Let's Get It Started
February 13, 2017

RSA 2017: No easy answers to even a (seemingly) simple question

The RSA Conference is one of the biggest cybersecurity conferences every year. While we’ll see more than a few mohawks, multiple piercings, and goth make-up around San Francisco’s Moscone Center, RSA is more of a suit and tie affair. This is not DEF CON, where coders and hackers storm Las Vegas. RSA is where the cyber industry showcases its newest devices and the developers who make them. RSA brings together cybersecurity’s innovative minds, newest machines, and big money.

Increasingly we are spending more on cybersecurity (the US is expected to spend $31.5 billion on cybersecurity tools and services by 2020). Hacking has permeated every aspect of American life – politics, business, the military, academia, and so on. I hear of so many problems, I wonder sometimes where we start to solve them?

I went to more than a dozen cybersecurity experts with what seemed like a simple question: “If you could ask for one cybersecurity problem to be solved at RSA this year, what would it be?” The seven responses – from a lawyer, a former law enforcement officer, a researcher, a gray hat hacker, ethical hackers, and entrepreneurs – all varied. As you’ll see, there isn’t an easily identifiable common thread (listed in alphabetical order of the respondent’s last name):

“Looking at the typical audience participating at RSA, there is a wealth of practical knowledge in how to combat cyber threats on a day-to-day basis. The Federal government seems to be struggling at how to apply this knowledge over its vast networks. After reading a draft of the Cyber EO, it could use a solid dose of reality. Maybe the cyber experts at RSA could draft their own Cyber EO and share it with the new administration. I think a commercial perspective would really help.”
–Scott Aken, former F.B.I. agent who specialized in cyber counterintelligence

“IoT security. There are so many existing cybersecurity risks that effective defense is very difficult. IoT is expanding the threat landscape by an order of magnitude. We need to fix it before it is too late.”
–Richard Borden (@rickborden13), Adjunct Professor at Cardozo Law and Counsel at Robinson + Cole

“Help information security managers focus more on solving the problem and less on marketing the problem.”
–Ryan Leirvik (@grimmcyber), Principal @ Grimm (SMFS, Inc.)

“The realization that automation is not the answer to everything. I will be looking for products that help make people more efficient, instead of products offering to replace people. Amidst all this technology, you still need people.”
–JP Bourget (@jp_bourget), Founder and Chief Security Officer @ Syncurity

“I would like to see encrypted emails be the norm today.  Our egress points are getting more and more difficult to defeat, thus attackers turn to email and prey on unsuspecting humans for breaching systems. Email attacks are very effective.  If everyone used PKE (Public Key Encryption), that would go a long way to prevent humans being preyed upon.”
–“lonegray”, gray hat hacker

“I think one problem that needs to be prioritized is how businesses look at information and data security at a macro level. Today, many companies look at it as an overhead or cost center. Given the digital connected nature of everything we do, it should be viewed as a fundamental part of any service or product.”
–Kurtis Minder (@kurtisminder), CEO @ Group Sense, a Cyber Security Reconnaissance & Intelligence company

“With Cloud, outsourcing, and mobility, the traditional enterprise no longer exists.  I’d like to see enterprises focus their security investments where their assets and risks are instead of more network-based or desktop-based solutions that are stuck in another generation”
–Georgia Weidman (@georgiaweidman), Founder & Chief Technology Officer @ Shevirah Inc. and author of Pentration Testing: A Hands-On Introduction to Hacking

“FUD (Fear, Uncertainty, and Doubt). High pressure and perception of threat exploits a vulnerability in human OS, that leads to poor decision making. Tens of billions of dollars per year in security spending and we seem to be getting better at security slower than we get worse.” 
–Beau Woods (@beauwoods), Deputy Director @ Cyber Statecraft Initiative, Atlantic Council, Brent Scowcroft Center on International Security

While there may not be consensus, when you look at the answers in total, the experts see problems not just in the way the machines are manufactured, but in the ways humans use them. Sure some smart TVs, watches, tablets, and kitchen appliances have been rushed onto the market, but that’s been true about tech since the first personal computer arrived on store shelves. When looking at RSA for the technology that will make homes, offices, and cars more secure, we’ll need to both shop for new products and learn better practices in order to make a safer world.

Please share your thoughts about what you’d like to see come out of RSA: @onthevrgeof.

Read More