Crypto War II: Weakening the Infrastructure

COLUMBUS (February 10, 2015). Interhack Founder and cybersecurity expert C. Matthew Curtin will present at a MEMBERS-ONLY meeting of the Central Ohio InfraGard Members Alliance on Wednesday, March 25, 2015. Only current members of the InfraGard Members Alliance will be admitted to this a lively critique of recent public policy recommendations and presentation of Mr. Curtin's own recommendations for how to promote cybersecurity in the critical infrastructure of the United States. See www.cmhinfragard.org for details on confirming your membership status and to register.

Abstract

Security is fundamentally a product of two variables: the frequency of attack and the impact of attack. Federal government policy both in the original Crypto Wars of the 1990s and again twenty years later has been to reduce the frequency of attack. The strategy has been to improve the ability to monitor potential attackers, to predict attacks, and to prevent them from taking place. Promulgation of this strategy has resulted in DOJ officials making true-but-misleading statements to Congress, sabotage of Internet standards for cryptography, and ultimately systems that are vulnerable to snooping by attackers including foreign intelligence services. The President of the United States and the Prime Minister of the United Kingdom are now advocating that governments should have access to encrypted data.

Curtin believes that this approach will weaken the infrastructure of the United States, making our institutions and our citizens more vulnerable to enemies foreign and domestic.

In this talk Curtin proposes a superior approach that puts American resources, public and private, on the same team in reducing the impact of attack. He advocates the hardening of targets, recognizing that attacks will come, but will not succeed when good defenses are in place. Such defenses include the encryption of data in the Cloud and the use of tools and techniques that harden targets against monitoring, even by government agents.

The talk will be delivered by security and cryptography expert C. Matthew Curtin, a coordinator of the DESCHALL project that in 1997 cracked a message encrypted with the government standard DES for the first time in open research. The project's success immediately changed the debate in Congress, a change in executive policy regarding the export of strong cryptography, and the adoption of a replacement for the now-defunct DES.

About Interhack

Interhack is a computer expert firm based in Columbus, Ohio, with a national practice that covers cybersecurity, data breach response, incident management, and security assessment. The firm's experts are often engaged in litigation to help attorneys, judges, and juries make sense of complex technology. Founded in 2000, Interhack is on the web at web.interhack.com.