Crossroads Blog | CYBER SECURITY LAW AND POLICY

Current Affairs

Cyber Roundup (12/4): Hackback all over the news, US stumbles at WCIT, massive data leak of U.S./British C/T data, and more . . .

A lot of articles tonight . . .

A quick survey of recent cyber news . . .

***

Ken Dilanian reported for the Los Angeles Times on the concept of hackback and an influential new player in the cybersecurity business: CrowdStrike.  If you’ve been watching this blog, or the news, you’d know that CrowdStrike is getting a lot more attention.  Steven Chabinsky–the firm’s Senior VP, Legal Affairs & Chief Risk Officer–gave a great lunch time talk at the ABA’s NatSec conference.  This Forbes article quoted its President, Shawn Henry; as did this Nextgov article.  Further down in this very post, you’ll find a video featuring Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike.  In short, it seems like they’re everywhere lately.  Before going any further, I want to clarify that CrowdStrike does not engage in hackback.  I get excited about this topic, so I tend to reference CrowdStrike and hackback in close proximity, but hackback is still of uncertain legality, and CrowdStrike has been clear that it helps companies inside their firewalls.  I believe that hackback should be legal, and that we should encourage it under certain circumstances, but that’s for another blog post.

Back to the LATimes article.  Dilanian explained that CrowdStrike is . . .

. . . at the forefront of a new business model for cyber security, one that identifies sophisticated foreign attackers trying to steal U.S. intellectual property and uses the attackers’ own techniques and vulnerabilities to thwart them.

 

The article had some great quotes from CrowdStrike execs, but I was more interested in Dilanian’s blurb about CrowdStrike’s attribution techniques.  Notably, the firm employs Chinese linguists and creates hacker profiles “complete with real names and photos . . ..”

I just had to note . . . at the top of the article, there was a poll questioning whether a more aggressive approach in cyberspace “is too much” or “it’s about time.”  It’s about time leads 87% to 13%.

There’s more to the LATimes article, so check it out here.

***

As for that aforementioned Nextgov article, it was written by Tom Shoop and explored Shawn Henry’s comments at Nextgov Prime.  Of particular note, Mr. Henry believes that “[i]f you build a 10-foot wall, they’ll bring a 12-foot ladder . . . [government agencies should] be constantly hunting on the network [to] create a hostile environment for the adversary.”

***

Via Bloomberg Businessweek, a video of Bloomberg Link’s Enterprise Risk Conference.  The panel included Dmitri Alperovitch, Carl Herberger, Mick McConnell, and Andy Ozment.

I can’t get this thing to embed properly, so I apologize for making you jump.

***

Reuters reports that a joint U.S./Canadian proposal “to protect the Internet from new international regulation has failed to win prompt backing from other countries . . .”

Aljazeera had a useful video on WCIT:

***

Reuters’ Mark Hosenball reports that a Swiss technician may have compromised terrabytes of U.S./UK counter-terror data.  Apparently the technician “intended to sell the stolen data to foreign officials or commercial buyers.”

***

Amber Corrin writes for FCW on how the Air Force is redefining its approach to cyberspace.

Jared Serbu, for FederalNewsRadio, explaining how the Air Force is just 1 piece of DoD’s cyber puzzle and that a common understanding of word cyber still eludes us.

John Reed, for Foreign Policy, on how the Pentagon is reshuffling the services’ cyber capabilities.

I lost track of the article, but apparently demand for cyber-professionals is so high that the U.S. Air Force may move to a 24/7 tech school.  That’s crazy.

***

Matt Sledge, for the Huffington Post, on Bradley Manning’s lawyer charging President Obama with hypocrisy over whistle-blower protection.

***

Nextgov’s Aliya Sternstein reports that DHS is warning local governments that hackers could manipulate highway sensors.

***

Grant Gross writes for Computerworld on how the “U.S. government needs a comprehensive doctrine addressing cybersecurity instead of the current patchwork of policies and agencies . . .”

***

Ben Woods reports for ZDNet that the UK government is planning on drafting “cyber reserves” . . .

***

Nick Hopkins, for The Guardian, on how hostile states are targeting UK critical infrastructure.

Leave a Reply

Current Affairs

Cyber Roundup (12/4): Hackback all over the news, US stumbles at WCIT, massive data leak of U.S./British C/T data, and more . . .

A lot of articles tonight . . .

A quick survey of recent cyber news . . .

***

Ken Dilanian reported for the Los Angeles Times on the concept of hackback and an influential new player in the cybersecurity business: CrowdStrike.  If you’ve been watching this blog, or the news, you’d know that CrowdStrike is getting a lot more attention.  Steven Chabinsky–the firm’s Senior VP, Legal Affairs & Chief Risk Officer–gave a great lunch time talk at the ABA’s NatSec conference.  This Forbes article quoted its President, Shawn Henry; as did this Nextgov article.  Further down in this very post, you’ll find a video featuring Dmitri Alperovitch, co-founder and chief technology officer of CrowdStrike.  In short, it seems like they’re everywhere lately.  Before going any further, I want to clarify that CrowdStrike does not engage in hackback.  I get excited about this topic, so I tend to reference CrowdStrike and hackback in close proximity, but hackback is still of uncertain legality, and CrowdStrike has been clear that it helps companies inside their firewalls.  I believe that hackback should be legal, and that we should encourage it under certain circumstances, but that’s for another blog post.

Back to the LATimes article.  Dilanian explained that CrowdStrike is . . .

. . . at the forefront of a new business model for cyber security, one that identifies sophisticated foreign attackers trying to steal U.S. intellectual property and uses the attackers’ own techniques and vulnerabilities to thwart them.

 

The article had some great quotes from CrowdStrike execs, but I was more interested in Dilanian’s blurb about CrowdStrike’s attribution techniques.  Notably, the firm employs Chinese linguists and creates hacker profiles “complete with real names and photos . . ..”

I just had to note . . . at the top of the article, there was a poll questioning whether a more aggressive approach in cyberspace “is too much” or “it’s about time.”  It’s about time leads 87% to 13%.

There’s more to the LATimes article, so check it out here.

***

As for that aforementioned Nextgov article, it was written by Tom Shoop and explored Shawn Henry’s comments at Nextgov Prime.  Of particular note, Mr. Henry believes that “[i]f you build a 10-foot wall, they’ll bring a 12-foot ladder . . . [government agencies should] be constantly hunting on the network [to] create a hostile environment for the adversary.”

***

Via Bloomberg Businessweek, a video of Bloomberg Link’s Enterprise Risk Conference.  The panel included Dmitri Alperovitch, Carl Herberger, Mick McConnell, and Andy Ozment.

I can’t get this thing to embed properly, so I apologize for making you jump.

***

Reuters reports that a joint U.S./Canadian proposal “to protect the Internet from new international regulation has failed to win prompt backing from other countries . . .”

Aljazeera had a useful video on WCIT:

***

Reuters’ Mark Hosenball reports that a Swiss technician may have compromised terrabytes of U.S./UK counter-terror data.  Apparently the technician “intended to sell the stolen data to foreign officials or commercial buyers.”

***

Amber Corrin writes for FCW on how the Air Force is redefining its approach to cyberspace.

Jared Serbu, for FederalNewsRadio, explaining how the Air Force is just 1 piece of DoD’s cyber puzzle and that a common understanding of word cyber still eludes us.

John Reed, for Foreign Policy, on how the Pentagon is reshuffling the services’ cyber capabilities.

I lost track of the article, but apparently demand for cyber-professionals is so high that the U.S. Air Force may move to a 24/7 tech school.  That’s crazy.

***

Matt Sledge, for the Huffington Post, on Bradley Manning’s lawyer charging President Obama with hypocrisy over whistle-blower protection.

***

Nextgov’s Aliya Sternstein reports that DHS is warning local governments that hackers could manipulate highway sensors.

***

Grant Gross writes for Computerworld on how the “U.S. government needs a comprehensive doctrine addressing cybersecurity instead of the current patchwork of policies and agencies . . .”

***

Ben Woods reports for ZDNet that the UK government is planning on drafting “cyber reserves” . . .

***

Nick Hopkins, for The Guardian, on how hostile states are targeting UK critical infrastructure.

Leave a Reply