This column follows a lot of technology conferences during the year, documenting the highlights and key messages during or soon after the event is over. This is the first time a conference has been covered before it even happens.
The reason is that this particular meeting – the United States Cyber Crime Conference – is a former heavyweight event that died and has been reborn. It was previously run by the Department of Defense as the “DoD Cyber Crime Conference” starting in 2000 and was only for U.S. government officials. But when the government cut budgets severely in 2012, the conference got axed and no gathering was held last year.
A group of cybersecurity professionals, led by a retired special agent named Jim Christy, thought that was wrong. Events of the past year – from the NSA breach to the Target hacking – are testimony to how ill-advised the government’s decision really was. So they have resurrected the conference this year (to be held April 27 through May 2 in the Washington D.C. metro area) with a key new twist: rather than limiting attendees to government employees, they are throwing the doors open to all who wish to register, including the private sector and media.
The agenda currently posted on the conference website shows an impressive and lengthy array of speakers and topics. Keynote presentations are planned by Shawn Henry, former Executive Assistant Director at the FBI, and Mark Weatherford, Principal with the Chertoff Group (the same firm that employs former CIA Director, Michael Hayden). Session topics include the latest information covering online investigations, threats in the mobile device platform, and large scale data breaches. That’s just a small sample of what’s available. “Content matters,” says Christy. “This is not just a networking kind of conference.”
And, in a somewhat surprising development, a full day presentation on attack attribution is scheduled by Chet Uber, Director of Project Vigilant. His group, which has been extensively covered by this column in the past and generally operates well under the radar, has not made a public appearance since a 2010 news conference at Defcon in Las Vegas. At that event, Uber discussed his group’s involvement in the Wikileaks controversy and former U.S. intelligence analyst Bradley Manning.
That Christy would take the initiative to restart this kind of conference is not surprising. He has specialized in cybercrime investigations and digital forensics for nearly three decades and was the original case agent for the notorious “Hanover Hacker” case in 1986. In that crime, German hackers broke into Department of Defense computers and sold information to the Soviet KGB. The case and Christy himself became well-known after the best seller The Cuckoo’s Egg by Cliff Stoll came out.
Has anything really changed since the “Hanover Hacker” ran amok? “We are far worse today than we were in 1986,” says Christy.
Curiously, no one from the retail sector has signed up to either present or attend the conference. One would think that the massive vulnerability exposed by the Target credit card breach late last year would spur interest among retailers in protecting their systems. “We’re open if one of them wants to talk,” says Christy, but he adds that so far none of them have returned his calls.
The comprehensive agenda for this year’s Cyber Crime Conference underscores the rising complexity of the threats that confront not just the government, but anyone with a computer system today. “Everybody has a role to play in national security,” says Christy, who points out that any system can be turned into a bot used to attack others. Presumably, while a week-long gathering in the outskirts of the nation’s capital may not result in huge cybersecurity advances overnight, the education probably couldn't hurt, especially for the government.