Cyber-Security Failure Brings Societal Risks: Black Hat Researchers

The IT industry and connected device makers have to become more ambitious and strategic about building strong security into their software and hardware, say security researchers at the Black Hat 2018 conference. The message was clear at this year's Black Hat conference: The "culture," for lack of a better term, of security must change, or society faces living in a world of perpetual cyber-risk.  "We need to be more ambitious, strategic and collaborative in our approach to defense," said keynote speaker Parisa Tabriz, director of engineering at Google. "We have to stop playing whack-a-mole." She was mostly referring the way enterprises and the IT industry in general approach security bugs. But the problem goes deeper than that, according to some speakers here, and extends the scope of the problem to potentially any vendor that makes and sells connected devices or writes for software them. Researchers demonstrated the ability to hack into a number of devices, which is nothing new, but these days more critical systems are being hacked, including commodity hardware controllers for SCADA (Supervisory Control and Data Acquisition) systems and Industrial Control Systems (ICS), as well as medical devices such as insulin pumps and pacemaker controllers.