event coverage

Black Hat USA 2016

Black Hat USA 2016

July 30 - August 4, 2016 — Mandalay Bay, Las Vegas, Nevada

Keynote: The Hidden Architecture of Our Time—Why this Internet Worked, How We Could Lose it, and the Role Hackers Play

The morning's keynote speaker was Dan Kaminsky, co-founder and Chief Scientist of White Hat, also famous as one of the seven "key shareholders" of the Internet's Domain Name System, charged with responsibility for restoring it in the event of disruption.

Kaminsky opened with a call to establish a kind of National Institutes of Health for cybersecurity. He aspires to make security easier—there are a lot of bad guys (and bad ideas) out there, and they threaten the Internet's users: "they're coming for us."

As an industry we have a problem. We're making promises about technology, and we're overpromising. People are starting not to believe us. New industries enjoy a kind of grace period during which they can get their act together. Our grace period, Kaminsky thinks, is about up. IT is in trouble, and it's looking to us for help.

He cited problems with communication—including a scarcity of solid tech writers—and above all a failure to share information. Failure to share information internally, within organizations, is particularly difficult, and particularly troublesome.

Security issues and their consequences are transforming the Internet into a place of laws and limitations that prevent companies from doing what they do best—make useful things for people. The days when you could build an app or a site, then deploy it for people to use are over. Now you have to figure out what you can do, and where. Consider AOL, which did a lot right in its early years. They made the Internet easy to use, effectively disrupting the major telecom companies.

So how, he asked, should we think about security going forward, if we're not to see innovation and ease-of-use become things of the past? Here Kaminsky returned to his NIH analogy, and offered a "germ theory of cyber." We should consider how infections move, and how they persist.

In this presentation Kaminsky spoke to familiar themes that analogize cyber security to an immune system. It should be adaptive, it should attack infections, and it should be as strong as possible across populations. Herd immunity can be improved by increased automation, more inherently secure programming languages, and more effective collaboration.

Like others, Kaminsky has hopes for both automation and the cloud. And he admires machine learning—if we learn from data, we may see a stronger response to the threats. So consider what might be gained by taking a lesson from public health.