Thursday, August 4, 2016

Techsavvy: A Call to Arms Against the Hacker Hordes

MIT Sloan Management Review, August 4, 2016

by Theodore Kinni

Tech Savvy Hacker Hordes
Imagine being enthroned at the end of the long table in the C-suite. You’ve got riches beyond imagination at your disposal; tens of thousands of vassals are toiling day and night for you. Your knights surround you, awaiting your command. And, at this very moment, some evil-minded jester with a computer and an Internet connection is breaching the castle walls.

But wait, is that a war horn you hear in the distance? Yes, it’s the lawyers from Steptoe & Johnson riding to your rescue. Enough, says partner Stewart Baker and trusty clerk Victoria Muth in an article for Brink. “It’s pretty clear that building higher walls around our networks is a dead end. So is tighter scrutiny and control over what happens on the network,” they write. “Government is failing us…, too.” The solution? Fight back.

Attribution and retribution are the weapons in this counterattack. “It might mean building ‘beacons’ into documents so that when they are opened by attackers, they phone home to alert defenders that their information was compromised,” suggest Baker and Muth. “It might mean using information provided by beacons to compromise the attackers’ network and gather evidence as to the attackers’ identities. It might mean stopping a DDOS attack by taking over the botnet, or by patching the vulnerability by which the botnet conscripted third-party machines.”

And, of course, you’ll need more lawyers. “We need to bring private resources to bear on retribution as well as attribution — not by endorsing network attacks, but by encouraging retribution within the law,” the authors continue. “Luckily, once an attack has been attributed, legal remedies begin to look quite realistic.”

“In short, you don’t have to sit and take it anymore,” conclude Baker and Muth. “There are plenty of risks in trying to go beyond passive network defenses, but there may be more risk in doubling down on an approach to network defense that has been failing ever more spectacularly for 30 years.”

Oh yeah, we’re going all “Game of Thrones” on hackers. Read the rest here.

No comments: