RSAC 2019: Security and the unforeseeable consequences of technological advance
There was much talk at RSAC 2019 of the importance of cloud and application-layer security. We've heard has been that security is increasingly focused on the cloud, and on the application layer.
Listening to senior US Government participants in RSAC, it's clear that the US has come to view China, and not Russia, as the nation's most serious rival in cyberspace. Decades of mutually beneficial engagement in trade seem to have run their course, and the two countries have moved into a period of enduring competition. The two countries have, according to senior official of both NSA and CISA, quite different goals. Russia is, in general, interested in disruption, in tearing the opposition down, and is willing to undertake whatever activities will serve that end. It's opportunistic, and it's been very active in information operations. China, in contrast, is interested in influence, and in building itself up. Thus its characteristic activities have been industrial espionage. Looking forward, however, these and other inveterate nation-state threat actors from Iran and North Korea can be expected to pose a growing threat to critical infrastructure.
And, of course, one of the enduring themes is the continuing importance of sound digital hygiene. NSA's Rob Joyce was particularly clear on this point. He recommended that smaller enterprises take full advantage of the security advantages cloud migration can give them.
Many people talked about the coming rollout of 5G technology. Much of the discussion was inevitably about concerns surrounding Chinese manufacturers and their place in the emerging 5G market. But there's a deeper problem, one that NSA's Joyce raised. 5G, with its high speed, low latency, and pervasive application to the Internet-of-things, will inevitably serve as a fabric on which future innovation will proceed. That innovation is inherently unpredictable. But we can confidently assume that it will be diffuse and decentralized, that it won't proceed in response to clearly formulated requirements, and that, as it occurs, it will drive us to trust the 5G fabric, whether that fabric merits trust or not.