Salted Hash: Live from CircleCityCon

INDIANAPOLIS – The city’s first major security conference kicks off today, as hundreds of hackers and security professionals gather for CircleCityCon.

Security has been a top mission for Indianapolis for some time, and over the next few years, the local government plans to implement various security initiatives – including investments in protecting critical infrastructure and creating security-centric jobs.

This weekend, many local security professionals will finally have a place here at home to gather and share information, something that’s a rarity in a city where most of the technical workforce has a vested interest in InfoSec.

On a personal level, it’s nice to cover an event that doesn’t require rental cars and living out of a hotel, but I’m more excited by the fact that I get to mingle with local InfoSec pros and learn something.

The arrival of CircleCityCon has led to a local discussion on the topic of InfoSec and proactive defense. Earlier this week, the city of Indianapolis announced a new program that will see some of its defensive resources in InfoSec extended to the private sector.

Word of the initiative came as the city unveiled some of the measures designed to protect its E-911 infrastructure, which includes a stand-alone network that is intentionally segmented to protect it from attack.

“We have had some attacks on our open networks. And we’ve dealt with those with the Department of Homeland Security. They’ve investigated in the background. In the meantime, we’ve taken measures to reduce the types of attacks and also put protocols in place as to how we respond,” said Chief of Public Safety Communications Tim Baughman, in a statement to WRTV 6, a local ABC affiliate.

The topic of critical infrastructure protection is a hot one, and researchers have increased the number of talks on the subject at conferences across the globe. CircleCityCon is no exception – K. Reid Wightman will be presenting a Red Team topic focusing on a new class of attack against industrial control systems this weekend.

Other topics of note include talks on AppSec and Active Directory defense, as well as an overview on the things an organizations should do before they schedule a pen test.

Update: 11:00 a.m. EST

During his keynote address, Beau Woods spoke about the security of everyday devices, from medical devices, cars, and wearable tech. His speech was centered on the ideals from “I Am The Cavalry” – a grassroots movement to inspire leadership and a pro-active approach to dealing with problems.

Using real-world examples, Woods stressed that it’s important that the public knows, without assuming, that the technology they depend on is trustworthy.

“Computing technology is being rapidly adopted into the world around us. We struggle daily – and often fail – to secure our companies. Meanwhile, software and networks permeate every aspect of our lives,” Woods said.

“When human life and public safety are at stake, it is no longer acceptable to have the same failures that are routine in other Information Technology. We must know, not just assume, that the technology we depend on is worthy of our trust.”