In the last few years, government and business cybersecurity experts continue doing better and better, while attackers also continue to do better and better. Steven Chabinsky, former chief of the FBI’s Cyber Intelligence Section, challenges the business and government sectors to adapt, adjust, rethink their approach to cybersecurity or slide backwards. Dennis Fisher over at the Threat Post, recently interviewed Chabinksy who offered a few provocations to security professionals.[1]
Chabinsky suggests that security would do well to prioritize threat deterrence over network vulnerabilities. With teams of research analysts focused on exploiting new vulnerabilities, groups of attackers (including private gangs and government sponsored thugs) continue to gain momentum in penetrating networks and stealing secrets both military and intellectual. Instead of only building stronger and deeper bunkers, security must adjust to these rapidly growing threats with an aggressive plan of deterrence.
“There needs to be a focus on real-time information sharing. That’s been missing. There’s been good strategic information sharing, but what’s been missing is an ability to understand what the threat actor is doing and how to disrupt it,” says Chabinsky. “We need to share information in an automated way that allows networks to self-heal. That hasn’t been done yet.”
Chabinsky’s challenge offer a high-level strategic focus to the struggle against attacks, and it is hoped that real-time collaboration and strategic deterrence can play a more fundamental role in reducing the impact of attacks. At the same time, businesses must continue to focus on a robust plan of protection that includes mitigating vulnerabilities, security training, and predictive defenses to name a few.
In the past, I’ve mentioned the value of resiliency engineering as key in the long-term strategy for building more secure companies. It might be worth revisiting this theme in the near future to consider how businesses and government are and can continue developing skills in this ongoing online battle.
[1] Dennis Fisher. “Think Differently on Cybersecurity Or Fall Farther Behind, Former FBI Lawyer Says.” Threat Post, September 19, 2012
