Hearing the word “complexity” makes sense at Black Hat—an event with high-level presentations, like “Browser-Powered Desync Attacks” and “Automatic Protocol Reverse Engineering.” In comparison, the agenda’s morning coffee break feels shocking in its simplicity.
Plenty of Black Hat 2022 speakers spoke about the challenge of defending an increasingly complicated attack surface that includes critical infrastructure and an increasing quantity of smart devices and software. The complexity issue became an ongoing question, met with a range of optimism, pessimism, and uncertainty from some Las Vegas panelists.
Not what you want to hear. “We have a pathological need to connect things to the internet, seemingly,” former CISA director Chris Krebs said in his Day 1 keynote at Black Hat.
Krebs used some of his stage time to quote the book Neuromancer, because the sci-fi novel coined the term “cyberspace,” and described it with an ahead-of-its-time characterization—one that seems to sync up with today’s increasingly connected cars, homes, and wearables. “Unthinkable complexity,” wrote William Gibson, the book’s author, in 1984.
“We’re there right now,” according to Krebs. “I’ve asked people, ‘Do you really understand how the cloud works across the various hyperscale vendors? And how you interact with it? And what visibility you have?’ The answers aren’t always what you want to hear,” he told the crowd.
Despite the occasional, less-than-satisfactory response about cloud comprehension, Krebs admitted that the maturing industry is working to produce products and solve core problems in the infrastructure. “But is it happening at the pace we want it to? That we need it to?” he asked the room.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
No end in sight. The feeling of overwhelming complexity continued at the closing session of Black Hat with a panel featuring many of the event’s leading infosec pros and board members. The panelists discussed the intricate nature of today’s tech landscape, citing complicated libraries and code paths to third-party dependencies.
Natalie Silvanovich, team lead and security engineer at Google, had an optimistic take: “I think unnecessary complexity and systems makes them less secure. And over time, people are going to learn this and hopefully reduce the complexity to what’s necessary.”
Jeff Moss, Black Hat founder and a member on the closing panel, expressed uncertainty, posing this question to the crowd: “Who thinks that we’re on the path of ever increasing complexity with no end in sight?”
More than a few attendees raised their hands in agreement.
“I don’t think it means anything good,” Moss said. “Besides employment for life.”—BH
Do you work in IT or have information about your IT department you want to share? Email [email protected] or DM @BillyHurls on Twitter.