If Black Hat is becoming the new RSA, then DEF CON is oozing toward Black Hat, it seems, and B-Sides is the new DEF CON. This year it got some Ikea furniture to spruce up its mom’s basement. Not totally commercial, but definitely more – first apartment folding furniture – chic; the basement just got upgraded.
Now the vendor area is larger and it seems more, um, commercial. While blue-haired-mohawks were installed and adorned proudly as per normal, the venue changed. It’s now more structured than the more free-for-all vibe of yesteryear, and you can feel it. Maybe it’s an outgrowth of just being larger, but the herds felt more herd-like, and less non-conforming than the DEF CON of years back. People might even be drinking less.
"If all the cars on the road talked to each other and shared stuff, would it makes roads better? Maybe. But who would be responsible if it didn’t?"
On the other hand, business-as-usual seems to be moving closer to court DEF CON folks in an effort to engage some shabbily dressed hacker types somewhat, and that’s a good thing. Some companies even chose to be on the cutting edge of the trend. Mad props to Tesla, they actually brought their own car and engaged the hackers directly, in an effort to build goodwill and start the dialog. That’s much better than the builders of some of the other vehicles highlighted at the show did, probably unwilling to engage without the explicit blessing of their respective legal teams per se.
Industrial process control seems to be following the same trajectory, in an effort to get hackers to start thinking about the importance of the roles they might play in the future when it comes to keeping the things running that affect everyone. No one thinks about the electrical grid until the microsecond it quits, so training the next generation of engineers seems like a good investment indeed. Better to invest in talent than defend against it, after all.
For the past year people have been asking whether IoT security was real. This year we found out. While some manufacturers take a more square focus on baking in security from the ground up, the rest of the giant miscellaneous pile of products reaching the market every day will keep DEF CON attendees amused for the next decade. Additionally, trying to figure out how semi-unsecured devices will really interact well with fairly-secure devices is anyone’s guess. I mean, it should work, but sometimes things that should work fine really don’t.
One example: vehicle-to-vehicle communication. If all the cars on the road talked to each other and shared stuff, would it makes roads better? Maybe. But who would be responsible if it didn’t? If calling your cable company to find out whether the Internet problem is the fault of your router or their equipment is frustrating, imagine troubleshooting thousands of cars that are supposed to be playing nice, but aren’t.
"Better to invest in talent than defend against it, after all."
The good news is that by next year, everyone might figure out which parts of DEF CON are hosted at Bally’s and which are at Paris (since it’s now split) without an extra mile of walking each day, but it seems more likely that DEF CON will continue to grow. After all, if you start by going to it, maybe you can eventually get a job and move out of your mom’s freshly upgraded basement – maybe then you can go to Black Hat.