RSA Conference 2022 – TRANSFORM

Prakash Narayan-

Prakash Narayan

The 2022 RSA conference was held at Moscone Center in San Francisco from Jun 6 through 9, and the earlier one from Feb 24 through 28, 2020 turned out to be a bookend to the Global Pandemic. In our coverage of the 2020 conference, we mentioned that there were “concerns surrounding the novel coronavirus or COVID-19”. Little did we realize, at that time, the impact that the virus would have on all our lives. So, in a sense, it felt that we have come a full circle with the RSA conference in 2022. After being sheltered in place for 2+ years, it was clear that people wanted to come out and participate in in-person events. While the number of attendees were not at the 40,000+ level in 2020, over 22,000 people and 450+ exhibitors attended the 2022 conference. It was good to see that the organizers had stringent protocols in place that required attendees to show proof of being vaccinated before they could even collect their badges.

The theme of this year’s conference was TRANSFORM. During the pandemic, we have seen several cybersecurity incidents play out. The prominent one among them was the ransomware attack on the Colonial Pipeline Company in May 2021. This resulted in the suspension of transporting 100 million gallons of fuel between Texas and New York and, thus, disrupting the supply chain. All of us felt the impact of this by seeing fuel prices at the pump go up by over 10¢. Security teams have increasingly been tasked with protecting critical assets with an always-on, always-connected workforce. The security industry has changed, has evolved, has transformed. This transformation is ongoing.

 

Chris McCurdy, VP and GM of IBM Security Services, spoke of “Staying Secure in Today’s High stakes World”. We have all seen work sites display “Safety Moments” – where they mention the number of days without an accident at the site:

 

Essentially, this is conveying the message that Safety is not just the responsibility of the frontline / hard-hat workers.

 

Similarly, we should have displays for “Security Moments” – number of days the enterprise has operated without a Cybersecurity incident. This would start communicating the message to the workforce that Cybersecurity is not just the responsibility of the CISO. Of course, the CISO would still have the responsibility of aligning the business objectives and the cybersecurity initiatives. By promoting a culture of strong information security, CISOs can facilitate broad Cybersecurity awareness and a cultural change across the organization.

 

Data theft is no longer a lucrative business.  It is difficult to monetize and expensive to carry out. Ransomware is easier to deploy and has become more ubiquitous. The JBS Meats incident (which occurred around the same time as the Colonial Pipeline event) was a seminal moment for Cybersecurity in the enterprise. The focus for Cybersecurity is shifting. Five years ago, the attention was on data exfiltration and regulatory compliance. The focus now is on prevention, detection and response to ransomware.

During the pandemic, we became increasingly dependent on the supply chain infrastructure. This did not go unnoticed by the Cybersecurity attackers. With this in mind, Chris invited the CISOs of two of the largest Supply Chain vendors to join him on stage:

 

Fernando Madureira of Cosan and Charles Tango of Sysco. Cosan is one of the largest economic groups in Brazil. Over 50% of the economy is Brazil uses Cosan for their logistics. Sysco is the global leader in distributing food and non-food products to restaurants, healthcare and educational facilities. They mentioned that the attack surfaces are expanding. Earlier, CISO’s were concerned on the digital perimeter of the enterprise. Now, they are all hyper-focused on the interconnected supply chain. The Operational Technology (OT) environments are required for enterprises to interact with the physical world. This combined with over hundred thousand iOT devices that enterprises need to monitor are resulting in the expansion of attack surfaces.  The CISOs talked about building a security strategy around the principles of Zero trust to combat this. Zero trust is about fundamentally changing the underlying philosophy and approach to enterprise security – with a shift to a dynamic, identity-centric and policy-based approach.

Gary Steele, CEO of Splunk, spoke on the topic of “Strengthening Security in the Era of Digital Transformation.” He spoke about Security teams needing a data-centric strategy to meet evolving challenges and threat landscapes to achieve a strong security posture.

The three challenges that remain are:

  1. Threat Landscape – which has continued to evolve
  2. Complexity – as mentioned in the earlier session by Chris McCurdy, Gary talked about the growth in the attack surface. Moreover, the existence of multiple tools and multiple dashboards makes it hard for a security professional to put it all together in a single pane of glass.
  3. Silos – the very nature of modern software implies that there are silos. The application environment is monitored by the NOC (Network Operations Center) and the data is monitored by the SOC (Security Operations Center). This creates an impediment from a security point of view.

 

A data-centric approach to security enables three critical outcomes:

  1. End-to-end visibility – being able to see across your entire infrastructure (which can span multiple clouds + on-prem assets)
  2. Accelerated detection and response. With all the data in one place, one can make quick decisions and drive great outcomes.
  3. Improved cyber resilience – including meeting the privacy and compliance initiatives.

 

He included a video from Mike Hughes, CISO of REI, who said, “Security is not a milestone. Security is a journey”

 

Every year, RSA has a non-technical, inspirational talk. A few years back (in 2016), Diana Nyad talked about her incredible accomplishment when, at the age of 64, she became the first person to have swum (on her fifth attempt) from Cuba to Florida (a distance of 110 miles) without the aid of a shark cage. While these are not security experts, they provide inspiration to the audience. These talk challenge the audience to think differently. Malcolm Gladwell, Doris Kearns Goodwin and Zak Ebrahim have been some of the other non cyber expert speakers in the past.

 

The inspirational speaker this year was Jake Wood, an American military veteran and social entrepreneur. He spoke about Team Rubicon. As a veteran (Iraq war in 2007 and Afghanistan in 2008), he saw first-hand the impact of post-traumatic stress disorder and began advocacy work for military veterans. He co-founded Team Rubicon in response to the earthquake in Haiti in 2010 – to help with the rescue and recovery efforts. Since then, Team Rubicon has been part of the response team for over 300 natural disasters – ranging from international operations in Pakistan (2010 floods), Chile (2010 Chile tsunami), Burma, Sudan, Ecuador, Nepal, Greece, Turkey and Hurricane Dorian in the Bahamas.

Jake was also signing his book, “Once a Warrior”, which outlines what American veterans are capable of and how he developed Team Rubicon.