Government influence at hacker conferences grows

Las Vegas plays host to three of the most prominent forums in the hacker and information security communities: DEF CON, Black Hat and BSides.

Those community-driven conferences offer daily presentations, hands-on training sessions, contests and the chance to exchange innovative ideas with leading information security thinkers.

But as the government's need for skilled IT specialists continues to grow, events that draw thousands of hacking enthusiasts have become something of a nontraditional recruiting ground for federal employers.

For example, the Federal Trade Commission had a presence at the trio of Las Vegas conferences last week, with Commissioner Terrell McSweeny and Chief Technologist Lorrie Cranor serving on panels at DEF CON and BSides.

"We were there mostly to listen and to do outreach...to the hacker community and to let people know what our agency does and that we're interested in hearing about research that people are doing that can help us understand vulnerabilities," Cranor said. "We wanted to make those connections."

FTC representatives wore shirts that read "FTC DEF CON," which Cranor showed off at an Atlantic Council event on Aug. 11.

In the past, picking the fed out of a crowd of techies was almost a sport, said Cris Thomas, a strategist at Tenable Network Security, but now the government's presence is an official part of the forums and the result of changing attitudes on both sides.

"I think it shows a maturation of the people attending these conferences," he said. "Also, we're seeing a change in government attitudes toward hackers. Twenty years ago, it was nothing but FBI.... Now you have groups like Commerce and [the Food and Drug Administration] and FTC and [the Defense Department] trying to bridge that gap and access that knowledge."

Washington's influence has permeated the "hacker summer camps," Thomas added, so much so that the community's largely anti-establishment attitudes have visibly shifted to the point where some even publicize their political inclinations, such as the Hackers for Hillary group.

"We're seeing a change from a completely adversarial relationship between government and the hacker community," Thomas said. "It's starting to thaw a little bit, where there's a lot more cooperation. It hasn't completely thawed, but it's getting there."

Also, conversations about policy and hot government topics, such as election systems hacking and zero-day policies, were common, he added.

Beau Woods, deputy director of the Atlantic Council's Cyber Statecraft Initiative, said that in the hacker community, "the pace of innovation is so great right now [that] the only way [for the government] to stay on the cutting edge is to be embedded within the community."

Cranor said one of the best methods for recruiting prospective employees is to give them a taste of actually working in government, which is why the FTC offers short-term research, contracting and internship opportunities.

"For the summer interns, it's not a long-term commitment," she said, adding that "the students who actually want to make a difference and have policy interest" see the value in working for the government.