The Annual RSA Conference, held at the Moscone Center in downtown San Francisco seems to have a happy knack of coming around each year just as something juicy and controversial is challenging the security industry.
This year, it’s the Apple versus the FBI controversy that is playing out in courts across the United States.
During a private briefing before the official conference start, RSA’s CEO Amit Yoran said there was a potential “policy catastrophe” looming. As he spoke those words, a court in New York dismissed the FBI’s request to compel Apple to create a mechanism to bypass an iPhone’s passcode security in a case involving a drug dealer – a case that mirrors the headline-grabbing case in San Bernardino involving the murder of 14 people by a husband and wife terrorist team.
This year’s conference, the event’s 25th anniversary, began with a look back at the history of IT security over that time. Then, as the event traditionally opens, a musical item, performed by acapella quintet Pentatonix, created a cyber-security laden song. It was not as entertaining as William Shatner’s version of Lucy in the Sky with Diamonds from 2014.
Yoran then launched into his opening keynote, beginning with a look into the theft of personally identifiable information from ANTHEM to the Office of Personnel Management and Ashley Madison.
Preventative technologies, says Yoran, won’t work in the future as the number of data sources and end-points we have to protect will grow exponentially. Yet we continue to invest in the same protection solutions expecting a different outcome.
“Are you looking at security’s future or clinging to the past?” he asked the packed auditorium.
Amit announced RSA is releasing its own behavioural analytics solution this week, at the event. This has been prefaced over the last couple of years as the company has increased their focus on security analytics.
AI has, for many years, been considered a significant part of the future of security. But Yoran pointed out AI systems today are based on a common assumption – the rules and environment they operate in are fixed. But cyber-criminals aren’t constrained in the same way.
“We aren’t constrained by technology’” he says. The problem is a lack of creativity.
Countering the argument that the industry is suffering from a dearth of trained professional, Yoran gave the room the same advice he gives his children.
His advice was to train hunters who were unconstrained by traditional, linear thinking and embraced free thinkers and curiousity to interactively seek breaches and block potential breaches.
“If your security program is focussed on compliance, you’re doing it wrong,” he added.
In responding to the increasing desire of law enforcement agencies to bypass security. “Weakening encryption is solely for the ease and convenience of law enforcement,” says Yoran.
Noting that the Attorney General, director of the FBI, many members of Congress and state governors, as well as international “security czars” are present at the conference this year, Yoran notes the importance of a constructive dialog in order to manage the needs of commerce, users and law enforcement.
Following Yoran’s opening, former RSA Executive Chairman Art Coviello’s long career in information security was recognised and rewarded with a Lifetime Achievement Award. The awards are given at the opening of each year’s conference but only when a recipient is deemed worthy of the award.
Coviello received his award from previous recipient and former RSA CEO Jim Bidzos.
“It’s time to put aside partisan bickery,” Coviello says. When the government gets it wrong, Coviello says the security industry must work towards educating.