Friday, August 10th
Asking for a Friend
1:00 PM: KeynoteEthics for Security Practitioners
While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.
2:00 PM Accountability without accountability: A censorship measurement case study
Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.
3:00 PM Responsible Disclosure Panel
In today's climate of data breaches and information leaks, how do we in the infosec community disclose the vulnerabilities we discover responsibly? Who are we responsible to? Can we set a standard practice that is ethical, fair and effective? These and other questions will be discussed by some familiar faces on our Responsible Disclosure Panel.
4:00 PM Ethical Disclosure and the Reduction of Harm
How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.
5:30 PM Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research
Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.
6:30 PM Discussion
Saturday, August 11th
11:00 AM Ethics of Technology in Humanitarian and Disaster Response
How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.
1:00 PM Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space
When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.
3:00 PM Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)David Scott Lewis
“They don’t fear us.” This was General Nakasone’s response to Senator Sullivan’s remark that “we’re the world’s cyber punching bag” during Mr. Nakasone's confirmation hearings as NSA Director and USCYBERCOM Commander. This talk will present hack back as a form of offensive cyber going beyond active defense, persistent engagement, and the cyber kill chain, yet consistent with proposed legislation, and will put forth the claim that nextgen hack back will evolve into a hyperwar battlespace deterrent.Concerns such as attribution and escalation will be addressed, as will the potential role of AI, cybernetics, and quantum computing. A working framework for hack back will be presented – HBaaS/ADaaS (Hack Back-as-a-Service/Active Defense-as-a-Service), as will reasons why culture must play a key role in developing policy options.For illustrative purposes, China and Chinese culture will be examined in depth. This examination will begin with a look at China’s Mearsheimerian foreign relations practices, and will then review how Chinese culture and cultural norms should guide U.S. hack back policies specific to China.
5:00 PM Diversity and Equality in Infosec
As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.
6:00 PM Discussion