Jeff Moss, founder of the Black Hat and DEF CON conferences, speaks at Black Hat USA 2017 in Las Vegas, the United States, on July 26, 2017. (Xinhua/Guo Shuang)
by Xinhua writer Guo Shuang
LAS VEGAS, the United States, July 29 (Xinhua) -- During the past 20 years since the first Black Hat conference in 1997, the security community, tech industry and the world have been on a wild ride.
No doubt, a sea of new technologies and services will rock our world over the next 20 years, which means there will be much more to protect than just computers.
Most conference goers think the world's top computer security conference acts as a "crystal ball" illustrating future trends. So when the "Hacker Summer Camp" celebrates its 20th anniversary here this week, it may be the right time to think about the question -- could we be safer in 2038?
Facebook Chief Security Officer Alex Stamos gives a keynote speech at Black Hat USA 2017 in Las Vegas, the United States, on July 26, 2017. (Xinhua/Guo Shuang)
The summer of 1997 was marked by many historical events: the Pathfinder probe landed on the surface of Mars, and IBM's Deep Blue defeated Garry Kasparov, the first time a computer beat a world champion in a chess match.
The first Black Hat was also created in that summer. At that time, there weren't a lot of jobs in information security, according to the conference founder Jeff Moss, aka The Dark Tangent, who also started another "Hacker Summer Camp" DEFCON, which celebrates here its 25th anniversary this week.
Moss reflected on the early days of the event in his keynote speech this week at Black Hat USA 2017, saying the first conference speaker list was largely just his friends.
Today, the computer security conference provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world, bringing in over 9,000 attendees from more than 80 countries this year.
However, the harsh reality today, many cybersecurity experts believe, is that the security community hasn't kept pace with the importance of technology in our society, even as the stakes have grown higher than ever.
The industry is still in its infancy. Moss noted in his speech that the conference isn't even old enough to drink in Las Vegas yet.
"I don' t think we are living up to our potential yet, and some of this is due to deep-seated facets of information security culture," Alex Stamos, Chief Security Officer of Facebook, said in the keynote speech at the event.
Stamos pointed out many gaps he observed: the security community pays more attention to complex problems, but ignores actual human harm; people in the industry "punish imperfect solutions in an imperfect world;" the community doesn't engage the world effectively.
"We're really at the edge of something. I can't tell you what but I know it's the edge," Moss said at the event.
Security expert Ping Look reflects on the early days of the event in a presentation at Black Hat USA 2017 in Las Vegas, the United States, on July 25, 2017. (Xinhua/Guo Shuang)
It's hard to imagine exactly what the information security world would look like in 2038. What can be certain is that threats in cyberspace are increasing.
The 2038 Unix Millennium bug that will drive industry worry on par with Y2K, major shifts in the way security community deals with Internet of Things devices, cryptocurrency, SSL encryption and national security, Mikko Hypponen, a cyber war veteran and the Chief Research Officer of F-Secure pointed out in a presentation at the event.
Among so many threats to all of us, "I am still really concerned about the scale of botnets," Moss told Xinhua. "And the Internet of Things would be the catalyst for software liability," he added. A botnet is a network of infected machines that allow hackers to take control of several computers at a time.
Cyber security has no border. However, there are still lots of challenges for cooperating across different communities when addressing issues of international security and cyberspace. "The international cooperation" is very important, Moss told Xinhua.
Hypponen predicted many upcoming developments: cryptocurrency is dramatically changing the landscape related to how law enforcement will chase the bad guys and follow the money; quantum computing is reaching a point where in the very near future it may pose a threat to SSL encryption; humans are also facing greater risks with the rise of IoT devices.
"In 2009, we didn't even have the Internet of Things ... of course, it's huge now, every device can be connected ... it's in every home," Ping Look, often referred at Black Hat to as the Ping of Death aka "The One You Don't Want to Piss Off (or you will die)", told Xinhua. "The Internet of Things is probably the fastest growing verticle within the information cyber industry right now", she added.
"Our work is not to secure computers, but our work is to secure society," security researcher Hypponen said.
Photo taken on July 25, 2017 shows Black Hat USA 2017 in Las Vegas, the United States. (Xinhua/Guo Shuang)
IS IT TOO EARLY?
"2038 is way off in the future. People think we have plenty of time to fix it, but I will guarantee you we will run out of time," Hypponen warned.
Over the next 20 years, "people and technology will play key roles to make the world safer," Qing Yang, the director of UnicornTeam and Radio Security Research Department at 360 Technology, told Xinhua. "The role of security professionals will rise in dramatic importance," he added.
In security expert Ping's opinion, "public awareness" is a major step to make us more secure in the future and people should understand the safety risks associated with connected devices.
Also, when addressing issues of war and peace in cyberspace, many experts with backgrounds in information security, Internet governance, diplomacy, international relations and law enforcement shared their opinions, stressing the importance of communities in cooperating outside of their own silos.
To address those gaps mentioned earlier and fulfill the responsibilities of security people, Facebook CSO Stamos said the community needs to focus on defense and diversity.
In his view, good defense comes from understanding offense. And secondly, the security community needs more diverse people, backgrounds, and thoughts to live up to its potential. Stamos said he has already seen some signs of a movement toward more empathy in security.
"I am optimistic," Stamos said, "I figure we'll do better this time than it taking the next 20 years."