There should be more accountability — and less legal leeway — for the software vendors and their technology's source code.
At the Black Hat USA 2014 conference at Las Vegas' Mandalay Bay Resort and Casino, security is the main event. And in that vein, Dan Geer, the chief information security officer of non-profit investment firm In-Q-Tel, shared 10 cyber security policy recommendations during his keynote speech on Wednesday, Aug. 6.
Geer, the conference's first and only keynote speaker, framed his recommendations within the context of today's confusing, precarious cybersecurity landscape amid diminishing personal privacy and increased government spying and surveillance.
He read an hour-long essay to thousands in attendance, addressing a crowd who represented, in his opinion, an industry that's becoming more and more prominent in public policy because of software's ubiquitous presence in every facet of modern life. The security of the technology that supports society is something no one can ignore, but cyber threats are so constant and pervasive that accomplishing total privacy and security seems futile
Geer opened his talk by reading aloud the abstract for his speech, which summed up the importance of cybersecurity policy, even as strong cybersecurity itself seems almost impossible to achieve.
"Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get," Geer said. "Some have the eye to discern cyber policies that are, 'The least worst thing.' May they fill the vacuum of wishful thinking."
Geer's cybersecurity advice was comprehensive and called for more accountability — and less legal leeway — for the software vendors and their technology's source code.
Geer said that the following 10 policy proposals were his and his alone, based on his experience in the industry. He also gave a verbal disclaimer that listeners were free to disagree and attempt to prove him wrong on these ideas, in the interest of greater legal and personal agency in the never-ending cybersecurity effort.
Geer concluded his speech by espousing political realism. The international world is anarchic when cyberspace is involved, and governments are the most important players in the digital world.
"States' investment in offensive cyber is entirely about survival in such a world," he said. "States are driven to this by the dual, simultaneous expansion of what is possible and what their citizens choose to depend on."