Bruce McConnell is making his second trip to DEF CON in early August. Normally, that wouldn't be news. But as one of the U.S. federal government's top cybersecurity policymakers - he's acting deputy undersecretary for cybersecurity at the Department of Homeland Security - McConnell seems to be the exact type of person the founder of the hackers' conference encourages to not attend this year's event.
See Also: Ransomware: The Look at Future Trends
DEF CON founder Jeff Moss, in a posting last week under his nom de plume The Dark Tangent, writes: "When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend DEF CON this year. This will give everybody time to think about how we got here, and what comes next"
'I've been going to DC for 15 years as a member of the military, a defense contractor, a state government employee, a private sector guy and a fed. I wouldn't miss it.' - Mark Weatherford
Moss was referring the disclosure by former National Security Agency contractor Edward Snowden of NSA secret programs to gather information from Americans' telephone and online communications [see Earning Trust in NSA Intel Gathering].
The DEF CON founder tells the Reuters news service that the move is designed to defuse tension. "We are not going on a witch hunt or checking IDs and kicking people out," Moss says.
McConnell says he checked with DEF CON and was told he's still invited to participate in a panel titled "The Policy Wonk Lounge," which also includes one other current federal government official, Energy Department Chief Information Officer Robert Brese.
Joining McConnell and Brese on the panel are four former federal government and military IT security experts, including McConnell's predecessor, Mark Weatherford, who left DHS this spring.
It's Weatherford's umpteenth visit to DEF COM. "Yes, I'm still going," Weatherford tells me. "I've been going to DC for 15 years (give or take a couple) as a member of the military, a defense contractor, a state government employee (he's the former chief information security officer of the states of California and Colorado), a private sector guy and a fed. I wouldn't miss it."
Nor should he or McConnell avoid DEF CON. True, Moss' and others' anger over the NSA e-spying programs as well as their feelings of betrayal are understandable. After all, a year earlier the head of the NSA, Keith Alexander - looking more like a hacker dressed in a t-shirt and jeans than the four-star Army general he is - delivered a keynote address at the event. Alexander, by the way, is a keynote speaker this year at Black Hat, a competing hackers' conference.
One wonders if the "time-out" for federal employees has more to do with the embarrassment of having had Alexander as a keynote speaker than a need for a cooling off period. It's better to confront those you have disagreements with than to avoid them. Letting the feds know how you feel and explaining why might help in getting them to change their policies. DEF CON leaders are in a unique position: They have access to the government's top IT security policymakers, and they should challenge them with their discontent, not ignore them. At the least, it could prove cathartic.