Security experts cold on former FBI official's Black Hat keynote

A former FBI official's keynote at the Black Hat security conference got a chilly reception Thursday from security experts who bristled at his call for business to do more to help the government defend against cyber attacks.

Shawn Henry, former FBI executive assistant director in charge of cyber-investigations, said businesses needed to "step up" in helping defend government and corporate networks against hackers and spies trying to steal intellectual property and government documents.

The comments from the ex-government cop-turned-security-vendor was met with only polite applause, an indication that the speech failed to spark the patriotic spirit among attendees of the Las Vegas conference.

[See also: Cybercrime 'much bigger than al Qaeda']

In fact, members of a panel discussion following the keynote agreed that government was responsible for building security for the common good, while businesses were better at product innovation.

Security experts who were not attending Black Hat, but who read Henry's comments, tended to agree with that assessment. "His heart is in the right place, but the message is stale," said Andrew Plato, president and chief executive of consulting firm Anitian Enterprise Security.

He added that it was not the role of private industry to provide for the common defense. "That is one of the most basic duties of our Republic," Plato said.

Xuxian Jiang, an assistant professor and security researcher at North Carolina State University, agreed, saying there is "always a line between government and business."

"The focus of government should be mainly on the infrastructure for the common good, while commercial companies can better focus on product innovation with business opportunities and returns," he said.

Henry, who retired from the FBI in March and joined security startup Crowdstrike as president a month later, advocated a "paradigm shift" in which businesses re-architect networks, so the cost of hacking computer systems would be much higher.

The techniques he mentioned, all well known in the security industry, include building traps that lure hackers into stealing bogus data and hiding sensitive information behind multiple layers of security.

While few experts would argue that better security is needed in corporations, they also point to the federal government's tarnished record. Security flubs include (PDF document) hackers gaining access last year to documents from major defense contractors working on new weapons systems. In the same year, the U.S. Senate's computer network was broken into by hacker consortium LulzSec.

But what irritated Plato most was the tone of Henry's speech, which presented the problem in jingoistic terms that do not impress security professionals.

"The government, as well as some industry leaders, need to drop all the war imagery and military jingoism and start interacting with this community in a more sophisticated manner," Plato said. "We all care about protecting our country, we don't need the 'guns a blazing' imagery. It just comes off as ham-fisted. Hackers don't jump out of helicopters."

Read more about critical infrastructure in CSOonline's Critical Infrastructure section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts