Nick Daniell is a Senior Software Engineer and cybersecurity expert at Sunrise Labs. He recently attended two of the most important security conferences in the world: the Defcon & Blackhat conferences in Las Vegas, Nevada. Now in his fifth year of attendance, we wanted to catch up with Nick to learn more about these conferences and their significance in a time where concern over cyber threats is growing.
Q: What is Defcon & Blackhat?
ND: They are separate conferences focused on cybersecurity, but both are assembled by Jeff Moss, who is well-regarded for his background in information security. The Blackhat Conference has a more professional audience, while Defcon is more suited for the 'hacker' individual-type.
Q: What is the content like at these conferences?
ND: There is a very large and diverse amount of talks and workshops that cover a vast range of security topics. From hardware hacking, IT network security, social engineering -- the list goes on and on. Each year, there seems to be a focal point or theme in terms of the topics. Last year, there was a tremendous amount of concern surrounding vehicle safety and security due to the Chrysler/Jeep hack. This year's focus is quantifying software quality for security. For example, if you go to Amazon.com to purchase a webcam, there is no product detail that lets the consumer know how secure one device is over the other competing products. Hacking is not just in large networks anymore; as we begin to introduce connectivity to more devices, choosing secure products is becoming essential to maintain a secure network.
Q: What is the value of you attending these conferences?
ND: Plain and simple -- we need to be aware of the latest exploits effecting the rest of the world. It is important to stay current with the latest development in security. It is also a great place to exchange and understand the methodologies and tools other comapnies are using for enhancing their overall security and applying them to our practices we use at Sunrise. The knowledge gained contributes to our ability to conduct an accurate and complete cyber security risk analysis for our clients.
Q: What are your expectations when you attend?
ND: I expect to learn about new methodologies and tools others are using to mitigate security risk. These conferences give me perspective into how other companies around the world keep up with updating their security procedures. As well as see the methodology security researchers use when attempting to compromise a device or interface.
Q: Do you think medical device security will become a more prevalent topic at Blackhat or Defcon?
ND: It already has -- medical device security is becoming a bigger topic of concern for healthcare systems and manufacturers. In a 2008 talk at Defcon, a security researcher demonstrated how he could hack a specific insulin pump model to deliver its entire reservoir of insulin remotely using BlueTooth. It's no longer just a hypothetical, it's the reality we live in. That being said, security in medical devices is definitely a balancing act. Of course you want the device to be secure, but in medical devices, you have to keep in mind that convenience and usability can outweigh the security risk. By adding too much security, you can introduce a new risk that interferes with the patient's health. That's what Sunrise Labs analyzes when completing our risk analysis. The goal of our cybersecurity risk analysis is to provide the highest level of security without introducing more risk to the patient.