Presented at
Black Hat USA 2022,
Aug. 11, 2022, 9 a.m.
(60 minutes).
When Stuxnet was discovered in 2010, it shone a light on vulnerabilities in critical infrastructure that few had noticed before. The security community, largely focused on IT networks, had its eyes opened to a vast sector it had previously ignored — the operational networks and industrial control systems that manage pipelines, railways, the electric grid, water treatment plants, manufacturing and so many other pivotal industries. Cybersecurity suddenly became inextricably linked to national security. But it shouldn’t have been a surprise to anyone.<br><br>Likewise, that same year, the Aurora campaign that hit Google, RSA and dozens of other companies, launched a new era of massive espionage and supply-chain hacks. Threat actors became more sophisticated, and their operations more consequential — witness the OPM hack, DNC breach, NotPetya and SolarWinds. But the growing sophistication of operations shouldn’t have been a surprise to anyone.<br><br>A lot has changed in cybersecurity in the years since BlackHat was founded and Stuxnet was discovered, and a lot of advancements have been made. Yet despite a multi-billion dollar security industry and increased government focus on threats, the world is still surprised when threat actors pivot to new, but often wholly predictable, directions.<br><br>There are few things that truly blindside us, however. The rest cast signals long before they occur. What happened with Colonial Pipeline was foreseeable, as was the growing threat of ransomware and the problems created by security issues with voting systems.<br><br>Today we are seeing new signals that portend what’s to come. We see them in Ukraine, we see them in Iran, and we see them in the U.S. At BlackHat’s 25-year mark, it’s important not only to look back at where we came from — but also where we are headed. There’s a lot of activity in cyberspace that heralds the latter. Is anyone paying attention?<br>
Presenters:
-
Kim Zetter
- Investigative Journalist,
Kim Zetter is an award-winning investigative journalist and author who has covered cybersecurity and national security for more than a decade, initially for WIRED, where she wrote for thirteen years, and more recently for the New York Times, Politico, Washington Post, Motherboard/Vice, The Verge and Yahoo News. She has been repeatedly voted one of the top ten security journalists in the country by security professionals and her journalism peers. She has broken numerous stories about NSA and FBI surveillance, the hacker underground, nation-state hacking, the Russian sabotage of Ukraine's power grid and its use of that country as a testing ground, and election security. She is considered one of the leading experts on the latter, and in 2018 authored a New York Times Magazine cover story on the crisis of election security. She also wrote an acclaimed book about cyberwarfare and Stuxnet -- Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon -- about the sophisticated virus/worm developed by the U.S. and Israel to covertly sabotage Iran's nuclear program. In addition to writing for other publications, she publishes a Substack newsletter called Zero Day, which features original stories on spies, digital espionage, hacks and surveillance.
Links:
Similar Presentations: