Should the US Use Hidden Data To Warn Industry About Attacks?

Sony Corp. Chief Executive Kazuo Hirai outlines its turnaround strategy at the company's headquarters in Tokyo Wednesday, Feb. 18, 2015.

AP Photo/Eugene Hoshiko

AA Font size + Print

Sony Corp. Chief Executive Kazuo Hirai outlines its turnaround strategy at the company's headquarters in Tokyo Wednesday, Feb. 18, 2015.

If tipping off the private sector would compromise intelligence sources, it’s not clear when government should act.

When attribution in cyberspace is debated and discussed, most of the focus has been on whether the U.S. government should take an offensive strike against cyberattackers. But recently, a different angle has surfaced: What’s the government’s role in leveraging the “Dark Web” — the Internet underworld inaccessible to the uninitiated — to give private-sector organizations a heads-up they’re in the crosshairs of adversaries?

The answer is pretty straightforward: Tipping your hand could mean compromising your sources close to the adversary and disrupt a valuable information-gathering process, said Shane Harris, Daily Beast senior intelligence and national security correspondent, speaking Sept. 1 at IBM’s i2 Summit for a Safer Planet in downtown Washington.

In the case of the Sony Pictures Entertainment hack, the U.S. was fairly quick to publicly attribute the hack to North Korea. Less than a month following the cyberattack that leaked the entertainment conglomerate’s emails and financial information, the FBI issued a statement saying it had “enough information to conclude that the North Korean government is responsible for these actions.”

The hack was devastating — and humiliating to Sony. But what would have happened if the U.S. government knew what the hackers were planning and had tipped off Sony? “You’d burn your sources in North Korea,” Harris said. 

So, with its vast trove of knowledge, should the government ever warn private-sector organizations about relevant chatter on the Dark Web sooner? There’s no straightforward answer.

The question is “whether the government has a responsibility to help its citizens or its corporations,” said Matthew Wong, director of intelligence for Flashpoint, who spoke with Nextgov a day after the event. “And sadly, the act of helping sometimes causes undesired effects. If you help a company, you’re risking your sources and methods, so that’s why the government sometimes doesn’t help citizens and companies even though it has the power and ability to do so,” he said.

Wong elaborated further: “You can have a short-term gain now, if you use this intelligence to protect this asset, and then you lose the long-term gain of intelligence and you potentially lose the ability to leverage that information to protect yourself in the long term.”

The conundrum about whether to notify intended targets about malicious activity isn’t new. During World War II, the U.K. cracked the Germans’ Enigma code, but to conceal its knowledge of the code, the U.K. had to sit idle, allowing certain “hazards” to occur, Wong said during the panel. (Alan Turing, the British mathematician who worked for U.K.’s code-breaking unit, is famously credited with cracking the Enigma code; however, Polish intelligence had years prior cracked the same type of messages.)

That strategy allowed the U.K. to gather more intelligence and study its adversary, gleaning valuable information and eventually winning the war.

“Just because we have the intelligence to stop every intrusion doesn’t mean we should,” Wong said.

Close [ x ] More from DefenseOne

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • Military Readiness: Ensuring Readiness with Analytic Insight

    To determine military readiness, decision makers in defense organizations must develop an understanding of complex inter-relationships among readiness variables. For example, how will an anticipated change in a readiness input really impact readiness at the unit level and, equally important, how will it impact readiness outside of the unit? Learn how to form a more sophisticated and accurate understanding of readiness and make decisions in a timely and cost-effective manner.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.


When you download a report, your information may be shared with the underwriters of that document.