A former New Zealand Government Communications Security Bureau (GCSB) engineer will be one of three security experts powering a new HP security advisory board, announced today.
Justine Bone, who began her career doing reverse engineering and vulnerability research at the Kiwi security agency, will join board leader and former hacker Michael Calce, also known as “Mafiaboy”, and security consultant Robert Masse on the new body.
Bone is now the CEO of Florida-based MedSec, which analyses technology security for healthcare companies and which is currently facing legal action after revealing security failures in St Jude-brand pacemakers.
Controversially, Bone partnered with left-field equity investor Muddy Waters in revealing those flaws. Muddy Waters specialises in short selling stocks on information it gleans through deep market-moving research.
Bone however has defended the approach as necessary to ensure action was taken to fix the flaws (see video interview below).
Meanwhile, Calce launched his public career in 2000 at the age of 15 by unleashing a massive cyber attack that brought down Yahoo!, eBay and Amazon, leading to an FBI manhunt and US$1.7 billion in economic fallout.
Masse has a shared history with Calce. Following his own run-in with law enforcement over hacking when he was a teen, Masse provided guidance to Calce after his arrest.
Revealed ahead of HP Reinvent World Partner Forum 2017 in Chicago, the tech giant said destruction for destruction’s sake has become a hallmark of the modern global cyber attack.
Specifically, the new advisory board will help HP stay ahead of the threats by bringing the trio of outside security experts inside the company.
"We want to be the sharpest we can be on what the future holds, understanding the threat landscape today and being able to address the real problems of tomorrow," HP chief technologist for system security research and innovation Boris Balacheff said.
According to Balacheff, all three security advisory board members have unique first-hand expertise in the world of hacking, alongside experience in the latest developments of security technology and strategies.
The security experts will act as a "reconnaissance team", providing insights from the front lines that HP will use to reinforce its own security work, alongside generating "strategic conversations" about the rapidly shifting security landscape with internal executives and the wider market.
HP said it has led the market on endpoint security for printers and PCs and driven security innovations from technology that provides cryptographically secure updates of a device’s BIOS to runtime intrusion detection, which checks for anomalies, automatically rebooting when an intrusion is detected.
One of the big changes in the modern landscape is that inadequate security can’t be hidden anymore; the hackers’ armory is too deep and sophisticated and automated attack tools are constantly on the lookout for flaws to exploit.
Bone said it takes only two and a half minutes after plugging in a smart camera or a smart light bulb for an internet bot to compromise that device, with the number of such connected devices also exploding.
"Originally cyber security was an IT problem," Masse added. "What we’re seeing is now it's being heavily looked at by the board and the audit and risk committee and treated like any other risk.
"I think now's the time where we really have the opportunity to improve things at a much better level than before.”
Furthermore, software or network security solutions are no longer enough. Security needs to start at the lowest level of hardware and firmware design, with every device built from the ground up to be secure and able to adapt, said Calce.
Delving deeper, Bone said software and hardware makers were able to rely on "security by obscurity" for years because there was no upside to building quality security all the way through the product, given that nobody was asking questions.
"Now, though, people are definitely asking," she said.
ICT security was Bone's second career after ballet, she first visited New York at 21 with the Royal New Zealand Ballet for an auditioning tour. After leaving ballet she retrained in programming at the University of Otago.
The new board wasn't the only security-related announcement ahead of the global conference, with the vendor also launching HP Connection Inspector, an embedded security feature that helps printers stay one step ahead of malware attacks with self-healing capabilities.
HP said the technology is unique in that it can inspect outbound network connections typically abused by malware, determine what is normal and then stop suspicious activity. If compromised, it will automatically trigger a reboot to initiate HP Sure Start self-healing procedures.
Rob O'Neill travelled to HP Reinvent World Partner Forum 2017 as a guest of HP.