Last week, The Readable was in Las Vegas to attend the Black Hat and DEF CON events. Below are some of the most important statements made by speakers at the scene. We have selected the following quotes based on the insights gained through these industry leaders’ words to help our readers better understand the current threat landscape.
Jeff Moss (Founder of the Black Hat and DEF CON)
Acting National Cyber Director Kemba Walden discusses the National Cybersecurity Strategy and Workforce Efforts
“AI problems are going to become global problems. This is because the manufacturers and implementers of AI systems and learning models are going to be global companies. If a problem is discovered, you’re going to probably have to reach across one of the oceans and try to figure out what’s going on. And that requires an international mindset.”
Kemba Walden (National Cyber Director in the Office of the National Cyber Director)
Acting National Cyber Director Kemba Walden discusses the National Cybersecurity Strategy and Workforce Efforts
“We need to try to figure out where our policy solutions are to rebalance that responsibility. To make sure that those that are more capable of bearing cybersecurity risk have the opportunity to bring it down. I’m talking about producers, cloud service providers, large companies, even not so large companies that really are key to our technology. I’m talking about the federal government. Those of us that are more capable should be able to buy down cybersecurity risks.”
Ben Sawyer (Professor at the University of Central Florida)
Me and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants
“We as humans are pretty good with one another’s attack services, both being able to exploit them but also to have protection. I would have some protection because I understand as a social entity that there are cues that I can use. That is not the case with a large language model. It is not the case with an AI system. In Hollywood, you know they have to give a fake cue. We all know how this happens. There is a flickering of lights, and something turns red. None of that happens here. What happens is a very competent system, fully capable of manipulating humans, using a wide range of very well understood tactics that instantly and silently shifts from addressing your goals to addressing one of the goals that are given.”
Matthew Canham (CEO of Beyond Layer 7)
Me and My Evil Digital Twin: The Psychology of Human Exploitation by AI Assistants
“Now, if you look on the right, there is the little robot and the dinosaur thingy. These have what are called neotenic features. Neotenic means that they look young. So, if you look at the portion of the eyes of facial features, they’re much larger relative to the entire head size of that individual. That mimics a baby. We are hardwired to want to care for younger creatures, or younger children, and so they look cute to us. This is a hack of our biological system and of our cognitive system. So, one thing that I’m convinced of is that when the robot apocalypse happens, I don’t know what the robots are going to look like, but they are going to be cute.”
John Swanson (Security Strategy Director at GitHub)
I Was Tasked With Enrolling Millions of Developers in 2FA – Here’s What Happened
“Make sure that your ambitious objective doesn’t result in specific demographics being unable to access your service. Remember, we are all here to make the world a safer place. Security that isn’t usable isn’t security at all.”
“The data is only as good as the decisions that you make based on it. Leaders must not hesitate to react decisively if data begins to surface problems. We set an expectation early with our project team that if data showed that our enrollment campaign was causing business with the users to struggle, we slow down or pause.”
Kristina Walter, former director of the National Security Agency’s Cybersecurity Collaboration Center (CCC) and current chief of Defense Industrial Base (DIB) Cybersecurity at the NSA
Lessons Learned from the KA-SAT Cyberattack
“We talk a lot with our partners about ‘there is no cyber 911.’ If something happens, we would like to tell you to call the partner you are comfortable with. You must have an established relationship. You can’t search for trust in a crisis. Our analysts knew each other. Marketing knew each other. So, when this happened, we could quickly just get together and not build that relationship from scratch.”