The Rise of Hackers as Government Allies

Policy Feds to hackers in Vegas: help us, you’re our only hope

Introduction

The annual gathering of cybersecurity researchers and industry executives known as “hacker summer camp” took place in Las Vegas, Nevada, this year. At the conferences, which included BSides Las Vegas, Black Hat, and DEF CON, federal officials were a common sight. The federal government made a significant effort to engage with the hacking community, seeking assistance and collaboration to address cybersecurity challenges. This article explores the government‘s involvement in hacker summer camp, the requests it made to hackers, and the reactions from both sides.

The Increasing Presence of Federal Officials

In the early years of hacker summer camp, federal officials were few and far between. Attendees would play a game of “spot the fed” at DEF CON, as they were a rarity at the event. However, this year, federal officials were everywhere, hosting workshops, presenting on stage, and participating in hackathons. The White House even conducted its own red-teaming exercise at DEF CON. Approximately 75 global policymakers, including high-ranking officials like Secretary of Homeland Security Alejandro Mayorkas and Acting National Cyber Director Kemba Walden, were in attendance.

A Call for Help from Hackers

During the conferences, federal officials repeatedly expressed their need for assistance from the hacking community. Secretary Mayorkas emphasized how hackers see things that government officials do not and discover insights that they miss. He stressed the importance of hackers‘ help in addressing cybersecurity challenges effectively. Walden echoed Mayorkas’ sentiments, highlighting that their presence at DEF CON was to gather strategic cybersecurity advice for the President. Both officials acknowledged that hackers had unique expertise and perspectives that were valuable in shaping government policy.

Pursuit of Collaborative Efforts

The request for hackers‘ assistance was not merely theoretical. At DEF CON, officials from the Office of the National Cyber Director (ONCD) and the Cybersecurity and Infrastructure Security Agency (CISA) held a “red-pen workshop” on a draft policy document concerning secure by design guidelines. This workshop exemplified the government‘s efforts to seek input and collaboration from the hacking community. Additionally, the ONCD announced a request for information on securing open source security at Black Hat, emphasizing the need for feedback from hackers to shape effective policies. The Transportation Security Administration (TSA) also launched a research program called CHARIOT (Critical Infrastructure Hardening to Achieve Risk Reduction in Information and Operating Technology) at DEF CON, with the aim of starting an ongoing dialogue with the hacker community.

Government‘s Cybersecurity Challenges

The federal government‘s pursuit of collaboration with hackers highlights its recognition of its cybersecurity shortcomings. A recent White House memo revealed that many federal agencies are failing to adhere to executive orders on cybersecurity standards, leaving the U.S. government vulnerable to cyber intrusions. National security adviser Jake Sullivan emphasized the administration’s focus on strengthening cybersecurity in critical sectors and its commitment to securing cyber defenses. The involvement of federal officials at hacker summer camp can be seen as part of this broader effort.

A Changing Landscape

While the government‘s presence at hacker summer camp was welcomed by some, others expressed concerns about the changing nature of the event. Cybersecurity journalist Kim Zetter noted that DEF CON has transformed from a community event to a government-dominated gathering. The policy and voting villages, once spaces for open discussions, have become occupied by government and corporate representatives. Some longtime attendees have felt excluded or overlooked. This shift reflects both the evolution of the cybersecurity industry and the increasing importance of cybersecurity in government policies.

Editorial – A Balancing Act between Collaboration and Independence

The involvement of federal officials in hacker summer camp raises questions about the balance between collaboration and independence for the hacking community. While government participation provides an opportunity for hackers to contribute their expertise to policy discussions and shape cybersecurity efforts, it raises concerns about potential co-option and the dilution of the community’s independent spirit. As hacker summer camp continues to evolve, it is essential to preserve the event’s inclusive nature, ensuring that diverse voices are heard and respected.

Advice – Strengthening the Relationship

For the hacking community and the federal government to establish a mutually beneficial relationship, open and transparent communication channels must be developed and maintained. Federal officials should actively seek input from the hacking community and be receptive to their expertise. Likewise, hackers should engage with policymakers and contribute constructively to policy discussions without compromising their independent perspectives. By working together, hackers and the government can enhance cybersecurity efforts and address complex challenges more effectively. However, it is vital that each side maintains their integrity and safeguards against undue influence or co-option.