Black Hat is always an outstanding conference with a lot of lessons to be learned. One of the more prominent themes in recent years is cyber security professionals are still far away from trusting the Feds (emphasis added):
A major focus of DHS’s mission is helping protect American people and corporations in cyberspace. One of the administration’s prime initiatives in that direction is information sharing between government and industry, which Mayorkas was stumping for at Black Hat.
Not everyone was ready to jump on board.
“I’m just a little bothered with you saying just trust us, trust us with your data,” an audience member said during the Q&A. “The government can’t maintain security of even the military, the White House, the Department of Homeland Security … When you say just trust us with your data, it’s hard for me to let go of that.”
Similarly, during a talk on how the Justice Department prosecutes under the Computer Fraud and Abuse Act, special counsel to the Computer Crime and Intellectual Property Section Leonard Bailey said he expected the first question to be about Aaron Swartz, a researcher and hackivist who committed suicide while under indictment in 2013.
In the pre-Snowden days, cyber security professionals had a tough time trusting the US government. However, post-Snowden, and after all the disclosures about NSA behavior – namely their wanton desire to sabotage encryption – cyber security professionals find it much more difficult to close that trust gap. The only way this is going to be resolved is for the government to start taking the professionals concerns seriously.