LAS VEGAS–The Black Hat conference is now officially an adolescent, and like most in that age group, it has gone through some growing pains in its life. Once criticized for giving too much of a platform for offensive research, and then, after its sale a few years ago to a media conglomerate, dinged for being too corporate, Black Hat now seems to have settled into a nice, comfortable spot with high-quality research and talks from top government officials.
How much have things changed since the first Black Hat in 1997? In the early days, federal agents would show up at the talks, supposedly incognito, but were easily identifiable as the only attendees in Dockers and polo shirts. Now, Shawn Henry, a former top FBI official who helped run the bureau’s cybercrime program, is keynoting the conference on Wednesday.
Henry, now president of CrowdStrike Services, is not the only fed on the agenda this week, either. Gen. Keith Alexander, director of the NSA and commander of the U.S. Cyber Command, is delivering a keynote speech at DEF CON this weekend. Alexander has been perhaps the most visible NSA director in recent years and has been outspoken on information security issues, giving talks at a variety of industry and federal conferences.
And DEF CON is not the chaotic mess it once was. But the idea that someone like Alexander would show up at DEF CON or even Black Hat and talk about the “shared values” of the hacker community and federal government is still kind of difficult to contemplate.
But perhaps it shouldn’t be, as Alexander points out in the abstract for his talk.
“The hacker community and USG cyber community share some core values: we both see the Internet as an immensely positive force; we both believe information increases in value by sharing; we both respect protection of privacy and civil liberties; we both believe in the need for oversight that fosters innovation, doesn’t pick winners and losers, and retains freedom and flexibility; we both oppose malicious and criminal behavior. We should build on this common ground because we have a shared responsibility to secure cyberspace,” he says in the abstract.
The federal government always has relied on private companies and organizations for help and expertise in securing the Internet and internal networks, and the kind of innovative research presented at DEF CON and Black Hat help advance the state of the art in defense. Everyone can learn from those talks, not just other researchers and hackers. Having high-level current and former federal officials such as Alexander and Henry showing up here for the conferences can only be a good thing.
Cooperative research efforts such as the Cyber Fast Track program run by DARPA (and administered by Peiter “Mudge” Zatko) are giving funding to security researchers to look at emerging problems. Some of that money is already paying off in research that will be presented here this week by Charlie Miller, who looked at the security of the NFC payment technology. More of that kind of cooperation is likely to emerge in coming years, if the current trend is any indication.
Feds used to be treated as interlopers and objects of derision at DEF CON and Black Hat, and now they’re invited guests. Funny how things change.