‘Be ready to cyber-hack adversary’s infrastructure for deterrence,’ says ex-US defense official
Israel and Western countries should be prepared to protect their computer systems by cyber attacking rogue adversaries’ infrastructure if necessary, Matthew Devost, a top cybersecurity expert, told The Jerusalem Post.
Devost is managing director of Accenture Cyber Security Devost and a former US defense official.
Back in Cold War days, there was “behavior that you engage in” clandestinely, but some behaviors you would “not expect even from an attacker,” he said.
“We haven’t had Moscow rules in cyber space, there is still no equivalent for the cyber domain,” Devost said, which, in part is what has thrown countries like the US off about how to respond to cyber attacks.
There is a “need to find that balance between avoiding unwanted escalation, but being strategically ready for escalation,” he added.
Devost said in the cyber realm it is important “to be a realist... even if you do not currently have intent” to use an escalating cyber attack on an adversary’s infrastructure, “you need to be pre-positioned for a fullfledged cyber conflict.”
For years, most experts have said the biggest puzzle with cyber threats was the strong chance that the source of the attack could not be identified, since attackers can use cyberspace to hide their identity.
But former Shin Bet director Yoram Cohen has said that elite Israel Security Agency always knows who has attacked Israel.
Asked about the growth in technical abilities to pierce an attacker’s veil, Devost said attribution “capabilities have advanced a lot.”
Devost also said that in the past – even when a government privately identified a cyber attacker – it often avoided publicizing details to avoid “betraying sources and methods” of cyber intelligence.
Noting the recent public identification by the US of Russian and Chinese cyber attacks, he said, “Now we are seeing the use of diplomatic pressure... in the international relations space” even if it means “foregoing concerns about the revealing sources and methods issue.”
Of course, nothing remains static in the cyber universe, and a new counter trend that Devost has written about may reverse recent progress to make cyber attribution more difficult than ever.
Devost noted that the cyber defense industry is currently enamored with concepts of autonomous defense, including elements of machine learning, behavioral analytics and artificial intelligence.
Autonomous bots – or autbots – could take what they learned from prior cyber attacks. In that way, they could conceive of innovative tactics for targeting systems’ unknown vulnerabilities and craft defenses for them as well as compensate for insufficient human resources.
The autobots would then be capable of simultaneously assessing, attacking, and securing a network fully autonomously, said Devost.
But there are unknown risks behind using such artificial intelligence cyber defenses, he said, such as instances in which autbots might temporarily act in an undesired fashion or in a way that humans do not fully understand.
The less obvious and more controversial risk is the theoretical possibility of autbots becoming sentient, resetting their own priorities in an uncontrollable way – with the Terminator movies being the nightmare scenario.
“This is a very broad and deep issue,” Devost said. “We cannot just think about cyber security. Companies and society need to think across all your behaviors” to ensure that new created technologies “do not get into our space.”
What is Devost doing on the Israeli scene?
In June 2016, Accenture, which Devost said is the largest cyber security consultancy in the world, acquired the Israeli cybersecurity company Maglan. Accenture said the deal brought in a team of highly skilled Israeli cybersecurity professionals, who honed their skills fighting cyber crime and confronting cyber espionage around the globe.
The acquisition also advanced Accenture’s “strategy of leveraging Israel as a cybersecurity innovation hub to provide clients with cross-industry cyber defense consulting.”
Devost said that Accenture’s strength was helping client’s “reduce their attack surface by getting their budget aligned” from a cyber security perspective, ensuring migration to cloud-type services is carried out securely and “segmenting what is most critical to safeguard... from catastrophic attacks.”