Hacking Government Bureaucracy

In theory, bureaucracy isn’t a bad thing. Really. Bureaucracy allows large organizations to scale and accomplish complex missions that would otherwise be impossible. In practice however, bureaucracies easily become their own worst enemy. Bureaucracies can be soul crushing, destroyers of efficiency and agility. Particularly vulnerable are the innovative people, new missions, and new organizations essential for success in cyber conflict. However, if navigated appropriately, success is still possible despite the bureaucracy, and sometimes even because of it. Hackers are adept at bending complex systems to their will, and bureaucracies are nothing if not complex systems. The techniques, tactics, and rules of the game are a bit different in the bureaucratic domain, but the hacker mindset is the same.

This talk provides strategies for hacking bureaucracy that everyone can apply. To be clear, I’m not suggesting anything illegal, but instead offering ways to accomplish legitimate objectives using legitimate means despite the mountains of TPS reports you may have to face. Doing your homework (RTFM) and being nice (until it is time not to be nice) cover about 80% of the challenges you will encounter, but we’ll dig deeper into a spectrum of more advanced techniques, the risks involved, and potential intended and unintended effects. You’ll leave this talk with a toolkit of techniques to better accomplish your mission of defending the nation in cyberspace, despite itself.

Gregory Conti is a former Army Colonel and co-founder of Kopidion, a cybersecurity training and professional services firm. Previously he was Director of Security Research at IronNet Cybersecurity. For about a decade he led the cybersecurity research and education programs at the United States Military Academy. A graduate of West Point and Georgia Tech, Greg helped found the Army Cyber Institute, co-create the Joint Advanced Cyber Warfare Course (JACWC), and served as OIC of an Expeditionary Cyber Support Element. A frequent Black Hat Trainer, Greg teaches classes on information operations and the application of military strategy and tactics to cybersecurity problems. He is author of three books, including the recently published On Cyber: Towards and Operational Art for Cyber Conflict, and about 100 research papers and articles on information security and cyber operations. A frequent speaker, Greg has spoken at Black Hat, RSA, ShmooCon, DEFCON, and the NATO Conference on Cyber Conflict. His work can be found online at gregconti.com and on Twitter as @cyberbgone.