After what happened in Vegas, feds keep low profile at Black Hat
- By William Jackson
- Jul 30, 2012
“Spot the Fed” has been a popular game over the years at the DefCon hackers conference in Las Vegas, as well as during the earlier years of its then-sister Black Hat Briefings. The suspicious types populating these events often did not make government officials and employees welcome.
Mark Weatherford, a deputy undersecretary at the Homeland Security Department who spoke at this year’s Black Hat, recalled that during his Navy years he had to get special permission for personnel to let their hair grow out before attending the conferences so they wouldn’t stand out.
Now in its 15th year and owned by UBM TechWeb, Black Hat has become more commercial and no longer has direct ties to DefCon (although they continue to be held back-to-back each year and share many attendees and speakers), and feds are welcome. But they once again are keeping a low profile, this time for a different reason.
Black Hat: If it ain't broke, it's just a matter of time
Windows 8: A secure OS for government?
“Ever since the GSA stuff came out,” managers are reluctant to approve visits to Vegas conferences at taxpayer expense, said one DOD employee at Black Hat.
The “GSA stuff” is of course the revelation earlier this year
that the General Services Administration had spent more than $800,000 on a conference outside Las Vegas in 2010. Public and congressional outrage have given a black eye to professional gatherings in Sin City.
There still were feds at last week’s Black Hat, but you had to look harder to find them. There were an awful lot of badges that had only a first name and no professional affiliation on them. And as far as talking to the press goes, well, the last thing any of them seemed to want was to see their name appear in print under a Las Vegas dateline.
Las Vegas has not been formally blacklisted, but agencies and employees are being much more cautious. At the same time as Black Hat, the Defense Department was holding an education conference at the MGM Grand and this year’s event was subdued, one attendee said.
Six months ago we would have partied,” she said. But this year it was four straight days of conference sessions with no late nights, and the breakfasts were reduced to fruit and coffee. “Now we feel like everyone is watching us.”
Fiscal restraint is not a bad thing, but it would be a shame if feds were scared away from Black Hat because of the bad publicity generated by the excesses and foolishness of some managers at GSA. The conference still is one of the most information-rich venues for those whose job is it is to run and protect networks and systems, and who must keep up with the nuts and bolts of the vulnerabilities and threats they face. It is a place where big-name researchers and basement hackers come to drop new findings, tools and exploits.
Government is increasingly dependent on commercial IT products and services and cannot secure them in a vacuum. That means it is increasingly dependent on work being done in the private sector, and there is a need for trust between government and those on the outside, said Weatherford, who heads up cybersecurity at the DHS National Protection and Programs Directorate.
Black Hat is a place where that trust can develop “Black Hat opened the door to people and groups who otherwise never would get to meet,” he said.
William Jackson is freelance writer and the author of the CyberEye blog.