news from RSA 2014
RSA, which has seen record attendance this year, has also spawned a crop of collateral or competing conferences.
One of the more interesting competitors, TrustyCon—effectively a protest against alleged industry complicity in government surveillance—met yesterday, and we link to some TrustyCon stories in the RSA section below. Legal observers at TrustyCon think Lavabit was "no unicorn," that we'll see similar legal pressure to breach privacy expectations in the future. Google engineers call for the "Certificate Transparency" their company has advocated (and worked toward) as a means of reducing risks associated with certificate-based threats. Other symposiasts warn that automated update services may represent the next surveillance attack vector.
The split between the two conferences mirrors a divide in the cyber sector itself, into what might be called its libertarian and national security wings. The split is by no means clean and unambiguous—many, arguably most, companies bear feathers from both wings. Both camps advocate encryption; both find much to love about anonymity (and anonymization).
Richard Clarke thinks fixation on perimeter defense left NSA vulnerable to Edward Snowden's insider threat and the disclosures that opened, for good or ill, this divide. (Those disclosures have made changes in surveillance policy inevitable, as news from outside RSA 2014 suggests: see stories on GCHQ webcam snooping and NSA Director Alexander's expressed willingness—in what may have been his last testimony before Congress as Director—to change the direction of his agency.)
Other RSA 2014 presentations covered the challenges of getting C-suite support for security. CISOs are warned on the necessity of anticipating breaches to prepare disclosure, mitigation, and remediation. The realities of cloud security are said to be less grim than widely thought, but also more poorly understood than hoped. Industry trends include the rise of "spooks-as-a-service" and the security uses of big data.
The expected exploit demonstrations and product launches continue: some of the more interesting are linked below.