DEF CON Safe Mode

I Am The Cavalry member Beau Woods was recently interviewed about policymaker participation at DEF CON “Safe Mode” for the Hewlett Foundation Cyber Initiative newsletter.

If you’d like to participate in the DEF CON Policy program, free registration is now available. DEF CON community members are also welcome to register as potential “advisors” to support the program.

The following Cyber Initiative newsletter Q&A highlights The Cavalry’s efforts at DEF CON and has been edited for clarity.

How did we go from “Spot the Fed” to an expectation of government involvement and a policy group at DEF CON?

There’s a history of both cooperation and friction between DEF CON and the US government. The organizers invited an FBI agent prosecuting cybercrime to the very first event. Not only did she show up, she gave a well-received talk wherein she promised she wasn’t there to arrest anyone.

I believe that the relationship is the best it’s ever been today, after a string of visits from local, national, and international policymakers, including Congress members and staffers. The policy group started with a brief, tentative conversation in 2018 that spawned both a dedicated Goon team, the organizers and volunteers that make the event happen, and the Lost Policymaker’s Guide to Hacker Summer Camp last year.

What is the importance of connecting the DEF CON community and policymakers?

Society’s dependence on connected technology has grown faster than our ability to secure it. While public policymakers have tended to have a hands-off approach for the last few decades, it’s clear that the “move fast and break things” mantra from Silicon Valley is appropriate when our lives, our economy, and our very democracy depend on bits controlling atoms.

The hacker community at DEF CON has forecast the rise in accidents and adversaries, nation-state “hacktivity,” social media manipulation, and the Internet as a trigger point for extremist ideologies. In the absence of technically literate voices of reason connecting with the public policy community, a vacuum exists that is filled with those with lesser expertise, lesser motives, and lesser experience in confronting the challenges that await us in the 21st century.

Can you preview the programming you are working on for DEF CON?

While the schedule of official DEF CON talks leaves policymakers somewhat wanting this year, the Villages will be the place to catch good policy content.

The Biohacking, ICS, and Aerospace Villages will have some good content. For instance, Department of Homeland Security (DHS) Cybersecurity Infrastructure Security Agency Director Chris Krebs and Food and Drug Administration Principal Deputy Commissioner of Food and Drugs Amy Abernethy will participate along with federal aviation officials and more.

The DEF CON Policy group will provide “curricula” that tries to capture some of the talks we think will best fit with policymakers.

What challenges and opportunities does “Safe Mode” pose for connecting D.C. and the hacker community?

Like all events, DEF CON loses the capability to draw so many people together in person in a common space. Yet this presents all events, especially DEF CON, with the ability to break the bonds of geography, physics, time, and economics that excluded so many voices from the conversation for so long.

This year will be an experiment. Or, really, a series of them conducted by the official conference and the many Villages, which are organized and hosted separately. For instance, the Car Hacking Village is setting up webcams pointed at cars around the world and inviting people to hack them remotely. The Biohacking Village figured out how to get a medical device maker to virtualize an MRI machine for security testing. And the Aerospace Village will allow participants to explore a VR world, with all manner of equipment digitally represented.

There are a lot of inside jokes at DEF CON. Do you have a favorite?

I don’t tell DEF CON jokes, after I was disqualified from the black badge raffle for violating the 3-2-1 rule at the pool on the roof with the world’s greatest hacker. Good thing DEF CON is cancelled.

DEF CON Policy Resources

  • Lost Policymaker’s Guide is a handy reference for the DEF CON beginner, to understand the culture and the place.
  • The schedule of official DEF CON talks, not including those from Villages or specifically designed for policy community. These will be cataloged and sent directly to those who register through the Policy Registration system.
  • Several of the Villages have released their schedules: the Biohacking VillageICS Village, and Aerospace Village have content that spans both highly technical and public policy level conversations. The Packet Hacking Village is much more hands-on technical, which could also be a helpful experience for policymakers.
  • DEF CON’s social platform this year will be Discord. If you haven’t used it before, there can be a steep learning curve. A member of the DEF CON community made a great Discord 101 video and we’re working on some shorter video explainers.