the cyber-world; certainly the tactics are different, but the theory is the same, said Henry. Its not computers attacking computers; were talking about humans behind keyboards targeting you.
In Henrys view, the threat of a cyber-attack should not be under-estimated.
I believe that the threat from computer network attack is the most significant threat we face as a society, Henry said. Other than a weapon of mass destruction, I think its the most significant threat there is.
Part of that threat comes from the fact that now almost all data is stored and transmitted electronically. Its also easier than ever, for a cyber-attacker to get started than it would be to wage a traditional kinetic attack. Cyber is the great equalizer, according to Henry. With a $500 laptop, anyone can attack us just sitting in their pajamas anywhere in the world.
There are terrorist groups online now calling for the use of cyber as a weapon, said Henry. I believe if we wait, its too late. Its a threat and something we need to be aware off now.
From a defensive perspective, Henry said that it is important to have a defense-in-depth approach. That said, he noted that approach is failing today as it focuses solely on perimeter defense.
Its not the secret sauce; its just a piece of a holistic approach, said Henry.
Henry noted that he assumes that there are terrorists in this country and he knows the government cant prevent them from getting over the border. The key to preventing them from doing anything bad is intelligence.
Intelligence is the key, whether the threat is from spies, terrorists or cyber-hackers, said Henry.
In Henrys view, you have to be proactive and be aware of the adversaries so that you can take them out of the fight. He stressed that he personally is not advocating for hacking activities against other countries. He believes that we can all be proactive on our own network segments and create a hostile network for the adversary to work in.
Your data is being held hostage, and the life of your data is at risk, said Henry. As elite cyber-warriors can have an impact, the stakes are high.
Henry suggested that were in a historic time, and the actions that are taken today will define where we are in 20 years from a security perspective.
The government is not able to independently solve this problem, and civilians are on the front line of the battle every day, said Henry. I believe that our failure to step up now will be a failure for society.