A session examining vulnerabilities in critical infrastructure that was slated to be delivered at the CanSecWest conference by Eric Filiol, head of the French Operational Cryptography and Computer Virology lab, has been cancelled over security concerns.
Early reports asserted that the session was nixed at the behest of French and U.S. governments because it may have revealed classified information, but subsequent statements from Filiol indicate that the talk was voluntarily withdrawn, though the threat of legal action seems to have played a part in his decision.
“The French Dept. of Interior (their DHS equivalent) and the U.S. DoD have decided that Eric Filiol’s material about network attacks on infrastructure is too dangerous, so they have classified it, disallowing its presentation, and to punctuate their desires with an exclamation point, rattling sabers about prosecution and lawsuits of conference organizers and presenters,” stated CanSecWest organizer and security researcher Dragos Ruiu.
“To which I’d like to remind everyone concerned: ‘Security by Obscurity, is not much Security at all.’ Hiding vulnerability information hinders solutions and mitigation more than it hinders attackers.”
The abstract for Filiol’s cancelled talk indicated that the session would explore how the “cyber dimension” will increasingly become a strategic element in future conflicts ranging from terrorism to hostile nation-state engagements, and whn combined with traditional offensive technologies, can be leveraged to create “major disruption and chaos effects.”
“We will illustrate our key ideas by considering the case of the US territory and show, through simulation of possible fictive but operational scenarios (based mostly on the military experience of the speaker and test cases studies) how attackers could provoke major disruption, disorder and chaos in this country far beyond of what the 9/11 was, especially when using carefully the ‘cyber’ dimension,” the abstract stated.
Filiol maintains that the talk did not contain any classified materials, and that all the information gleaned was from open source intelligence techniques (OSINT), and that his motivation to withdraw the talk was based on his civic responsibility to not ut anyone in harms way by releasing sensitive analysis.
“I have decided to remove the talk under the wise concerns and request of my governmental contacts. As a former military I was [using] my past military experience combined with OSINT to expose a general methodology with application the USA test case…” Filiol said.
“Yet it is open information, from legal point of view it is a clear incitement to terrorism. You know how the USA are mad regarding this. Remember that just uttering the word “bomb” can be prosecuted in the U.S.”
Read More Here…