Diskin: Achieve cybersecurity with preemptive strikes

Diskin said, “The world of information security tends to forget cyberattacks did not happen by themselves or from computers."

By YONAH JEREMY BOB
Yuval Diskin (photo credit: MARC ISRAEL SELLEM/THE JERUSALEM POST)
Yuval Diskin
(photo credit: MARC ISRAEL SELLEM/THE JERUSALEM POST)
The key to achieving cybersecurity is to undertake preemptive strikes and measures on areas of human weakness and preparation that happen before the cyberattacks ever transpire, former Shin Bet (Israel Security Agency) director Yuval Diskin said on Thursday.
Speaking at the Cybertech conference in Tel Aviv, Diskin, currently chairman of Opora, explained how he adopted the same approach to cybersecurity that he used protecting the country from terrorism – an approach that ran counter to how most cyberdefense experts think.
“Most information technology security doctrines turn companies into sitting ducks. They give very little thought about what happens outside their network. Most information technology security is developed by technologists. They need tangible things to develop their technology,” said the former Shin Bet chief.
Diskin said, “The world of information security tends to forget cyberattacks did not happen by themselves or from computers. Behind every cyberattacks there are human beings who are using the advantages that cyberspace gives them.”
In contrast, he said that intelligence professionals like himself, “learned from counter intelligence that human beings have behaviors and have patterns,” which can be tracked before they attack – even in the cybersector.
Next, Diskin explained that he recommends tracking where elevated digital signatures have been left from attackers preparing cyberattack infrastructure remotely.
He and an associate suggested not to jump the gun and preemptively strike potential attackers at their initial preparation stages, which could risk allowing them to simply alter their plans without significant loss. Rather, he recommended taking action at the stage when they are seriously assembling the means to strike.
This brings the battlefield to the adversary and gives a potential cyber victim priceless time to weigh strategy in an a calm atmosphere, as opposed to mid-crisis.
Earlier John Hultquist, the head of FireEye’s Intelligence Analysis Team, framed the cyber threat from Iran in comments to the same conference.
“We’ve seen 10 different destructive attacks against the US from the Gulf region from bodies we’ve been tracking and watching them improve for seven years,” he said. He noted this tracking history could assist in attributing specific future attacks to Iran and its proxies.
Hultquist continued, “We need to break it down to the main actors in the field of cybercrime and espionage. The US has been involved in the assassination of a top Iranian intelligence person. What does that mean in terms of retaliation?”
“For a year, we saw attacks on financial companies, but after this attack, we didn’t see such a concentration so we need to ask the question: what is the geopolitical trigger? We expect hacking” of key individuals’ e-mails and data, and we expect cyberattacks,” he explained.
Next, he explained that Iran seems to target the Western financial sector with cyberattacks in response to financial sanctions.
Hultquist said that the danger is still not complete economic collapse, but rather that if Iran successfully finds the vulnerable underbelly of one major company, for example in the pharmaceutical industry, that this could cause all kinds of chaos with other companies and industries.
He added, “the US and Israeli capabilities, especially in the military services, are the most advance in cybersecurity. But our adversaries are not going to hit military services, but rather the less advanced sectors,” especially US allies in the Persian Gulf.
Former IDF cyber chief Brig. Gen. (res.) Ran Shahor also discussed the problem of nation cyber state attacks from Iran and others in remarks to the conference.
Shahor, currently CEO of HolistCyber, said, “the good guys are way behind and the gap is growing” because too few cyber defenders are trained to think like hackers, and because of the multiplication of threats from nation states.
He said that it used to be that only nation states would use cyber tools against other nation states.
However, now he said that many nation states use private sector hackers to attack nation states on their behalf.
In addition, he said that “nation state tools have been leaked to the Darknet so that you [a private individual] can pay $200 and buy the equivalent of a nuclear submarine and take down a bank.”
This means that nation states can be overwhelmed or distracted by the sheer volume of attacks from a much wider variety of actors than what countries once faced.