Content

DEF CON 23: DHS deputy secretary’s suggestions for building trust between hackers, gov’t

During a Friday session at DEF CON 23 in Las Vegas, Department of Homeland Security (DHS) Deputy Secretary Alejandro Mayorkas discussed information sharing and building trust, and briefly noted that putting backdoors in encryption is a bad idea, which made the audience erupt into applause. 

A day prior, at Black Hat USA 2015 in Las Vegas, Mayorkas discussed the DHS creating an automated information sharing platform where all “cyber threat indicators” would be collected and disseminated to public and private sectors in near real-time. But that system, he noted, would never work without participation, and participation may never happen without bridging a trust deficit that he acknowledged exists between the government and the hacking community.

At DEF CON, Mayorkas did not linger on the information sharing initiative discussed at Black Hat. Instead, he made suggestions for building that trust. “Let us prove to you what our capabilities are, and let us prove to you what the integrity of our actions and our intentions are,” he said.

Mayorkas offered two suggestions. 

First would be a type of hacker residency program in the DHS for “people who are willing to devote their time, come in and lend us your talent, your skills, your expertise, your creative way of looking at things, and not necessarily validating what we do, but actually helping us improve it.” Second - for those without as much time to give - would be an advisory council of hackers who can offer advice on what DHS is doing, essentially achieving the same goal.

Prior to all of that, Mayorkas took a small shot of whiskey, as per first-year DEF CON speaker tradition, and challenged audience members to make his government-issued cell phone ring. He had opened his session by revealing that his staff suggested he leave his mobile at home before heading to DEF CON, since it could be hacked. 

“Give it a shot,” Mayorkas said, indicating - perhaps jokingly, perhaps not - that he will offer the person who does it a job with the government.

Alas, by the end of the session, the phone never rang.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.