RSA Conference 2024 – The Art of Possible

By Prakash Narayan-

The annual RSA Conference 2024 which took place in San Francisco, California from May 6 through 9 attracted over 41,000 cybersecurity professionals to hear keynotes and break-out sessions on a wide range of topics in security and related areas in technology across 425 sessions.

They also got to see the latest products and services from the 600-plus exhibitors on the expo floor and also 50 plus companies in the Early-Stage Expo.

The theme for this year’s conference was “The Art of Possible” – a phrase that, on the one hand, inspires hope, but it also serves as a warning. That is never underestimate what is possible by the bad actors. “When organizations leverage the power of the cybersecurity community and work together as a collective whole while minimizing risk and working with the massive potential in artificial intelligence while safeguarding against its abuses,” said Dr. Hugh Thompson, Executive Chair of RSAC.

U.S. Secretary of State Antony J. Blinken provided the opening keynote address. He spoke about technology’s transformative impact on foreign policy and how the U.S. government is leveraging diplomacy to bring about an innovative, secure, and rights-respecting tech future. He mentioned that there are three novel developments that have led President Biden to elevate technology in our national security and in our diplomacy: 1. A new generation of foundational technologies are transforming our world – microelectronics, advanced computing and quantum technology, artificial intelligence, biotechnology, advanced telecommunication and clean energy technologies. 2. The distinction between the digital and physical realms is eroding. As a result, our cars, our ports, our hospitals are giant data stores and computing machines that are vulnerable to cyber-attacks. 3. Technologies increasingly need to be understood as stacks. The challenge is to harness this era of technology and channel it to provide greater stability and greater opportunity.

AI and GenAI, in particular, were the underlying thread that connected most sessions in the conference – whether it is in using AI to thwart attacks or providing the appropriate compliance guardrails to ensure the safe use of AI. The concept of AI extended to answering questions about how we use AI for good; how can we stop evil AI. Matt Radolec, VP of Incident Response and Cloud Operations at Varonis summed it best when he said, “AI is the biggest opportunity and biggest threat to your organization.” His talk was focused on how to avoid an AI breach. He gave an example of protecting Alzheimer’s research data. This is critical because if clinical research and medical data is altered and fed into an AI model for training, it could result in grave consequences. Attackers have attempted to break into critical systems like water, traffic, electrical grid and even the voting office. It is of paramount importance to secure all these systems from cyberattacks.

The other major topic of discussion at the conference was around building safety and trust in AI systems. What are the emerging standards? What are the recommendations for compliance and cybersecurity in the wake of the accelerated adoption of AI in the global marketplace? The panel on AI Governance and Ethics was moderated by Trevor Hughes, CEO of IAPP. The panelists were Barbara Cosgrove, Chief Privacy Officer at Workday; Ruby Zefo, Chief Privacy Officer at Uber; Emma Redmond, Head of EU Data Protection at OpenAI and Anu Talus, EDPB Chair. The discussion started with the EU AI Act – which heralded the first globally significant attempt to apply a regulatory framework to Artificial Intelligence. This act will be implemented in stages in terms of Codes of practice and banned/prohibited practices. While there is a rush to implement this, it is important to take a step back before codifying it. There are also several factors to consider: codes of conduct, interpretation, etc. However, this provides us with a significant framework to manage. Just as GDPR provided the framework for Data Privacy considerations that enterprises needed to take into account, the AI Act will serve as a guiding framework for the regulatory oversight of AI use in enterprises.

The fireside chat on the Road Ahead for Cyber and Emerging Tech Policy explored the White House policy considerations around emerging technologies, leveraging digital technologies for good, development of trusted telecommunications for 5G and 6G, and countering ransomware and illicit crypto activity. The chat was moderated by Niloofar Razi Howe, Operating Partner at Capitol Meridian Partners. The speaker was Anne Neuberger, Dy National Security Advisor of Cyber and Emerging Tech at the National Security Council in the White House. Countries and criminals see the opportunity to use digital systems to achieve certain outcomes in the geopolitical world. This exposes the vulnerability in the system making the community of cybersecurity professionals more critical than ever before.

As with all RSA Conferences, a panel moderated by Hugh Thompson, Executive Chairman RSA Conference draws the largest audiences as he talks with various celebrities. This year, the conversation was with Emmy-winning actor, Jason Sudeikis. Hugh talked to Jason about the “Ted Lasso Way” that has put smiles on the faces of millions of people around the world. Perhaps made us a little kinder and more focused on teamwork and collaboration. Jason talked about the awareness of the power of community and the importance of mental health needs. When asked about his favorite episode, Jason talked about the one where Roy Kent (played by Brett Goldstein) has an angry outburst when a fan heckles the team.

At this time, there is a lot of excitement and momentum around generative AI. GenAI is certainly disrupting every industry and looking to deliver increased productivity. The introduction of natural language interfaces in cybersecurity is one of the advancements facilitated by GenAI. It is, however, a double-edged sword. Threat actors are using GenAI to produce disinformation and manufacture false narratives to influence elections and conduct fraudulent schemes. The RSA conference was timely in providing the cybersecurity professionals attending with useful information on the landscape, the attack surfaces and the governance.

 

 

 

Related posts