The kick-off keynote for the 23rd Black Hat USA Conference in Las Vegas set the stage for the conversations that will undoubtedly be discussed in great detail over the next two days - and likely the next two years - if Black Hat founder Jeff Moss’ opening remarks are indicative of a trend. Moss pointed out that security had been asking for the spotlight, both in legislative and more corporate settings, and the industry has had it for the last two years. However, it isn't enough to have the spotlight if you don't know how to harness it. In this case, what Moss was talking about is that how we communicate determines the outcomes we receive. He quipped that if you communicate well, then you may find yourself with more budget - and if you communicate poorly, you could find yourself fired.
Point taken.
Yet defining what cyber or security is remains an ongoing challenge, and Moss notes that oftentimes the language that we use causes us to think of a problem in a certain way, taking us in a direction we don't really want to be heading. He notes that while cyber, or information, is considered the Fifth Domain, it doesn't mean that it is equal to land, sea, air, and space. It's different and requires a different language and level of thinking. You can't use the language and laws of the sea to govern the laws of the Internet or how we engage there, because it is vastly different in nature. It's also vastly different depending on where you're engaging, assuming the Internet isn't simply … everywhere.
Moss told a story about how he was speaking with a colleague who told him about how in China, the money is in DDoS protection because attackers are using the "Great Firewall of China" to blackmail other Chinese companies. They're not worried about identity theft because they don't really have it: Chinese farmers sell their identity for 3,000 yen. Meaning that "all of the identities are legit, they're just not the person you think they are."
"You think might think the Internet works one way, and in one conversation it can flip upside down," Moss told the audience.
Simply put: we all have our perceptions, either individually or collectively, about what is needed when it comes to cybersecurity - and we're not communicating effectively about them. In order to fix this problem, we need to reorder the way that we think about things so that we can have more open and effective dialogue. As Moss said, "communication is a soft skill that leads to better technical outcomes."
Stay tuned for more from Black Hat …