Better Policies for Better Lives: Hacker Input to international policy challenges

Presented at DEF CON 30 (2022), Aug. 14, 2022, 10 a.m. (105 minutes)

Every year, delivering effective cyber security policies becomes more urgent, and more complicated. These challenges are becoming more international. Just thinking about product security for IoT; consumers are buying more smart products through online marketplaces, supply chains are becoming more complex and overly reliant on online marketplaces , that often exist outside of the remit for existing legislation. Meanwhile, the vast majority of consumers simply don’t know what to look for to assess security. The problem isn’t just security, but it is one of market failure. In the policy space, it also feels like there is a market failure at play. Security researchers want to feed into policy makers’ approaches, and civil servants (many of whom are generalists) need technical experts to help them assess lobbying and design proportionate plans. The OECD exists to promote ‘better policies for better lives’. We support civil servants around the world, and would like to offer opportunities for the security research community to feed in at a broader scale. This will be a working session, with a particular focus on product security (including IoT) and the challenges facing the security research community in the handling of vulnerabilities.

Presenters:

• Peter Stephens - Policy Advisor for CyberSecurity, Organisation for Economic Co-operation and Development (OECD)

Links:

• https://forum.defcon.org/node/242797

Similar Presentations:

• TROOPERS18 (2018) / IoT Security - A Joint Responsibility
• THOTCON 0xB (2021) Rescheduled / The Year of the Vulnerability Disclosure Policy
• ToorCon San Diego 19 (2017) / Dynamic whitelisting and security policy automation - pipe-dream or not?