DEF CON Despite some progress, the US is still massively underprepared for a serious cyber attack and the current administration isn't helping matters, according to politicians visiting the DEF CON hacking conference.
In an opening keynote, representatives Ted Lieu (D-CA) and James Langevin (D-IL) were joined by hackers Cris Thomas, aka Space Rogue, and Jen Ellis (Infosecjen) to discuss the current state of play in government preparedness.
"No, we are not prepared," said Lieu, one of only four trained computer scientists in Congress. "When a crisis hits, it's too late for Congress to act. We are very weak on a federal level, nearly 20 years after Space Rogue warned us we're still there."
Thomas testified before Congress 20 years ago about the dangers that the internet could pose if proper steps weren't taken. At today's conference he said there was much still to be done but that he was cautiously optimistic for the future, as long as hackers put aside their issues with legislators and worked with them.
"As hackers we want things done now," he said. "But Congress doesn't work that way; it doesn't work at the 'speed of hack'. If you're going to engage with it, you need to recognise this is an incremental journey and try not to be so absolutist."
Three no Trump
He pointed out that the current administration was actually moving backwards, having placed less of a priority on IT security than past administrations. The session's moderator, former Representative for California Jane Harman, was more blunt, saying that US president Donald Trump had fired his homeland security advisor, Tom Bossert, one of the most respected men in cybersecurity (Bossert actually resigned), and abolished his position.
Representative Langevin noted that the situation was improving. The US had been totally unprepared for Russian interference in 2016, he said, but the situation had improved by the 2018 elections and the intelligence agencies were ready for the 2020 election cycle.
"[Former US president Barack] Obama laid out a framework for a national incident response team," he said. "That policy is in place, but as to whether it can be executed then we have to hope for the best, but we need to practice it, that's the key thing."
Langevin, a repeat visitor to DEF CON, appealed to the assembled security workers to get involved in helping to educate politicians and make them understand technical issues. It is a problem also close to Ellis's heart.
You can easily secure America's e-voting systems tomorrow. Use paper – Bruce SchneierREAD MORE
Ellis, a Brit by birth, came to the US, identified the committees dealing with cybersecurity and started offering advisory services. She found that politicians were willing to listen.
"When I did this, people asked you in to talk," she said. "They were crying out for people who could talk about cybersecurity. There is interest. It's hard... but do your research."
It's not enough to sit on the sideline and moan, she told the crowd. Instead it's time for the community to get out there and make a difference.
Lieu also said he was hopeful that hackers would take up the torch and warned attendees not to give up, because change could come in surprising ways.
"In politics everything seems impossible until it happens," he joked. "10 years ago if you'd told me people in some states would be smoking legal weed I'd never thought it would happen. And yet here we are." ®