Opening Black Hat USA in Las Vegas, Black Hat founder Jeff Moss commented on the convergence of cybersecurity and political issues and said that world events “have caught up with us and we’re being tested.”
Saying that if offense is a purely technical endeavor, defense is “largely political” in spend, strategy and what is being defended.
“I believe the technology we are delivering favors offense, the machine learning, the reinforcing algorithms, so the momentum is on offense, but in defense we’re stuck with politics,” he said.
Moss claimed that a culture needs to be built for defense, while for offense, it is more present.
“What are the political issues we’re facing? GDPR compliance is pretty political, you cannot twiddle a router and fix GDPR," he said. "Soon we might have a California law to deal with and more third-party agreements as we move more and more to the cloud, [and] that’s a political decision, too."
“If you look at some of the problems Facebook had with data retention," he continued, "and Cambridge Analytica got their hands on some data, how do you claw that data back? Who has access to your data and what are they doing with it? Not a technical thing; it sounds more political.”
Because of this, Moss said, business models are running into political models. So if your business model is to "connect the world’s users" but you’re dealing with a government whose model is to “control consent for the stability for society,” there is going to be some conflict.
“We’re starting to see that on a global scale,” he said. “That is ratcheting up the tension, and that seems new to me. That is why we are in the final exam stage, where all of these issues are conflating, and they are going to look to us for answers. It’s going to be people in this room who are involved in these conversations. Together we can probably figure this out.”
He said that it feels like the adversaries have strategies while we have tactics, and that's not good.
Moss concluded by saying that there are maybe 20 companies in the world that are in a position to raise the level of security and resilience for all of us. “I cannot fix the problems in the Microsoft operating system, only Microsoft can do that,” he said. “So if we politically influence Microsoft to build a better product, that will help everyone on the planet.”