![]() ![]() Panelists discussed the possibility of establishing international cyber “norms,” such as those in warfare and diplomacy. A policy panel at DEF CON discussed the political and diplomatic implications of cyberattacks, particularly state-sponsored attacks such as the SolarWinds campaign. For example, another Black Hat presentation covered the President’s Cup Cyber Competition, another CISA initiative that aims to identify the best cybersecurity talent in the US federal workforce. Other presenters at both conferences covered more specific aspects of the US government’s role in cybersecurity. One of these themes was the role of the US government in cybersecurity, which has become a more salient issue in the wake of last year’s SolarWinds supply chain compromise campaign and this year’s ransomware attack on Colonial Pipeline.Īt Black Hat, Keynote Speaker Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA) in the US Department of Homeland Security, announced the formation of the Joint Cyber Defense Collaborative (JCDC), a partnership between the public sector and several security vendors and other technology companies that aims to improve national cyber defense. The massive changes in the threat landscape and the attack surface over the past year and a half, and the implications thereof, were recurring themes in the presentations and other offerings. The US government’s role in cybersecurity This year might have been the first DEF CON that I was actually able to attend every presentation I wanted. Those who have attended DEF CON in the past know how overwhelming its historically massive crowds can be, and the degree to which they can often impede access to popular presentations and other offerings. The smaller crowds were particularly advantageous at DEF CON. Smaller crowds made it easier to gain access to popular presentations, booths, and other events, and also to engage presenters and other attendees privately. The lower in-person turnout was nonetheless advantageous for individual attendees if only because it reduced the size of the crowds. These devices are often a vulnerable feature of an organization’s attack surface because they frequently receive less security support or go without security updates. ![]() Rapid7 did have a booth in DEF CON’s IoT Village, where security researchers conducted exercises in techniques for gaining root access to embedded IoT devices. Rapid7 was a virtual sponsor of the event. There was a great deal of unused space in the Black Hat Business Hall, as many vendors evidently chose not to represent themselves in person this year. Hybrid live-virtual eventsĪs an in-person attendee, the most obvious and significant difference to me was the lower turnout of both vendors and individual attendees. Equally important, if not more so, was the difference in content this year, reflecting the massive changes in the cyber threat landscape and the attack surface over the past year and a half. This pair of conferences was quite different this year, primarily due to the hybrid live-virtual nature of these events and other pandemic-related factors, such as the mask requirements and DEF CON 29’s COVID-19 vaccination requirement. This year was the fifth time that I made this annual pilgrimage to Las Vegas for cybersecurity professionals. I attended Black Hat USA 2021 and DEF CON 29 from August 4 to August 8. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |