The current status of cyber security lacks any judge of visitor intent. We are throwing out valuable intelligence available in the earliest stages of the cyber kill chain, instead choosing to react haphazardly in the later, more expensive stages. We fail to identify the digital bank robbers before they enter and create an expensive, drawn out, and potentially fatal hostage situation. If we were looking out, we could have just locked the door.
Up to this point organizations have chosen to immediately block attacks instead of using them as an opportunity to gather intelligence about their persistent adversary. It’s been a simple business decision because recording attack activity against an organization’s real infrastructure has an associated operational cost that is just too high to bear. But intent tells you a lot about your visitors, potentially allowing you to classify them into good/bad even before a breach occurs.
As an example, predictive policing is a concept that would fair a whole lot better in the cyber world than the real. Removed from the social concerns about profiling, we can fully use it as well as predictive analytics to identify malicious activity early, and then prioritize our human response to handle the truly advanced of the APTs.
Intent is equally important as pre-breach forensics to law enforcement and prosecutors. Being able to establish intent is the differentiator between some classes of crime in the real world, leading to different levels of severity in penalties. Without capturing valuable intelligence surrounding intent, a defendant can allege that their action was a crime of opportunity and not that of a concerted effort. Stalking or any other crime incorporating purposeful or repetitive behavior cannot even be identified in the cyber realm. Today we don’t look into the mindset of the attacker, and so either they’re not caught or they get off easy.
Joe Klein is a 30-year veteran of the IT and IA industry. He has extensive experience in DoD, US Government and commercial sectors, focusing on information assurance, network security, IoT security and IPv6. Mr. Klein is often requested to speak at professional security venues and routinely participates in high-level government working groups as an expert on secure implementation of IPv6.
With a master’s degree specializing in Intelligence Technologies and a bachelor’s in Information Security, GS focuses his work on the three areas of Information: Exploitation, Protection, and Monetization. With practical business experience and a homegrown technical background, he can translate concepts for multiple audiences and understands the partnerships needed to achieve a mission. He has spoken domestically and abroad, and has worked in environments as fast as startups, as small as a sole proprietorship, as large as a Fortune Global 500, and as challenging as DARPA.