18 August 2015

A Congressman Goes toDEF CON

AUGUST 13, 2015

Amid the fun and fanfare of the world’s largest hacking conference, the cyber-political battles of the future are taking shape.
LAS VEGAS, Nev. — At some point last weekend, Rep. Will Hurd, R-Texas, woke up, shut off his phone, and made his way through the smoky, noisy, blinking floor of Bally’s Casino to meet with a few of the world’s hacking elite.

Patrick Tucker is technology editor for Defense One. He’s also the author of The Naked Future: What Happens in a World That Anticipates Your Every Move? (Current, 2014). Previously, Tucker was deputy editor for The Futurist for nine years. Tucker has written about emerging technology in Slate, The ...Full Bio

Turning off your phone, or at very least putting it on a secure private network, is a necessity at the annual DEFCON conference.

“It’s wise to consider the public network at DEF CON profoundly hostile! You’ll want to take some precautions,” reads a typical warning sent to the media who cover the event. If your data isn’t locked down, your phone number or email address might wind up on the conference’s public shaming board, the so-called Wall of Sheep — and everywhere else.

Every year, the event draws thousands of attendees who pay in cash so their names don’t appear on rolls anywhere. Many show up in costumes and kilts, and just about everyone seems to have tattoos. Anyone in a suit is wearing it ironically. A fair number of the conference-goers have mohawks, and if you don’t have one when you arrive, you can easily find someone on the conference floor with set of clippers. Among the more popular activities this year: hacking a Tesla Model S to win $10,000 per bug (sponsored by Tesla.) And there’s a perennial favorite,“Spot the Fed.”

DEF CON attracts more than a few colorful characters, such as cybersecurity rockstar, international fugitive, and accused murderer John McAfee. Defense One found McAfee taking pictures with fans, at 1 a.m., on the roof of a strip club. He had spent the early part of the week in a Tennessee jail cell for driving while intoxicated…and armed.

What is Will Hurd, Republican Congressman from Texas, doing here?

“The best way to defend digital networks is to have an attacker’s mentality,” Hurd told Defense One.

Hurd, who spent nearly a decade as an undercover CIAoperative in places like Afghanistan, doesn’t freak out easily. And he’s adopted that attacker’s mentality at various points in his life. But more than other members of Congress, he has a few things in common with the crowd at DEF CON. For one thing, he ran a cybersecurity firm for four years. Naturally, he’s made cybersecurity a cornerstone of his legislative efforts.

Most noticeably, he offered three amendments to the National Cybersecurity Protection Advancement Act, or NCPA, of 2015, a bill aimed at giving corporations liability protections to share threat data (possibly related to private user data) to stop cyberattacks. The most significant of Hurd’s amendments dealt with allocating “DHS cybersecurity resources that large firms currently enjoy” to smaller firms, of the sort you might find at conferences like DEF CON. He came away from his conversations at the conference with a sense of “how to strengthen that. Put some meat on those bones,” he said.

His most recent bill, the Einstein Act of 2015, allows the Department of Homeland Security to more widely deploy the Einstein 3A cybersecurity solution, which was used to diagnose the OPM hack. This allows “classified information to act as a first line of defense against cyber espionage,” according to a statement from Hurd’s Office. He’s framed the legislation as critical to defending both civilian and military information. “Our adversaries are attempting to steal military secrets and valuable information on a daily, if not hourly basis. It’s bad enough when any person’s private information is stolen and used for identify theft, but imagine the grave impact of the theft of information belonging to those who are tasked with protecting America’s most sensitive information,” he said.

Hurd has broken with GOP leadership on such issues as the importance of secure, end-to-end user encryption, a position that puts him on the side of the hacker community and companies like Google, and opposed to Senate Majority Leader Mitch McConnell, R-Ky., Sen. John McCain, R-Ariz., and FBI Director James Comey.

And he says that sort of independence earned him a warm welcome at the conference.

“Everybody embraced me that was there,” he said. “This community knows that’s where I come from. This is why the conversations on encryption — we should be encouraging the use of encryption, not weakening it. I’m able to have those conversations because of my background.”

It’s also a sign that DEF CON is growing out of its “Spot the Fed” days.

No comments: