Last week (July 31 – August 5) took the 24 e-edition of the Black Hat USA conference site. The conference took place in Las Vegas and there was an option to attend virtually.
After four days of training, founder Jeff Moss kicked off the presentation rounds on Wednesday. Moss, of course, reflected on the people we have lost to Covid-19, such as Dan Kaminsky . He also incorporated the pandemic into his lecture. He did this by drawing parallels with the world of cybersecurity.
“ Is there a way to sort of confirm immunity on a network, if you take care of your own equipment? Moss wondered. Just as a doctor cannot eliminate cancer on his own, a cybersecurity specialist can not cure memory corruption alone. However, both can be part of a team that contributes to these goals.
Other medical analogies also work well within the cybersecurity world, Moss says. For example, the medical ‘ do no harm ‘ could equate to ‘do no harm to users and protect their privacy.
For the most important lesson, Moss compared a firewall to the Covid-19 vaccine. He described three levels of immunity that we can achieve within the corona pandemic and cybersecurity.
The first level is the period when no one is immune. “ There is a disease running rampant in the community,” Moss described it. In the cyber world, this means that no system is monitored or optimized. “ There’s nobody watching the logs. So, the malware spreads unchecked through the network ”.
The second level of immunity is when a portion of the population is immune to the disease. The disease then spreads through part of the population and is sometimes noticed, sometimes not. In this vein, malware spreads through some networks where systems are not monitored. According to Moss, this is the level we are at with regard to Covid-19. He also states that the cybersecurity community is also stuck at this level.
We should strive to get to the third level, he says. At this level, the majority of the population is immune and the virus is isolated. This is also what we as a society strive for when it comes to herd immunity: 70 to 80 per cent immunity. In the digital world, level three would look like this, according to Moss: “ Most networks and systems are maintained, malware is noticed most of the time, and actions are taken to protect other systems besides your own system ”. Most systems are therefore monitored, malware is noticed and by patching you also protect other systems besides your own.
Cybersecurity and containment of Covid-19 are therefore both shared responsibilities, according to Moss. When it comes to a virus, protect yourself and others by getting vaccinated. You also try to reactivate others to protect yourself. In the context of cybersecurity, you are therefore concerned with the networks around you instead of just with your own system.
Moss is adamant: You are selfish if you only think about yourself because with the internet all our problems are connected. “If we know anything, [we know] that the internet is so connected that our problems are connected ”. He wants to go to full immunity. In this ideal fourth level, you are also busy checking the immunity of others around you.
Do you want to know what else was discussed during the Black Hat conference? Then look here. The European edition of the event will take place from November 8-11, 2021 in London.
Catch up on more articles here
Follow us on Twitter here