Fraud Management & Cybercrime , Governance & Risk Management , Incident & Breach Response

15 Highlights: RSA Conference 2019

Cybersecurity 'Things Can Only Get Better' as Conference Marks Its 28th Year
15 Highlights: RSA Conference 2019
The refurbished Moscone Center played host to RSA Conference 2019 in San Francisco.

More than 42,000 attendees visited San Francisco's Moscone Center in March for RSA Conference 2019.

See Also: Safeguarding Election Integrity in the Digital Age

The event celebrated multiple firsts, including a newly rebuilt Moscone Center for holding all of those attendees; a new full-day track, hosted by Bruce Schneier, focusing on public interest technology; as well as a public commitment by RSA and its sponsors to put more women front and center on the stage of what is arguably the world's most high-profile cybersecurity conference.

28th Annual RSA Conference

Calm before the RSA opening keynotes

Not for the first time, the keynotes and briefings at the annual RSA conference - now in its 28th year - covered a massive array of topics. A grand total of 621 sessions offered insights on privacy, hackers, cyber extortion, machine learning, artificial intelligence, human psychology, legal matters, career advice and internet-connected device concerns and much more.

But first, the information security conference started with a bit of spectacle.

Prime Subject? No Mystery

Helen Mirren

One reason to get to the 8 a.m. keynote presentations on the Tuesday when the RSA briefings kicked off: The guest stars.

Enter Helen Mirren, star of stage and screen, who delivered an opening monologue praising the cybersecurity community for its collective efforts.

RSA Conference 2019 keynote audience

"Together you stop the cyber underworld from growing out of control. ... You are a hero," Mirren told the audience members.

'Things Can Only Get Better'

Opening RSA keynotes

RSA turned up the British dial even more, as members of the cybersecurity community joined a gospel choir onstage to deliver their rendition of British pop singer Howard Jones' "Things Can Only Get Better."

Synergy alert: Better is also the theme of this year's conference, featured everywhere from the conference billboards to bags.

Women Own the Stage

Cybersecurity strategist Niloofar Razi Howe at the opening keynote

One of the things the RSA conference strove to do better this year was to feature more women in speaking roles. Whereas previous years had many all-male lineups, often featuring executives from RSA, McAfee and Microsoft, followed by all-male participants in the Cryptographer's Panel, this year's program included much more female participation.

RSA keynoters

At the opening keynote presentations on March 5, Niloofar Razi Howe, a cybersecurity strategist and entrepreneur, was featured along with RSA President Rohit Ghai, looking at how cybersecurity must evolve to meet the needs of tomorrow's society, be it privacy or addressing energy and water shortages. But above all, security must be trustworthy.

"Trust does not require perfection. It requires transparency, accountability, honesty and reliability," Howe said (see: A Vision of the Role for Machines in Security).

Security Versus Dancing Cats

RSA President Rohit Ghai

But it's 2019 and clearly, much about cybersecurity could be better.

"We suck at remembering passwords. We struggle to process large amounts of data. And yes some of us still click on dancing cat videos," RSA's Ghai told the audience.

Internet-Connected Device Challenges

Liz Centoni, general manager for Cisco IoT

Meanwhile, Matt Watchinski, vice president of the global threat intelligence group for Cisco Talos, contemplated the sheer number of internet-connected devices that will soon exist, estimating it will hit 250 billion by 2020. "Clearly I'm going to need more pockets for all of these devices," he said.

Liz Centoni, general manager for Cisco IoT, outlined the clear and present cybersecurity dangers. "It's not unusual for customers to tell me that they don't know 40 to 50 percent of what's in their environment," she said.

RSA: Something Missing

Missing from this year's Cryptographer's Panel: Adi Shamir, who "spoke" at the opening RSA Conference 2019 keynotes via a prerecorded video, from Israel

Something else that could have been better: The U.S. State Department getting its visa act together.

Notably absent from this year's RSA, including its annual Cryptographer's Panel: Adi Shamir, the "S" in the RSA public-key cryptosystem, which Ron Rivest, Shamir and Leonard Adleman developed in 1977.

Addressing the conference via a prerecorded message, Shamir, an Israeli national, said his request for a U.S. tourist visa had not been approved or denied. If the U.S. couldn't get its act together, Shamir suggested that RSA take the show somewhere else.

Shamir said he'd been planning to present new research on the security of AES. "I'll have to break the news at some other time and place," he said.

Choices, Choices

RSA keynotes

How's this for choice? Four days of briefings, more than 30 keynotes - including Tina Fey on the closing day - as well as choosing from 740 speakers, via presentations at Moscone Center - North, South, West - and the Marriott Marquis.

Of course, there are some things in life you can't control - namely, the weather.

Exiting Moscone West

Thankfully, RSA Conference 2019 avoided last year's unrelenting deluges. Mostly.

Moscone Gets a Refresh

Moscone Center South

The long-running renovation of Moscone Center North and South has finally concluded, resulting in new buildings that feature more open and well-lit interiors.

Unfortunately, the Marriott Marquis remained a construction zone, with hotel staff resorting to using paths of colored tape in an attempt to route conference goers and hotel guests alike past temporary walls.

700 Exhibitors

Moscone Center exhibition hall

RSA Conference 2019 also featured more than 700 exhibitors across the redesigned Moscone North and South exhibition halls.

Feds Focus on Chinese Counterintelligence

FBI Director Christopher Wray speaks with Lawfare's Susan Hennessey

No information security conference these days would be complete without focusing on nation-state hackers. While the specter of Russia's ongoing attempts to interfere in Western elections ran throughout the show, FBI Director Christopher Wray used an opening keynote slot to hammer home the threat posed to the U.S. by China.

FBI Director Christopher Wray

In a conversation with Lawfare's Susan Hennessey, Wray noted that nearly every FBI office has an investigation underway that looks into alleged Chinese counterintelligence operations. Wray said that after returning to the bureau from a private law practice two years ago, he was surprised by the sheer scale of China's counterintelligence efforts.

"There is nothing like it. I am not someone who is prone to hyperbole, but ... the thing that shocked me was the breadth, depth and the scale of the Chinese counterintelligence," Wray told the RSA audience.

Experts Dissect the Latest Trends

ISMG's Tom Field speaks with AT&T Cybersecurity's Javvad Malik at ISMG's Marriott Marquis studio

What's the best way to take the pulse of all the other topics that are on information security professionals minds? One proven strategy: See what they have to say. To that end, Information Security Media Group conducted video interviews with more than 150 information security practitioners, including numerous CISOs, as well as executives, threat researchers, leading legal experts and more.

ISMG's studio at Broadcast Alley in Moscone Center West

On the agenda: Recent mergers and acquisitions, including NTT Security buying WhiteHat Security as well as what's in store for since AT&T just rebranded its AlienVault acquisition as AT&T Cybersecurity.

Meanwhile, practitioners paid close attention to matters pertinent to their role as CISOs.

Former CISO Thom Langford spoke about how he'd hit bottom and battled his way past burnout, while CSO Andrew Rose talked about how he'd been putting into practice many of the great ideas he gathered while serving as a Forrester analyst, most recently at Vocalink, which is a MasterCard company.

Excerpt from ISMG's interview schedule

Beyond that, topics ranged far and wide, including the privacy imperative now facing organizations, lessons learned from GDPR notification and threat researchers reviewing why cyber extortion - and especially more advanced phishing - seems unstoppable, as does U.S. bank card fraud.

Experts from industry and law enforcement also shared the latest insights into cybersecurity awareness and upskilling, as well as how the FBI is battling election interference attempts.

NSA Offers a Free Tool

Rob Joyce, a senior adviser on cybersecurity strategy, NSA

"Psst - hey buddy, want a free reverse-engineering tool?"

So went the pitch from the National Security Agency's Rob Joyce, who took to the RSA briefing stage to announce the release of a home-built tool - Ghidra - from the agency for reverse-engineering software (see: NSA Pitches Free Reverse-Engineering Tool Called Ghidra).

"For the record, there's no backdoor in Ghidra," he said, prompting laughter. "This is the last community [to which] you'd want to release something with a backdoor."

RSA Conference 2019 information panels

Joyce said the tool has been built by the NSA to meet very particular requirements. "We use it across the two main missions of the NSA: cybersecurity and foreign intelligence," he said. The software helps with security validation - ensuring that a box or device does what it says it does, and nothing more - as well as malware analysis, discovering vulnerabilities and simply taking a deep dive into any type of software.

"Doing software reverse-engineering is like working a puzzle - you're given a binary and you're trying to get back to an understanding of what it is and what it does," Joyce said.

While the tool is now free and in the public domain, Joyce did admit to having some ulterior motives: The NSA wants to foster more skilled interns that it can turn into salaried employees.

First, however, it wants to help students learn to become better reverse engineers.

"If I go to a school and I see Ghidra, that [will be] a huge measure of success," Joyce said. "I'll be really transparent: That education also helps us."

More Cybersecurity Professionals Please

RSA Conference 20198 theme: Better

Better education isn't being demanded just by NSA. It's a truism of the field that more needs to be done, not just to educate professionals but to produce more of them.

For example, ISACA, the international professional association focused on IT governance, conducts an annual survey of cybersecurity professionals (see: The Future of Cybersecurity Education - Part 1).

Source: ISACA

No surprise about the findings: Businesses say they're desperately seeking more cybersecurity professionals.

Backdoors Are Still Bad

RSA Conference 2019 Cryptographers panel: Zulfikar Ramzan, Ron Rivest, Shafi Goldwasser, Whitfield Diffie, Tal Rabin, Paul Kocher

Word of warning to cybersecurity professionals: Be responsible.

That's because backdoors are back. Or rather, they never left. And the annual Cryptographer's Panel on the opening morning hit the topic hard, launching a broadside against backdoors and those who love them or facilitate them, on the heels of Australia having passed controversial legislation that can send developers to jail if they don't build government-mandated backdoors into software.

"Watch your step - Moscone Center exhibition hall

"The laws of mathematics may be all well and good, but the laws of Australia apply in Australia," said cryptographer Whitfield Diffie.

Paul Kocher said the matter involves a question of ethics: "If anyone should go to prison, It should be developers who sneak backdoors into their products. Secret backdoors are kind of like pathogens, and governments have done a terrible job of not managing them," he said, referring to how NotPetya was apparently a collection of exploits built by the NSA, which lost control of them.

"People in computer science are realizing more and more that this ability to draw on computation is giving us an immense amount of power, but also responsibility," said Shafi Goldwasser, director of the Simons Institute for the Theory of Computing.

"The road to hell is paved with good intentions," said Ron Rivest, the "R" in the RSA cryptosystem.

RSA 2020: Save the date

All photographs by Mathew Schwartz

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.