This response perpetuates stereotypes about @defcon and about cybersecurity that are no longer true, if they ever were. It puts in writing the degree to which many of their executives and board are ignorant of good security practice in 2018.
Let’s start at the top. @thedarktangent is a member of @CFR_org, a fellow with @AtlanticCouncil, former CSO of @ICANN, and advises @DHSgov. These groups aren’t likely to be undermining US national security any time soon.
Going down the list of @defcon organizers, many have been and/or still are members of law enforcement, military, and government, from US and allied governments. Also groups not known for subversive tendencies.
This year, @RGB_Lights gave two talks and @nppd_manfra gave one. Hers was on the security of elections. @wilsoncenter brought over a dozen congressional staffers. Many other members of US national security community attended with less fanfare.
Last year, with @joshcorman, @CyberStatecraft, and I brought @JimLangevin and @HurdOnTheHill to @defcon where attendees flocked to talk with them and hear them talk.
For reference, @JimLangevin was RI Secretary of State and oversaw elections, so he knows a thing or two in that area. He’s also founder of House Cyber Caucus, and serves on the Armed Services and Homeland Security Committees.
Similarly, @HurdOnTheHill served with the CIA for a number of years overseas in theaters of war. He did a Facebook live from the voting village last year.
Are foreign adversaries looking on? Yes I’m sure they are. Perhaps looking over the screens of voting systems they have in their own labs, or streaming talks via the pcAnywhere connections to those in the field. motherboard.vice.com/en_us/article/…
My guess is the entire global community is noting very carefully the amount of effort put into burying, dismissing, and shouting down evidence of security issues. Because the more resources spent there, the fewer resources are available to fix the issues themselves.
Others are looking on as well. Like elections staff from several states who were at @defcon. And while they’re not making noise publicly, they’re definitely taking notes about the security issues found.
Some states, like Virginia, have decertified voting machines based on the results of last year’s event. Others, like Delaware, have put in place coordinated disclosure policies.
And states like Georgia, whose governor vetoed legislation triggered by security research into voting systems because, in part, making it illegal raises national security concerns. gov.georgia.gov/press-releases… 
To his credit, their VP of Systems Security, Chris Wlaschin, actually attended the conference and wrote up his thoughts. I’m glad he was there and hope he had positive interactions with the security researchers he met with. medium.com/@chris.wlaschi…
Unfortunately, the post perpetuates myths and shows Chris doesn’t understand why companies like Microsoft, GM, Siemens, Philips, and others invite security researchers to find and report security issues, and how that helps improve security of their products.
For instance, we had 4 device makers bring their tech to @DC_BHV precisely so anonymous hackers COULD find vulnerabilities and report them. Many more want to join next year. @IoTvillage @CarHackVillage @ICS_Village and others had the same experience.
We recognized that testing current equipment in realistic environments is ideal. So we built a high-trust, high-collaboration environment to do just that, so we can be safer, sooner, together. This might be a good model for ES&S to consider as well.
I’ll leave the last word in this tweetsorm to US District Judge Algenon Marbley, ruling on election transparency, who said, “voting is the linchpin of our democracy...democracy dies in the dark.” scribd.com/document/11259…
