x Black Hat | July 7, 2017 - Black Hat USA Sponsor Interviews: DarkMatter, Dark Reading, and the U.S. Department of Homeland Security
Leo Cole

Leo Cole
Vice President of Marketing


Q: What did your recent "Flash of Genius – Building cyber resilience in Banking & Financial services" event reveal about the preparedness of these sectors to deal with current and emergent cybersecurity threats?

We were pleased to assemble a distinguished group of senior bankers, lawyers, IT security and insurance professionals at our event, and we received very positive feedback with regards to localizing the discussion around cyber incidents for this sector in this specific region.

Given the higher proportion of attacks targeting the banking and financial services industry, it can be expected that its level of cyber security awareness is higher than other industries, though there is still more it could do to build up its cyber security posture.

Board-level cyber security representation, for example, is a notable step towards combating growing threats within organisations as it showcases an important shift in outlook to embracing cyber security as an overall business issue rather than merely an IT play. Board-level cyber security oversight remains at relatively low levels within banking and financial institutions in the region, and is an area that would benefit from further improvement.

Given the heightened requirement for trust and transparency necessary in the banking and financial services industry and the extent to which the sector is targeted, it is recommended that systems and devices are security vetted in order to ensure there are no backdoors or other security vulnerabilities present. Ideally, such vetting should be conducted by a verified third-party specialist that possesses the technical capability and the reputational integrity to be able to undertake such a review effectively.

Q: Tell us a little bit about DarkMatter's KATIM range of technologies. What is the target market and what in your opinion sets it apart from competing technologies?

DarkMatter is an end-to-end cyber security specialist. Given the widening threat landscape posed by mobile devices, we felt it was a requirement to bring heightened cyber security protection to an access point device.

Smartphones are a vital tool for both enterprise and governments to operate – yet they offer a vast attack surface for cyber criminals and can pose a serious information security risk if not guarded effectively.

Cyber security resilience is a central tenet of DarkMatter's proposition – KATIM is the physical manifestation of this. It is the most secure communications suite in the world, comprising a secure smartphone that features tamper-proof hardware, hardened Android 7x operating system, and encrypted chat (KATIM Messenger) and news (KATIM Engage) applications.

What makes KATIM so secure? There are four pillars to KATIM's security: Hardened hardware; Hardened OS; Secure communications application suite; KATIM management console.

Together, these features form a unique ultra-secure KATIM system that can be trusted by nations. Hardware is protected from tampering, the operating system is protected from boot-up to full operation, data is fully encrypted at rest and in-transit, and users have strong authentication.

Q: This will be DarkMatter's second year at BlackHat. What are some of your objectives at the event?

DarkMatter's purpose for participation this year is to showcase its expanding portfolio of innovative cyber security products and services, which include its test and validation labs – Xen1th Labs – its expanding secure communications suite – KATIM – and the development of tools and services focused on securing smart city and Internet of Things environments.

The company's proprietary Cyber Resilience Platform and Scorecard will be on display during Black Hat, with the aim of communicating the importance of a holistic approach to cyber security, combining products, policies, processes, and people. 

Earlier this year, we articulated our Trusted Transparency Programme, which constitutes a platform on which customers are able to conduct full reviews of DarkMatter's own hardware and source code before installation. It also comprises the testing and validation of any product to identify vulnerabilities, backdoors and other security weaknesses across all areas of hardware, software, cryptography and mobile; and this call for action will be reiterated during Black Hat.  

We are all well aware of the general shortage of cyber security expertise globally, with some industry forecasts estimating a skills gap of 1.5 million professionals in the sector by 2020. We are keen to position ourselves as a viable destination for some of the leading professionals in the industry given the calibre of the people we have already engaged, and the scope of activities we are involved in.

Tim Wilson

Tim Wilson
Editor in Chief
Dark Reading

Dark Reading

Q: Dark Reading just announced INsecurity, a brand new conference focused on cyber defense that's scheduled for later this year. What's different about this conference and why should enterprises attend?

Dark Reading will be holding a new, live conference called INsecurity on Nov. 29-30 at the Gaylord National Harbor in Washington, DC.  We see it as a great complement to Black Hat, because our event is built totally around defense strategies and the everyday tasks and issues that security practitioners face.

Black Hat is the premier place where security researchers unveil their new discoveries – vulnerabilities, exploits, tools, and proofs of concept. It really gives security pros a sense of what they should be watching for, and what they should be concerned about. It's the best event in the world to get the "red team" point of view. INsecurity, by contrast, is a "blue team" event – the primary speakers will be CISOs, security operations experts, and security team leaders. The topics will not focus on new threats, but on the everyday practices that security teams deal with: budgeting, staffing, incident response practices, patch management, and so forth.

Because INsecurity is designed to be a meeting of colleagues – security practitioners and their peers – we're also offering a wide range of ways for attendees to communicate and learn. We will have traditional keynotes and sessions led by security pros, but we will also have moderated discussion sessions, roundtables, and even one-on-one conversations designed to help attendees meet each other and talk about the problems and challenges of managing security processes and operations. Our goal is to give attendees more chances to talk and exchange ideas about how to solve the problems they're facing.

The website for INsecurity will launch later in July. In the meantime, if people want to get on the mailing list to find out more about the conference, they can register here: http://reg.techweb.com/dr_prereg

Q: Dark Reading was named the Top Influencer for CISOs in the US, last year. What's it about your content that in your opinion makes it so valuable for security executives?

When we build Dark Reading in 2006, our goal was to build a news site that actually helps security professionals do their jobs. A lot of industry publications are focused primarily on technology, and their focus is on product news. But in IT security, technology is only part of the story:  the security pro needs to understand the threat, the attacker, and the potential impact of a new exploit. They need details on how a new attack works, what systems it affects, and how they can adapt their defenses to mitigate it. Dark Reading does a pretty good job of filtering the firehose of information that security pros get from Twitter and from vendors, and really explaining the key elements of the latest attacks and threats.

Another advantage that Dark Reading has is its staff. We have a full-time team of six, plus a few of the best contributing journalists in the industry, and we have daily blogs from outside experts as well. I don't know of another publication that has a team as large and experienced as ours. And that's important, because there is SO much cybersecurity news. We're posting as many as seven or eight News and Commentary items a day, but we still can't cover all the new attacks, breaches, and vulnerability discoveries that happen each week. To really serve the news hole in cybersecurity, you need a team that can cover everything, and our team really is the best one out there.

Finally, I think Dark Reading has a good reputation because we understand that there's more than one way to learn about IT security issues. Aside from our breaking news coverage, we offer longer features, slide shows, and opinion pieces that help provide context to the news. We offer online webinars, crash courses, and virtual conferences. We do original research, including 10 new surveys that are being published this year. At Interop ITX, we helped develop the Security track of live sessions, and we offered a live, two-day Crash Course for IT pros, which will be re-broadcast online later this year. At Black Hat USA, we helped develop the Career Track, the CISO Summit, and some technical sessions around ransomware and reconnaissance. We do sessions at Black Hat Europe and Black Hat Asia as well.

I guess what I'm saying is that Dark Reading's goal has always been not just to break news, but to serve as a real online community for the IT security industry. It's not just about informing readers, it's about bringing them together and helping them do their jobs. That makes us a little different from the typical trade pub.

Q: What are Dark Reading's plans at Black Hat USA 2017?

One of the things we're most excited about is the Dark Reading News Desk, which will deliver live news and commentary throughout the two main days of briefings at the Black Hat conference. Editor Sara Peters will anchor an all-day livestream of interviews and breaking news, as well as insight from some of the technology vendors at the show. Through the live broadcast, people who can't be at the conference – or even people who are – can hear interviews with key speakers, commentary from top security researchers, and summaries of talks that reveal newly discovered security vulnerabilities. It's a great way to keep up with what's happening at Black Hat.

Dark Reading has also been a contributor to the Black Hat Career Track, where attendees can go to learn about ways they can advance their training, improve their standing at their companies and in the industry, and hunt for new jobs. These sessions are great for attendees who are just getting started in security – there are so many new professionals in the industry – but there is also some good advice for old hands who might be looking to improve their career prospects. It's estimated that more than 1.8 million jobs will be created in cybersecurity in the next few years – it's important that Black Hat is providing a venue for professionals to learn and explore their options. Dark Reading's Kelly Jackson Higgins is also moderating a program that focuses on diversity in cybersecurity, where attendees can learn more about opportunities for women and minorities in the industry.

In addition, Dark Reading this year is helping to manage content for the Black Hat CISO Summit, which is a select gathering of top CISOs and security experts from across the globe. We're also moderating Sponsored Workshops on ransomware and reconnaissance, and we're publishing a daily newsletter during the show for attendees and Dark Reading newsletter subscribers. And of course, our news team is covering Black Hat like no other publication – we've already published more than a dozen stories and previews of upcoming discoveries that will be unveiled at the conference, and we're really just starting our coverage.

Douglas Maughan

Dr. Douglas Maughan
Cyber Security Division Director
U.S. Department of Homeland Security

Anil John

Anil John
Cyber Security Division Program Manager
U.S. Department of Homeland Security

U.S. Department of Homeland Security

Q: Douglas, tell us a little bit about some of the most significant and interesting cybersecurity projects at the Homeland Security Advanced Research Projects Agency (HSARPA). Are any of those technologies being open-sourced or commercialized soon?

The HSARPA Cyber Security Division is working to address current and emerging cybersecurity concerns across a range of threat areas.

For starters, CSD is funding two research projects designed to harden defenses against Telephony Denial of Service (TDoS) attacks. The first project addresses the growing attack sophistication, frequency, call volume and complexity of call-number spoofing. In the second project, a research team led by the University of Houston is addressing the vulnerability of Emergency 911 and Next-Generation (NG) 911 systems to TDoS, Distributed Denial of Service (DDoS), and robocall attacks, all of which pose significant threats to public safety.

Five technologies in our Transition to Practice (TTP) program currently are available as open source. Those are:

  • HONE—This technology, from the Pacific Northwest National Laboratory, provides correlated host and network data
  • AMICO—Developed by the University of Georgia, the solution provides behavior-based detection of malware downloads
  • Keylime—From the Massachusetts Institute of Technology's Lincoln Laboratory, the technology enables Trusted Platform Module-based trust in the cloud
  • PcapDB—This technology, developed by the Los Alamos National Laboratory, enables optimized, full network capture and efficient retrieval
  • SCOT—The technology, developed by the Sandia National Laboratories, provides incident response threat intelligence


Two of the above technologies—PcapDB and SCOT—will be demonstrated during Black Hat's Arsenal.

Another technology that benefited from participation in TTP is ZeroPoint. The technology makes it possible to detect and analyze exploit payloads that are embedded in documents using a patented technology that enables fast and accurate inspection of data or memory. ZeroPoint was developed by researchers at the University of North Carolina at Chapel Hill and funded by the National Science Foundation. It spun off as a startup called ZeroPoint Dynamics in 2016.

In the area of network security, Self-Shielding Dynamic Network Architecture (SDNA) is a network layer moving target defense technology developed by Rockville, Md.-based Intelligent Automation, Inc. (IAI).

In the Mobile Security research area, Kryptowire is a mobile application vetting solution developed by a CSD performer of the same name. There currently are several pilots of the solution within the federal government and it has been adopted by other government agencies and the Department of Defense.

In the Software Assurance area, our funded research in Hybrid Analysis Mapping has been commercialized by our performers Secure Decision in its Code Dx and Denim Group in its commercial and community versions of Thread Fix. This work has influenced Gartner's new Application Vulnerability Correlation (AVC) Hype Cycle, in which both performers are mentioned in the Gartner report. Also, the Johns Hopkins University Applied Physics Laboratory is working on General Analysis Toolkit Using Recorded and Replay (GATOR) that detects memory corruption and provides crash analysis. GATOR will be commercialized in a platform called REnigma for advanced malware analysis/detection.

Q: Anil what is the Context Aware Security Technology for Responsive and Adaptive Protection (CASTRA) project about? What specific issues is CASTRA deigned to address?

CASTRA is working on a secure, user-friendly, continuous-authentication mechanism for mobile devices. The thesis behind this project is that our mobile phones currently have a multitude of sensors built into them that can be used to recognize a person via their interactions with the device (gait, location, proximity, app usage, etc.). While each of those individual sensor modalities may not be good enough, the combination of those sensors can be used to build a dynamic trust score that ensures that the same person who initially authenticated the device retains control over it.

This type of mechanism is of value in emergency-response scenarios, where we need to ensure the identity of a person on an ongoing basis without asking him or her to authenticate multiple times.

Q: Doug, could you update us on the status of the DHS Silicon Valley Innovation Program? How successful has the effort been so far in establishing relationships between the government and technology innovators?

To keep pace with the innovation community and tackle the hardest challenges faced by DHS's operational missions, the Silicon Valley Innovation Program (SVIP) focuses on three primary areas:

  • Education—Help investors and entrepreneurs understand DHS's hardest challenges
  • Funding—Provide accelerated, non-dilutive funding—up to $800k over four Phases—for product development to address DHS's operational needs
  • Testing—Provide test environments and pilot opportunities 

Since launching in December 2015, SVIP has attained several key accomplishments and built traction within the tech startup community. It is engaging a number of DHS operational components and critical infrastructure partners to understand and communicate their needs and technology gaps to the startup community and work with them to decide which innovative startups to fund.  This engagement has led to the release of nine calls addressing a range of department and critical infrastructure objectives. Most recently, SVIP released topics to address needs of the nation's first responders in areas such as Energy Harvesting Fabrics and 3D Dynamic Mapping.

SVIP has built awareness with 2000+ startups, accelerators and venture capitalists through outreach events [such as] Homeland Security and Industry Days as well as participation in panels, roundtables, conferences and startup meetups. To date, SVIP has received more than 150 applications across the nine calls and made Phase 1 awards of $200,000 to 20 companies through a streamlined award process that averages approximately 45 days from date of notification of selection for an award to final execution of the award. Additionally, six early awardees have progressed to Phase 2 and SVIP anticipates making additional Phase 2 decisions in the coming months. 

Q: Anil, what is CSD's primary focus going to be at Black Hat? What are you hoping attendees learn about your organization's cybersecurity initiatives at the event?

CSD's focus at Black Hat is threefold:

  • Technology Awareness: As a research-and-development (R&D) organization, the DHS S&T Cyber Security Division is very interested in knowing about the current state-of-the-art and practice to ensure we do not reinvent the R&D wheel. In addition, as an organization that also supports S&T's science advisor function to the Department of Homeland Security, we wish to understand the latest technologies to help support the missions of the department's operational components.


  • Identifying New Researchers: One  of our goals at Black Hat is to identify and seek out these researchers in the public and private sectors and share our challenges with them to see if they are interested in working with us on various projects.
Transition Partnerships" At the end of a project, unless the R&D we are working on makes it into products and services, we are not as effective as we can be. This requires connecting our research teams with organizations, within the private and public sector that can leverage the technologies we are developing. So a goal for us is to identify and establish those transition partnerships at Black Hat.




Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.

Sustaining Partners