With the Black Hat Conference well under way and DEFCON starting later this week, the security world’s attention will turn to Las Vegas, where some of the cyber security industry’s top researchers and thinkers will be holding court.
One of the most anticipated talks is the Black Hat Briefings opening keynote. This year, the honor goes to none other than Dr. Dan Geer, the CISO of In-Q-Tel, the investment arm of the U.S. intelligence sector. Geer’s talk on Wednesday, August 6, 2014 is entitled “Cybersecurity as Realpolitik.”
In anticipation of Dr. Geer’s Black Hat, we’re releasing another recent talk he gave: this one a keynote speech at our May, 2014 Security of Things Forum in Cambridge, MA. In this talk, Dan focused on the security of embedded devices and the fast-emerging Internet of Things. (A full transcript of the talk is available here.)
“The embedded systems space, already bigger than what is normally thought of as ‘a computer,’ makes the attack surface of the non-embedded space trivial if not irrelevant,” Geer observed. Despite the variety of devices and operating systems, Geer noted that the embedded device space was shaping up to be yet another monoculture – this one a ‘low end’ monoculture made up of common off-the-shelf processors, sensors and other embedded components.
The question, then, is what to do about securing that monoculture. The answer to that question, Geer suggested, may be to allow embedded and connected devices that cannot easily be managed to ‘die’ – expiring at some pre determined point beyond which they will no longer be useful.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
It’s a thought provoking talk. Check it out!
This video was recorded at the inaugural Security of Things Forum on May 7, 2014 in Cambridge, Massachusetts