Thoughts on RSA 2017

Read the blog article to find out what were the hot topics discussed during RSA Conference 2017. 

Information technology and cybersecurity are constantly evolving, and security conferences struggle to keep up. RSA is no exception. This year’s massive conference in San Francisco had one very cool theme that I think is important to highlight: a family focus. There were some talks specifically meant for children, and others designed to make their parents more cyber-savvy. I attended one discussion in which teenagers discussed online challenges including high school peer pressure. And as always, there were specific sessions highlighting contributions by female cybersecurity researchers.

As part of this holistic focus, I was honored to host a dinner table with Whitfield Diffie at the RSA Scholars Dinner. While I shared some anecdotes from my 24 years in communications intelligence, I was mostly blown away by the intellect and insight of the students, who came from as far away as Scotland and India, and are busy not only finishing their PhDs, but starting new companies and already advising governments.

One prominent trend I noticed was a lack of talks focusing on the “human” side of cybersecurity. The “weakest” link argument seems to be ebbing in favor of intelligence sharing, cloud security, privileged account management, the C-suite, and how to respond to “One Million Alerts” (by Kaspersky). One innovative talk focused on how to protect data that has already been compromised. In other words, we should expect users and administrators to make a lot of mistakes, and design systems and processes for long-term resilience.

Another hot topic was the Internet of Things (IoT), with researchers describing the compromise of everything from locks to solar panels, drones, TVs, medical devices, and even whole cities. On the defensive side, there was plenty of discussion on next-generation analytics, encompassing high-performance computing, machine learning, automation, and a talk by Eric Schmidt entitled “The Great A.I. Awakening”.

Part of this philosophical change is ironic, given that users now have more storage, processing power, connectivity, and independence than ever. Take ransomware, for example, where a single human click can result in the loss of data across the whole enterprise. Hackers are smart, and have written malicious code that encrypts distant nodes first, and then local files – before deleting itself. How we can protect such a large attack surface given the critical shortage of high-quality technical skills is not an easy task, but it will include creating accurate models of attacker behavior so that we can create models of good defense to withstand them.

Finally, Cyber war was also given significant airtime, with my three sessions covering Global Traffic Analysis, The Politics of Attribution, and Cyber War in 2020. And of course, RSA also educates and entertains, with astrophysicist Neil de Grasse warning that a culture of science cannot be taken for granted, and comedian Seth Meyers arguing that the 2016 U.S. presidential election should force everyone to take an increased interest in cybersecurity.