Lesley Carhart, Security Incident Response Team Lead, Motorola Solutions
Once upon a time, it was paranoid to talk about nation-state sponsored hackers. Now it’s not only normal, it’s required conversation for security teams all over the world. Lesley Carhart, who now does digital forensics and incident response at Motorola, has seen the landscape change drastically over her nearly two decades in the field. From her perspective as a blue team incident responder, she talked to CyberScoop about hushed whispers graduating over the years to millions of dollars being spent defending against government attackers.
Tell us about some of the most interesting incidents you’ve seen or responded to over your career.
I have to paint with broad strokes, but obviously the evolution of nation-state actors has been very interesting over the last five years. We’ve gone from something that was almost paranoid and almost considered delusional to talk about to something we’ve seen emerge as a real threat so much that companies are getting insurance against and hiring consulting firms to remedy. There’s obviously been a lot of change not only in the public perception of those types of attacks but also in the tools and intelligence that are available commercially and in the public space to deal with these types of threats.
When you say today’s conversation would have looked paranoid back then, do you mean even within the security industry?
Yeah, I think even within the security community. When we really started talking about nation-state actors in a big way was around 2011, within the last decade. Before that, there was a lot of joking around about this-and-this country and the endless spring of China jokes. Specialists knew there were probably nation-state attacks going on. They were often sensationalized and they were often a scapegoat to say a country was attacking you. A lot of what people said about nation-states within the last ten years shows they didn’t really take the issue seriously.
In the last few years, there’s been a lot more push to have disclosure and credibility when we talk about nation-state actors.
What do you think changed the discussion?
The rise of information sharing like the ISAC [Information Sharing and Analysis Center] organizations was a big eye opener for a lot of security executives. That was a way for executives at companies to get brought into a room with executives from other companies and their security teams and say, we’re all getting the same campaign. We’re all seeing the same attacks. We’ve all lost this much money. Under a non-disclosure agreement, it gave them the ability to actually put figures out there like we were attacked this many times, we’ve lost this amount of money to attackers who we presume, based on intelligence, are from XYZ organization. Just seeing the quantity of attack in a real, believable situation with peers made a lot of difference in the way people in the security industry and their leadership perceived advanced actors.