Fight Cyber-Attacks With Innovative Defenses, Juniper Executive Says

Enterprises should use innovation and passive resistance to stymie cyber-attackers without causing unintended consequences, a Juniper executive argues.

SAN FRANCISCO—Security professionals should stop tweeting their outrage concerning the National Security Agency and other attackers who penetrate networks to steal data, and instead do something about the problem, a Juniper executive said in a mid-morning speech at the RSA Conference on Feb. 25.

Calling the virtual histrionics of security professionals canceling their appearances at RSA an example of "first-world outrage," Nawaf Bitar, general manager of Juniper Networks' security business unit, called for more productive, yet equally passionate, responses to a variety of security problems facing the industry, businesses and the world's citizens.

"Our industry is under attack from all manner of foes: Criminals organizations, corporate thieves, hostile governments, friendly governments," he said. "When we will say, 'Enough is enough'?"

Rather than tweeting their concern over the NSA revelations or the compromise of consumer information, security professionals should use innovative ideas to create better ways to empower people online and prevent the predations of attackers, Bitar said. While much of the speech focused on the lessons of history, the security executive connected the ideas to a more aggressive approach to defense, if not actually hacking back against attackers.

"We can no longer remain passive," he said. "It is time for a new type of defense. A type of active defense that disrupts the economics of attacking and challenges convention; an active defense that interferes with the attackers; a type of defense that breaks algorithms; a type of defense that disrupts data collection."

Juniper's keynote followed the blueprint of two preceding speeches at the RSA Conference. Kicking off the event, RSA Chairman Art Coviello defended the company against allegations that it had cut a deal to put a weakened encryption implementation as the default of the company's products. Yet, Coviello quickly went on the attack, calling for companies and governments to renounce the use of cyber weapons, to cooperate in the investigation and prosecution of cyber-criminals, to respect intellectual property and ensure the privacy of all individuals. Following Coviello's speech, Microsoft's Scott Charney stressed that the software giant had always put the security of its customers first.

The defensive dance of the presenters came following revelations over the last eight months that the National Security Agency had created numerous programs to collect massive amounts of data on, not only foreign targets, but Americans as well. Juniper's Bitar said the NSA programs were an example of unintended consequences.

"After 9-11, the government built a surveillance network to stop terrorist attacks, while the goal was noble, the consequence is an information collection system the likes of which the world has never seen," Bitar said.

Defending against mass surveillance, whether from the NSA or another government's intelligence agency or just cyber-criminals will require better approaches, he said. Rather than waiting for the next attack, companies will have to find ways to make attackers' jobs more difficult.

"It's time for all of us to turn the tables on attackers—or we can do nothing. We can continue to turn the other cheek and passively wait for the next world war to begin in Silicon Valley," he said.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...