BBC Future Story, Featuring The Cavalry

bbc_icon

Last week BBC Future published a piece called Internet of Things: The ‘ghosts’ that haunt the machine. The article discusses the potential long-term network congestion that could come about from noisy IoT devices. The Cavalry gets a mention and a quote, in the context of the potential for takeover of the devices, either by targeting the endpoints or by taking over expired domains for update servers, etc.

Once the ghost machine is taken over, the potential for damage is considerable, says Beau Woods, a founding member of I Am The Cavalry, an organisation focusing on protecting the general public from digital attacks. “What could someone malicious do if they could modify or replace the software on the device? This could range from pranks, like funny photos on a fridge screen, to making profits by inserting advertisements on your television, to interception by digitally eavesdropping on your home network, to disablement through wrecking the software on the device, to doing physical damage by overloading the electronics or burning out a motor. In automobiles, medical devices, public transport, airplanes and other more critical systems the damage could be much more severe.”

The story hit the front page of the BBC website, which gave us some good exposure to a global audience.

THOTCON & BSides Chicago 2014

The Cavalry will be holding workshop sessions at both THOTCON and BSides Chicago next week. Details are below. We look forward to seeing you there.

THOTCON – Friday, April 25, 2014

Where/When: Lab 5/6, 2pm to 4pm
Approx. Capacity: 150 people

When What Who
2:00-2:30 WHY The Cavalry Josh Corman & Nick Percoco
2:30-3:00 Medical Device Security Landscape & Challenges Scott Erven
3:00-3:30 IoT Security Landscape & Challenges Mark Stanislav (BuildItSecure.ly)
3:30-3:50 Cavalry Mission, Discrete Progress & Activities Adam Brand
3:50-4:00 Next Steps & How to Get Involved Josh Corman

BSides Chicago – Saturday, April 26, 2014

Where/When: Workshop, 11:00am to 2:30pm (with lunch break)
Approx. Capacity: 25 people

When What Who
11:00-11:15 WHY The Cavalry Nick Percoco & Beau Woods
11:15-11:45 Getting Started with Medical Device Hacking Scott Erven
11:45-12:15 Automotive Security Landscape & Challenges Craig Smith (Open Garages) & Adam Brand
12:15-1:00 Getting Started with Car Hacking Craig Smith (Open Garages) & Adam Brand
1:00-1:30 Lunch & Open Q&A All
1:30-2:00 Car Hacking Demos & Q&A Craig Smith (Open Garages) & Adam Brand
2:00-2:15 Next Steps & How to Get Involved Adam Brand & Beau Woods

Current Activity

Current Activity

Circle City Con in Indianapolis invited I Am The Cavalry to keynote their conference as well as facilitate a workshop. You can view the Circle City Con Keynote on Irongeek’s website. The workshop video Executive Management (How to Manage Executives) and Engaging the Media API is also available.

Upcoming

This year’s Vegas conference season should be an exciting one. DEF CON has three of five tracks aligned to core Cavalry areas. And look for some big announcements about how we will be teaming up with BSides LV and DEF CON again this year.

Josh Corman and Nick Percoco will return to DEF CON to present on I Am The Cavalry. This talk will revisit the original premise, provide an update on the year’s activity and capture the direction forward. The talk is called The Cavalry Year[0] & a Path Forward for Public Safety.

Geoff Shively will be moderating a panel at HOPE X with Jen Ellis, Andrea Matwyshyn and Beau Woods, called I Am The Cavalry: Lessons Learned Fuzzing the Chain of Influence.

Also look for some progress on the task of formally organizing as a legal entity. This is most likely to take the form of a 501(c)3 Non-Profit Educational Foundation. We’re doing the required business planning for core activities, funding models, governance, etc.

Monthly Update: March

Jen Ellis and Trey Ford from Rapid 7, and Josh Corman from Sonatype, have been out on Capital Hill, speaking with Congressional staffers, lobbyists and lawyers. Jen and Trey have been providing a voice of technical literacy, helping to inoculate against bad legislation. Josh has been speaking to them about the bigger issues of computerizing and connecting all the devices.

The Cavalry has been on our own March Madness streak this month, barnstorming across college campuses. Josh Corman grabbed the keynote slot at the Northeast regional Collegiate Cyber Defense Competition (NECCDC) this year. He also spoke at the Center for Education and Research in Information Assurance and Security (CERIAS) 15th annual information security symposium. And Beau Woods presented to the GreyH@t student group at Georgia Tech.

Activity Report: February

As the security industry recovers from BSides SFRSA Conference and Trustycon, we here at Cavalry HQ have been pulling together everything we learned so we can be better and stronger.

  • DuoSecurity launched their initiative, co-branded with The Cavalry and with Bug Crowd, called BuildItSecure.ly. The idea is to empower small Internet of Things manufacturers (think Kickstarter) with the information needed to secure their projects, no matter how small their budget or big their ambition. Check out their presentation The Internet of Things: We’ve Got to Chat.
  • Jen Ellis from Rapid 7 and Steve Ragan from CSO Online gave a short media training session. It was great to hear from people who are the media and deal with the media every day to get a much better understanding of how we can align our incentives with those of journalists and media outlets. We’ll have to host that kind of event again.
  • The Cavalry had a booth and three speaking slots at the RSA Conference. We were in The Sandbox area, which was new this year. It was a great place, off the vendor floor, where we could really interact with people who stopped by. That drove a lot of good connections with folks, both new recruits and people who’ve been supporting us from the beginning.

Talk: OWASP AppSec USA

At OWASP AppSec USA 2013, Josh and Nick came back to the stage to tell their story again, with an update.

Talk: TEDx Naperville – Swimming with Sharks

Josh Corman was invited to deliver a presentation at a TEDx event in Naperville, Illinois. His talk was entitled “Swimming with Sharks” and was a firsthand account of getting in the water with an apex predator. He related the experience to work he’s done on Anonymous and brought the focus on The Cavalry by convincing the audience that the Internet of Things puts all of us in the water with digital apex predators.

This was a key presentation for The Cavalry because the audience is at the forefront of technology, entertainment and design and not in the security “echo chamber”.