Blackhat 2010 Digital Self Defense
July 2010 by Michael Hayes CTO, B-4-U Inc.
Blackhat 2010, like all Blackhat conferences started off with a bang, a larger number of participants than last year, more vendors and sponsors. Key additions include; the security in the Cloud Alliance as a track in the conference and the addition of a new lab environment to test and use specialized free security tools called the Arsenal.
Jeff Moss brought out that this is the 13th year of Blackhat, his musing are around, “What are the Security problems have we really solved”.
DNSSEC is now moving to secure implementation, 1o years after the problem was identified.
SSL needs to get fixed.
Browsing needs to get fixed.
Cloud Security is a big open issue.
The strategic issue for all of us to think about is “How can we put some of these issues to bed?” “How can we make Cyberspace safe to browse, participate in internet commerce and continue its growth in a secure and resilient way”?
The keynote speaker of the conference is Deputy Secretary Jane Holl Lute of the U.S. Federal government department of Home Land Security. In her keynote address she covered a number of interesting topics and questions:
Where are we today in providing, a safe and secure homeland(U.S.A.), predictable and safe to transit the internet, enabling us to safely, securely and resiliently, communicate, shop, browse, and send & receive data, and grow our relations with other users of the internet community.
What is the role of Homeland Security in both Cyber Space and Cyber Security? What is the threat to our National Security when individuals or organizations can, steal our data, our identity and deny us the use of the internet infrastructure for ecommerce. Cyber Space is a “somewhere”, where order is contested, and there may be no apparent order. “Cyber Space is enormous, large than any other traditional place that has both conflict and commerce”. Conflict and crime arises in this space due to wealth and poverty, political and religious, and a myriad of other divergent views. Violence is perpetrated in a manner that is not like a traditional war or crime, but can have as big an impact as a war in terms of economics and maybe even life.
A key question we all have to answer is, “What does it mean to have a secure homeland and how does this relate to Cyber Space and Cyber Security?” What is the vision of a, safe, secure, resilience, Cyber Space that allows the “American lifestyle to survive and flourish”?
To meet this last question and a Secure Homeland in general, the department of homeland defense has five main Goals or thrusts:
Prevent terrorist attacks.
Secure our borders (While Expediting trade and travel).
Enforce our immigration laws.
Secure our Cyber Space.
Help to build a resilient public infrastructure to protect the American way of life.
Cyber space has a new reality, control of lethality, control of rule making and control of the economy and this is done through a massive number of organizations through consensus over time. What are the rules of cyber space, can we rely on trust while cyber space is being built on a defective platform. Our goal as Homeland Security is to increase confidence in its use.
One strategic approach will be to “Create a preferred environment”, as an alternative to today’s less trusted environment. Billions have been spent in protecting Cyber Space, but no fundaments problems have been eliminated. We need a fundamental change to our approach to Cyber security. “We live in an age where we know that victims will become victims before they do”, this is a unique time. What are we going to do about it, to protect these potential victims? As with most Government speakers, there is a lot of posturing, as one member of the audience stated and asked, we have heard a lot of issues, but what are the concrete actions that are taking place.