Euro Security Watch with Mathew J. Schwartz

Cybersecurity , Events , InfoSecurity Europe 2017

Visual Journal: Infosecurity Europe 2017 London Cybersecurity Event Tackles Breaches, GDPR, Ransomware, IoT and More
Visual Journal: Infosecurity Europe 2017
Olympia London conference center. (Photo: Mathew Schwartz)

Cybersecurity in London: This week's Infosecurity Europe conference featured 240 speakers, 360 exhibitors and an estimated 18,000 attendees.

See Also: Moving from Vulnerability Management to Effective Vulnerability Response

Here are 13 visual highlights from the three-day information security event, ranging from tchotchkes and keynotes to 19th century architecture and live hacks of internet-connected devices.

London Olympia

The conference was again held at Olympia London, an exhibition center, event space and conference center in the West Kensington district.

Former National Agriculture Hall

Built in 1886, Olympia was originally christened as the National Agricultural Hall. While its interior features wonderful "wrought iron age" details, the hall inevitably begins to feel sauna-like on warm London summer days.

Rainy With a Chance of Deluge

While London has a reputation for rain, Britain's Met Office - the national weather service - says there's no appreciable rain, on average, for 70 out of every 100 days. Tuesday, however, saw heavy downpours in the morning hours of the conference's kickoff.

Seating: Supply Battles Demand

As in past years, queues remained long for popular keynotes, and the keynote space - a square area curtained off on the upper level - felt too small for more popular draws.

Keynote Overflow

Anyone who didn't manage to get a seat could move to a nearby overflow area and listen in, as in this panel devoted to the EU's General Data Protection Regulation.

White Hat Rally

Serving wench and knight

Once again, information security community volunteers for a White Hat Rally took to costume - this year's theme was "Knight Riders" - to raise money for charities that aim to prevent cruelty to children.

Tchotchke Quest

Tchotchke-wise, T-shirts printed on demand made an appearance. Past favorites - light sabers, cool flashlights, light-up glasses and artists drawing caricatures of attendees - also made a repeat showing.

Even a Wind Tunnel

My award for hands-down favorite booth on the show floor this year goes to Sophos, which rigged up a wind tunnel with foam balls. The object: Catch white balls, each worth one point, and the gold ball, worth 10 points, while avoiding the blue ones, worth minus-two points. After 30 seconds, all balls were deposited into a chute for counting - and if you're good, your score was added to the leaderboard.

Live Demos: Internet of Exploitable Things

Ken Munro of Pen Test Partners

One popular topic for discussion was the Mirai botnet, which last year began infecting internet-connected devices - including routers and baby monitors - and used them to launch massive distributed denial-of-service attacks. But other internet-connected menaces also made an appearance, including the internet-connected Cayla doll - most recently seen on the cybersecurity stage at OWASP's AppSec EU conference last month in Belfast, North Ireland. The doll is now banned in Germany.

More mundane, hackable household items were also in attendance. "We have a brand-new WiFi kettle to hack for you!" Ken Munro of penetration testing firm Pen Test Partners told his exhibition floor audience.

Hearing From Top Cybersecurity Experts

From left: ISMG's Tom Field talks about IBM Watson with IBM's Martin Borrett and SmartTech's Ronan Murphy.

Throughout the conference, Information Security Media Group conducted video interviews with dozens of cybersecurity experts. Stay tuned; we'll be posting every video, touching on everything from ransomware, threat trends and fraud prevention to GDPR, breach detection and the never-ending encryption crypto debate.

Keynotes

Keynote presentations delivered during the week included security veteran Bruce Schneier discussing computer automation and its increasing impact on the physical world, as well as panel discussions devoted to creating agile security teams, complying with GDPR and more quickly responding to security incidents.

Another keynote featured veteran British broadcaster Jeremy Paxman analyzing the current political climate - although saying nothing of substance in regards to information security. Meanwhile, Sebastian Coe, former chairman of the British Olympic Association, discussed how problems relating to the 2012 Olympics in London were successfully identified and overcome before the games launched.

In Coe's case, fittingly for the Olympics, extreme preparation paid off. "We stress-tested our IT systems for 200,000 hours in the last couple of years leading up to the Olympic Games," he said. "There are no risk-free options in the delivery of something like the Olympic Games, but I think overall we left the country in much better shape."

Blaming Users Is a Crutch

Angela Sasse on the keynote stage.

One information security trope is that if only users would be smarter, so many security problems could be prevented. But Angela Sasse, director of the U.K. Research Institute in Science of Cyber Security and a professor at University College London, dismissed that attitude in no uncertain terms. "Half of security problems are down to crap IT," she said.

At RISCS, no one is allowed to suggest that people are the problem, she said. "It's counterproductive" and doesn't help security experts better engage with users and encourage them to adopt less risky behaviors, she stressed.

Intelligence Advice

Stella Rimington, the former director of MI5, Britain's domestic intelligence agency, delivered the opening keynote presentation Tuesday. Her speech, titled the same as a memoir she has written, touched on the London Bridge and Borough Market attacks on Saturday.

The attacks have been quickly seized on by some political figures, including Prime Minister Theresa May, who promised to suspend Britain's compliance with the European court of human rights if it was necessary to allow Britain to better detain and monitor terrorism suspects. But this appears to be political bulster, as May's previous attempts to do exactly that, while serving as home secretary, were repeatedly struck down by Britain's highest court.

Rimington, having led counterterrorism operations at MI5, warned against half-considered measures. After blaming the attackers after an atrocity, people inevitably next blame police and intelligence services for failing to have prevented the attack. She acknowledged that authorities need to better counter today's increasingly complex attacks, launched by individuals with "hideous ideologies" and "a determination to kill people." But she warned against doing so in haste (see Former MI5 Director Cautions: Keep Calm and Slowly Evolve).

Photography: Mathew Schwartz



About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.




Around the Network