RSA 2016: Two Themes Take Center Stage

By: Krista V. | Cyber Threat Intelligence Analyst, NJCCIC

The 25th annual RSA Conference was held last week in San Francisco, California, and while many topics were carried over from last year’s conference, one topic seemed to be at the forefront – Apple v. FBI. Unsurprising, considering the event attracts mostly hackers and cybersecurity professionals, was the overall sentiment in support of Apple’s pro-encryption stance. However, many of the speakers chose not to express harsh opinions of the FBI’s request, but rather shed light on the true heart of the encryption debate, focusing less on whether the FBI was right or wrong in its court order requesting Apple’s assistance to unlock the San Bernardino shooter’s iPhone.

The President of RSA, Amit Yoran, stated that he believes law enforcement’s stance on this issue is misguided, while Arthur Coviello, former head of RSA Security, believes that it is time to put away partisan bickering, which only helps our adversaries. Brad Smith, president and chief legal officer of Microsoft, stated that he would stand with Apple and believes that encryption technology should remain strong.

A panel on cryptography continued with the theme of privacy and security in their discussions. Cryptologist Martin Hellman expressed his opposition to the FBI’s request but sympathized and believes the community needs a solution that can serve both, and encouraged everyone to put themselves in the other’s shoes. Israeli cryptographer Adi Shamir took a less popular stance, stating that he believes that Apple did not choose the best case to argue their point.

The Director of the National Security Agency/Central Security Service (NSA/CSS), Admiral Mike Rogers, spoke on the encryption issue and stated that he believes it is the government’s job to ensure privacy and liberty, for that is the foundation of this country. He encouraged everyone involved in the debate to stop talking past each other and start talking to each other, in order to pursue compromise. Ashton Carter, US Secretary of Defense, stated that he is pro-encryption and anti-backdoor, further complicating the government’s position.

The second apparent theme this year was the insufficient supply of qualified cybersecurity personnel to fulfill demand, and with good reason. Accenture reported that 45 percent of companies have trouble finding qualified security experts. In an environment where the adversary almost always has the advantage, having the right people defending systems becomes all the more important. Chris Young, Senior Vice President of Intel Security, emphasized his concern for the skills shortage in the cybersecurity field, and Secretary of Defense Ashton Carter further discussed the need for innovation. In addition to human capital deficiencies, the cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology.

Yoran encouraged companies to free their employees to problem solve and be creative, to explore more unconventional ways to counter the adversary’s operations. Dmitri Alperovitch, co-founder and Chief Technology Officer (CTO) of CrowdStrike, explored one area in particular: while it is easy for adversaries to breach a network, determining the next course of action once an intrusion is detected can be extremely difficult. It is at this point that well-prepared network defenders can take the upper-hand and work to actively defend the network. The takeaway for cybersecurity professionals is that we must never stop learning and seeking new ways to counter the adversary in this ever-evolving threat environment where defenders are almost always at a disadvantage.

For a complete listing of articles that recap the RSA Conference, visit CyberWire.