Profile picture
Beau Woods @beauwoods
, 17 tweets, 8 min read Read on Twitter
This response perpetuates stereotypes about @defcon and about cybersecurity that are no longer true, if they ever were. It puts in writing the degree to which many of their executives and board are ignorant of good security practice in 2018.
Let’s start at the top. @thedarktangent is a member of @CFR_org, a fellow with @AtlanticCouncil, former CSO of @ICANN, and advises @DHSgov. These groups aren’t likely to be undermining US national security any time soon.
Going down the list of @defcon organizers, many have been and/or still are members of law enforcement, military, and government, from US and allied governments. Also groups not known for subversive tendencies.
This year, @RGB_Lights gave two talks and @nppd_manfra gave one. Hers was on the security of elections. @wilsoncenter brought over a dozen congressional staffers. Many other members of US national security community attended with less fanfare.
Last year, with @joshcorman, @CyberStatecraft, and I brought @JimLangevin and @HurdOnTheHill to @defcon where attendees flocked to talk with them and hear them talk.
For reference, @JimLangevin was RI Secretary of State and oversaw elections, so he knows a thing or two in that area. He’s also founder of House Cyber Caucus, and serves on the Armed Services and Homeland Security Committees.
Similarly, @HurdOnTheHill served with the CIA for a number of years overseas in theaters of war. He did a Facebook live from the voting village last year.
Are foreign adversaries looking on? Yes I’m sure they are. Perhaps looking over the screens of voting systems they have in their own labs, or streaming talks via the pcAnywhere connections to those in the field. motherboard.vice.com/en_us/article/…
My guess is the entire global community is noting very carefully the amount of effort put into burying, dismissing, and shouting down evidence of security issues. Because the more resources spent there, the fewer resources are available to fix the issues themselves.
Others are looking on as well. Like elections staff from several states who were at @defcon. And while they’re not making noise publicly, they’re definitely taking notes about the security issues found.
Some states, like Virginia, have decertified voting machines based on the results of last year’s event. Others, like Delaware, have put in place coordinated disclosure policies.
And states like Georgia, whose governor vetoed legislation triggered by security research into voting systems because, in part, making it illegal raises national security concerns. gov.georgia.gov/press-releases…
To his credit, their VP of Systems Security, Chris Wlaschin, actually attended the conference and wrote up his thoughts. I’m glad he was there and hope he had positive interactions with the security researchers he met with. medium.com/@chris.wlaschi…
Unfortunately, the post perpetuates myths and shows Chris doesn’t understand why companies like Microsoft, GM, Siemens, Philips, and others invite security researchers to find and report security issues, and how that helps improve security of their products.
For instance, we had 4 device makers bring their tech to @DC_BHV precisely so anonymous hackers COULD find vulnerabilities and report them. Many more want to join next year. @IoTvillage @CarHackVillage @ICS_Village and others had the same experience.
We recognized that testing current equipment in realistic environments is ideal. So we built a high-trust, high-collaboration environment to do just that, so we can be safer, sooner, together. This might be a good model for ES&S to consider as well.
I’ll leave the last word in this tweetsorm to US District Judge Algenon Marbley, ruling on election transparency, who said, “voting is the linchpin of our democracy...democracy dies in the dark.” scribd.com/document/11259…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Beau Woods
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($3.00/month or $30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!