The Rise Of The Virtual Conference. Reflections On Black Hat Asia
Without a doubt, this year has been a different one; and one that I doubt anyone would have anticipated come January 1. While unquestionably COVID has been terrible for the world, it has created a virtual conference. Rather than canceling major events that would have gathered thousands of people together in an unsustainable and unsafe environment, many events successfully pivoted towards delivering the same conference content online.
A recent event was Black Hat Asia, which finished last Friday. Not the first Black Hat conference to be held virtually, they built upon the success of Black Hat USA to deliver a robust and engaging two days of thought, providing cybersecurity ideas and knowledge.
There were many fascinating speakers over those two days, and access to the virtual ‘trade show’ was a bit of a welcome relief to their real-world counterparts; you were able to drop in and view the information from the vendors you wanted without the hard sell from the sales engineer or booth staff.
The keynote speaker opening the event was Gaurav Keerthi (https://www.gauravkeerthi.com/), an ex Singapore Airforce pilot and current Deputy CEO of the Cyber Security Agency of Singapore (https://www.csa.gov.sg/). His session was a thought-provoking look at the state of cybersecurity as it impacts the world and society, not just the business enterprise. The analogy that Gaurav made in his talk was to compare the problems of cybersecurity today to the problems that the world had in the 1800s regarding the provision of safe drinking water in major city areas. Governments were aware that bad drinking water was a problem and guided the population to ensure they boiled water before drinking it. However, not everyone followed that advice and, as a result, diseases spread. The prevalence of these diseases meant that people who followed the advice of boiling their water were still at risk of catching it from those who didn’t.
While all good analogies only hold up so far, we can see some parallels when viewed in the context of cybersecurity.:
- Just like government advice on water sanitization in the 1800s, governments across the world have established, in one form or another, information centers and support for people and businesses on how to manage the cybersecurity threat.
- As with the guidance for the population to boil water before drinking in the 1800s, some people follow the advice on managing cybersecurity, and some do not.
Instead of seeing diseases, we see a cyber environment that is becoming more and more dangerous in which to exist and do business, often through no fault of the individual or the organization.
The problem that Gaurav attempted to highlight is the need to look at solutions that introduce the cybersecurity equivalent of a water filtration plant, not just those solutions left up to the individual to implement.
Gaurav also posed some provoking questions along with additional commentary:
- Would using cybersecurity be a public good or private good? In other words, should cybersecurity be provided like clean water for all, or should cybersecurity be a service that is to be purchased by the individual?
- Should users or vendors be responsible for cybersecurity? Should users expect computer systems to have good cybersecurity capabilities along the same lines that a user would expect a newly purchased car to have good brakes?
- Should cybersecurity be a policy or engineering problem? This question is basically asking if the cybersecurity solution is policy and legislation or better-designed systems?
- Should cybersecurity be seen as a cost or a benefit? Gaurav acknowledges that the answer to this question has changed positively over recent years in some areas but is still seen as a cost in others. Should we get to a stage where customers look to reward businesses with good cybersecurity habits and punish those who do not?
The general idea that Gaurav presented was that these questions all exist on a continuum, and, in general, determining the right position on that continuum is the goal.
While the virtual conference has provided numerous benefits in these difficult times, it does lose a little bit of the atmosphere of the large conference event. Certainly, the networking opportunities which are part of these events are more difficult to find. But, given the alternative of canceling these events and losing out on the days of knowledge and speakers entirely, the virtual conference is a very good substitute for the time, one that I hope continues to be an option, even with the return of face-to-face conferences.