Black Hat Day 2 & Def Con Day 1

Alright, let’s knock these two out and get caught up. Otherwise, these posts will have the relevance of, “Hey! Did you hear Gateway went out of business?”

These past two days I’ve spent my time in Internet of Things (IoT) sessions and legal/policy/privacy sessions, and here’s the low down.

IoT

There were sessions on smart light bulb hacking, car hacking, and Smart City hacking. All three sessions did a very good job in explaining their research methods, the technical aspects of their research, and I thought they all did a good job in giving the targeted manufacturers credit, where deserved, for working to improve security in their products. The first message that was clear to me was that, yes some device manufacturers are working harder to improve their security, but there is still much to be done. The second point was that, besides the topic of car hacking, much of the research was focused on easy targets (home lighting, public bike rentals), and not on the areas where the IoT can affect public health and safety such as with traffic lights, water management, etc.

In short, we need a lot more research on the public safety aspects of the IoT – a lot more.

Legal/Policy/Privacy

This is the stuff that I love. There are so many ethical, philosophical, and very practical issues that have yet to be debated, let alone resolved. The sessions I attended were about US government stockpiling of  0-day vulnerabilities, the state of civil liberties online, two different sessions on how communication companies can respond to law enforcement requests to monitor users – one theoretical and one practical, and what happens when a repressive regime targets activists, journalists, and legal teams.

<rant> The net is that we need to figure out what kind of society we wish to live in; what kinds of freedoms we consider inviolable; and how we define and protect the “greater good”. Regardless of where you sit on the spectra of these topics, these issues demand informed, vigorous debate. These aren’t discussions just for we technologists, but they are for, and affect, all of society and they can’t be written off as mere “geek issues.” </rant>

There we go! All caught up.

Off to Def Con Day Two!

About Marc Blackmer

Marc is the founder of 1NTERRUPT and has been in the IT and cybersecurity fields since 1998. He is a product marketing manager for industry solutions in Cisco Systems’ Security Business Group, focusing on cybersecurity for industrial control systems (ICS) and the Internet of Things (IoT). He also blogs on IoT security on behalf of Cisco at www.securityledger.com.