Marking the sixth birthday of the 'I Am the Cavalry' concept of driving better security standards, co-founder Josh Corman spoke at BSides Las Vegas on what the initiative had achieved so far, and what more had to be done.
Corman said that over the past year, he had looked at what the movement had achieved, and what the milestones were and he determined that “we are sort of there for cars and part there for medical” and if there were an attack on medical devices, “we would probably be safe.”
However he felt that whilst a lot had been done for medical to make it “trustworthy and safe”, he believes the movement was “stuck” and needs to get back to its first principles. Corman said that there is a theme of “getting our asses kicked over and over” and whilst he still had a lot of fight in him, “someday we will fight our last fight.”
Looking at the concept of the cyber kill chain, Corman said that if we are being kicked again and again, we need to determine that “if we disrupt one link, the breach doesn’t happen.” We need to know, he said, what steps to take “so there are no mass casualties in hospitals” and so we can build trust in regulators.
Corman said that steps need to be taken to “start workshopping how to define a lifeline”. We need to determine how long it is and how many links are in the rope, he said. Further, we need to know “how many have to die first” and still catch it and accept it.
He said that by building trust with the founding principles of empathy, focusing on future success and not on past failures and using better language, the founders “didn’t know it if would work but it did.”
Despite this, Corman said that “we are one noise away from mass casualty” and that is a sobering shot down to reality, as there is a lot more work to do. “Every time we got a new team mate, we solved the next step of puzzle,” he said.
Corman concluded by saying that the movement needs to “lead by example” and that the next step is to consider who else to bring into the fold and what aptitudes to bring in.