New Security Group Cavalry: Be Careful With The Internet Of Things


A group of security industry advocates is aiming to promote hacker research and spread the message about the importance of software security to policymakers.

Called the Cavalry, the group, led by Joshua Corman, a security industry thought leader and frequent speaker on data security and privacy, is hoping to engage lawyers and policymakers and educate them about the security issues surrounding the increase in Internet-enabled electronic devices. The public is placing its trust in the manufacturers of the devices -- from modern thermostats to smart televisions to automated washing machines -- but few people truly understand the security risks they represent, said Corman, who serves as CTO of Fulton, Md.-based Sonatype.

"Simply the act of talking about this in an accessible way will create an environment where everyone's efforts will be fostered in a positive way without having it seem like you were just talking into the echo chamber," Corman said. "We're starting a dialogue to educate ... and at least start building those bridges so security becomes a natural part of engineering processes."

[Related: Noted Security Expert: How Will We Be Judged When Our Grandchildren Read The History Of The Internet?]

Corman and other members of Cavalry addressed attendees at the 2014 Source Boston Conference last week, hoping to bridge the sometimes-awkward communications gap between geeky security researchers and the lawmakers considering legislation to proactively address information security issues in a broad range of products.

Cavalry's grassroots efforts began with discussions last year at the BSides Las Vegas security conference and the DEF CON hacking conference. It formalized last September at Derbycon, an annual conference that focuses on best practices for penetration testers. The security industry often gains widespread attention for producing shocking examples of potential attacks against systems but often fails at explaining the broader risks that the demonstrations highlight, Corman said.

The group unveiled its revamped "I Am The Cavalry," website this month and is hoping to grow interest in its campaign to ensure that manufacturers of electronic devices are adequately addressing the security of the often tiny, embedded systems that they create. In addition to manufacturers, Corman and his group are looking for other experts to join the cause, from service providers and resellers knowledgeable about the devices and software to systems integrators and consultants engaged with clients deploying it in their environment. Jen Ellis, director of community affairs at vulnerability management vendor Rapid7, has joined the effort to help bring attention to Cavalry's cause.

Cavalry's first target is the automotive industry, which is seeing a significant increase in software code as it creates ways to monitor and automate vehicle functions. The group also is fostering a better understanding of the data privacy, ethical and security concerns with medical devices and the so-called Internet of Things, the term used to describe the growing number of Internet-connected electronics.

NEXT: Engage Legal Teams, Speak To Policymakers