Key takeaways from Black Hat and DEF CON 2019

DEF CON 2019

AustCyber’s goal is to grow Australia’s cyber security ecosystem. A key part of this is supporting Australian companies to scale internationally.

AustCyber’s Program Director of Innovation and Capability Growth Mike Bareja recently attended Black Hat and DEF CON to support and promote Australian cyber security companies.

Many consider these conferences to be the premier meeting places of cyber security and hacker minds. The ideas and discussions raised at these events shape the global cyber security narrative – from how to address national state espionage through to hacking air conditioners.

This year, Australian-born companies Penten, Bugcrowd, Arkose Labs and AttackForge exhibited at Black Hat – drawing large crowds to their booths with demonstrations.

The presentations at Black Hat provided AustCyber with the opportunity to learn and observe from bigticket cyber luminaries including Bruce Schneier, Mikko Hypponen and Jason Healey.

The briefings ranged from highly technical examinations of new vulnerabilities, to how the social and political currents of cyber security are shaping our world.

Schneier’s presentation, titled ‘Information Security in the Public Interest’, explored the reasons why public policy makers and technologists must be more tightly interconnected. He believes that each group tends to miscalculate how its activities will shape the world – policy makers overlook the technical limitations and capabilities of the technology they seek to address, and technologists often believe that technology is apolitical.

Hypponen spoke about the rules of engagement in a cyber war. Using hypothetical examples, he extracted the key contradictions between the real world and the digital world – as the saying goes, war is the extension of politics by other means, but are cyber operations the extension of war by other means, or the other way around?

DEF CON is an entirely different scene to Black Hat, characterised by an underground, hacker ethos.

Along with the talks, DEF CON is split into ‘villages’ on different topics including AI, car hacking, industrial control systems and lock picking. Encouragingly, there was an ethics village that allowed attendees to enter detailed discussions about how and why certain hacking, surveillance and security activities should or should not be undertaken. It’s an endlessly fascinating parade of lateral thinking, innovative approaches and engaging discussions.

The most important lesson for the Australian cyber security ecosystem to take from the DEF CON experience is that the hacker mindset is the key to true innovation. Learning to break and rebuild things, understanding the underlying principles of a technology, and exposing vulnerabilities and weaknesses, is how we build a better and more secure world.

Car hacking village at DEF CON

Car hacking village at DEF CON

Fil Filiposki from AttackForge demonstrating their penetration testing collaboration platform

Fil Filiposki from AttackForge demonstrating their penetration testing collaboration platform

Ben Whitham from Penten

Ben Whitham from Penten