BlackHat: "Cyber security" and "Cloud "
Cyber was the keyword at today's BlackHat keynote speech. Robert F. Lentz, the Chief Security Officer of the United States Department of Defense started the day after a brief opening by Jeff Moss.
The keynote speech illustrates well that DoD is struggling with keeping up with the rapid pace at which the adoption of Internet technologies is developing. A particularly striking example was that of an aircraft carrier's captain, who was asked what his number one priority was. The captain's answer? Internet connectivity. The average age of the 5,000 crew members on a nuclear-powered aircraft carrier is 19.5 years old. These servicemen (and -women) have grown up with Internet connectivity at their fingertips. Denying such access when out on sea for extended periods of time would be a significant threat to the morale on a ship, which is something that no captain wants to deal with. Additionally, much of the vessel's operational information used to navigate, troubleshoot, or provide medical services, is accessed through the Internet.
If the talk must be distilled into a single one-liner, it would be that the DoD wants less anonymity on the networks and needs more controls. The phrase used by Lentz was "driving anonymity out of the network". All in all, a reasonable talk when viewed from a military perspective.
Following the keynote presentation, Alex Stamos presented his view on Cloud Computing Models. Stamos was fairly vocal about the fact that the phrase 'Cloud Computing' is overused and is, in most cases, merely a marketing phrase.
Stamos said: "If you do not have to rewrite your code, it is not cloud computing". He goes on by arguing that audit capabilities and incident response procedures are currently at an inappropriate level of enterprise deployment. The point that Stamos tried to make that regardless of what you call it, the enabling technology of much of the cloud infrastructure is very vulnerable to attack and threats are real.
The keynote speech illustrates well that DoD is struggling with keeping up with the rapid pace at which the adoption of Internet technologies is developing. A particularly striking example was that of an aircraft carrier's captain, who was asked what his number one priority was. The captain's answer? Internet connectivity. The average age of the 5,000 crew members on a nuclear-powered aircraft carrier is 19.5 years old. These servicemen (and -women) have grown up with Internet connectivity at their fingertips. Denying such access when out on sea for extended periods of time would be a significant threat to the morale on a ship, which is something that no captain wants to deal with. Additionally, much of the vessel's operational information used to navigate, troubleshoot, or provide medical services, is accessed through the Internet.
If the talk must be distilled into a single one-liner, it would be that the DoD wants less anonymity on the networks and needs more controls. The phrase used by Lentz was "driving anonymity out of the network". All in all, a reasonable talk when viewed from a military perspective.
Following the keynote presentation, Alex Stamos presented his view on Cloud Computing Models. Stamos was fairly vocal about the fact that the phrase 'Cloud Computing' is overused and is, in most cases, merely a marketing phrase.
Stamos said: "If you do not have to rewrite your code, it is not cloud computing". He goes on by arguing that audit capabilities and incident response procedures are currently at an inappropriate level of enterprise deployment. The point that Stamos tried to make that regardless of what you call it, the enabling technology of much of the cloud infrastructure is very vulnerable to attack and threats are real.