The world's most capable, rugged and secure
industrial control system...
Introducing Bedrock OSA® Remote
- Intrinsically-secure PLC and RTU control
- 10 or 20 channels of universal I/O
- Free IEC 61131-3 engineering software
- -40ºC to +80ºC temperature range
- Rugged, all-metal case 5.4 in x 8.9 in x 2.3 in
Fighting Back! The Rise of Active Cyber Defense
July 26, 2021 | Robert Bergman
Reversing a popular axiom for cyber security purposes, the best defense may be a good offense. At least that’s what the proponents of “active defense” believe. Active defense, according to the U.S. Department of Defense is using “limited offensive action and counterattacks to deny a contested area or position to the enemy.” When applied to cyber security, as on the MITRE ATT&CK® website, it includes basic cyber defenses such as firewalls and intrusion prevention but may also integrate activities like cyber deception and adversary engagement. The objective is not only to counter current attacks but also to learn more about the adversary to prepare for future attacks.
Honeypot virtual machines are a good example of active defense. Cyber security solutions vendor Fortinet describes them as decoy computing traps deployed next to actual production systems. They trick invaders into revealing attackers’ intentions and possibly some identifying information before they attack. Fortinet gives the following example of honeypots:
- Fake email addresses, which can attract phishing or spam messages that could reveal sources or attack strategies
- Fake database data, which attackers may attempt to access, revealing attack strategies and vulnerabilities
- Fake executable files, which signal when executed, revealing attacker system details, and possibly damage the hacker’s system
- Web beacons, which link to a small object hidden in a file, which might provide location information on the hacker
- Browser cookies, which can get around attacker’s blocked firewall ports
- Canary traps, which trap whistleblowers who leak data
- Decoy Amazon Web Services (AWS) keys, which signal hackers presence when they attempt to test the keys
“… if it’s an electrical system, we can model the physics of the electricity being distributed, so that the decoys that you deploy appear to be connected to the physical system, and the attackers can believe that they’re achieving their objectives, and keeping them going, while in reality, they’re not talking to the real system, and we’re protected,” said Thomas Edgar, the senior cyber security scientist for Pacific Northwest National Laboratory in an interview with Federal News Network’s Tom Temin.
Pacific Northwest National laboratory is now working with Attivo networks to commercialize Shadow figment. Another company offering active defense solutions is ZScalar, whose stock leaped 14% this month on announcing its purchase of SmokeScreen, a provider of active defense and deception technology solutions that enable customers to “change the economics of cyberattacks by making them far more costly, complex and difficult for the adversary both before and during their attempted intrusions.”
Who’s on the frontlines?
All of this, of course, raises the question of who is actually going to implement active defense. Certainly, some of the troops will be government and law enforcement specialists, likely including some of the 500 cyber security new hires and 300 job offers the DHS made, and others who may fill the 2,000 cyber security vacancies still open at the CISA, the US Secret Service, US Coast Guard and other DHS agencies.
Chris Kubic, a former chief information security officer at the National Security Agency lends some credence to the DHS role in an interview with Federal News Network, in which he says that, unlike previous executive orders that focused on improving cyber hygiene and patching, the recent order focuses more on active defense and endpoint detection capabilities.
We applaud any effort to thwart cyberattacks before they can happen, but it is clear that all these strategies and tactics are going to be labor-intensive. So while you are assembling your army or waiting for the cavalry to defend your castle, you should be sure that at least your crown jewels are safe. The best offense may be a good defense after all.
For more information on how to secure your crown jewels, download our white paper “The Fundamentals of Intrinsic Cyber Security.”