But they also included a renewed government push to limit the strongest forms of encryption that was widely panned by cybersecurity experts. Former President Donald Trump’s embrace of conspiracy theories related to cybersecurity, election fraud and other topics also spurred broad cynicism in the hacker community, according to experts in our Cybersecurity 202 Network poll.
“In general, the government is less trusted these days”He said Paul Rosenzweig, a Department of Homeland Security official during the George W. Bush administration who now runs Red Branch Consulting. “My sense is that relationships are weaker now, rather than stronger. ”
Overall, 51 percent of Network respondents said the relationship between the ethical hacking community and the U.S. government has improved since 2019, while 49 percent said it had not.
We’re releasing the poll during the Black Hat cybersecurity conference in Las Vegas, which, along with the adjoining conference Def Con, is often a gauge of the relationship between cybersecurity and government.
That relationship hit a low point in 2013 after revelations about broad National Security Agency spying by leaker Edward Snowden.
Things had improved significantly by 2019 – last year the conferences were held in person. That year, 72 percent of Network respondents told us the relationship had gotten better.
The more divided response this year reflects the tumultuousness of the intervening period.
Many respondents who thought the relationship had improved pointed to a stronger understanding between government and outside experts that both are necessary to protect the nation from cyberattacks.
“A lot has happened in the past two years. The United States – both government and private sector – has been under attack. Security professionals of all stripes are beginning to acknowledge that the government has a role in cybersecurity, ”he said Mark Weatherforda former DHS cyber official.
“The government doesn’t have the resources to effectively test all of its networks and assets. It needs help from a community of creative, determined and talented ethical hackers”He said Jay Kaplanco-founder of the cybersecurity company Synack.
“Our nation needs all the help we can get to improve our cyber defenses,” he said Rep. Jim Langevin (DR.I.), co-founder of the Congressional Cybersecurity Caucus. “It is my hope that the US government will continue to find ways to partner with the ethical hacking community to take advantage of their skills and make the Internet a safer place.”
The ethical hacking community is also integrating more closely with government.
Harley Geiger, senior director of public policy at the cybersecurity firm Rapid7, praised the Cybersecurity and Infrastructure Security Agency for hiring “numerous staffers from the security community to (among other things) assist with Covid and election security responses.”
Jason Healey, a former White House cyber official and senior research scholar at Columbia University, praised government officials including Rob Joyce who he said “were seen as part of the ethical hacking community and shared many (though far from all) of its values.” Joyce served as Trump’s White House cyber director before the position was eliminated by then-national security adviser John Bolton. He’s now NSA’s director of cybersecurity.
Many who say the relationship with government has not improved put most of the blame on Trump.
“The abuses of the previous administration tainted many agencies [that] hackers work with like the FBI, DOJ and DHS, ”he said Jeff Moss, founder of the Def Con and Black Hat conferences. “Researchers want to know their work won’t be abused. It will take time for the new administration to repair that loss of trust by being more transparent and accountable. ”
Despite those harsh words, Moss invited federal officials to speak at this year’s conference, which will include Def Con keynotes from DHS Secretary Alejandro Mayorkas and CISA Director This is Easterly.
“While there may be more of a political affinity between the ethical hacker community and the Biden administration, that is a very long way from saying that the relationship has improved,” said Sascha Meinrath, founding director of X-Lab, a think tank focusing on the intersection of technologies and public policy at Penn State.
“Mainly it’s those outside the ethical hacker community that think things have improved”He added.
Some ethical hackers are also steering clear of government because of non-cyber concerns, he said Katie Moussourisfounder of Luta Security, who previously developed bug bounty programs for the government.
“Human rights abuses at the border continue, despite the new administration’s campaign promises to end harmful immigration policies,” she said. “Hackers are socially conscious, and this continues to upset members of the community.”
Michael Daniel, White House cyber adviser under President Barack Obama, took a longer-range view, suggesting that the relationship between hackers and government hasn’t changed much since 2019.
“It hasn’t really improved, but neither has gotten noticeably worse,” said Daniel, who now leads the Cyber Threat Alliance industry group. “The same issues and tensions continue to drive this complicated relationship.”
Cryptocurrency regulation is needed in wake of ransomware surge, SEC Chairman Gary Gensler said.
Gensler has asked securities regulators “to use all of our authorities anywhere we can” on cryptocurrency, Bloomberg’s Robert Schmidt and Benjamin Bain report. In a speech, Gensler also compared protections for cryptocurrency investors to the “Wild West.” He said cryptocurrencies are used more often to break laws and extort ransomware victims than as a medium of exchange.
Top lawmakers and officials across the Biden administration are looking into making it tougher for ransomware hackers to use cryptocurrency to extort victims. The White House wants an international standard for reporting large, suspicious transactions. Senate Homeland Security Committee Chairman Gary Peters (D-Mich.) Is also investigating cryptocurrency’s use in ransomware schemes.
The White House has stalled in choosing a top cybersecurity official for the Energy Department.
The Energy Department wants to place a career official in the post rather than a political nominee, but the Biden administration has deliberately declined to nominate anyone, Bloomberg Government’s Rebecca Kern reports. The Office of Cybersecurity, Energy Security and Emergency Response is the only cybersecurity office in the federal government still lacking a nominee, Kern reports.
The delay comes as the energy sector faces a wave of ransomware and other cyberattacks. There’s no legal requirement to have someone in the position, but senators are trying to change that. A measure to do so passed the House in July. The Trump administration created the cybersecurity office in 2018.
A top senator met with the Biden administration’s cybersecurity team.
Senate Homeland Security Committee Chairman Gary Peters (D-Mich.) Discussed ransomware, federal IT systems and whether the administration needs additional resources and authorities to counter cyberattacks, Peters’ office said.
“I was pleased to hear that President Biden will continue to use the full might of our diplomatic, military, law enforcement, economic and intelligence capabilities to impose consequences that will deter attackers,” Peters said. CISA referred The Cybersecurity 202 to Peters’ office for more information about the meeting; a National Security Council spokesperson did not respond to a request for comment.
- CYBER.ORG has announced new voluntary K-12 cybersecurity learning standards. It’s the “first effort to align K-12 cybersecurity learning criteria across all 50 states,” according to the group, which also said the standards were partially made possible through a CISA grant.
- Deputy national security adviser Anne Neuberger speaks at the Aspen Security Forum today.
- The Senate Homeland Security and Governmental Affairs Committee you discuss cybersecurity legislation today at 10:30 am
- CISA Director Jen Easterly and Homeland Security Secretary Alejandro Mayorkas speak at the Blackhat hacking conference on Thursday.
- Easterly, Mayorkas and CISA executive assistant director Eric Goldstein speak at the Def Con conference on Friday.