MIAMI -Immunity Inc kicked off the Infiltrate 2016 conference this morning with a warm welcome from Dave Aitel at the Fontainbleau Hotel. Keynote speaker, Nate Fick CEO at Endgame, spoke from both his military and private sector experience about what needs to happen in order to secure the future of the digital enterprise and the digital world.
Addressing the crowd of offensive hackers, Fick offered advice for both the government and private fronts. "Continuing to do the same will not work," Fick said, which is why the tools that are more flexible and easily modifiable have become more popular.
"We need discontinuity in the adoption cure," Fick said, "but you can't hack back. Hacking back is stupid, for many reasons not just that it is illegal." He argued that while it is illegal, laws change. "Remember it used to be illegal to drink a beer in this country, and it was legal for a kid to work in a coal mine," he said.
Beyond the issue of legality, hacking back is, what Fick described as, climbing up the escalatory ladder, which you can't do successfully unless you have the right tools. The tools and the power or ability to use them legally has historically been granted to the government.
Certainly the perspectives of government and private sector vary when it comes to many topics, including security. A self-proclaimed optimist, Fick said, "We can do as much to adversaries with defense as we can do with offense." There are, however, changes that need to happen in both the government and the private sector in order to bring down adversaries.
The government, said Fick, "Needs to define declaratory policies that outline a shared understanding of the red lines. What is espionage? What constitutes an offense?" Once those red lines are clearly defined, there needs to be an escalatory policy, which includes a series of moves and counter-moves rather than escalating to the greatest use of force.
In addition, the government needs to educate the public that digital offense is not intrinsically bad. "We traditionally venerate kinetic offense," said Fick, "but computer offense has always seemed sleazy." If the laws of offensive hacking are to evolve, the connotation of the word 'hacker' and the work that they do in digital offense needs to change.
The next generation of cyber security experts must possess offensive capabilities. Enterprises and government need to develop better policies to attract the talent of those who are perhaps secret experts concealing their offensive skills in the digital shadows.
Fick said that the tactic of digital offense is increasingly being "integrated into kinetic offense." The problem therein is that,"The government will be tempted to hack more killers and kill more hackers." All the more reason why clear policies need to be established and tough and sometimes uncomfortable questions like "What level of hacking warrants a bullet?" need to be answered, Fick said.
Sign up for Computerworld eNewsletters.