RSA Conference 2019 Wrap Up

Today in Security: RSA Conference 2019 Wrap-Up

Today marks the close of the RSA Conference (RSAC) in San Francisco, where roughly 40,000 attendees gathered for a week of discussions on cybersecurity and the current threat landscape.

Friday also marks International Women’s Day, and after facing criticism for the initial lack of diversity in its keynote lineup in 2018, RSAC addressed concerns to have women make up roughly half of the keynote speakers but said more work needs to be done.

​“While RSAC keynotes saw near gender parity this year, women made up 32 percent of our overall speakers,” wrote Vice President Curator of RSAC Sandra Toms in a blog post. “This brings about a pressing question: How can we expect more young women to enter cybersecurity if they don’t see many women presenting about it?”

In previous coverage, Security Management spoke to Andrea Limbago—a past and current presenter at RSAC—about diversity in cybersecurity and actions organizations can take to increase it in their workforces.

One major theme of the conference was a renewed focus on election security and disinformation campaigns ahead of the 2020 elections. In a keynote on the opening day of the conference, FBI Director Christopher Wray said that major foreign influence campaigns to “undermine our faith in democracy” continue and the Bureau is prepared for them to grow in 2020.

To address the threat, the FBI created a foreign influence task force that brings together cyber and counter terrorism experts to work with its field offices. The Bureau is also having more engagement with social media companies. Sometimes it provides information to these companies, which can then take action using their own tools to police their platforms by taking down accounts or other actions. Social media companies are also providing information to law enforcement, and Wray added that it’s a “great example of how government and the private sector can work together.”

Security Management took a look in the March 2019 issue at how the U.S. federal government is responding to election security threats.

“We need a whole-of-nation approach to counter Russia’s actions to try to weaken this country, and that’s very hard to do if you don’t have leadership from the White House,” said Suzanne Spaulding, former undersecretary for the National Protection and Programs Directorate at the U.S. Department of Homeland Security (DHS).

Along with disinformation campaigns, researchers are also seeing increased cyberattacks and activity whenever an election takes place, or a major news event occurs.

Kenneth Geers, CISSP, a COMODO senior research scientist and non-resident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, shared some of his recent research looking at cyberactivity around elections and major policy announcements in 2017 and 2018. 

​​For instance, he saw a massive spike in activity when U.S. President Donald Trump tweeted that Mike Pompeo would become his new secretary of state on 13 March 2018.

“Whatever’s happening in the paper, the cybersphere is a reflection of that,” Geers said.

Other major focal points at the RSAC this year were machine learning and the work that still needs to be done to effectively be able to use artificial intelligence to address security challenges, industrial control system security, phishing attacks continuous success, and mobile security.

Presenters from Google said that with 1.5 billion active users, Gmail sees more than 100 million phishing emails per day. To protect networks, and yourself, they recommended applying specific domain defenses, monitoring unusual account activity, ensuring outgoing emails are authenticated, using a password manager, and enabling advanced security operations for incoming emails.

One notable absence from this year’s conference was Adi Shamir, founder of RSA and Borman Professor of Computer Science at Israel’s Weizmann Institute. Shamir, who lives in Israel, applied for a visa but did not receive one from the U.S. government—prohibiting him from traveling to San Francisco for the conference.

In a video message to attendees before the annual Cryptographer’s Panel that he traditionally appears on, Shamir said that if he cannot obtain a tourist visa to visit the United States, “perhaps it’s time we rethink how and where we have these scientific conferences.”