Quick Take on RSA Conference
Soon I’ll be heading down to Moscone Center for what will be my last session of the conference. It’s been a great week, although not everything turned out quite as planned. I saw many old colleagues and friends and found enough time to walk the exhibit hall extensively and reload my knowledge of many vendors. I also attended the CSA Summit on Monday and the opening keynotes. I made it to less than of my “top 10” sessions, but I did attend two excellent ones I hadn’t planned on.
So far, I’ve only covered Jim Kobielus’s talk, which I cleverly retitled to Securing the Internet of Things and People (IOPT). But I’m sure I’ll come up with one or two posts on the All-Star Future of Authentication panel featuring Eve Maler, Bob Blakley and other luminaries from the identerati.
I’ll also write about Richard Clarke’s opening keynote for the CSA Summit, in which he shared his perspectives from participating in White House review committee on mass surveillance. A common theme I saw from Clarke and from some of the lawyers and academics on a later panel about international law and cyberspace was to gloss over any possibility of accountability or culpability for the operatives and politicians that surreptitiously established mass surveillance here in the heartland of democracy.
To Clarke’s credit, however, he did bluntly say that mass surveillance, in the wrong hands, could lead to a police state, and once a country “turns on” such a state it cannot be turned off. He shared some good recommendations for reducing the chance that such a thing could happen, especially in the event of “another 9/11.”
Following William Shatner’s ridiculous rendition of “Lucy in the Sky with Diamonds” (the Girl with the APT eyes) RSA’s Art Coviello also had some recommendations for reforming our sorry cyber-state in his opening keynote. After gingerly touching on the allegations the NSA paid his company for weakening encryption technology, he recommended government reforms similar to Clarke’s proposals but also advocated for an international cyber-weapons control treaty. I will be writing about Clarke and Coviello’s recommendations later, and also about a controversial panel of lawyers and academics, some of whose members said the U.S. administration was not culpable under the law and that the concept of cyber-weapons control is laughable.
Meanwhile, the threat landscape remains as ominous as ever and the security industry is busy. I had a number of vendor briefings with cloud security, identity management, anti-malware sandbox, secure web gateway and other types of vendors – some of which I hope to describe in the coming days.