By Prakash Narayan-
RSA(Rivest–Shamir–Adleman) Conference 2023 this year attracted over 40,000 cybersecurity professionals as well as tech enthusiasts to hear industry leaders, experts’ perspectives and learn about the incredible innovations and understand the industry’s best practices.
Held at Moscone Center in San Francisco from April 24 through 27, the theme for this year’s conference was Stronger Together – implying that we build on each other’s diverse knowledge by exchanging ideas; sharing success stories; and examining the failures, to create the next breakthrough. This is particularly true in cybersecurity – where the threat actors are constantly attempting to keep pace with the latest innovations.
At the heart of it all are Cybersecurity standards and guidance established by Government agencies (both in the US and EU) in collaboration with the industry. Laura Koetzle of Forrester Research moderated a panel on “What matters the most in these standards”. The panelists included Juhan Lepassaar, Executive Director, EU Agency for Cybersecurity; Dr. Laurie Locascio, Director of NIST and Patricia Titus, CISO at Markel Corp. A draft of the Cybersecurity Framework 2.0 (CSF 2.0) was released at the conference. The framework is based on existing guidelines and practices for organizations to better manage and reduce cybersecurity risk. There is the issue of these standards ensuring data privacy (with frameworks like GDPR) and data protection. The panel also talked about the AI Risk Management Framework established to promote trustworthiness in AI.
A weak link in Cybersecurity are the players within the firewall who unknowingly become victims. It is important to increase awareness and educate people. Towards this goal, a National Cyber Workforce Education and Training Strategy has been released (in March 2023). It addresses the following main areas: cyber workforce, cyber education and training, digital awareness. Camile Stewart Gloster from the White House Office of the National Cyber Director moderated a panel to discuss the Perspectives on the Developing Cyber Workforce Strategy. The panelists included Tara Wisniewski, EVP Member Engagement, ISC2; Michael Alicea, Chief Human Resources Officer, Trellix; Dr. Diana Burley, Vice Provost, Research and Innovation, American University. The National Cyber Policy is organized around an affirmative vision for a digital ecosystem that is defensible, secure, equitable and aligns with our values and interests. There needs to be a strong education and training apparatus to support entry, skilling and maintaining cyber skills. The major themes to establish this are: Cyber ecosystem and ethos to not only build awareness, but also to usher in the next generation of cyber professionals; invest in foundational cyber skills to navigate the technology that shows up in our lives every day – all the way from a nurse who needs to protect the patient’s data to a cyber security professional. There is, however, narrative problem. Collectively, we have done a good job (as Cybersecurity practitioners) in scaring folks. People need to understand the role that they play in his multi-disciplinary space, where you don’t only have to be an engineer. We should all increase awareness through training webinars, bootcamps, etc. After the RSA conference, I came across a very useful book that accomplishes the goals outlined above: “Security and Compliance – A Visual Guide” by Niharika Srivastav and Sanjay Saxena – published by CyberEdx.
The concluding session at every RSA conference is the Hugh Thompson Show – moderated by RSA Program Committee Chair Hugh Thompson. This year his guests included Christopher Lloyd (Dr. Emmett “Doc” Brown in the Back to the Future trilogy), Dr. Shohini Ghose, Professor of Physics and Computer Science at Wilfrid Laurier University and cryptographer, Paul Kocher. Shohini talked about Quantum Computing – how it is a paradigm shift in computing. Quantum computers can help us search through large data sets much faster – which, in turn, can help us solve grand challenge problems such as analyzing climate data. They can also be used in simulations for better drug development, materials design, etc. Quantum Computing today are, at best, solving problems that current computers already do. However, error correction is much harder in a Quantum computer. Shohini has also done seminal work on recognizing and highlighting the discoveries and contributions of women in physics and astronomy. She has written a book on this subject titled, “Her Space, Her Time”.
Paul Kocher won the RSA Conference prize for excellence in the field of Mathematics. He won the 2019 Marconi prize for the development of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol. Quantum Computing changes (asymmetric) public key cryptography – since all the current algorithms (RSA, ECDSA, Diffie-Hellman) fail. Paul said that there are two things that need to change to prepare for attackers benefiting from Quantum Computing: Signing keys used in hardware (and chips) need to be changed with something that is Quantum resistant – such as hash-based signatures that are robust. The other area is information with long term privacy requirements. The whole infrastructure needs to be hardened. The good news here is that NIST has published algorithms that are fast and free that can put into protocols. However, the bad news is that the switchover is hard to accomplish – since everything needs to upgrade simultaneously. We don’t know how to do this at scale.
With 650+ speakers, 605 exhibitors and 500+ members of the media, the RSA conference addressed issues around threat modeling and intelligence. The changing face of ransomware and malware was discussed at length. Finally, the challenges and opportunities presented by generative AI was a hot topic. Given that Cybersecurity impacts every facet of our digital lives, the RSA conference continues to be one the most important conferences to attend.