by Jean Miller, Principal Architect, Application and Data Security United Airlines
Black Hat is in reality a security professional’s conference, not just a “hacker convention” as its continually referred to in the press. While there’s always a strong hacker element, the conference has evolved over the years to provide valuable insight to security professionals by identifying and breaking down vulnerabilities that can lead to serious data breach.
This year’s conference had a much different feel heading into the show opening. Set against the backdrop of the National Security Agency (NSA) PRISM program and subsequent leak of data on the program by former NSA systems administrator Edward Snowden, Black Hat was buzzing in anticipation of the keynote speaker, General Keith Alexander, the current director of the National Security Agency (NSA) chief of the Central Security Service (CSS) and commander of the U.S. Cyber Command.
The General’s presentation was designed to give attendees an insider look into the U.S. Cyber Command and the interworking of offensive cyber strategy – ostensibly to demonstrate to attendees that the government is not “spying” on its people, and that the terrorism threat the country faces is very real.
Overall, I found the presentation to be engaging and accomplished the mission of making the case that the NSA’s surveillance programs have been successful in protecting Americans and combating foreign threats. To be sure there was some rogue heckling from the audience, but by far the biggest applause came near the talk’s end when an attendee shouted that General Alexander should read the Constitution, to which the General responded, “I have. You should, too.”
This all made for great theater and put all of the issues of PRISM on the table. However, one aspect that was not address, and the issue that should really keep security professionals up at night, is the story of the actual leak of the programs by Edward Snowden.
The reality is that every organization has someone with the privileged access that Snowden was trusted with – the story of how he was able to easily access and leak data to such sensitive programs is something that EVERY organization can learn from. This is something that I would have liked to see addressed more in-depth – what were the NSA monitoring policies for privileged accounts? Do they provide audit trails of this access? What are the policies in place now to help prevent these leaks from happening again?
It’s not just from national security curiously – but these are lessons that can be and should be applied to business to prevent the next big data breach.