The Cavalry at BSides Las Vegas 2014

On Wednesday August 6th, BSidesLV and I Am The Cavalry will hold a day of sessions to empower security researchers to make positive change. The goal is to define the problem space, inspire people to take a leadership role in solving security problems and build up the skills needed to succeed. The schedule and locations can be found at http://bsideslv2014.sched.org/.

The day will kick off with an introduction and overview of I Am The Cavalry, an update on the current status and activities, an outlook for the future as well as a rundown of the day’s event. This will be followed by focused sessions on each of the primary areas of focus over the past year – medical devices, automotive, home electronics, public infrastructure and policy. For most of the day we will have short talks and longer drop-in sessions.

The directed sessions will use a facilitated Question and Answer format called A&Q. In this format, a primary speaker will cover the topic at a high level for 10 minutes, priming the audience for a 15 minute interactive discussion into specific audience questions.

The drop in sessions will be smaller tables, with a relative subject matter expert to answer questions and facilitate discussion on a particular topic.

Topics include:

Media – Journalists and media are a powerful way to influence public perception and to get our message out. They have their own internal operations and public interface that we can tap into like an API.

Legal – The legal system has a regular and standardized set of processes, outcomes and roles. Understanding these is key to influencing precedent so that it reflects the current technical landscape.

Public Policy – Understand the influencers, decision makers and processes that go into making new laws and administering existing ones.

Career – How you choose and follow your career path shouldn’t be a random walk and shouldn’t be set in stone. Use your career to maximize your satisfaction and impact.

Burnout – The complex state of Burnout is one that affects many in our industry, but help and resources are rare. Learn what it looks like and how to deal with it.

X Altruism – Extreme Altruists go out of their way to try and do the right thing, regardless of what others may think or what harm they may face. But these features can become bugs if they don’t find the right outlet.

Disclosure – Handling the delicate issue of notifying manufacturers about security vulnerabilities when packets meet blood and bone.

Communications – Many of us are less afraid of shaking hands with SSL or modems than real people. But that doesn’t mean we can’t effectively get our ideas across to manufacturers, managers, politicians or parents.

 

Agenda

10:00 – 11:00 Introduction and Overview – I Am The Cavalry

11:00 – 12:00 Areas of Interest (Medical, Auto, Home, Public Infrastructure, Policy)

12:00 – 17:30 A&Q Sessions (see online schedule for details)

12:00 – 17:30 Drop-In Sessions (see online schedule for details)

17:30   Wrap Up and Next Steps

IATC News Roundup (5/31): Car Hacking

Battelle to Host Automobile Cyber Hackathon

Battelle is hosting their third annual CyberAuto Challenge. The challenge will be held July 13-18th in Troy, MI at Delphi Automotive. According to the Battelle the CyberAuto Challenge Press release

“students will be divided into teams with an equal ratio of working professionals from a variety of organizations, including automotive manufacturers, federal agencies such as the U.S. Departments of Transportation, Homeland Security and Defense; and research organizations. During the week-long educational and training event, the teams will participate in daily lecture and instruction in subjects such as secure system design, secure programming, embedded systems, IT law and ethics. Then, each day, they will apply their new knowledge to practical challenges on actual cars. Many of the sessions will have time constraints to simulate real-world conditions”

How Security Researchers Are Hacking Cars to Save Lives

In the article, it shows the reality of car hacking. The top of the article has a pretty sobering video about car security. The article and video show a proof of concept and various attack surfaces. The good news is that automakers have this on their radar. “And automakers are listening:

Currently, Mathew and Alberto are both currently consulting for multiple automotive manufacturers in order to secure that vehicles become less vulnerable to potential future attacks.

Major Rise In Car Hacking Thefts

In London, high-end cars are being stolen by CAN Hacking Tool (CHT). The article claims that:

Electronic car hacking was responsible for almost half of the vehicle thefts in London last year, the Metropolitan Police has confirmed.

Google self-driving cars ‘risk being caught in spam traffic jams’

There has been a lot of hype over Google’s self-driving cars. My mind was a bit blown by the demo Google performed on their self-driving cars. It may be revolutionary but has it’s risks. Wil Rockall, a director at KPMG discusses some of the  potential issues in the article

the industry will need to be very alert to the risk of cyber manipulation and attack.

Self-drive cars will probably work through internet connectivity and, just as large volumes of electronic traffic can be routed to overwhelm websites, the opportunity for self-drive traffic being routed to create ‘spam jams’ or disruption is a very real prospect.