Encouraging Greetings from BlackHat USA 2018: the world’s leading information security event in Las Vegas, Nevada
As this author, and 10,000+ other attendees were reminded yesterday at Day One of the BlackHat USA 2018 conference in Las Vegas, Nevada, cybersecurity (and data protection) has extended beyond a technical issue to encompass one of the most pressing social and political problems in the world today. For those technical specialists who create, maintain and secure the digital space in which we not only conduct business, but also live a significant portion of our lives, the message was clear: only by collaborating with other leaders in this industry, and thinking strategically about long-term goals, will we move beyond mere “fixes” and achieve lasting solutions to the security problems plaguing cyberspace.
Thankfully, that message was more than mere words; collaboration is becoming the new norm not only among the countless technicians who are eager to share data regarding discovered vulnerabilities and proposed solutions, but among the industry giants, like Google and Microsoft, who reported their behind-the-scenes collaboration to devise patches to the Spectre and Meltdown security bugs uncovered last year and even the United States Government, whose Department of Commerce has reinvigorated its multistakeholder working groups to tackle issues like software component transparency.
I am happy to report, therefore, that the state of cybersecurity is not entirely the doomsday scenario generally reported, but, as the industry comes of age, its leaders have a remarkably clear vision of creating a secure cyberspace not simply for our employers, friends and families, but for the future of mankind, where long term collaborative strategic planning is the rule, and not merely the exception.
Likewise, despite the widespread anxiety over the GDPR in recent months, many fellow attendees applauded the EU’s goal of implementing data protection by design (and as a default), as well as the jurisprudential notion of vesting rights to personal data in the data subjects themselves. Many were also encouraged by the general proposition that the personal data composing our digital identities is entitled to the highest levels of legal protection, as suggested in the Supreme Court’s recent decision in Carpenter. As one presenter from the Department of Justice commented, historically, the privacy of the home was entitled to the apex of constitutional protections; now, we are seeing those protections extended to the internet-connected devices that have become an integral part of our lives.
Of particular interest was the creation of FirstNet for emergency responders across the United States, a brand new Class Band 14 network “designed to be reliable, functional, safe and secure, and provide optimal levels of operational capability at all times”. Through FirstNet, first responders are “guaranteed priority and preemption over a secure, robust network dedicated to them. Priority and preemption allow first responders to communicate without interruption over an ‘always-on’ network. Public safety entities using FirstNet can also boost priority levels in emergencies, keeping their first responder teams connected when lives depend on it.” Undeniably, such advances would be impossible absent the long term strategic and collaborative planning championed at this year’s event.
Of course, threats persist, including to the many industrial systems controlling critical infrastructure that utilize remarkably vulnerable components, and are becoming increasingly complicated, like the rise of Remote Online Social Engineering (ROSE) attacks, but, at least for today, the outlook seems brighter than otherwise reported. With time, and under the direction of the technical leaders who volunteer a remarkable portion of their talents and resources, an increasingly secure cyberspace seems within our reach.