Bruce Schneier gave the keynote on Dual-Use Technologies. Here are my notes from his keynote:
- Estonia was the first cyberwar.
- Lots of technology is dual use.
- In 24hrs, a worm tends to jump networks, even if they are physically separate.
- GCHQ evaluated PGP and found a bug. They communicated to PGP and fixed it. Everyone benefits.
- Out thinking of security is backwards. We assume its secure. People find bugs, company patches.
- Assurance model – assume unreliable / insecure until you show me otherwise.
- If you find a bug, your assurance mechanism and procedures are broken.
- Lots of time and money involved with this change.
- We don’t care if software crashes – It’s not life or death.
- But alot of software is in the middle – Bad things can happen.
- Consumers don’t have influence, but government and military do.
- What about smaller companies?
- It’s all about leverage.
- Tech multiples potential.
- There are more attack tools available.
- Biometric identification allows quick lookups.
- Attackers are quicker to adapt to new technologies.
- Notion of tech as a helper – It mediates the communication between everything we do.
- Notion of a class break – Once a software breaks, you can find it everywhere. It’s not one time use.
- Notion of automation – Automation makes marginally successful attack good.
- Separates skill from ability – script kiddies.
- This comment reminds me of phishing.
- In the 1980’s, the government kept it to themselves.
- In the 1990’s, the government fixed things because its better for the infrastructure.
- After September 11, 2001, it reset it all.
Many of the talks were very interesting, and thought provoking. I especially enjoyed the talk on government wiretaps, and the ethics of offensive cyber warfare. I hope there are more events like this to continue the discussion.
The rest of my pictures can be found on flickr.