Profile picture
, 16 tweets, 5 min read
My Authors
Read all threads
Next up at #shmoocon (for me, at least) is The Hacker’s Guide to Cybersecurity Policy in 2020, with Jen Ellis, Nick Leiserson, Leonard Bailey, and Kurt Opsahl
Opsahl is general counsel at EFF, Leiserson is LD for Rep. Jim Langevin of Rhode Island, Bailey is special counsel for national security in DOJ's Computer Crimes and Intellectual Property Section. Ellis does policy at Rapid7 and will moderate.

#shmoocon.
.@infosecjen leads off noting that there were 96 bills with the word cybersecurity in the title in 2019 - and that's not abnormally high.
#shmoocon.
@Infosecjen "I'm not going to say that all the 96 bills are good ideas, but at least there is more engagement. " --Leiserson

#shmoocon.
Leiserson notes attempt to reform DOD purchasing of software, 1/2 billion in election security ("probably not enough"), bills on critical infrastructure.

"I want to dispell the idea that congress is getting nothing done."

#shmoocon
Opsahl notes that a lot of motion happens during "must pass" bill season - September, or so, when budget bills come out. That means a lull might be coming for hacker policy - especially w/ election.

"I don't think this is going to be a banner year for cybersecurity policy."
Ellis adds that confirmations in 2021 will probably hold up a lot of policy.
Bailey - we've learned over time to have a little humility in cybersecurity policy because it isn't isn't simple. Gives a shoutout to the cyber solarium commission (report mid march)

Read more about the solarium here
axios.com/cyber-solarium…

#shmoocon
Leiserson - Right now, if DHS sees a problem during an internet scan with vulnerable servers that appear to be critical infrastructure, unless they see malicious activity, can't get a subpoena to contact the owner.

New efforts to remedy that.
#shmoocon.
Bailey mentions that DOJ is trying to do as much as it can through prosecutorial guidance on unclear issues so it doesn't need to be legislation.

This'll raise Ellis's eyebrows - she's typically concerned about the lack of firm protections for researchers under DMCA. #shmoocon
Ellis typically makes the point (though not yet) that violating terms of service could be considered a violation of CFAA, and the only reason it isn't prosecuted is guidance. That's great if guidance holds, but guidance can be mushy.
Bailey - We're going to be engaged on DMCA exemptions for researchers, expanding them. Every 3 years, exemptions have to be renewed at the Library of Congress.

Ellis (to Leiserson) - Why doesn't congress make it permanent? #shmoocon
Leiserson - Call your congressmen. They don't know what people in rooms like this believe.
#Shmoocon.
Ellis raises CFAA.
Leiserson says that the reason the executive branch is thinking of CFAA differently is Bailey. Everyone who isn't Bailey nods.
#shmoocon.
What can people do
--EFF sez: check out our action portal on our website.
--Leiserson sez: the two things are pay attention and make your voice heard. "People greatly underestimate how responsive Congressmen are to their constituencies."
--Bailey sez: "What they said."
In an extremely charming moment, Bailey notes that @Infosecjen is moving back to Britain, and gives her an honorary faux law degree (a “juris friggin doctorate” from the school of lulz and justice).
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Joe Uchill

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#shmoocon

More from @JoeUchill see all

Profile picture
Joe Uchill
@JoeUchill
It's #shmoocon day 2 in Washington D.C. I'm at "Battling Supermutants in the Phishing Wasteland," which should be interesting, given that I've only lightly skirmished with regular mutants in the Phishing suburbs of Chicago.

(thred)
This will be a talk from @ZeroFox folks on modern fishing techniques.
@ZeroFOX Scratch that.
"This talk is not really about phishing but the economy behind it," Zach Allen, dir. threat intel of Zero Fox.

Also speaking is Ashlee Benge, who does threat intel at Zero Fox and is also an astrophysicist.
Read 21 tweets
Profile picture
Joe Uchill
@JoeUchill
Greetings from #shmoocon, the well-loved D.C. cybersecurity conference. I'll be live-tweeting selected talks and other goings-on over the next three days.

Here's what I definitely plan on being at, but I'll consider requests and bribes.
Shmoocon is one of my favorite local conferences - it's a great mix of quality and intimacy. You're as likely to see a senate aide discuss infosec policy priorities as then-White House Cybersecurity Coordinator Rob Joyce talk about his love of elaborate Christmas lights.
The latter example was real. And great. #shmoocon.
Read 14 tweets
Profile picture
Joe Uchill
@JoeUchill
Gearing up for Cybereason's D.C. election security tabletop exercise.

Cybereason does an interesting thing where the fake bad guys have to tamper with an election without hacking election infrastructure.
How do you do that? Well, as I wrote last year before Cybereasons first version of this exercise, you can depress voter turn out in targeted, partisan regions by, say, creating a massive traffic jam, or cutting the heat to a Duluth voting center. axios.com/newsletters/ax…
Hacking voting machines and running disinformation campaigns are probably less efficient ways to tamper with a national election than you think.

Strategically depressing voter turnout is probably a more effective approach than you think
Read 33 tweets

Related threads

Profile picture
Pulp Librarian
@PulpLibrarian
If stock photography has taught us one thing it's how to recognise a hacker! But how much do we really know about these shady characters, with their balaclava and their Windows 7 laptops?

For #DataProtectionDay here's my essential stock photography guide to #cybersecurity...
First things first, hacking has come on leaps and bounds in the last few years. Backing up your sensitive data on C60 cassette and labelling it 'Kajagoogoo Live' is no longer enough to keep your information safe!
Hackers are hard to spot because they dress head-to-toe in black (or very very very dark grey). This is because they live on the Dark Web and want to blend into the background.
Read 13 tweets
Profile picture
The Moscow Project
@moscow_project
Trump only lifted his hold on aid because he got caught.
There is no other explanation.
Witness after witness testified that, just as they were never told why Trump was withholding aid, they were never told why he was releasing aid—$18 million of which still hasn't reached Ukraine.
It's not just that $18 million still hasn't reached Ukraine.
It's also that, by the time the rest was released, the damage had been done—both Russia and Ukraine had gotten the message from the hold.
Read 16 tweets
Profile picture
Ramanuj Mukherjee
@law_ninja
While the profile and attraction of in-house legal roles have drastically increased, understanding of what it takes to be a successful in-house counsel......

#successful #Legal #Counsel #lawyers #lawsikho
And how it is different from a role in a law firm or litigator is not very well understood by a vast majority of lawyers who want in-house jobs.

I spoke to 5 CEOs who have hired General Counsels or set up a legal team to learn about their experiences.
What they said was markedly different than usually what the in-house counsels have to say.

Since it is often a CEO or CFO who decides who to hire as a General Counsel or Legal Head, I think this advice would be pretty important!
Read 37 tweets
Profile picture
The Mental Elf
@Mental_Elf
Hello, good evening and welcome to our third Mental Health Question Time of 2019

WATCH LIVE from 6pm elfi.sh/mhqt-physical

TWEET your questions/comments to #MHQT

QUESTION: Fit for purpose: how can mental health care professionals support physical health?
Our Chair this evening is Prof David Osborn @osborn_ucl from @UCLPsychiatry

Our panelists are:
@CoProNorfolk @NSFTtweets
@FGaughran @MaudsleyNHS
@SimonGilbody @MHARG_york
@Andy__Bell__ @CentreforMH
@simranNMHIN & Cam Lugton @PHE_uk
#MHQT
@osborn_ucl @UCLPsychiatry @CoProNorfolk @NSFTtweets @FGaughran @MaudsleyNHS @SimonGilbody @MHARG_york @Andy__Bell__ @CentreforMH @simranNMHIN @PHE_uk People living with mental illnesses have an increased risk of developing a physical illness compared with the general population, AND when they experience ill-health, they have poorer access to adequate medical services #MHQT
Read 42 tweets
Profile picture
Pulp Librarian
@PulpLibrarian
If stock photography has taught us one thing it's how to recognise a hacker! But how much do we really know about these shady characters, with their balaclava and their Windows 7 laptops?

For today's #SundayMotivation here's my essential stock photography guide to #cybersecurity
First things first, hacking has come on leaps and bounds in the last few years. Backing up your sensitive data on C60 cassette and labelling it 'Kajagoogoo Live' is no longer enough to keep your information safe!
Hackers are hard to spot because they dress head-to-toe in black (or very very very dark grey). This is because they live on the Dark Web and want to blend into the background.
Read 13 tweets
Profile picture
Thomas Juneau
@thomasjuneau
Over the next couple days, the amazing @b_momani and I are hosting a workshop in preparation for a forthcoming book on Canada and the Middle East. This thread introduces the participants, and will be updated until the end.
Panel 1 chapter authors on regional security: @AmarAmarasingam @StephanieCarvin on foreign fighters, @justinmassie1 and Marco Munier on the coalition against the Islamic State, @MikeFleet23 and @NizarMohamad1 on capacity building programs.
Thank you for great comments by discussants @vmkitchen, a government rep who shall remain nameless but who is brilliant, Melissa Finn, and Cesar Jaramillo.
Read 40 tweets

Trending hashtags

#hate #BacktoFront #Privacy #Collusion #Security #wealth #ThreatIntelligence #ITNEXTSUMMIT #SiliconValley #MMTConf19 #algorithms #cybersecurity #Editor #SAFEAct #unforeseeable #FreetheBeer #moraleconomy #MacroSWI #HealthcareIT #today #stranger #CyberSecurity #Galway #Manafort #distribution
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!