Secretary Mayorkas delivered the following remarks at Def Con 31 in Las Vegas on August 11, 2023.
Last year, we had a software vulnerability that enabled an individual to really circumvent, or bypass, our security measures and communicate from our official dot gov site – our email addresses. And the result of that would have been catastrophic, because we communicate with millions of people every single day and often we communicate with vulnerable communities every single day, including, for example, survivors of the tragic fires in Maui.
That consequence never materialized. The vulnerability was discovered and addressed, and it wasn’t because of anything that we in the Department of Homeland Security did – it was because of what you did. One of you – one of the more than 500 people that participated in Hack DHS, our bug bounty program, discovered the vulnerability, communicated it to us, and allowed us to close it.
We need you. We need you to help us.
I want to share a story that I thought of on the way out here.
There was a Postal Service employee and his wife – his wife, I think she worked as a bank teller – she worked at a bank. Two people of color of very modest means, and they lived in a very, very modest apartment in New York City. And he loved art, but they couldn’t afford very much, so he would always travel through the art district and if there was a young, struggling artist that he liked, he would buy a piece – maybe a couple hundred bucks, maybe sometimes a little bit more – and he made it a regular event with his wife. He was there weekly.
Now, over the years, he gathered a lot of this art, of young, aspiring artists who had not yet made it. And a couple of decades later, every inch of his apartment was covered with this art. It was on the walls, it was stacked on the refrigerator, it was under the bed. And, ultimately, in their later years, they donated much of their collection to the Smithsonian, valued at more than $250 million. He had bought from artists who became the dominant American artists in the post-war period.
There’s a clip that I saw of him meeting with one of these American artists that he liked, and he was looking at a piece of sculpture, and he looked at it, and he said, you know, that’s nice – but I think it would look better like this, and he turned it on its side. I’m not an expert in art, but as soon as he turned it on its side, in this clip, I recognized it as an iconic American sculpture. The artist adopted that way of positioning in his art.
We need you – we need you – to turn us on our side.
You see things that we do not see. You discover things that we do not. And we really need your help.
You know, we need to serve people more effectively. The things we do are of tremendous consequence. I hope that you understand that your talent and what you can do is and can be of tremendous consequence – not just when you discover a vulnerability or what have you, but when you discover an opportunity. The real-life consequences that that work, that discovery, that exercise of your ability can have – I hope that you will work with us and help us in that regard.
We’re going to take the Hack DHS program and we’re going to expand it to our use of AI. And we need to make sure that our use of AI – we want to be leaders in the responsible use of AI. We’re very concerned about the security of generative AI, of other iterations of it. We’re also very concerned, just quite frankly, about some foundational issues, some values, principles with respect to AI.
We are unique in the federal government. We have a statutorily created Office of Civil Right and Civil Liberties and Office of Privacy – these are two areas of tremendous concern for us with AI, and hopefully you will work with us in that regard as well. Hopefully you will participate in the Hack DHS program relative to AI, and also more expansively.
This week, CISA, our Cybersecurity and Infrastructure Security Agency, issued a Request for Information on areas of investment in open-source security. Our Cyber Safety Review Board issued a really groundbreaking report on how to better secure the open-source ecosystem – it’s of such tremendous utility and promise. Here, too, is an opportunity to work together.
Ideally, what I would love to do is, I would like to recruit many of you to actually become members of the Department of Homeland Security. I don’t know what I would actually call that recruitment effort, but it would be like: Hack the Bureaucracy.
By the way, one of the thoughts I had coming in – I’m behind schedule – is to demonstrate that government can be as nimble as any other non-governmental organization. There’s no reason that we can’t be. As I said, I’m a little behind schedule, but in certain areas of our work – I think in the cyber domain – we are. I think we are innovating in ways that are unprecedented. If you take a look at some of the innovations and use of technology – the harnessing of your talent in other areas of our work, it is pretty powerful.
If you’re unwilling to join us in our home base, in our offices – hopefully you’ll work with us, turn us sideways, make us better, and really help people very much in need.
Thanks so much. I’m looking forward to a conversation with Jeff. He thinks he’s going to ask me all the questions, but I have a question or two for him. I’m really proud to be here. Thanks.