From the IR diaries of a Cybersecurity chef

Godha B. Godha B.

Godha B.

I specialise at the intersection of Human Security, Defense, Diplomacy, and Development.

发布日期: 2018年8月30日
+ 关注

I know its an interesting title but I finally seemed to have connected some dots for myself. Recently, I received an invitation-only networking opportunity with MWR Infosecurity team from UK and NYC. With a greed for CPEs (confessions of a licensed cyber professional!) and having interacted with them in the past through one of my previous stints in England, I had a hunch that this might be time well spent on a hot summer evening here in Boston and it was. And here's one bone that I would like to throw for us security folks - in the words of one of my dear friends here - you know who you are! :)

What do you think about Active Defense and/or Offensive Security?

While retaliation is illegal under Computer Fraud and Misuse act, another act is in the works in Congress under the title "Active Cyber Defense Certainity Act", which can be found here if you like to peruse: https://www.congress.gov/bill/115th-congress/house-bill/4036/text

This act and its discussion caught my attention at the MWR event. I personally think active cyber defense cycle (ACDC) is not for everyone and that corporations should not expend their precious time and resources in trying to become offensive security hackers under the banner of active defense. I would like to bring this topic to our attention on my network - what do you folks think? Should we retaliate? Is active defense a plausible strategy for organisations - if yes, what are the boundaries, and what are the characteristics that qualify organisations to enter the minefield? Does ADCA 4036 provide enough guidance on that?.. If not, where do we draw the lines on active defense? For those of you who may already be doing some of this in various flavours, what has been your experience or words of wisdom that you can share here without identifying anything in particular!

What's more interesting to me is that governments across the world take unique approaches to tackling the security issues of the modern world. Take for example Swiss Post with their effort on providing integrity, non-repudiation, confidentiality and authentication to their people via the IncaMail facility. See here: https://www.post.ch/en/business/a-z-of-subjects/incamail; Some governments like ours here in the US, are taking this to a whole new level via this proposed 4036 bill in congress.

The UK government for example, published a detail report in February this year, on their experience with the Active cyber defense (ACD) strategy and their approach is quite different as demonstrated clearly by calling out on page 8 that this is not a "hack back" attitude but rather a way to get off our backside and do something actively instead of simply being unhappy about insufficient security knowledge on part of the public or insufficient help from the cyber community to public. Read the wonderful report here: https://www.ncsc.gov.uk/information/active-cyber-defence-one-year.

 My own fascination with Bletchley Park's stories and Enigma always remind me of the strengths and weaknesses of a cyber world so much that I took my teenager to the International Spy Museum in Washington D.C last year, to show her one of those machines and explained to her why cybersecurity is such a cool career! As I branched out to studying International Relations and Economics last year as part of my long term strategy to take my cyber skills onto new planes, I realise now every day that this is probably one of the best decisions I have made in my security career so far. I advise my fellow cyberchefs to broaden the horizons and venture out into the these realms too.

From my own experience in strategic decision making, I certainly think its a good long term strategy for the cyber world that is in the making. We have come a long way from Anti-Virus systems and Malwares - think about the possibilities with Machine Learning and anything and everything with an IP address, we are talking about some true cyber diplomacy and IR skills that will be needed to solve future problems. Cyber Wars are not new and or fancy buzz words as they have a long history since the WW2 and more so since the 80s. See here for example: https://www.nato.int/docu/review/2013/cyber/timeline/en/index.htm. 

I urge you therefore, to think outside the usual cutting board, my fellow cyberdiplomats ;)

Disclaimer as usual: All views expressed here are my own and do not represent or endorse any tool, technology, entity or organization :)

Want to read some more on this topic of debating Active Defense?

  • This one by Tom Kiluk: https://abovethelaw.com/2018/01/why-the-active-cyber-defense-certainty-act-is-a-bad-idea/?rf=1
  • On UK's ACD strategy: https://www.lawfareblog.com/evaluating-uks-active-cyber-defence-program
  • https://www.justsecurity.org/47141/hacking-black-legal-policy-concerns-updated-active-cyber-defense-certainty-act/ by Chris Cook
  • https://searchsecurity.techtarget.com/opinion/Active-Cyber-Defense-Certainty-Act-Should-we-hack-back by Matthew Pascucci.
  • Irving Lachow in The Hill: https://thehill.com/opinion/cybersecurity/383704-the-promise-and-peril-of-active-cyber-defense

要查看或添加评论,请登录

Godha B.的更多文章

社区洞察

其他会员也浏览了