Welcome to MediaNama’s Live Blog from Nullcon 2019. Please note that quotes may be paraphrased for brevity and speed.

Adam Laurie “old school hacker” delivers the keynote address

In the session “Cybersecurity and Privacy from the Global Lens”, EFF’s Eva Galperin touched on why security is essential for journalists and activists.

*

Onto the session “Breached? – Here is how I responded!” – multiple speakers and one moderator. Each point in a bullet.

  • Moderator: Breaches can happen to anyone…how do we take care of it?
  • Person 1 (Reliance Jio): There are 3 different containers in a breach: ID and have a critical asset ranking, build your vulnerability assessment of your crown jewels and it has to be live.. the second is your detection controls, how effective are your tools and analyst skills? When these 2 containers don’t work effectively, the third container is the breach… if you detect your breach, you are prepared for it.. but once you’re alerted, there has to be a rehearsal of what you’re going to do once the breach happens. Business, customers and regulators are involved so the response has to take into account all these stakeholders…
  • You need to ID different breach scenarios, their severity etc
  • Media and legal teams have to work together
  • Person 2 (Visa): Lightning speed required to detect, respond and contain that issue…
  • We’ve to be careful of external traffic.
  • Person 3 (Reddit Rediff): Your response to the breach needs to start before the breach… 90% of breach incidents happen on email.
  • Person 4 (NCIIPC): Different players working together is useful.

*

3PM: Session: “Clear and Present Danger: Cyber Wars will Target Critical Infrastructure”

Each point made by an individual.

  • Threat perspectives have changed. With the advent of cloud and IOT, enterprise needs a huge amount of data… And it also has to be safe and secure.
  • IT Security was a big challenge in the late 90s and early 2000s. You were asked “why do I need a firewall?”. What (perception) it was then Vs now is similar… You have scripts available these days and see if they work.. geopolitical factors are also at play…
  • We don’t own more than 1-2% of the technology we use.. by default these systems are not secure from a security perspective. The OEMs themselves don’t have any control.. they have potential for vulnerability.. there are a multitude of threats.. vulnerabilities and risks.. the threat is real, it exists.. and we have to protect ourselves.