At Black Hat 2017, an industry hits a milestone and finds new directions

Long a conference that has thrived on technical sophistication and nuanced attacks, Black Hat USA 2017 in Las Vegas also found room for softer themes.

LAS VEGAS -- Having arrived at its 20th year in Las Vegas, Black Hat USA 2017 is struggling with creating a new maturity in the security industry at the same time that it is, in a sense, starting over in the still relatively greenfield arena of securing firmware and hardware components.

In the opening keynote, Facebook CSO Alex Stamos pointed out that the field was still relatively young -- "Black Hat isn't old enough to buy alcohol in Nevada," he said -- but recent events had resulted in it finally having the world's attention. He exhorted the industry to expand its focus to include not just sophisticated attacks of the sort that have made Black Hat newsworthy over the years, but also a search for solutions to the far more common and less sophisticated forms of attack and abuse that are often viewed as outside the purview of IT security professionals.

Several elements of the Black Hat 2017 program lined up nicely with the notion of greater maturity in the security community, with sessions addressing "Challenges of cooperation across cyberspace," a session comparing educational curricula to accreditations and industry needs, and a handful of special sessions on diversity and mentoring.

For the most part, however, the Black Hat 2017 program reflected further shifts from traditional desktop and server attacks to grappling with hardware and firmware threat vectors. Sessions were scheduled to discuss attacks on wind farm control systems, electronic door locks and radiation monitoring devices.

One session was slated to introduce "Evilsploit -- A universal hardware hacking tool."

Falling within somewhat more traditional IT boundaries is a method for exploiting a flaw in the design of the Direct Memory Access protocol by deploying a rogue memory access controller. In another attack at the roots of enterprise computing, researcher Christopher Domas was on tap to demonstrate exploitable flaws in the x86 chip instruction set.

In short, Black Hat 2017 remains heavy with pinpoint, precision attacks, but with a rapidly widening field of inquiry as researchers increasingly turn their attention to hardware and firmware.

Next Steps

Read about vendor-specific information security certifications

Hear about the high and low points from Black Hat 2016

Find out what Alex Stamos had to say at Black Hat 2014

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing