On 1/21, InformationWeek put out a very interesting newsletter on hackback/counterstriking/private sector active defense/offensive cybersecurity. The newsletter requires you to register (it’s free). You can find two articles from the newsletter listed below, but they are only previews.
InformationWeek posted a portion of Gadi Evron’s article Offensive Cybersecurity: Theory And Reality. Even though this was a rehash of what most of you probably already understand about private sector offensive cybersecurity, I really enjoyed this article. Evron suggested that before we even discuss offensive cybersecurity (i.e. hackback, or going outside of your network), a company should focus on developing a cyber-intelligence capability “to say with certainty who attack us or might do so, what weapons they used . . . and what information was stolen.” That makes a lot of sense, although I question whether a company can do effective intelligence gathering within the bounds of the current law. For that reason (and cost concerns), Evron suggests that the private sector should develop closer ties with the government so that they can benefit from government intelligence gathering resources. Although hackback may not be legal (or wise) right now, that may not always be the case, and companies can take an apparently legal and necessary step in improving their “cyber counter-intelligence” capability.
In the same InformationWeek newsletter, Michael A. Davis wrote an article on 4 proactive steps an IT team can take even though hackback may be illegal. InformationWeek again posted a snippet of the article on its website. Davis sort of echoed Evron’s thoughts, adding a healthy dose of honeypots/honeytokens and a recommendation that companies start “building the security team of the future.”
Again, you have to register for the newsletter, but it’s worth it; there’s a lot of stuff I left out, and it’s a good read.
Leave a Reply