Friday, September 13, 2013

HTCIA International 2013 - The Leading and Trailing Edge of Technology

In the security industry, we pride ourselves on having some of the best minds in technology, with cutting edge gear and techniques always on display. The perpetual arms race between offense and defense is just that – perpetual – but those who say that criminals are overwhelmingly winning are only partially correct. The HTCIA (High Technology Investigation Assn,) International conference this week showcased some of the most cutting edge technology, tools and techniques that could potentially shift the balance of power back towards middle against the criminal element.

There is a problem with this, because even as technology, tools, and techniques move forward at a blistering pace the trailing wave is still significantly behind. What I mean by this, is that there is an atypical distribution here on the technology adoption curve. Whereas you would expect to see a bell curve heavily concentrated in the middle, and thinning to either extreme, I think ( and this is a personal opinion formed from observation ) that the highest concentration of the curve is shifted towards the back – the laggards – of the technology adoption curve.

When you account for enterprise, law enforcement (LEOs), and government combined on the defense it becomes clear that the technology, tools, and techniques that are ‘cutting edge’ are slow to being adopted for a number of reasons. Awareness seems to be the biggest stumbling block, while budget and capability round out the top 3 reasons. Many of the folks that attended ( or should have attended ) the conference this past week, the ones who are most apt to get the maximum benefit from rapid advancements in technology, weren’t even here… or worse were physically here but missed many of the worthwhile sessions. Towards the middle of day 3 we saw the typical 1/3 of the audience that were there on day 1 evaporate. You can’t even blame it on good weather and Las Vegas because it was ugly, rainy and gloomy. So what was the issue? Honestly I don’t know… I do see it in the technology industry ( specifically security ) all the time though. No one wants to speak at the end of the day, the beginning of the 2nd and 3rd days, or on the 3rd day at all because people bail out, tune out, or end up nursing hangovers from the parties that happen. This is a sad commentary on these types of events in general – but it’s the reality. The ones who were here, were generally wide-eyed as if they had never heard of some of these things before. I know much of this gets published in journals, papers, blogs and sometimes tweets – but it somehow doesn’t make it down to the practitioners. There is just a general lack of awareness of some of the advancements in the industry – and this is unfortunate. As a community the security industry and the high-tech anti-crime community need to do a better job of getting together more than once a year.

Another issue I see is budget. Lots of the LEOs that were here, and even the enterprise folks, made it clear that while the things they saw were excellent unless they were cheap or open-source they weren’t going to be affordable. You can blame your government’s ineptitude to appropriate funding for that one in part, and just general lack of budget allocation for high-tech solutions. I could go on and on about budget but this is a problem all around the industry broadly in security – so let’s not flog a dead horse any further.

The 3rd reason for the disproportionate lag in the industry, to me, is just a general lack of capability. In the law enforcement sector the transition from physical investigations to cyber has been slow and painful. Training has been sparse and heavily vendor-centric at times which doesn’t help. There was also a murmur in the halls and an almost unspoken sense in many of the talks that there just weren’t enough people to staff these high-technology criminal investigations. DFIR (Digital Forensics and Incident Response) people are rarely available…and they’re expensive. Affording a good investigator or incident responder is difficult in most Law Enforcement capacities, and even worse in smaller enterprises. Even in bigger enterprise the few DFIR specialists that can be hired quickly get overwhelmed. This is a problem now, and will continue to be a problem in the future – and a major reason why it is largely true that the bad guys are beating us.

The conference was great, and I encourage you – if you’re in investigations and high-tech anti-crime – to attend next year or join your local HTCIA chapter. These types of associations and organizations need your support, your expertise, and your mentorship to help shift the balance of power close to the middle of the teeter-totter, and improve the general state of the industry. Get involved, contribute your skills, and bring others in. This is how we will collectively raise the bar and help push the bell in the curve towards the shape if should be, rather than a simple large trailing wave.

No comments: