author photo
By SecureWorld News Team
Thu | Sep 29, 2016 | 12:35 PM PDT

SecureWorld Dallas ended on a beautifully sunny day in eastern Texas after two days of informative sessions and classes had taken place. With speakers from a wide variety of fields who flew in from all different parts of the country, everything from career advancement to business email compromise in the FBI was covered. Here's a brief summary of some of the things we learned:

Exchanging Cyber Intelligence

TruSTAR Co-Founder and CEO Paul Kurtz led the opening keynote session on how to lead through transitions. He points out that some transitions are irreversible - it would be like going back to relying on the Encyclopedia Britannica after Google came out. Because the internet is changing so rapidly and has become so complex, "it's exceptionally hard for governments to keep up," Kurtz says. "We have constant connections and constant threats," he adds. So what are security firms supposed to do? He advocates for the use of an active intel exchange system to protect against unwanted exposure with immediate ROI to incentivize early use throughout the company. The only way we are going to be able to keep up with current threats is to work together and actively communicate.

Examining Digital Forensic Evidence

An active session by Chuck Easttom, a consultant, author and computer scientist, discussed how to examine evidence in court using graph theory. There are three elements of a crime that are normally looked at, he explained, but a fourth needs to be added when looking at cybercrime. Motive, means, and opportunity are all normally addressed in court, but it is especially important to consider exculpatory evidence. Just because someone is a skilled computer hacker doesn't mean they have the skills necessary to pull off this particular attack you're examining. And while a geographical alibi doesn't cut in this day and age of hacking, an alibi in which you were clearly away from a computer and occupied with another task is important to consider. Using graph theory to plot out all these different sources of evidence is helpful in a cybercrime case, because it gives a jury a visual representation of very complicated data, and weighs the likelihood of each scenario.

The State of SCADA

Senior Threat Researcher, Kyle Wilhoit, from Trend Micro led the lunch keynote showcasing his own research about the state of internet-connected SCADA devices. He went over the who, what, where, when, why, and how attacks are happening through these environments, as well as steps to prevent attack. The good news, he points out, is that, "a lot of hackers, based on what we've seen in these environments, really don't know what they are doing". They hack in, run their script, and then move on to another victim. However, it's important from a security standpoint not to put all of your eggs in one basket. "It has failed every time I've gone into an environment," Wilhoit says. He also recommends 'honey-potting' or setting traps to catch attackers who are potentially laterally moving across environments. 

Thanks to everyone who made it to SecureWorld Dallas. If you’re looking for an event near you, please visit our Events page and register today.

Comments