Black Hat, White Hat, Grey Hat. Good hackers and bad hackers. Bad hackers that become good (aka the Kevin Mitnicks of the world). Cyber security – and its players – are always evolving, they obviously have to in order to keep pace with changing technologies, threats and vulnerabilities.
It was back in 1975 that the word “hacker” officially entered into our modern day lexicon, when it was listed in ‘The Jargon File,’ a glossary listing terms for computer programmers. There were eight definitions for hacker, the final being: “A malicious meddler who tries to discover sensitive information by poking around. Hence password hacker, network hacker.”
Back in hacking’s infancy, long before the multi-million dollar news headlining heists, attackers were motivated by the goal of causing disruption, inundating systems and crashing computers, later graduating to using key logging and form grabbing to go after user names and passwords. But the increased accessibility of data, as our lives digitalized and eventually moved to the cloud, upped the stakes and attackers realized how much they stood to gain by aggressively pushing toward the end goal: intensely personal user data, banking details, detailed healthcare histories and more.
Active Cyber Defense
As hacking has gotten more complex, and as our data has moved to the cloud, cybersecurity has had to change its response. Where we once based cyber security on prevention and detection (antivirus, firewalls and other perimeter solutions), the security industry realized this was no longer enough. Implementing an active defense is not necessarily a new concept, as it has been around in the military for generations. But its adoption into cyber security has coincided in part with the realization that focusing primarily on breach prevention was no longer enough.
Commonly implemented examples of active cyber defense include:
• Intrusion prevention systems that monitor network activity and actively detect and block vulnerability exploits, malware and other malicious items.
• Honeypots and decoys allowing organizations to lure intruders to strategically-placed non-sensitive information in isolated parts of the network, keeping them away from the organization’s true assets and monitoring hacker activity.
Ethical Issues with Active Cyber Defense
However ethical issues exist with the active cyber defense. While intrusion prevention and the use of honeypots and decoys take place on the organization’s internal network, some security professionals support an even more proactive approach, including an ‘attack back’ or ‘hack back’ – a breach of the attackers network which can include the goals of taking back stolen data, planting spyware to investigate the source of the attack, and blocking future attacks. Additionally, since many times the source of an attack may be a victim computer as well, the idea of ‘attack back’ is less palatable to those ethically inclined, and certainly less of an option to organizations required to meet federal and state standards and regulations.
Governments and world leaders are currently considering laws both protecting and instituting limits on the active cyber defense, and most industry professionals are aware of the controversial grey area in which the active cyber defense approach exists. But that said, it is clear that in 2018, an organizational cyber security solution must be both extremely pro-active and comprehensive, in order for it to truly secure the internal network.