<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
So I guess my summary would be : Better than expected so far!<br>
<br>
The first talk I saw, was a panel discussion lead by CloudStrike's
Dmitri Alperovitch (who is uniquely confused as to how new his
Android exploit talk is - I mean there's products out there that do
everything his talk discusses. Then again, Hype is the coin of the
realm here - and Dmitri is nothing if not a master of Hype). He did
a good job as a panel moderator though. Just enough China-bashing to
seem informed but not overly aggressive. <br>
<br>
Also on the panel (<a
href="https://twitter.com/#%21/daveaitel/status/174887397044125697/photo/1">picture
here</a>) was James Lewis (CSIS), Eric Rosenbach (DoD Deputy
Assistant Secretary of Defense for Cyber Policy), Adam Segal
(Council on Foreign Relations), and Martin Libicki (RAND). I
liveblogged it on Twitter, to Sean's chagrin.<br>
<br>
There's a bill from the GOP coming out today on Cyber (McCain didn't
think the NSA got enough power in the other bill). No doubt it was
written with input from some of these people, and Eric specifically
asked for companies to essentially lobby their representatives in
support of the current bill, so the panel was tinged with a tiny bit
of politics. <br>
<br>
But if you were a reporter, and there were a few of them in the
room, probably the most reportable thing I haven't heard elsewhere
is that both Obama and Biden talked with the next Chinese president
on his visit to the US about the economic espionage. Likewise, James
Lewis and Martin Libicki tend to go visit the Chinese every six
months (I guess for new phone trojans?) to talk about strategic
issues, and one of their points was that the Chinese don't believe
that the US doesn't do economic espionage. Eric (who would know)
pointed out how impossible it would be for the US to do economic
espionage the way the Chinese do in our current system (aka, "who
gets this information? Imagine the lobbying and legal fun!").
Likewise, the Chinese consider it "Information War", not "Cyber war"
and consider the NY Times to be a weapon (which it is!).<br>
<br>
Eric also pointed out that the DoD would consider a "prep of the
battlefield" in cyber to the armed attack, which doesn't correspond
well to a previous panel which reportedly said that every time the
DHS examined critical infrastructure, they found an attacker already
on it. Eric said that it is almost certainly not the right thing to
do to have the NSA take the lead role in homeland defense, which is
interesting because earlier in the panel he wanted to make defense a
managed service run by the NSA. What you have is a weird dichotomy,
where the NSA has the capabilities, and the DHS has the authorities.
<forboding music> This is usually a bad sign. </><br>
<br>
Anyways, normally panels are the lamest things ever, but I thought
this one (in particular for Eric) was worth watching. Martin Libicki
thinks too small about cyber imho, but James Lewis was interesting,
compared to what you would expect from the CSIS papers.<br>
<br>
-dave<br>
<br>
<br>
<br>
<br>
<pre class="moz-signature" cols="72">--
INFILTRATE 2013 January 10th-11th in Miami - the world's best offensive information security conference.
<a class="moz-txt-link-abbreviated" href="http://www.infiltratecon.com">www.infiltratecon.com</a>
</pre>
</body>
</html>