Welcome to the September edition of an I Am the Cavalry Monthly Update Newsletter!
This monthly update is dedicated to publishing regular information regarding IATC accomplishments, upcoming activities and our targeted long range plans. This newsletter will inform our colleagues and teammates of the ongoing progress we are making in the public and private sectors as well as how we are positively impacting security and safety in the connected technology landscape.
I’d like to thank the teammates who helped pull this together and nudge us to improve communication. Constructive feedback (and help) is welcome!
We look forward to communicating with you over the coming months!
We celebrated our 1st birthday while in Vegas for BSidesLV and DEF CON 22. My how time flies. We decided to give it at least 1 year to see if this was a pursuit capable of having impact. We end Year encouraged. We begin the next year with more experience, more earned wisdom, and more momentum.
We published our 1st Open Letter and Security Framework:
5-Star Automotive Cyber Safety Framework
See also the more detailed overview of the Framework:
Detailed 5-Star Automotive Cyber Safety Framework
As you might imagine, the Open Letter stimulated a flurry of interest and catalyzed discussions with automakers, OEMs, regulatory bodies, insurers, government, and even the White House. Stay tuned for updates as we can share more. Cliff Notes: “You guys are SPOT ON!”
The Cavalry is creating a library indexing recent research and articles related to connected device security. This library will provide security experts with a launching pad for recent work in the field, and serve as a quick reference for those outside of the echo chamber. If you would like to submit content or help build the library, please email in…@iamthecavalry.org.
In response to specific requests from automotive companies, the Cavalry is creating collateral around the 5-Star Cyber Safety Framework. This content will enable automotive industry experts to present safety ideas internally or disseminate information at conferences.
I Am the Cavalry Slide Insert
This project aims to create a slide or two that can be added to a presentation slide deck and serve as an easy launching point for connected technology safety discussions.
An FAQ is an easy way to centralize and maintain knowledge about our positioning and external messaging. We’d love to receive samples of questions and/or answers you’ve received since becoming a member of this mailing list. Please send FAQ suggestions to in…@iamthecavalry.org.
This matrix is a preliminary draft for categorization and classification of major carmakers and their 5-Star cyber safety capabilities.
Minor Website Updates
We’re always adding and improving our web content. If you see an issue, please let us know and we will update the pages accordingly.
Long Range Future Plans:
Certain activities require legal incorporation, such as engaging with government entities, industry bodies, etc. We are currently finalizes a few different options for incorporating as a non-profit educational foundation. This corporate structure will allow us to continue to serve our mission in the way we have been – collecting, connecting, collaborating, and catalyzing.
BSides Las Vegas 2015
We are working with BSides Las Vegas organizers to plan I Am the Cavalry activities for BSidesLV 2015. If you have organizational or content suggestions for next year’s conference, please post them to the discussion list or send them to us privately. Videos of some of the sessions from this year’s event can be found on the Irongeek website.
Conferences and Events:
Securing the Internet of Things (SIOT) Masters
SIOT Masters was put on by CyberTECH, BuildItSecure.ly and I Am the Cavalry. It was an afternoon of presentations and conversations about security, privacy and critical infrastructure. At this year’s SIOT Masters, 50 researchers and industry professionals from the Automotive, Medical Device, Public Infrastructure and Home/IoT markets came together to explore how IoT will change lives forever and what must be done to build security into the very fiber of all things.
BSidesLV (Las Vegas)
BSides is an information/ security conference put on by and for the community. It is 100% volunteer organized and strives to provide the latest security information for free. At this year’s event, I Am the Cavalry provided a one day track including an introduction, overview and update of our latest activities and accomplishments. We also hosted interactive presentations and discussions focused on Media, Legal, Public Policy, Career, Burnout, Extreme Altruism, Disclosure and Communication. Videos of some of the sessions can be found on the Irongeek website.
DEF CON 22
DEF CON is the largest and most famous hacker conference, drawing over 15,000 people. It is a venue for community, networking and the latest information about hacking research and security. At DEF CON 22, I am The Cavalry kicked off Saturday in the Penn & Teller Theatre with a summary of “Year” : mission, strategy, activities and forward looking plans. We also announced the 5-Star Automotive Cyber Safety Framework.
Reddit Ask Me Anything (AMA)
For the first time, I Am the Cavalry hosted an AMA. The event is intended to better communicate our messaging and dispel any misinformation and miscommunications in the industry. The online Q&A event was well attended, and received 80+ comments.
Peggy Smedley Show
Patty Smedley had Ben Feinstein on the show and he introduced I Am the Cavalry, its mission, strategy and activities to an IoT and M2M audience.
This podcast featured Josh Corman talking to and answering questions from Mike Johnston and Matt Bolton of Robot Overlordz on the subject of connected device security.
IT Security Guru
I am The Cavalry members Katie Moussouris, Nick Percoco and Joshua Corman joined Dan Raywood, Editor of IT Security Guru, to discuss the IATC’s activities to promote security considerations when building IoT devices.
Current & Upcoming Events:
44CON | London, UK | September 10-12, 2014
Beau Woods: I Am the Cavalry: Year 
Intel IDF | San Francisco, CA | September 10-12, 2014
Joshua Corman: Panel: When Light Bulbs Meet Hacker (incl Chris Valasek)
Derbycon | Louisville, KY | September 24-28
Space Rogue and Beau Woods: I Am the Cavalry: Year 
“The Cavalry Isn’t Coming… It Falls to All of Us” @iamTheCavalry Workshops
What can YOU do to affect public safety and human life? Please join @iamthecavalry at DerbyCon for workshops on: Medical & Automotive Device Security, Media Training, Communication Skills, and a Knowledge Project to discern which InfoSec beliefs & practices should (and shouldn’t) be taken to the industries we seek to collaborate with. Thanks to DerbyCon, this year “no ticket” is “no problem”!
Cavalry Workshops and Media Training:
Like last year, the Kennedy/Derby posse is being generous and supportive by donating the same room we used last year for our “Congress”. It will take place at DerbyCon on that Friday, Saturday and Sunday and if you missed out on a Derby Ticket… fear not… no ticket is required.
ISC2 Congress | Atlanta, GA | September 29 – October 02, 2014
Joshua Corman: ISLA Keynote and Chapter Leadership Forum Keynote
Joshua Corman will represent I am The Cavalry as both keynote for the ISLA Awards Gala and in an address the International ISC2 Chapter Leads.
The mainstream media news is a great way to get introduced to the Cavalry and the subject of connected device security. Here you will learn the major industry concerns in non-technical language, and how various researchers are influencing the discussion with projects and fact supported assertions.
Hacking group wants to play nice with automakers [Reuters]
How to Keep Your Car from Becoming a High-Tech Death Trap [Huffington Post]
While you were enjoying the weekend: DEF CON edition [Politico]
Hackers Tell Car Makers: Secure Your Vulnerable Vehicles Now [Forbes]
Security experts take aim at the Internet of (unsafe) Things [USA Today]
Hackers to Automakers: Protect Cars From Cyberattacks [NBC News]
The House of Hacking Horrors [BBC News]
Security/Technology Industry Media
Here is a sample of current industry news about the Cavalry, targeted at the IT, security and high-technology community.
At DEF CON, hacker coalition calls for safer computer systems in vehicles [Computer World]
DEF CON’s latest challenge: Hacking altruism [IT World]
Security movement urges automakers to collaborate with researchers [SC Magazine]
Can you stop The Cavalry? [IT Security Guru]
Let us help you defend cars from cyber-attacks: Hacking group to ‘Automotive CEOs’ [TechTimes]
How to Get Involved:
- We are looking for volunteers to contribute to the Connected Device Security blog in the areas of Home Electronics, Automotive, Medical or Public Infrastructure. Feel free to write your perspective on the latest in IoT developments and any security concerns or news in the aforementioned verticals. Please contact in…@iamthecavalry.org for more information.
- We need assistance with administration of the website. If you have web admin experience and interest in IoT security, please contact in…@iamthecavalry.org.
- We need assistance with building, sustaining and managing the research library. This is a great way to get involved if you are new to connected device security. Please contact in…@iamthecavalry.org for more information.
- We are looking for people to do research and contribute to building out a matrix of carmakers and their capabilities from our Five Star Automotive Cyber Safety Framework. If you are interested, please email in…@iamthecavalry.org.