Don't Wanna Let EU Go

Written by

Another Infosecurity Europe has come and gone, and for me it was my ninth and the first as part of the team behind the show and I was delighted not only by the high turnout of visitors, exhibitors and speakers, but the general good vibe about the direction of the industry which was plain to see.

Amusing to consider then, that this was in the face of the approved General Data Protection Regulation and the EU referendum, which was coined “Brexit” by the UK. As you will be all too aware, the referendum was in favor of leaving the EU by a majority of 52%, and in 2018 the Brexit will be complete. At the time of writing, the new UK Government is being formed and David Davis has been appointed as the minster responsible for delivering Brexit.

This is an interesting appointment; last year I had the opportunity to interview Davis and found him to be particularly interesting on the concepts of personal privacy and government surveillance which he had discussed at industry events as a supporter of the right to privacy. Also, with Theresa May now the UK Prime Minister, having moved from the position of Home Secretary where she had been trying to push through the controversial Investigatory Powers Bill – which would have approved data collection and compelled service providers to collect and retain user information – it remains to be seen if the so-called “Snoopers Charter” will be approved by the new Home Secretary Amber Rudd, and with its creator now in the top job, I suspect it will continue its passage through the House of Lords.

That’s UK politics though, and one thing I got a great understanding of whilst on holiday in Europe was how it was engaging many people outside of the UK. In a few weeks Infosecurity will be attending the annual “hacker summer camp” conferences in Las Vegas. I first attended Black Hat, Def Con and B-Sides Las Vegas in 2014 and chatting with other delegates and taxi drivers, it was clear that they felt that a change would be beneficial (to say the least) and with the US Presidential election only a matter of months away, the battle of Hillary versus Donald will be one that the world will be watching. 

Speaking of the Las Vegas conferences, it is three years now since Chris Valasek and Charlie Miller had their car hacking talk rejected from Black Hat’s call for papers, and subsequently picked up by Def Con 21. Since then, the subject of connected cars has become a key topic in security research with Jeep, Nissan, Fiat and Mitsubishi all finding themselves in the unusual position of the security headlines.

Following on from that initial research, this month we look at the issue of connected car security and ask the question of who will be responsible for fixing this in the first instance. If transport is about innovation then surely the duty to build things securely is crucial, as otherwise you’re driving around thousands of pounds worth of exploitative machinery. 

In research presented at Infosecurity Europe and highlighted to the global media, Pen Test Partners’ Ken Munro revealed such a scenario, and we talk to him in greater detail about the case for securing, and responsible disclosure to the car companies in an effort to fix the issues. 

There has to be an appreciation of the reality of how dangerous a hacked car could be: it is about more than the discussions of “flying sideways” or SCADA-type disruption; if it is a common issue in many cars being driven around the world, then it needs to be taken seriously and dealt with.

The skills and talent shortage has been well documented, but whether non-traditional technology industries start to hire the penetration testers that are apparently so desperately needed remains to be seen.

To conclude this comment, this issue marks the end of my stint as editor of Infosecurity Magazine as we welcome Eleanor Dallaway back to the big chair after a year off creating her own future information security rockstar. It is far from the end though, as I’m delighted to be remaining with the magazine as contributing editor and working with the expanding conference division in what promises to be an exciting, prosperous and very busy future for this industry.

What’s hot on Infosecurity Magazine?