Former FBI Agent Warns of Cyber-Threat, Asks Hackers for Help at Black Hat

A former FBI executive director asked hackers to join the U.S. government as it tackles new cyber-security threats that jeopardize the country's security and infrastructure.

LAS VEGAS €” The United States is at war in the cyber-theater, and it€™s a pervasive threat that all Americans need to take seriously. That€™s the message from a former, high-ranking FBI agent, who delivered a July 25 keynote address at the Black Hat conference here.

For 24 years, Shawn Henry worked in the FBI, and served in a number of different positions in the agency. His last position at the FBI was as the executive director, and he now is in the private sector as president of Crowdstrike services.

€œWe need warriors to fight our enemies,€ Henry told the capacity Black Hat audience of more than 6,500 computer security professionals.

To start his keynote, Henry delved into the history of the FBI, which has investigated a number of different crimes throughout its history, ranging from illegal drugs, to organized crime to bank robberies. The agency has also focused on other issues, such as foreign spy rings, but the FBI€™s main focus during the last few years has been terrorism. Now, however, that focus is turning more toward the mounting threats from cyber-crime, cyber-terrorism and cyber-espionage.

€œIn my career, I€™ve seen lots of similarities between the physical and the cyber-world; certainly the tactics are different, but the theory is the same,€ said Henry. €œIt€™s not computers attacking computers; we€™re talking about humans behind keyboards targeting you.€

In Henry€™s view, the threat of a cyber-attack should not be under-estimated.

€œI believe that the threat from computer network attack is the most significant threat we face as a society,€ Henry said. €œOther than a weapon of mass destruction, I think it€™s the most significant threat there is.€

Part of that threat comes from the fact that now almost all data is stored and transmitted electronically. It€™s also easier than ever, for a cyber-attacker to get started than it would be to wage a traditional kinetic attack. Cyber is the great equalizer, according to Henry. With a $500 laptop, anyone can attack us just sitting in their pajamas anywhere in the world.

€œThere are terrorist groups online now calling for the use of cyber as a weapon,€ said Henry. €œI believe if we wait, it€™s too late. It€™s a threat and something we need to be aware off now.€

From a defensive perspective, Henry said that it is important to have a defense-in-depth approach. That said, he noted that approach is failing today as it focuses solely on perimeter defense.

€œIt€™s not the secret sauce; it€™s just a piece of a holistic approach,€ said Henry.

Henry noted that he assumes that there are terrorists in this country and he knows the government can€™t prevent them from getting over the border. The key to preventing them from doing anything bad is intelligence.

€œIntelligence is the key, whether the threat is from spies, terrorists or cyber-hackers,€ said Henry.

In Henry€™s view, you have to be proactive and be aware of the adversaries so that you can take them out of the fight. He stressed that he personally is not advocating for hacking activities against other countries. He believes that we can all be proactive on our own network segments and create a hostile network for the adversary to work in.

€œYour data is being held hostage, and the life of your data is at risk,€ said Henry. €œAs elite cyber-warriors can have an impact, the stakes are high.€

Henry suggested that we€™re in a historic time, and the actions that are taken today will define where we are in 20 years from a security perspective.

€œThe government is not able to independently solve this problem, and civilians are on the front line of the battle every day,€ said Henry. €œI believe that our failure to step up now will be a failure for society.€

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.