Today marks the close of the RSA Conference (RSAC) in San Francisco,
where roughly 40,000 attendees gathered for a week of discussions on
cybersecurity and the current threat landscape.
Friday also marks International Women’s Day, and after facing
criticism for the initial lack of diversity in its keynote lineup in 2018, RSAC
addressed concerns to have women make up roughly half of the keynote speakers
but said more work needs to be done.
“While RSAC keynotes saw near gender parity this year, women
made up 32 percent of our overall speakers,” wrote Vice President Curator of RSAC
Sandra Toms in a blog post. “This brings about a pressing question: How can we
expect more young women to enter cybersecurity if they don’t see many women
presenting about it?”
In previous coverage, Security Management spoke to Andrea Limbago—a past and current presenter at RSAC—about diversity in cybersecurity
and actions organizations can take to increase it in their workforces.
One major theme of the conference was a renewed focus on
election security and disinformation campaigns ahead of the 2020 elections. In
a keynote on the opening day of the conference, FBI Director Christopher Wray
said that major foreign influence campaigns to “undermine our faith in democracy”
continue and the Bureau is prepared for them to grow in 2020.
To address the threat, the FBI created a foreign influence
task force that brings together cyber and counter terrorism experts to work
with its field offices. The Bureau is also having more engagement with social
media companies. Sometimes it provides information to these companies, which
can then take action using their own tools to police their platforms by taking
down accounts or other actions. Social media companies are also providing
information to law enforcement, and Wray added that it’s a “great example of
how government and the private sector can work together.”
Security Management took a look in the March 2019 issue at
how the U.S. federal government is responding to election security threats.
“We need a whole-of-nation approach to counter Russia’s
actions to try to weaken this country, and that’s very hard to do if you don’t
have leadership from the White House,” said Suzanne Spaulding, former
undersecretary for the National Protection and Programs Directorate at the U.S.
Department of Homeland Security (DHS).
Along with disinformation campaigns, researchers are also
seeing increased cyberattacks and activity whenever an election takes place, or
a major news event occurs.
Kenneth Geers, CISSP, a COMODO senior research scientist and
non-resident senior fellow at the Atlantic Council’s Cyber Statecraft
Initiative, shared some of his recent research looking at cyberactivity around
elections and major policy announcements in 2017 and 2018.
For instance, he saw a massive spike in activity when U.S. President
Donald Trump tweeted that Mike Pompeo would become his new secretary of state
on 13 March 2018.
“Whatever’s happening in the paper, the cybersphere is a
reflection of that,” Geers said.
Other major focal points at the RSAC this year were machine
learning and the work that still needs to be done to effectively be able to use
artificial intelligence to address security challenges, industrial control
system security, phishing attacks continuous success, and mobile security.
Presenters from Google said that with 1.5 billion active users,
Gmail sees more than 100 million phishing emails per day. To protect networks,
and yourself, they recommended applying specific domain defenses, monitoring
unusual account activity, ensuring outgoing emails are authenticated, using a
password manager, and enabling advanced security operations for incoming
One notable absence from this year’s conference was Adi Shamir,
founder of RSA and Borman Professor of Computer Science at Israel’s Weizmann
Institute. Shamir, who lives in Israel, applied for a visa but did not receive
one from the U.S. government—prohibiting him from traveling to San Francisco
for the conference.
In a video message to attendees before the annual Cryptographer’s
Panel that he traditionally appears on, Shamir said that if he cannot obtain a
tourist visa to visit the United States, “perhaps it’s time we rethink how and
where we have these scientific conferences.”