navigation-background arrow-down-circle Reply Icon Show More Heart Delete Icon wiki-circle wiki-square wiki arrow-up-circle add-circle add-square add arrow-down arrow-left arrow-right arrow-up calendar-circle chat-bubble-2 chat-bubble check-circle check close contact-us credit-card drag menu email embed facebook-circle snapchat-circle facebook-square facebook faq-circle faq film gear google-circle google-square googleplus history home instagram-circle instagram-square instagram linkedin-circle linkedin-square linkedin load monitor Video Player Play Icon person pinterest-circle pinterest-square pinterest play readlist remove-circle remove-square remove search share share2 sign-out star trailer trash twitter-circle twitter-square twitter youtube-circle youtube-square youtube

Lesson from Black Hat: Cyber pros far from trusting feds

August 11, 2015 (Photo Credit: Alan Lessig/Staff)

"I'm from the government and I'm here to help," Alejandro Mayorkas, deputy secretary at the Department of Homeland Security, told hackers and cybersecurity professionals half ironically during a keynote at this year's Black Hat conference.

Mayorkas was acknowledging the sentiment felt by many in the room, channeling Ronald Reagan's famous line about the "nine most terrifying words in the English language."

But he also meant it honestly.

More: Closing 'trust deficit' between industry, government

A major focus of DHS's mission is helping protect American people and corporations in cyberspace. One of the administration's prime initiatives in that direction is information sharing between government and industry, which Mayorkas was stumping for at Black Hat.

Not everyone was ready to jump on board.

"I'm just a little bothered with you saying just trust us, trust us with your data," an audience member said during the Q&A. "The government can't maintain security of even the military, the White House, the Department of Homeland Security … When you say just trust us with your data, it's hard for me to let go of that."

Similarly, during a talk on how the Justice Department prosecutes under the Computer Fraud and Abuse Act, special counsel to the Computer Crime and Intellectual Property Section Leonard Bailey said he expected the first question to be about Aaron Swartz, a researcher and hackivist who committed suicide while under indictment in 2013.

Bailey said Swartz's death was a tragedy but stood by DOJ's prosecution.

More: DOJ official draws line between cyber crime, legitimate research

While acknowledging the "trust deficit," Mayorkas was also realistic about the path forward.

"The best way to tackle a trust deficit is to build trust," he said. "That is not an overnight process. It may very well be an incremental process but it has to start somewhere. We ask that we be given the opportunity to bridge whatever trust deficit exists — let's start somewhere."

While the government might want the hacker and cybersecurity communities to make the first move, that's not likely to happen without an overture from feds first.

These communities are well ahead of government right now in their understanding of and ability to deal with the threat, and will be for the foreseeable future. If DHS and others hope to be able to secure cyberspace, they will have to find a way to build trust in a community built on trusting no one, still wary of past transgressions.

Next Article