Prepare for the worst, because that device is deadly

Presented at ToorCon San Diego 18 (2016), Oct. 16, 2016, 2:30 p.m. (20 minutes)

It has been 50 years since the biohazard warning trefoil was innovated. Inspired by but differing from the radiation warning trefoil created in 1946, each of these symbols, in the appropriate context, instills a sense of dread and doom to all who are near. Nobody desires to handle without extreme caution that which would cause them extreme harm. This is the case even though very few of us have had direct experience with the consequences of mishandling hazardous material. This talk is a call-to-arms. It is high time that we begin treating our soon-to-be terrifyingly-intelligent mechanical brethren with the same respect. During the last few decades warning symbols have become emblems of popular culture. In most instances of popular use, warning symbols are taken entirely out of context in a haphazard revelry of symbology misuse. We seem to delight in the dramatic juxtaposition of dire warnings in mundane contexts. The radiation trefoil on the computer laptop or the bedroom door of a teenager tells a very different story from the same symbol on a metallic canister in a research laboratory. This popularization and misuse is one of many reasons that we believe cyber threats demand their own warning symbol. Deadly software and infected hardware need uniquely identifiable markings. We believe that consistency and widespread adoption are key. It is insufficient to attempt reuse of traditional warning labels. The consequences of handling hazardous computational materials with insufficient or ambiguous labeling could be dire. In this talk we discuss the cultural, psychological, and practical basis of warning symbols and techniques to bring these ideas to bear on labeling and handling of malicious code and devices. We then present a set of prototype “trefoil” warning icons and discuss approaches for labeling, identifying, and safe handling of malicious material.


  • Sunny Fugate
    Sunny James Fugate is a Ph.D. computer scientist and research engineer with 14 years of experience working for the US Navy to develop novel computer and network defense technologies using artificial intelligence, machine learning, and game theory. Dr Fugate has performed advanced research and development in the fields of cognitive science, linguistics, gesture recognition and augmented reality, cybersecurity visualization, artificial intelligence and expert systems, predictive intrusion detection, randomized defenses against code-reuse attacks, binary mutation and program diversification, and novel approaches for pre-attentive learning of ambient cues and threat indicators. During his career, Dr Fugate has supported a number of different organizations including SPAWAR, US Cyber Command, DARPA, Defense Threat Reduction Agency, and the Office of Naval Research in creating, developing, and assessing new technologies for both defensive and offensive cyber operations. Dr Fugate has also had extensive experience working with both the operational staff of US Navy and Joint Forces commands and the research staff at numerous government organizations and agencies, each of whom perform everyday safe-handling of malicious media in both isolated and connected environments.

Similar Presentations: