RSAC Day 1 Theme: People And Tech Are ‘Better Together’

As the stage lighting turned up and the attendees settled down in their seats, there was a buzz of positivity in the air at the 2019 RSA Conference stage. The theme of this year’s conference is quite simply put as “Better.” Cue the surprise keynote Dame Helen Mirren, accompanied by the Oakland Interfaith Gospel Choir to appropriately deliver the opening performance song “Things Can Only Get Better.”

Mirren then delivered a moving message to kickoff the RSAC keynotes: “We are stronger, we are better, by being together.” After her call to action to take care of each other, she encouraged cyber security professionals to unite as a community against global threats.

Although the Conference literally kicked off with a song a dance, Mirren may have been on to something. There were a few themes strung throughout a lot of the sessions that show how the industry is working better together:

• Humans and technology must come together and neither one can stand on its own.
• Cyber security professionals are in the business of protecting trust, which requires transparency, accountability, honesty and reliability.
• Cyber threats require a multi-disciplinary effort. No one [person or organization] can do it alone.
• Security is the reason IT and OT teams are forced to work together.
• GDPR was more commonly searched than either Beyoncé or Kim Kardashian.
• The government and private sector can work together against new threats.

See Related: “EU Regulations Are Clamping Down On US Big Tech”

The Trust Landscape

RSA President Rohit Ghai and Cyber Security Strategist and Entrepreneur Niloofar Razi Howe, graced the stage with their predictions from now through 2049: As we stand at a remarkable inflection point in our digital evolution, facing an unprecedented assault on trust. In a hyper-connected world, where malicious or manipulative activity can be spread to millions in an instant, information itself is a battlefield with the power to erode trust in society’s most sacred institutions. How can we tackle such a consequential challenge?

The notion of risk must be properly defined in this modern digital context. Adopting the right understanding of risk not only restores our faith in what matters most but is ultimately the catalyst for human progress.

"What we protect is not applications or data or critical infrastructure. We are in the business of protecting trust: Trust in organizations and institutions that we cherish. Trust in digital technologies," explained Ghai.

Howe posed the question, “So, who do you trust? The human that can be manipulated by emotion or the machine that can be manipulated by data?” She also noted hat while “trust does not require perfection, it does require transparency, accountability, honesty and reliability.”

This brings us to their predictions. The duo explained that in 2049, there are 10 billion people inhabiting the planet. We almost ran out of water and trust. How did we save our future? Humanity went through five stages:

1. Agricultural
2. Industrial
3. Internet
4. Digital
5. And now Biodigital

Digital brought billions of people online with connected devices on multiple clouds, connecting everyone and everything — ushering in the Biodigital era. Digital technology is everywhere now — even inside us. It helps our bodies fight disease, sense danger and augment reality. All physical currency disappeared and there are two types of digital currency taking hold. “People are probably still losing money on Bitcoin,” Ghai predicts with laughs from the audience.

Ghai adds, “Key to winning in the Biodigital era is trust. Our technology must be trustworthy.” And we must be as well, but are we trustworthy? “Human beings have a habit of taking things for granted … until those things start to go away. Trust is to the economy what water is to life,” Howe adds.

Howe believes that fake and bias news, combined with defaced cyber security has caused individuals to lose faith … as the lines of fact, misinformation and opinion have blurred.

See Related: "5 Quick Tips To Strengthen Enterprise Security Advocacy"

The two went through more predictions over the span of 2019 through 2049. Here is a snapshot of some more key themes and thoughts from the session:

-During the 2020s, we faced the trust crisis said Ghai. “A wall was built … The Cyber Wall.” The RSAC community had an epiphany: We should begin to obsess about the trust landscape.

-Let us also resolve to help to forge the right character in our organizations, to do the right thing when no one is looking.

-Inspired by healthcare, the human body is loaded with 20 trillion bacterial cells. We cannot always eliminate the source of illness, but we can monitor it better. Trust is not about eliminated risk, but understanding, prioritizing and managing it. We have to teach information literacy so citizens can no longer be targeted.

-Every piece of technology will be capable of patching itself. Each technology can sense risk. “Technology grew a Spidey sense, like human intuition,” Ghai said.

-Risk is now a good four letter world. “Managing risk is about unleashing opportunity and not just about avoiding danger,” Howe said.

Perhaps the biggest takeaway from this keynote stage is this:

“Human and machines together are more trustworthy than either individually,” which Ghai deems as ‘trustworthy twins.’ Why? “We suck at remembering passwords … and some of us still click on cat dancing videos,” he said.  

“Humans are great at imagining and dreaming. Machines are great at investigative stuff,” said Ghai, who then explained the future cyber security center: It now looks like a drilling station on top of ocean of data, where humans prioritize questions to ask, while machines find the answers. He closed, “Digital twins work together to save trust.”

The Weaponization of AI

Fire. In the wild, it’s a force for destruction. Controlled, it powers civilization’s forward evolution. But containing phenomena — natural or manmade — is a devilish challenge. Innovations that strengthen our defenses can also fuel targeted attacks, so the weaponization of AI to amplify the impact of cyber attacks is enough to give anyone pause. Discussion of its delegation at scale across our organizations is a worthy conversation. What is the path forward to advance and protect human progress? How do we nurture sparks of innovation without burning bridges to the future?

McAfee SVP and CTO Steve Grobman took to the stage to explore the answers to these questions. So what’s the verdict?

“AI creates as many challenges as it solves … because it does not have a moral compass … But people do,” said Grobman. Something our industry struggles with when it comes to AI is that “technology doesn’t comprehend reality,” which brings us back to the reoccurring theme that people and machines need to work together.

Closing The IT/OT Gap

The robots are coming, and they are connected to the internet, as explained by Matt Watchinski and Liz Centoni of Cisco. Are we prepared to defend this new attack surface, which is exponentially greater than what we protect today?

Our primary focus of the last decade was identifying and containing costly data breaches. The new frontier of connected devices represents the next generation of threats. Watchinski and Centoni explain why you need to get in front of this cycle and how leaders can collaborate across security, information technology and operations to translate early lessons into successful defense strategies.

“We do not like to celebrate success in our business or personal lives,” said Watchinski. “We need to analyze both our successes and our failures. We need to see both sides.”

He also talked about research that showed by 2020, there will be more than 30 devices per person on this planet, to which Watchinski responded, “First thing I’m going to need is clearly, more pockets.”

Now, we have entire generations that look at the world and touch it, and swipe it, and talk to it, and that’s how they’re used to interacting with the world Watchinski explained.  

Our world is changing and the technology that we’re inventing in IoT is bleeding into our IT world. Eventually these technologies will bleed into our OT world. These changes will challenge us to be better at what we do.

Centoni discussed how to close the gap between IT and OT. “Security is the reason IT and OT teams are forced to work together. OT cares about people safety, equipment safety – not data loss. OT wants systems up and running even when there is an outage or failure.” She explained that “security in this world is a superset of what IT is important to secure, and what OT needs to keep safe. The #1 roadblock for getting IoT to scale is security.”

The FBI Perspective

FBI Director Christopher Wray discussed how the FBI’s unique position as the lead domestic US law enforcement and intelligence agency is central to US government efforts to counter criminal and national security cyber threats to the United States and its citizens. Director Wray discussed the cyber threats and technological challenges that face America.

See Related: “When Politics And Cyber Security Collide”

Wray said that while he knew cyber security was going to be a top priority in many ways — the scope, breath, depth, and sophistication of the cyber threats facing the U.S. "is unlike anything we have had in our lifetimes."

The different types of threats go on and on, but in particular we’re seeing an uptick in threat from international adversaries. What’s more? There’s also a blended threat to watch out for, where foreign criminal organizations enlist the help of hackers.

In last few months, Wray brought up different scenarios involving Chinese (IP) hackers, ransomware that has crippled hospitals and governments, international business email compromises, etc. In a single sweep they’re also covering different continents. What has happened of late with North Korea and Russia is just a “small sampling of what we’re facing.”

Wray said that the FBI is trying to stay laser focused ahead of the threats. Perhaps the biggest takeaway, Wray said that “From my view, today’s cyber threat is bigger than any one government agency. Frankly, bigger than government itself. It requires a multi-disciplinary response.”

Do the Russians still pose a threat? Absolutely, although Wray said that we have not seen a material impact on election infrastructure – but it’s more on influence campaigns. They put Americans against each other, so the FBI is responding by beefing up their role with a foreign influence task force. It brings together cyber, counter intelligence, criminal, cyber terrorism all together, while working with the DHS and NSA, in order to prepare for the 2020 elections. They also plan to have a lot more engagement with social media companies this time around, which was one of the topics in a recent Task Force 7 episode.

Wray explained that this is a great example of how the government and private sector can work together. And when it comes to China, “We’re not over-focused, but for too long we have been under-focused.”

As hackers’ most prized possession is anonymity, calling them out with public indictment allows them to not get anymore more work. “The FBI is patient, but also dogged. While China is playing a long game, so are we,” he asserted.  

For those trying to get into FBI, Wray offers his background experience having now been in and out of law enforcement … “the grass is browner.” There are hiring and retention rumors about the FBI morale that have been previously overstated according to Wray. “Actions speak a lot louder than words,” he said, adding that they have had more special agent applications in October than they have had in all of the prior years.

And they’re not just recruiting agents, but also computer scientists, data scientists, engineers, etc. “Our attrition rate is 0.5%,” he said. Wray closed out by talking about his trips to Quantico and various other locations, where he often talks to very diverse agent recruits to hear about their backgrounds: Some of them come from STEM backgrounds, they’re ex-Wall Street people. “It’s remarkable and inspiring.”  

See Related: “RSAC Opening Day Focuses On Cyber Security Talent”