CyberCon, Australia’s largest cyber security conference starts today. However, two eminent experts, US NSA whistleblower Thomas Drake and Dr Suelette Dreyfus, won’t be speaking after the Government’s Australian Cyber Security Centre (ACSC), a partner in the conference, removed both from the event’s Speaker List.
Silencing open discussion weakens the security robustness of the very community ACSC is meant to protect.
Shutting down academics and experts from speaking in public venues doesn’t make cybersecurity problems go away. It sweeps the problems under the rug, leaving the same gaping holes for the next attack.
The timing of this could not be more ironic. Victoria, where the conference is being held, has this past week suffered ransomware attacks that hit a set of hospitals in regional cities. The attacks blocked access to some systems and IT managers had to quarantine others. Surgeries were cancelled. Such was the strain, the front page of a daily newspaper carried pleas for volunteers to help hospital staff.
There is a tension in the community of cybersecurity researchers and professionals: be closed and hidden – or come out in the open, share knowledge and expertise – and learn in order to improve.
The reason Red Teams exist is to provide an alternative lens in order to find unforeseen weaknesses. Hiring a Red Team of ‘Yes Men’ would be useless. A diversity of ways of thinking and knowledge makes a team stronger. This certainly applies in cybersecurity.
ACSC gave no reason for disinviting Thomas Drake nor commented on his talk, and they determined Dr Dreyfus’ presentation was ‘incongruent with the conference’. They notified Dr Dreyfus of this unilateral decision, via the conference organisers, before having read the abstract of her talk or seen any part of the talk other than the title. Her talk abstract, subsequently provided to the conference organisers, did not change the decision.
Thomas Drake was belatedly told that his talk was also ‘incongruent with the conference’, after asking for clarification by email.
Both experts had been confirmed 11 months in advance as speakers at the conference, and several times in the intervening months. Both were banished from separate speaking podiums at the conference about a week before the event. Other speakers had been instructed to change their talk format.
Dr Suelette Dreyfus of the School of Computing and Information Systems at the University of Melbourne was due to give a presentation on secure and anonymous digital drop boxes as an anti-corruption tool to improve internal security. (abstract)
Thomas Drake was scheduled to speak on the golden age of surveillance. He is a respected former executive of the NSA, decorated US Air Force and US Naval veteran. His integrity led him to blow the whistle on the illegal mass surveillance program by his agency on their own citizens. He is the recipient of the Ridenhour Prize for Truth Telling and the Sam Adams Associates for Integrity in Intelligence award. (abstract | slides)
Both are available for comment.