US se­cu­rity of­fi­cial asks Black Hat crowd to fo­cus on build­ing trust


A top Obama ad­min­is­tra­tion of­fi­cial says the gov­ern­ment and the data se­cu­rity com­mu­nity need to con­cen­trate on build­ing trust so in­for­ma­tion about cy­ber threats can be shared be­tween them for the greater good.

Ale­jan­dro May­orkas, deputy sec­re­tary of the Depart­ment of Home­land Se­cu­rity, says he rec­og­nizes that a trust deficit ex­ists be­tween the gov­ern­ment and those who deal with data se­cu­rity, but says that needs to change.

“The best way to ad­dress the trust deficit is to build trust,” May­orkas said dur­ing his ad­dress Thurs­day at the fi­nal day of the an­nual Black Hat hacker con­fer­ence in Las Ve­gas. “That’s prob­a­bly not an overnight process. It’s prob­a­bly an in­cre­men­tal process, but let’s take the steps we need to.”

But sev­eral peo­ple in the crowd of hack­ers and in­for­ma­tion se­cu­rity pro­fes­sion­als ex­pressed con­cern that any in­for­ma­tion about cy­ber threats shared with the gov­ern­ment could be used against them.

The fed­eral gov­ern­ment also has come un­der fire in re­cent months for its own fail­ures in cy­ber­se­cu­rity.

Last month, Kather­ine Archuleta, di­rec­tor of the fed­eral Of­fice of Per­son­nel Man­age­ment, re­signed in the wake of a gov­ern­ment data breach that is be­lieved to be the big­gest in U.S. history.

Hack­ers down­loaded So­cial Se­cu­rity num­bers, health his­to­ries or other highly sen­si­tive data from OPM’s data­bases, af­fect­ing more than five times the 4.2 mil­lion peo­ple the gov­ern­ment first dis­closed this year. Since then, the ad­min­is­tra­tion ac­knowl­edged a sec­ond, re­lated breach of sys­tems hous­ing pri­vate data that in­di­vid­u­als sub­mit dur­ing back­ground in­ves­ti­ga­tions to ob­tain se­cu­rity clear­ances.

Among the data the hack­ers stole: crim­i­nal, fi­nan­cial, health, em­ploy­ment and res­i­dency his­to­ries, as well as in­for­ma­tion about fam­i­lies and ac­quain­tances. The sec­ond, larger at­tack af­fected more than 19 mil­lion peo­ple who ap­plied for clear­ances, as well as nearly 2 mil­lion of their spouses, house­mates and oth­ers.

May­orkas ac­knowl­edged that the cy­ber­se­cu­rity of some gov­ern­ment agen­cies is more ad­vanced than oth­ers, but added that the White House has re­cently taken dras­tic steps to heighten over­all gov­ern­men­tal cy­ber­se­cu­rity. Mean­while, it’s also in­volved in on­go­ing ef­forts to in­vest in re­search and de­vel­op­ment in the area.

Later on Thurs­day, hack­ers Runa Sand­vik and Michael Auger spoke about how they man­aged to hack a Wi-Fi-en­abled ri­fle. While they could not fire the ri­fle re­motely, they were able to change its tar­get by tak­ing con­trol of its scope.

“At the end of the day, it’s just an armed com­puter run­ning on Linux,” Auger said at a press con­fer­ence ahead of the pre­sen­ta­tion.

Auger said he thinks the odds of some­one hack­ing and tak­ing con­trol of that spe­cific ri­fle, of which only about 1,000 are on the mar­ket, are very re­mote.


Deputy Sec­re­tary of Home­land Se­cu­rity Ale­jan­dro May­orkas speaks at the Black Hat con­fer­ence in Las Ve­gas, Thurs­day, Aug. 6.

Newspapers in English

Newspapers from Taiwan

© PressReader. All rights reserved.