Fighting cyber crime

Darktrace was founded by former government spooks, people who had significant experience combating cyberattacks. The man behind American firm root9B is cut from the same cloth.

COO John Harbaugh worked in a number of prominent roles in the Department of Defense, leading teams at United States Cyber Command in Fort Meade. Few people know as much about cyber-defence as he does.

Harbaugh now works privately, but takes his job as seriously as he did when he was safeguarding the USA’s military networks – that much is clear from the name of his company:

“Root is system-level access. 9b is hexadecimal for 9/11”, Harbaugh explained to Vice. “It’s a nod to the fact that the next 9/11 event is most likely going to be cyber-related.”

Today, most hacks result in the theft of personal data; inconvenient, infuriating, but very rarely fatal. But we’ve already seen cyberattacks perpetrated by governments. Stuxnet – a worm believed to have been programmed jointly by US and Israeli operatives – was used to send Iranian nuclear centrifuges spinning out of control, damaging them beyond use.

In 2013, Iranian hackers retaliated, infiltrating the controls of a small dam 25 miles north of New York City. They had planned to release a torrent of water from behind the dam, with potentially catastrophic consequences, but the dam’s sluice gate had been manually disconnected for maintenance at the time of the attack.

Nonetheless, the attack served as a warning shot; cyberattacks were fair game. War was moving online.

root9B specialises in old-school hunting

Harbaugh and co are computer specialists, but they’re also military men. They don’t want to leave the job of cybersecurity exclusively to computers.

Instead, root9B gets human operatives to “patrol” client systems, analysing systems in real time, just as a guard would protect a military base. Harbaugh talks about his cyber-defence as if it’s still a military operation: he runs “hunt-operations” from a control room, “pursuing adversaries” on a military-grade console.

“In the physical space, you can have the best cameras, the best locks on the doors, the best alarm systems, the best fences… but at the end of the day a human’s gonna figure out how to get around those things. If they wanna get it they’ll get in.

“What’s the one thing they put into those physical spaces to augment all that great technology? They put a guard in there. If there’s going to be a human adversary that’s going to defeat your technology, you need to put a human defender in there that knows how to respond to that challenge.”

Essentially, root9B’s operations involve sending an operative into a client’s system, poking around for vulnerabilities and abnormalities in the same way as a hacker would – though without the aim of causing damage. But what does that actually mean? Can most people visualise cyber-defence in those terms?

Probably not. That’s why Harbaugh’s language is so useful. Cybersecurity firms love using the language of the physical world to describe their operations, because it makes the process relatable. Darktrace talks about a computing “immune system”, and provides visual representations that accord with that metaphor. Harbaugh’s military-speak does the same job.

Harbaugh’s language also serves to remind us how crucial cybersecurity is – and how much more important it will become.

“Breaches are happening. They’re not going away, they’re getting worse. Go all the way back to any point in history, the human will figure out how to get around the technology. The machine’s not smart enough yet. All these major breaches cost millions of dollars, millions and millions.”

That’s why Harbaugh’s aggression and doggedness are so key. Companies are now targets in a cyberwar that they had nothing to do with. And it’s not necessarily governments’ responsibility to protect them.

“Instead of relying on the government to protect everything, because it can’t, we’re trying to take all the good things about what the government can do from a tech perspective, a human perspective, and an experience perspective, and bring that into the commercial sector.

“I don’t think it’s really important to the victim who’s doing [the protecting], they just want to stop it.”

Category: Technology

From time to time we may tell you about regulated products issued by Southbank Investment Research Limited. With these products your capital is at risk. You can lose some or all of your investment, so never risk more than you can afford to lose. Seek independent advice if you are unsure of the suitability of any investment. Southbank Investment Research Limited is authorised and regulated by the Financial Conduct Authority. FCA No 706697.

© 2019 Southbank Investment Research Ltd. Registered in England and Wales No 9539630. VAT No GB629 7287 94.
Registered Office: 2nd Floor, Crowne House, 56-58 Southwark Street, London, SE1 1UN.

Terms and conditions | Privacy Policy | Cookie Policy | FAQ | Contact Us | Top ↑