Hackers already are in your network. Now what?

By Tom Shoop

December 4, 2012

To Shawn Henry, there are only two types of organizations in the world: Those that know that their networks already have been breached, and those that don’t.

“It is nearly impossible to keep the most sophisticated adversaries out of networks,” said Henry, president of Crowdstrike Services and a former executive assistant director of the FBI dealing with cybersecurity issues.

Henry spoke Monday at Nextgov Prime, a Government Executive Media Group event on technology and the future of government.

Even a concerted effort to apply best practices in protecting networks -- such as firewalls, hard-to-crack passwords and dual factor authentication for access -- isn’t enough to stop advanced intruders, according to Henry. “If you build a 10-foot wall, they’ll bring a 12-foot ladder,” he said.

So what can government agencies do under this scenario? They should “be constantly hunting on the network,” Henry said, in an effort to “create a hostile environment for the adversary.” It’s not just about trying to prevent people from accessing your systems, but seeing if someone who has gained access is trying to extract or change information.

“There are a whole host of things to you can do internally to look for someone trying to get out,” he said.

Speaking at the same Nextgov Prime session, Alan R. Shark, executive director of the Public Technology Institute and an associate professor at Rutgers University, highlighted several beliefs users cling to in assuming they’re secure:

Shark made the case for training for public employees on cybersecurity best practices. “If people sit back and think technology can save it all, it’s not going to happen,” he said.

By Tom Shoop

December 4, 2012