Government employees who attended the hacking conventions of the past had a pretty hard time remaining unnoticed, as many hosted “Spot the Fed” games that rewarded attendees for outing Federal employees.
Today’s hacking conventions, like Black Hat and Defcon that took place earlier this month, are creating a much more collaborative environment.
“We used to do ‘spot the Fed’ where we’d try to out Feds, and now we bring Feds up on panels,” Beau Woods, deputy director of the Cyber Statecraft Initiative at the Brent Scowcroft Center on International Security, said in an Atlantic Council panel on Wednesday.
One of the Feds featured in the panels was Federal Trade Commission chief technologist Lorie Faith Cranor, who addressed the panel about the Federal experience at hacking conventions.
“We wanted to do outreach to the hacker community,” Cranor said, adding that her agency wanted to encourage communication and collaboration with cyber experts.
Jason Healey, senior research scholar in cyber conflict and risk at Columbia University and senior fellow on the Atlantic Council’s Cyber Statecraft Initiative, also gave a convention speech on the need for hackers to work with the government.
“I was really worried about that talk,” Healey said, adding that he tried to dispel the notion among hackers that the government is evil. “I did not get egged,” he joked.
Federal agencies are also sponsoring contests at hacking conventions to spur innovation and aid government cybersecurity. The Defense Advanced Projects Research Agency (DARPA) hosted the Cyber Grant Challenge, which pits supercomputers against each other in a contest to defend their own and attack others’ systems. The top prize for the contest was $2 million.
“Five years ago, I don’t think we would have seen anything like that at Defcon with that level of Federal involvement,” said Cris Thomas, a strategist at Tenable Network Security.
Thomas himself has had an interesting relationship with the Federal government, testifying before a congressional hearing under his hacker name “Space Rogue” rather than his real name to avoid the backlash from other hackers.
“I would love to see more elected officials getting involved,” Thomas said, adding that the process of getting technology-literate legislation is happening now, albeit slowly. Panelists also noted that more and more hackers are responding to Federal requests for comment.
“The NIST Cybersecurity Framework is a great example of industry, government, and hackers working together,” Thomas said.
Federal officials are increasingly putting themselves in hackers’ usual stomping grounds, such as Hillary Clinton’s fundraiser held adjacent to the Black Hat convention.
“That will naturally have negative side-effects,” said Woods, describing the discomfort that such an invasion of space will cause.
Thomas agreed that there would be some roadblocks in the new relationship between Feds and hackers.
“Both sides bring baggage to the table,” he said. “On the government side, we still have some government raids and prosecutions that shouldn’t be happening.”
The panelists did commend the government on opening avenues for hackers to “attack” perceived vulnerabilities as a means of exposing the weaknesses to companies and Federal agencies,
“Alan Friedman of Commerce has done a great job pushing […] these bug bounty programs,” said Healey. “It really, I think, caught a lot of people as the maturation of the field.”