Businesses need to look at security as a military operation

LAS VEGAS -- Businesses need to look at security as a military exercise and can benefit from strategies that have proved useful in battle, a former military security expert told an Interop audience this week.

"This is a chess match," says Barry Hensley, a retired U.S. Army colonel who was in charge of the army's global network operations and security center. He is now vice president of Dell SecureWorks' Counter Threat Unit. "Can you lock down a network? Probably not. Can you defend a network? Yes you can."

ALSO FROM INTEROP: HP takes swipes at Cisco on Interop stage 

He recommends using a military combat concept called observe, orient, decide and act (OODA) that can give businesses a framework for detecting attacks quickly, figuring out what to do about it, doing it and moving on to deal with the next attack. "If you can OODA before the enemy can, I believe you can defend a network," Hensley says.

Enemies planning network attacks perform the same type of preparations that military commanders do before troop engagements, what he called operational preparation of the battlefield. In networking, that preparation translates into countries that are building cyber arsenals infiltrating networks in targeted countries.

The purpose is to have a place from which to launch some form of attack when it is deemed an opportune moment. "You get a foothold in as many networks as possible so they can use it at the time and place of their choosing," he says.

The analogy spreads outside international cyber conflicts he says. In the United Kingdom, he says, SecureWorks has had banks as customers that have departments named cyber warfare that ponder what the worst-case would be if a cyber attack occurred. The idea is for these departments to develop plans for coping with such attacks, he says.

He says some attackers test out their tools against one industry to see how well it does before going after their actual targets. For example, adversaries might try a certain form of malware against a healthcare provider, but really have as a primary target a financial services business.

He says he investigated a case of an attack launched from a cloud provider network against five contractors all working on the same project for the U.S. Department of Defense.

Hensley says he is uncertain how malware infiltrated the target networks, but they did so with instructions to find certain files. Once they did they contacted a command and control server hosted in a cloud provider's network which downloaded HTML files instructing the malware to send the data to six Internet drop sites, two in the U.S. and four in China, where they were picked up.

CISOs should perform internal penetration testing to find whether employees are engaged in attacks against their own employers, Hensley says. He cited the case of the hacker activist group Anonymous that called for a volunteer-based distributed denial-of-service attack against specified targets using a tool called Low Orbit Ion Cannon.

He says a client of SecureWorks found that employees downloaded LOIC to their work PCs and let it launch distributed DoS attacks. SecureWorks notified all its other customers about the case so they could be on the lookout. "Needless to say, the people who did it were fired," he says.

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. ArmyDellsecurity

More about CiscoDellDell ComputerHewlett-Packard AustraliaHPInteropLANSecureWorks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts