Five things to watch for at Black Hat USA this year

When the latest edition of Black Hat USA kicks off in Las Vegas next week, it will find itself deep in the swirl of nation-state election tampering, with top security administrator’s gathering jointly in the White House press room to underscore the dangers of Russian cybermeddling while President Trump dismisses it all as wing-flapping.

Black Hat’s sessions have a way of morphing as they unfold onsite so that they speak to whatever news is breaking at the moment, and no doubt this will happen as the week progresses. But at the moment, you’d be forgiven it you took a look at the program and came away thinking that this larger cultural moment was being ignored. There’s a talk on norms in cyberdiplomacy (apparently there are some) and one on attribution (that perennial hobgoblin), but this isn’t one of those years where the head of the National Security Agency has come to take a drubbing on the big stage.

Also not much on the main program: cloud security. There’s that session you’ve come to expect on some new aspect of AWS credential compromise, but it’s pretty sparse otherwise. It remains to be seen whether this is because there’s a general stalemate in cloud attacks for the time being or whether the larger truth is that now it’s all cloud, so why even use the word.

What’s actually heavy on the program, then? Here are five areas that should prove interesting:

1. Artificial intelligence for bad people.You knew hackers were going to use machine learning, right? Sessions like “Deep learning for side-channel analysis” and “Deep neural networks for hackers” should drum up some discussions in the hallways. And however bad it winds up looking, there’s little doubt that this is a horse that has already left the barn.
2. The workaday breaking of things. Black Hat has always been a gathering where researchers tell IT folks how things can be skewered and compromised. This year carries on that proud tradition, with roughly half of sessions describing the milking either of control or of sensitive data from various applications or devices. It doesn’t appear there’s a particular pattern here with a thick new seam of vulnerability opening up. If there’s a generalization to be had, it’s that breaks making it into sessions these days lean toward complexity. A Japanese wirelessSD card will be reverse engineered. CPU caches will be ransacked. Parsers will be snipped. Nothing seems, so far, to have the big media flare of jackpotting an ATM or driving a Jeep off the road while the driver squeals for mercy. But you never can tell.
3. Serious focus on the infosec community’s issues.There’s a track dedicated to tackle the issues that, frankly, most conferences don’t touch except with gallows humor asides. Topics include suicide, PTSD, addiction, dealing with sexual assault and closing the gender gap in the profession. It’s a strong move on Black Hat’s part.
4. Spectre/Meltdown. There’s a talk that an insider friend tells me really will sort out why things got a little weird when word of the Meltdown vulnerability came out back in January. As the conference program has it, the speakers will “focus on the developments after the disclosure of Meltdown.” They’ll talk about “yet undisclosed attacks, including combinations of Meltdown and Spectre.” If you go for geeky content, this is your session (see you there).
5. Industrial control systems. There are well-nigh 20 presentations just in the main program that deal with cars, planes and factories. There’s an “ICS firewall deep dive” that might be viewed as a core look at what the industrial world has in the way of conventional protections at the moment. Then there will be the customary breaking of things.

There will once again be a split between what’s important in the exhibit hall and most of what’s going on in the main conference session rooms. The sessions are about tools and attacks, but out on the sales floor, what vendors are beginning to grapple with are the several large changes in IT as a whole. These changes include IoT edge architectures, software-defined everything, and microservice application architectures and converged data centers changing traffic patterns within the enterprise so fundamentally that firewalls and intrusion detection are failing on the fundamentals—and trying to make sense within the new paradigms. Things on the show floor could be pretty interesting this year, even if that’s not the traditional hot spot at Black Hat.