IATC - Introduction to IATC Day Two

welcome to day two of the I am the Cavalry track 10th edition once again try if you weren't here yesterday say happy birthday happy all right um if you weren't here yesterday uh I'm going to briefly frame what's coming today before handing it over to our uh British colleagues um I'm Josh Corman I'm one of the founders of IM the cavalary from August first 10 years ago um the idea is our dependence on connected technology is growing faster in our ability to secure it in areas affecting Public Safety human life economic and National Security and we've been trying to change the world with the Coalition of the Willing uh on wherever bits and bites meet Flesh and Blood

today's edition um just to outline the flow is larger chunks than yesterday um the first of which is the British are coming um and they've been uh gracious enough to take that cheeky framing um where uh we don't just do us policy we have had a lot of US policy makers but we've been working internationally and some of our best successes have been on basic iot cyber security hygiene uh and we wanted to continue that work um in a working session in a listening session which will be next um number two um I'm really uh emotionally looking forward to Dr Suzanne Schwarz from the US Food and Drug Administration uh who regulates Medical devices has been the most

courageous creative gubby hacker teammate we could have ever hoped for and we've move mountains with her brave leadership and her team's Brave leadership so we're going to do some Reflections on a decade of saving lives um how she met us what her apprehensions were how gobbies want to be spoken to what they're afraid of so that if you want to change the world in the future the first half is kind of her Reflections on a decade of change followed by extracting these into repeatable lessons and blueprints and road maps for how you might do the same uh with or without us uh and she'll have some special Super Friends joining in that chorus and discussion and then lastly um after the

Break um what do we call it a hacker's guide to changing the world um when we were reflecting on if we were to make a a recipe book or a blueprint or a road map for how um effective movements can happen that don't take N9 or 10 years to get some results if you could compress those things for the things that didn't didn't work what were some of the core beliefs or practices or schools of thought that influenced and affected those outcomes so little bit to kind of give you signposts to things that you could go study up on but also it could be one of the potential futures of the Cavalry going forward is maybe a Cavalry Academy

or an incubator an accelerator for plural change the world movements we've already mentioned a few and we might want to turn into a boot camp so if it took us 10 years to do the things we mentioned yesterday you know how do you make those happen in three or five um and how do we make it so that more people could do it without having to you know jump into the government occasionally so the flow again is we're going to start with the British are coming it's followed by a really deep dive on the successes with healthc care and the Food and Drug Administration to be extracted into lessons and then maybe a boot camp um and probably it's going

to quickly turn into a discussion from you as to what you think we should do and maybe who's willing and able to help um before we completely transition um one of the most um pivotal pre-launch teammates was Professor Andrea mats law professor she's been coming to Defcon for God knows how long but I think I met her when I started researching the rise of activism and Anonymous so probably around around de Defcon 16 or so 17 no that would have been 18 um but she's been coming longer um she has very different perspectives than we do but was pivotal and if you've ever heard me talk about the kyoga river Burning uh that's from her um and she

gave me a lot of encouragement at talk conon and everything in the buildup um and continues to be a pretty good Ally and if you like the fact that research has been largely decriminalized you got to thank her uh she knew how to formerly petition the Library of Congress for uh dmca research exemptions which were temporary and then we made advocacy to make them permanent so it does take a village to raise that child but she played instrumental roles often and is often the voice saying that if we don't somehow professionalize ourselves in some way shape or form to separate charlatans from good faith actors it may be done for us um so she gave me a

couple of minutes of remarks and as one one of the founding lights and brains and complimentary skill sets in our team of Avengers bless you um I wanted to quickly play an address from her that I didn't get to put in yesterday hi I'm Andrea matrician I'm a professor at Penn State in the law school and in the engineering school I've had the pleasure of watching the Cavalry grow during the last 10 years and I'd like to really congratulate Josh and everyone who's contributed to this worthy effort every little bit helps to make us safer so so I'll share two quick stories one involves a great dinner with some interesting early conversations around software safety and the possible

collaboration to a greater extent of the hacker community and Government after Thon in 2013 in Chicago and there may or may not have been a really unusually large boot of half for Shore beer involved but some of those thoughts then ultimately made it into the dery con meeting where the founding principles of the Cavalry were sort of gelled together and the first groups started work at that meeting I shared the story of the kyoga river a river in Ohio that was literally on fire and galvanized different groups in society to push President Nixon to pass cira the Clean Air Act and the Clean Water Act as well as create the Environmental Protection Agency and so it was because of this

River being on fire that we ultimately ended up with one of the most aggressive legal regimes around environmental law and our environment though not perfect is significantly better than it would have otherwise been and the kyoga river became usable again so that's where I saw us heading and I think it's still where I see us heading but for the second decade of the calvalry I'd like to share another story this is a story of two dams one happy one not happy at all in 1928 the St Francis Dam collapsed killing hundreds of people it collapsed because of shotty engineering a lack of Maintenance the ignoring of reports of third parties who were trying to avoid a

disaster and the absence of robust engineering standards inside the engineering community and deficit of legal liability for failures to take due care in the way that engineering projects were being built in the wake of this tragedy of hundreds of people dying because of shotti engineering the engineering profession stepped up started self-regulating and started engaging in rigorous peer review also liability was imposed so by the time the Hoover dam was built built just a few years later the process of engineering looked completely different and the public had faith in the Hoover Dam and in engineering again so there's a model that we may want to think about as we enter the next decade of software and system

security and I hope the Cavalry will continue to do good work and thanks for letting me be part of today all right thank you Andrea and again the the spelling is difficult for pronunciation but just say mat mat like tissue uh so Andrea has been amazing and kitschy and wrote um a seminal legal brief called the internet of bodies um not so much that bits and bites can lead to loss of life which it does include but also just as we increasingly become cyborgs do you even own your images in your rental scan or can they shut off the lease and the support on your uh bionic arm so uh her her belief when we

met was if you could hack the legal journals then when there is case law that comes to the courts and they search for these things they're going to find things that we helped write there's lots of ways to be a hacker and she continues to impress and Amaze U both training her students running the pilot lab for iot but also um hacking the Lexicon and IL legal body of work uh that could be brought to bear to introduce things like liability so um controversial topics but um a lot of these Concepts made their way into the president's National cyber security strategy earlier um so uh again uh thank you if you're watching Andrea and uh shortly I will welcome to the

stage our next thing but if you just got in the room today's flow will be the British are coming a conversation about engaging us for good ideas on some some policy they're considering number two will be Reflections on a decade of saving lives with the Food and Drug Administration uh with Suzanne her amazing team and recipes for how to repeat that and then after the break or in the afternoon we're going to do a hacker guide to changing the world so thank you for being here I'm going to transition now to our next panel