Businesses need to look at security as a military operation

LAS VEGAS -- Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week.

"This is a chess match," says Barry Hensley, a retired U.S. Army colonel who was in charge of the army's global network operations and security center. He is now vice president of Dell SecureWorks' Counter Threat Unit. "Can you lock down a network? Probably not. Can you defend a network? Yes you can."

ALSO FROM INTEROP: HP takes swipes at Cisco on Interop stage 

He recommends using a military combat concept called observe, orient, decide and act (OODA) that can give businesses a framework for detecting attacks quickly, figuring out what to do about it, doing it and moving on to deal with the next attack. "If you can OODA before the enemy can, I believe you can defend a network," Hensley says.

Enemies planning network attacks perform the same type of preparations that military commanders do before troop engagements, what he called operational preparation of the battlefield. In networking, that preparation translates into countries that are building cyber arsenals infiltrating networks in targeted countries.

The purpose is to have a place from which to launch some form of attack when it is deemed an opportune moment. "You get a foothold in as many networks as possible so they can use it at the time and place of their choosing," he says.

The analogy spreads outside international cyber conflicts he says. In the United Kingdom, he says, SecureWorks has had banks as customers that have departments named cyber warfare that ponder what the worst-case would be if a cyber attack occurred. The idea is for these departments to develop plans for coping with such attacks, he says.

He says some attackers test out their tools against one industry to see how well it does before going after their actual targets. For example, adversaries might try a certain form of malware against a healthcare provider, but really have as a primary target a financial services business.

He says he investigated a case of an attack launched from a cloud provider network against five contractors all working on the same project for the U.S. Department of Defense.

Hensley says he is uncertain how malware infiltrated the target networks, but they did so with instructions to find certain files. Once they did they contacted a command and control server hosted in a cloud provider's network which downloaded HTML files instructing the malware to send the data to six Internet drop sites, two in the U.S. and four in China, where they were picked up.

CISOs should perform internal penetration testing to find whether employees are engaged in attacks against their own employers, Hensley says. He cited the case of the hacker activist group Anonymous that called for a volunteer-based distributed denial-of-service attack against specified targets using a tool called Low Orbit Ion Cannon.

He says a client of SecureWorks found that employees downloaded LOIC to their work PCs and let it launch distributed DoS attacks. SecureWorks notified all its other customers about the case so they could be on the lookout. "Needless to say, the people who did it were fired," he says.

Read more about wide area network in Network World's Wide Area Network section.

Join the PC World newsletter!

Error: Please check your email address.

Tags U.S. ArmyDellsecurity

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tim Greene

Network World
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?