Schneier: Cyber-Retaliation Like that Exposed by Snowden Report a Bad Idea

It’s too hard to know for sure who’s behind attacks, he says.

081414schneirer

Security expert Bruce Schneier

Credit: Tim Greene

The NSA program dubbed MonsterMind is dangerous in that it would enable automated retaliation against machines that launch cyber attacks with no human intervention, meaning that such counterattacks could hit innocent parties.

[ The 10 Biggest Snowden Leaks ]

[ A Look at the Fallout From the 2013 Snowden Leaks ]

MonsterMind came to light through a Wired magazine interview with former NSA sysadmin Edward Snowden, who stole and publicly released thousands of NSA documents.

+[Also on Network World: Snowden reveals automated NSA cyberwarfare program; 10 disturbing attacks at Black Hat USA 2014]+

The problem with any such retaliation, automated or otherwise, is the collateral damage it could cause by striking against the apparent source but instead hitting machines that had been compromised and used by the attackers, says security expert Bruce Schneier. He was speaking at the recent Black Hat 2014 before the Wired story broke, but he addressed the same issue.

 “It’s too easy to get it wrong and to go after innocents,” he says, especially since attackers commonly mask their location by working through unwitting proxies. And, he says, it’s often difficult or impossible to determine conclusively whether the traceable source is the actual source.

Despite the risks involved, he says the practice is becoming more common, which he called a dangerous trend, although he didn’t cite specific cases of strike-back going awry.

A more measured approach where forensics determine for sure where attacks originate is the right way to go, he says. “Vigilante justice tends not to work well,” he says.

More important for attacked organizations is responding quickly to minimize damage. Forget about keeping attackers off your networks; concentrate on what you’re going to do about it once the networks are breached, Schneier says.

“In general the attacker with more resources [than the victim] is going to get in,” he says. “It’s a matter of containing some of the damage.”

The trick is formulating a response quickly and executing effectively while automating as much as possible in order to reduce the risk of human error, he says.

More than with other security activities, incident response requires more human intervention, so it’s important to develop effective incident response tools to help out. “People are our biggest security problem,” he says, “but you can’t fully automate response. You can’t cut people from the loop.”

Tim Greene covers Microsoft and unified communications for Network World and writes the Mostly Microsoft blog. Reach him at tgreene@nww.com and follow him on Twitter@Tim_Greene.

This story, "Schneier: Cyber-Retaliation Like that Exposed by Snowden Report a Bad Idea" was originally published by Network World.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Related:
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.