I Am The Cavalry Track at BSides Las Vegas, 2015

If you were in Las Vegas last week, you were no doubt there for some combination of BSides Las Vegas, Black Hat, or DEF CON. These three conferences measure the pulse of the information security community and industry. Thanks again to the great support from the BSides Las Vegas team, I Am The Cavalry had a day of sessions at the event. As is always the case, Irongeek has posted them faster than anyone would have thought possible.

To kick off the day, we had Beau Woods, Josh Corman, and Nick Percoco giving an overview of the initiative and the day’s activities. There was a special guest during the talk: Hannes Molsen of the medical device maker Draeger announced a commitment to publishing a vulnerability disclosure program, and commented that researchers are key allies to his company and others.

The second talk of the day was delivered by Keren Elazari. As was true last year, she inspired the audience to tackle the big problems, fueled by the small ones – bits controlling atoms. We must start prioritizing control, trust, and safety over privacy and secrets. With effort, we can manually override our own inhibitions and make a difference. Superheroes without the masks.

https://www.youtube.com/watch?v=rAdbw3VsYFU?t=3m17s

The third session was a panel discussion with Tim Krabec moderating, Chris Nickerson, Beau Woods, and Tod Beardsley. Special guests Wim Remes, Keren Elazari, and the entire room were brought into it, as we learned how to lead in a “do”ocracy. Taking on a problem and pursuing it – working towards a solution, not just fluttering by the problem.

After lunch, Beau Woods and Scott Erven gave an overview of the last 12 months in the medical device security space. Special guest Suzanne Schwartz from the FDA joined to recap what she and her agency have done, and why they believe researchers are a valuable part of a healthy medical ecosystem…and hinted that maybe the FDA will come to “summer camp” next year. Beau and Scott also covered a lot of the current and future activities. (Slides for the talk are here.)

The final session of the day was Josh Corman, covering the very busy past 12 months in automotive cyber safety. This included the initial launch of our Five Star Cyber Safety Framework, reaction from the various industry stakeholders, and some of the activities that have gone on. Josh also talked about some of the current events going on like the high-profile talks across town at Black Hat and DEF CON.

I Am The Cavalry at BSides Las Vegas 2015

It’s time to take the wraps off what a few of us have been planning for BSides Las Vegas. We are returning again to do an I Am The Cavalry track on Tuesday, August 4th. This year it’ll be a different room, a different format, and a different objective. Like last year, you’ll be able to drop in and drop out of any of the sessions throughout the day.

Our objective this year is to generate discrete initiatives that will make the most difference the quickest. We will spend the morning introducing the concepts, giving background, and priming participants for the afternoon sessions. Those sessions will be focused on two pillars – automotive and medical devices – where there is both popular interest and multi-stakeholder inertia.

To kick off each of the automotive and medical device sessions, we will first give an overview of the current landscape and progress towards cyber safety. This will be a revealing talk where we can give more details of what has been happening around the industries, how the security community has engaged, and what the road ahead looks like. There will be surprises and unveilings.

During each session, we want to identify 2-3 good projects with strong support and leadership. We will ideate individual initiatives, then break into groups to flesh those out, identify outcomes, constraints, output, and methods. Each team will present their ideas in a lightning talk and facilitate a short discussion. After the ideas are laid out, participants will elect to get involved in making them come to reality, leaders will emerge to manage the initiatives, and others will pledge to support their actions.

People with subject matter knowledge will be available to guide the hand of those ideas to help others avoid mistakes and replicate what has worked. It’s important to capture not just knowledge in Auto and Medical, but also in public policy, media, legal, insurance, and other stakeholder domains. To make sure that coming out of that room, those initiatives have the best chance for success.

We kick off the day after the BSides Las Vegas Keynote. You won’t want to miss that one.

11:00-11:30 Session Introduction and Overview Josh Corman & Nick Percoco
We will provide a brief overview of I Am The Cavalry, as well as outline the day’s activities. Participants who have yet to be introduced to the initiative will be; those who are very familiar will be updated on activities and progress over the last year. And we will describe the vision for the day’s activities. Even if you miss this first session, you can join for any of the others.

11:30-12:00 Hack the Future Keren Elazari
This talk is about inspiring hackers to be the change agents of the future, with practical things hackers can do to create a positive impact. It’s about being a good hacker while staying out of jail and making the world a better place – with things like community outreach projects, crypto parties, voluntary red teams, responsible disclosure and stopping the spread of FUD.

12:00-12:30 Leading in a “Do”-ocracy Chris Nickerson
A man whose talks need no abstract… Prepare to be informed and inspired, the way only Nickerson can do.

12:30-14:00 Lunch

14:00-14:30 State of Medical Device Cyber Safety Scott Erven & Beau Woods
Beau and Scott will give an overview of the medical device space and talk about the things that have gone on in the past year. This will be a revealing talk where we can give more details of what has been happening around the industries, how the security community has engaged, and what the road ahead looks like. They’ll also introduce and walk through the Medical Device workshop.

14:30-16:00 How can we ensure safer Medical Devices? (Workshop)
The goal is to identify 2-3 good projects with strong support and leadership in the Medical Device area. We will ideate individual initiatives, then break into groups to flesh those out, identify outcomes, constraints, output, and methods. Each team will present their ideas in a lightning talk and facilitate a short discussion. After the ideas are laid out, participants will elect to get involved in making them come to reality, leaders will emerge to manage the initiatives, and others will pledge to support their actions.

16:00-17:00 Break

17:00-17:30 State of Automotive Cyber Safety Josh Corman & Craig Smith
Josh and Craig will give an overview of the Automotive space and talk about the things that have gone on in the past year. This will be a revealing talk where we can give more details of what has been happening around the industries, how the security community has engaged, and what the road ahead looks like. They’ll also introduce and walk through the Automotive workshop.

17:30-19:00 How can we ensure safer Automobiles? (Workshop)
The goal is to identify 2-3 good projects with strong support and leadership in the Automotive area. We will ideate individual initiatives, then break into groups to flesh those out, identify outcomes, constraints, output, and methods. Each team will present their ideas in a lightning talk and facilitate a short discussion. After the ideas are laid out, participants will elect to get involved in making them come to reality, leaders will emerge to manage the initiatives, and others will pledge to support their actions.

Related Talks at BSidesSF and RSA 2015

The Silicon Valley convergence of hackers, researchers, consultants, vendors, press and others is nearly upon us. The annual BSidesSF and RSA Conference have returned to the Bay Area, hosted again in San Francisco. These events see some of the most original content presented to some of the largest crowds of the year. Much of the content will be relevant to I Am The Cavalry topics. Listed here is a sample of IATC relevant sessions to help you plan your time at these events. For quick reference, you can also add them to your calendar.

 

BSidesSF: April 19 – 20, 2015

Date Time Location Title Who
4/19 17:00 OpenDNS Medical Devices Security – From Detection to Compromise Adam Brand & Scott Erven

 

RSA Conference: April 20- 24, 2015

Date Time Location Title Who
4/21 13:10 North:  Room The Sandbox at 134 Open Garages – Learn How Technology Drives Your Car Craig Smith
4/21 14:20 West:  Room 2007 I Was Attacked by My Power Supply: A Mock Trial Steven Teppler
4/21 15:30 West:  Room 3022 Home Sweet Owned? – A Look at the Security of IoT Devices in Our Homes Billy Rios
4/21 16:40 West:  Room 3004 Securing the Internet of Things: Mapping IoT Attack Surface Areas with the OWASP IoT Top 10 Project Daniel Miessler
4/22 09:10 West:  Room 3022 Protecting Critical Infrastructure Is Critical Robert Hinden
4/22 10:20 West:  Room 3018 How Vulnerable Are Our Homes? – The Story of How My Home Got Hacked David Jacoby
4/22 11:30 West:  Room 3022 Don't Touch That Dial: How Smart Thermostats Have Made Us Vulnerable Ray Potter
4/22 11:30 West:  Room 3018 Tools of the Hardware Hacking Trade Joe Grand
4/23 09:10 West:  Room 3010 The Evolution of Threats Targeting Industrial Control Systems Frank Marcus
4/23 09:10 West:  Room 2002 Use of Technology in Preserving and Protecting Humanity Davi Ottenheimer, Alex Stamos, Beau Woods, Bruce Schneier, & Morgan Marquis-Boire
4/23 10:20 South:  Room Viewing Point at Gateway CyberLegislation is Upon Us…But Are We Ready? Joshua Corman
4/24 09:00 West:  Room 2002 Cyber Security and Aviation Erroll Southers & Lawrence Dietz
4/24 09:00 West:  Room 2006 IoT: When Things Crawl into Your Corporate Network Sam Curry & Uri Rivner
4/24 11:20 West:  Room 2018 Medical Device Security: Assessing and Managing Product Security Risk John Lu & Russell Jones
4/24 12:30 West: Room 3022 Security Hopscotch Chris Roberts

Monthly Update: October/November 2014

Good news:

The last several weeks have been a hurricane of engagement and progress – especially surrounding our initiatives with Connected Vehicle safety/security.

 

Bad news:

The travel and supporting work delayed our “monthly” update a bit.

 

Back to Good News:

That means we have even more to report below… (as this is but a sampling).

 

While we’ve been crazy busy, it’s the good kind of crazy busy…

Thank you to all of you who have shown support and helped to Collect, Connect, Collaborate, and Catalyze… to drive safety into connected technologies.

It’s working…

 

Josh Corman

 


Highlights:

 

  • Invitation to join Auto Industry group (SAE) to help with Cyber Safety
  • White House Briefing on 5 Star Automotive Cyber Safety Letter/Framework
  • Flood of briefings with Auto Makers, Suppliers, Government & Industry Groups

 


 

 

Achievements:

The Cavalry invited to join Auto Industry group (SAE) to help with Cyber Safety

SAE International (Society of Automotive Engineers), a global association of more than 138,000 engineers and technical experts in the aerospace, automotive and commercial-vehicle industries, invited I Am The Cavalry to present to their monthly meeting. After a detailed overview and discussion of our initiative and framework, they invited us to nominate a representative to join their regular meetings and collaborate on issues of automotive cyber safety.

 

White House Briefing on 5 Star Automotive Cyber Safety Letter/Framework

Met onsite with members of the White House National Security Staff for Cyber Security. The staff was impressive and very pleased with our approach and content in the 5 Star Automotive Safety Framework. I believe the headline was “Love it!” They also recognized immediately how its approach and abstraction applies to Medical Devices, Connected Homes and Critical Infrastructure – specifically in context of the NIST Cyber Security Framework (CSF). They are bringing our framework to contacts in US DHS, DOT, GSA, NIST and other relevant stakeholders.

 

Flood of briefings with Auto Makers, Suppliers, Government & Industry Groups

We hoped to Collect, Connect, Collaborate, and Catalyze… and boy did we. For at least the 1st 5 weeks after the 5 Star Framework posted at DEF CON, we averaged about a briefing per business day with automotive industry players. These briefings ranged from government – such as US Dept of Transportation (DOT) to technology suppliers, insurers, think tanks, car makers, consortiums and even dealer associations. While there were pockets of skepticism or caution, the overall tone has been quite positive. This week, in fact, the Cavalry is participating in a “connected car” working group with US DHS/DOT.

 

 


 

 

Conferences and Events of Note:

Several events (both past and upcoming) showcase the I Am The Cavalry mission. Here are a few of them; if you know of others or would like to get involved let us know at info@iamthecavalry.org.

  •     -44CON in London – September, 2014
  •     -Intel Developers Forum – September, 2014
  •     -DerbyCon in Louisville, KY – September, 2014
  •     -ISC2 Congress in Atlanta, GA – September, 2014
  •     -Hack In the Box Malaysia – October, 2014
  •     -FDA Workshop: Collaborative Approaches for Medical Device and Healthcare Cybersecurity  – October, 2014
  •     -GIGAOM Structure Connect – October, 2014
  •     -0redev IoT Summit – November, 2014
  •     -DHS/DOT Connected Car Security Workshop – November, 2014
  •     -SANS penetration testing summit – November, 2014
  •     -CISO Summit Mumbai – November, 2014
  •     -CiscoSecCon – December, 2014
  •     -NH-ISAC / SANS Healthcare – December, 2014
  •     -SAE Automotive in DC – January, 2015
  •     -OWASP APPSEC Southern CA conf – January, 2015
  •     -ShmooCon – January, 2015
  •     -RSA USA 2015 – April, 2015
  •     -SAE Automotive in Detroit – April 2015

 

44CON

44CON is an annual information security conference and training event taking place in London.  Put on by Sense/Net Ltd, 44CON is intended to provide current security information to business and technical information security professional. At this event, I am The Cavalry was introduced to UK students, researchers and industry professionals.

Intel IDF

A good deal of the Internet of “all the things” is going to involve techolgy stacks like Intel. They have been receptive to much of the Cavalry mission and setup a Panel (including Josh Corman and Chris Valisek) and several meetings with internal teams to make sure they are on the right track and connected to the right initiatives.

Derbycon

Derbycon is a conference for security professionals interested in sharing and learning the latest from the infosec community in a fun and family-style atmosphere.  Space Rogue and Beau Woods discussed the I Am The Cavalry mission and Year[0] review, activities over the past year, and vision forward.  Jen Ellis and Steve Ragan conducted a very well received, half day media training workshop. Here is a link to the short talk which came just prior. Many thanks to Dave Kennedy and company for their continued support!

ISC2 Congress

ISC2 was incredibly supportive of I am The Cavalry – and generous with their annual congress. We were praised by their Executive Director Hord Tipton during opening ceremonies. We were given a talk in the solutions theatre. We got to share our mission during the Safe & Secure Online training workshop. Josh Corman delivered the keynote for the ISLA Awards dinner (where our own Tony Vargas was honored with the President’s Award!) Lastly, we got to kick off the 1st our of their Chapter Leadership meetings to plan for next year. What was clear is that they have a ready made network and resources, are highly supportive of our initiative, share many of our values (especially on their lesser know 501c3 Foundation side), and are actively looking for ways we can work together.

Loopcast

Loopcast is DC/Beltway based podcast (outside of the security echo chamber) featuring political, technical and legal issues of the day. This episode featured discussions of automotive security, our 5 Star Cyber Safety Framework, society and the law.

GIGAOM Structure Connect 2014

I am The Cavalry joined a short (but high impact) discussion on IoT Safety & Security with the CEO of ElectricImp [VIDEO]. The well-vetted crowd stimulated a great deal of follow-up and we got to make some connections to large device manufacturers who want the help. We may even have convinced ElectricImp to make it easier for researchers to get their kit… (tbd).

#0redev IoT Sweden

In it’s 10th year as a Developer Conference, 0redev added its 1st IoT summit in Malmö, Sweden last week. The diverse speakers and topics made for speakers dinners and hallways tracks worth the trip alone: Disco Mode lighting to Fashionable Wearables to BioHacking to IoT Security… the lineup is here. Most of the videos posted here.

CiscoSecCon 2014

The Cavalry was invited to speak (along with other solid outside thinkers/researchers) at their internal security event in early December. Given the line-up of topics and speakers, it looks like they too are getting serious about the role(s) they will play in IoT Security.

NH-ISAC (National Health) / SANS Healthcare Cyber Security Summit

In early December, a few of us will be attending and speaking at the Healthcare Summit in San Francisco. If you’re planning to be there, let us know!

 


Related News:

 

Mainstream Media

 

The mainstream media news is a great way to get introduced to the Cavalry and the subject of connected device security.  Here you will learn the major industry concerns in non-technical language, and how various researchers are influencing the discussion with projects and fact supported assertions.

 

  • 007 Nemesis Le Chiffre Bolsters France in Cyber Attacks [Bloomberg]
  • First Online Murder Will Happen by End of Year, Warns US Firm [The Independent]

o   This hotly debated article (and others) stimulated a lot of “What’s FUD? what’s “junk research”? What’s of legitimate concern?

o   The existence of these debates is all the the more reason we should be a credible,  voice of reason and technical literacy on these issues.

 

 

 

Security/Technology Industry Media

 

Here is a sample of current industry news about I Am The Cavalry, targeted at the IT, security and high-technology community.

 

o   I Am The Cavalry conducted an interview for Danish Radio.  The segment starts at about 24 minutes.

 

 


 

 

Ongoing Projects:

Research Library

The Cavalry is creating a library indexing recent research and articles related to connected device security.  This library will provide security experts with a launching pad for recent work in the field, and serve as a quick reference for those outside of the echo chamber.  If you would like to submit content or help build the library, please email in…@iamthecavalry.org.

5-Star Collateral

In response to specific requests from automotive companies, the Cavalry is creating collateral around the 5-Star Cyber Safety Framework.  The first project is the creation of a whitepaper documenting the safety framework and suggestions to the automotive community.  This content will enable automotive industry experts to present safety ideas internally or disseminate information at conferences.

Minor Website Updates

We’re always adding and improving our web content.  If you see an issue, please let us know and we will update the pages accordingly.

 

Long Range Future Plans:

Incorporation

We are currently evaluating several different options for incorporating as a non-profit educational foundation. Alternately we are evaluating existing non-profit organizations who want to adopt our message and mission as theirs.   A legal corporate structure will allow us to continue to serve our mission in the way we have been – collecting, connecting, collaborating and catalyzing – and to expand our reach and capabilities. At Derbycon last month we had a chance to sit down for large chunks of time (face-to-face) and update what such an organization might look like, in terms of long-term vision, activities to undertake, etc. A year smarter and with more experiences will help us finalize our business plan and formal instantiation.

BSides Las Vegas 2015

We are working with BSides Las Vegas organizers to plan I Am The Cavalry activities for BSidesLV 2015. If you have organizational or content suggestions for next year’s conference, please post them to the discussion list or send them to us privately. Videos of some of the sessions from this year’s event can be found on the Irongeek website.

 


How to Get Involved:

  • We are looking for volunteers to contribute to the Connected Device Security blog in the areas of Home Electronics, Automotive, Medical or Public Infrastructure.  Feel free to write your perspective on the latest in IoT developments and any security concerns or news in the aforementioned verticals.  Please contact info@iamthecavalry.org for more information.
  • We need assistance with administration of the website.  If you have web admin experience and interest in IoT security, please contact info@iamthecavalry.org.
  • We need assistance with building, sustaining and managing the research library.  This is a great way to get involved if you are new to connected device security.  Please contact in…@iamthecavalry.org for more information.
  • We are looking for people to do research and contribute to building out a matrix of carmakers and their capabilities from our Five Star Automotive Cyber Safety Framework. If you are interested, please email info@iamthecavalry.org.

 

Monthly Update: September 2014

Welcome to the September edition of an I Am the Cavalry Monthly Update Newsletter!

This monthly update is dedicated to publishing regular information regarding IATC accomplishments, upcoming activities and our targeted long range plans. This newsletter will inform our colleagues and teammates of the ongoing progress we are making in the public and private sectors as well as how we are positively impacting security and safety in the connected technology landscape.

I’d like to thank the teammates who helped pull this together and nudge us to improve communication. Constructive feedback (and help) is welcome!

We look forward to communicating with you over the coming months!
Sincerely,
Josh Corman

 

Highlights:

 

Achievements:

1st Birthday!

We celebrated our 1st birthday while in Vegas for BSidesLV and DEF CON 22. My how time flies. We decided to give it at least 1 year to see if this was a pursuit capable of having impact. We end Year[0] encouraged. We begin the next year with more experience, more earned wisdom, and more momentum.

 

We published our 1st Open Letter and Security Framework:

5-Star Automotive Cyber Safety Framework

See also the more detailed overview of the Framework:

Detailed 5-Star Automotive Cyber Safety Framework

 

As you might imagine, the Open Letter stimulated a flurry of interest and catalyzed discussions with automakers, OEMs, regulatory bodies, insurers, government, and even the White House. Stay tuned for updates as we can share more. Cliff Notes: “You guys are SPOT ON!”

 

 

Ongoing Projects:

Research Library

The Cavalry is creating a library indexing recent research and articles related to connected device security.  This library will provide security experts with a launching pad for recent work in the field, and serve as a quick reference for those outside of the echo chamber.  If you would like to submit content or help build the library, please email in…@iamthecavalry.org.

5-Star Collateral

In response to specific requests from automotive companies, the Cavalry is creating collateral around the 5-Star Cyber Safety Framework.  This content will enable automotive industry experts to present safety ideas internally or disseminate information at conferences.

I Am the Cavalry Slide Insert

This project aims to create a slide or two that can be added to a presentation slide deck and serve as an easy launching point for connected technology safety discussions.

FAQ

An FAQ is an easy way to centralize and maintain knowledge about our positioning and external messaging. We’d love to receive samples of questions and/or answers you’ve received since becoming a member of this mailing list. Please send FAQ suggestions to in…@iamthecavalry.org.

5-Star Matrix

This matrix is a preliminary draft for categorization and classification of major carmakers and their 5-Star cyber safety capabilities.

Minor Website Updates

We’re always adding and improving our web content.  If you see an issue, please let us know and we will update the pages accordingly.

 

Long Range Future Plans:

Legal Information

Certain activities require legal incorporation, such as engaging with government entities, industry bodies, etc.  We are currently finalizes a few different options for incorporating as a non-profit educational foundation. This corporate structure will allow us to continue to serve our mission in the way we have been – collecting, connecting, collaborating, and catalyzing.

BSides Las Vegas 2015

We are working with BSides Las Vegas organizers to plan I Am the Cavalry activities for BSidesLV 2015. If you have organizational or content suggestions for next year’s conference, please post them to the discussion list or send them to us privately. Videos of some of the sessions from this year’s event can be found on the Irongeek website.

 

Conferences and Events:

Securing the Internet of Things (SIOT) Masters

SIOT Masters was put on by CyberTECH, BuildItSecure.ly and I Am the Cavalry.  It was an afternoon of presentations and conversations about security, privacy and critical infrastructure. At this year’s SIOT Masters, 50 researchers and industry professionals from the Automotive, Medical Device, Public Infrastructure and Home/IoT markets came together to explore how IoT will change lives forever and what must be done to build security into the very fiber of all things.

BSidesLV (Las Vegas)

BSides is an information/ security conference put on by and for the community.  It is 100% volunteer organized and strives to provide the latest security information for free.  At this year’s event, I Am the Cavalry provided a one day track including an introduction, overview and update of our latest activities and accomplishments.  We also hosted interactive presentations and discussions focused on Media, Legal, Public Policy, Career, Burnout, Extreme Altruism, Disclosure and Communication. Videos of some of the sessions can be found on the Irongeek website.

DEF CON 22

DEF CON is the largest and most famous hacker conference, drawing over 15,000 people.  It is a venue for community, networking and the latest information about hacking research and security.  At DEF CON 22, I am The Cavalry kicked off Saturday in the Penn & Teller Theatre with a summary of “Year[0]” : mission, strategy, activities and forward looking plans. We also announced the 5-Star Automotive Cyber Safety Framework.

Reddit Ask Me Anything (AMA)

For the first time, I Am the Cavalry hosted an AMA.  The event is intended to better communicate our messaging and dispel any misinformation and miscommunications in the industry.  The online Q&A event was well attended, and received 80+ comments.

Peggy Smedley Show

Patty Smedley had Ben Feinstein on the show and he introduced I Am the Cavalry, its mission, strategy and activities to an IoT and M2M audience.

Robot Overlordz

This podcast featured Josh Corman talking to and answering questions from Mike Johnston and Matt Bolton of Robot Overlordz on the subject of connected device security.

IT Security Guru

I am The Cavalry members Katie Moussouris, Nick Percoco and Joshua Corman joined Dan Raywood, Editor of IT Security Guru, to discuss the IATC’s activities to promote security considerations when building IoT devices.

 

Current & Upcoming Events:

44CON | London, UK | September 10-12, 2014

Beau Woods: I Am the Cavalry: Year [0]

 

Intel IDF | San Francisco, CA | September 10-12, 2014

Joshua Corman: Panel: When Light Bulbs Meet Hacker (incl Chris Valasek)

 

Derbycon | Louisville, KY | September 24-28

Space Rogue and Beau Woods: I Am the Cavalry: Year [0]

“The Cavalry Isn’t Coming… It Falls to All of Us” @iamTheCavalry Workshops

What can YOU do to affect public safety and human life? Please join @iamthecavalry at DerbyCon for workshops on: Medical & Automotive Device Security, Media Training, Communication Skills, and a Knowledge Project to discern which InfoSec beliefs & practices should (and shouldn’t) be taken to the industries we seek to collaborate with.  Thanks to DerbyCon, this year “no ticket” is “no problem”!

Cavalry Workshops and Media Training:

Like last year, the Kennedy/Derby posse is being generous and supportive by donating the same room we used last year for our “Congress”. It will take place at DerbyCon on that Friday, Saturday and Sunday and if you missed out on a Derby Ticket… fear not… no ticket is required.

 

ISC2 Congress | Atlanta, GA | September 29 – October 02, 2014

Joshua Corman: ISLA Keynote and Chapter Leadership Forum Keynote

Joshua Corman will represent I am The Cavalry as both keynote for the ISLA Awards Gala and in an address the International ISC2 Chapter Leads.

 
Related News:

Mainstream Media

The mainstream media news is a great way to get introduced to the Cavalry and the subject of connected device security.  Here you will learn the major industry concerns in non-technical language, and how various researchers are influencing the discussion with projects and fact supported assertions.

 

Hacking group wants to play nice with automakers [Reuters]

How to Keep Your Car from Becoming a High-Tech Death Trap [Huffington Post]

While you were enjoying the weekend: DEF CON edition [Politico]

Hackers Tell Car Makers: Secure Your Vulnerable Vehicles Now [Forbes]

Security experts take aim at the Internet of (unsafe) Things [USA Today]

Hackers to Automakers: Protect Cars From Cyberattacks [NBC News]

The House of Hacking Horrors [BBC News]

 

 

Security/Technology Industry Media

Here is a sample of current industry news about the Cavalry, targeted at the IT, security and high-technology community.

 

At DEF CON, hacker coalition calls for safer computer systems in vehicles [Computer World]

DEF CON’s latest challenge: Hacking altruism [IT World]

Security movement urges automakers to collaborate with researchers [SC Magazine]

Can you stop The Cavalry? [IT Security Guru]

Let us help you defend cars from cyber-attacks: Hacking group to ‘Automotive CEOs’ [TechTimes]
How to Get Involved:

  • We are looking for volunteers to contribute to the Connected Device Security blog in the areas of Home Electronics, Automotive, Medical or Public Infrastructure.  Feel free to write your perspective on the latest in IoT developments and any security concerns or news in the aforementioned verticals.  Please contact in…@iamthecavalry.org for more information.
  • We need assistance with administration of the website.  If you have web admin experience and interest in IoT security, please contact in…@iamthecavalry.org.
  • We need assistance with building, sustaining and managing the research library.  This is a great way to get involved if you are new to connected device security.  Please contact in…@iamthecavalry.org for more information.
  • We are looking for people to do research and contribute to building out a matrix of carmakers and their capabilities from our Five Star Automotive Cyber Safety Framework. If you are interested, please email in…@iamthecavalry.org.

Monthly Update: April

We had a full track of Cavalry-esque presentations at SOURCE Boston, and all of the keynotes ended up having some overlap. Our workshops at THOTCON and BSides Chicago were great! Thanks to all those who presented and those who participated. Craig Smith of Open Garages did a great introduction to Car Hacking and a hands on demo. Scott Erven presented on research he’s done on medical device security issues and gave an introduction to the issues in the field.

THOTCON & BSides Chicago 2014

The Cavalry will be holding workshop sessions at both THOTCON and BSides Chicago next week. Details are below. We look forward to seeing you there.

THOTCON – Friday, April 25, 2014

Where/When: Lab 5/6, 2pm to 4pm
Approx. Capacity: 150 people

When What Who
2:00-2:30 WHY The Cavalry Josh Corman & Nick Percoco
2:30-3:00 Medical Device Security Landscape & Challenges Scott Erven
3:00-3:30 IoT Security Landscape & Challenges Mark Stanislav (BuildItSecure.ly)
3:30-3:50 Cavalry Mission, Discrete Progress & Activities Adam Brand
3:50-4:00 Next Steps & How to Get Involved Josh Corman

BSides Chicago – Saturday, April 26, 2014

Where/When: Workshop, 11:00am to 2:30pm (with lunch break)
Approx. Capacity: 25 people

When What Who
11:00-11:15 WHY The Cavalry Nick Percoco & Beau Woods
11:15-11:45 Getting Started with Medical Device Hacking Scott Erven
11:45-12:15 Automotive Security Landscape & Challenges Craig Smith (Open Garages) & Adam Brand
12:15-1:00 Getting Started with Car Hacking Craig Smith (Open Garages) & Adam Brand
1:00-1:30 Lunch & Open Q&A All
1:30-2:00 Car Hacking Demos & Q&A Craig Smith (Open Garages) & Adam Brand
2:00-2:15 Next Steps & How to Get Involved Adam Brand & Beau Woods