The Enemy Has a Voice – Are We Listening?

Instead of concentrating on defending cyber vulnerabilities, The Enemy Has a Voice: Understanding Threats to Inform Smart Investment in Cyber Defense highlights a new approach to cybersecurity that focuses on the threat itself. Paulo Shakarian claims that information gathered about the attacker, called cyber threat intelligence (CTI), can be used to understand and protect against these adversaries, as well as improve the overall infrastructure of national cybersecurity. Identifying the motives and methods behind a threat can help predict what vulnerabilities are likely to be targeted and how to counter the cyber-attack.

Threat Intelligence vs. the “Offense Dominant” Cyber Paradigm

The first section compares the classic cybersecurity offense dominant approach with the author’s preferred methodology that focuses on gathering intelligence about the threat. The problem with the traditional cybersecurity tactic is that it typically favors the attacker; Shakarian explains that “the defender must always be right – the attacker only needs to be right once”. The threat-focused approach uses CTI to determine the attacker’s identity, motives, and hacking techniques in order to better defend against them in the future. However, acquiring sufficient information necessary to implement this defense driven method is not only difficult, but expensive. To fully understand and predict the hacker’s behavior, an assortment of sources is needed. The author introduces a tiered system to classify the various levels of cyber threat intelligence, which can be seen below.

Tiers of cyber threat intelligence

Understanding Proactive Cyber Threat Intelligence Methodology

For better comprehension, the author provides examples to further demonstrate the efficacy and practicality of threat-focused cybersecurity. One source of high-tiered intelligence that has contributed a tremendous amount of insight about the malicious hacking community is the dark web. CTI gathered from this source has been implemented to predict and protect against future cyber-attacks originating from the deep and dark web. For more information about the dark web, please visit the Homeland Security Digital Library (some resources may require login).

Understanding Stakeholder Interests

This section identifies each of the stakeholders and then extensively details their understanding and interests in the implementation of cyber threat intelligence technologies and threat-focused cybersecurity. All of the stakeholders have significant reasons to invest in technologies and services that prevent cyber threats. These stakeholders are:

  • The Government
  • Large Market Cap Companies
  • Mid and Small Market Cap Companies
  • Cyber Threat Intelligence Vendors

Policy Recommendations

Public policy regarding the adoption of cyber threat intelligence technologies should concentrate on demonstrating its value and aligning interests. Shakarian explains, “By better demonstrating value of cyber threat intelligence technologies and services, more companies will be likely to adopt the technologies – thereby allowing the avoidance of more cyberattacks. By aligning interests, we can identify ways to reduce the cost burden of expensive cyber threat intelligence offerings for those who are least able to afford it”. His proposed policies are a combination of parameters and incentives that include:

  • Adding requirements to the Federal Acquisition Regulation (FAR) for threat intelligence
  • Accreditation standards for medium and small market cap companies
  • Increasing government involvement in research showing the value of cyber threat intelligence
  • Business mentorship programs

The Enemy Has a Voice

Insights gained through cyber threat intelligence technologies and services help to level the playing field in cybersecurity between offense and defense. By understanding hackers’ motives and behaviors, we can better protect against the threats they create. Shakarian concludes the report by asserting “through carefully-crafted policies demonstrating the value of such technology and aligning the interests of key players, this technology can become more widely adopted, thereby leading significant progress in cybersecurity – one that considers the voice of the enemy.” For more resources related to cybersecurity, check out the Featured Topics at the Homeland Security Digital Library, including: Cyber Crime & National Security, Cyber Infrastructure Protection, and Cyber Policy.