This is an interview with Linda Lynch, RSA Conference Europe Manager and Herbert “Hugh” Thompson, Ph.D, Chief Security Strategist, People Security and RSA Conference Program Committee Chair.
What are the main themes of the RSA Conference Europe this year? This is an obvious question, but the threat seems to shift every year.
LL: Three of the dominant themes are mobile security, advanced persistent threats and cloud security, and you will see a fourth this year: hacktivism. We have quite a few sessions that touch on each of these topics, both from a tactical perspective and from a business perspective.
HT: It’s going to be a fascinating year, it seems so much has happened in the past year since the last Conference and you will see all that reflected in the agenda.
Not surprisingly, we have quite a lot this year on mobile security. There are a couple of reasons for that in that there have been some big developments in that space. From a corporate perspective the main question is still how do we deal with all these unmanaged devices? How do we create safety-nets around them? There will be a lot of sessions on the technical side like malware but on the management side of things too. How do you deal with e-discovery for mobile devices for example?
Hacktivism, attacks against systems that are primarily politically motivated, has dominated the headlines this past few months. We have a specific hot topic panel that will look at hactivists, examining their motivations and how this changes what we do in IT security.
There will also be several presentations on advanced persistent threats (APTs), how are they playing out in practices and the techniques these folks are using.
The RSA keynote will be particularly interesting as it will provide insights into the period of time earlier this year when RSA was the subject of a very sophisticated and targeted advanced persistent threat attack. The attack was an attempt to thwart the functionality of RSA’s widely used RSA SecurID authentication technology. Tom Heiser’s keynote will give details of what RSA learned about this type of attack.
Cloud Computing is still heavily represented in the agenda. How have security issues around cloud evolved over the last year, if at all?
HT: Yes, we still have a lot of sessions on cloud security both in the keynotes and general sessions, and those really matured significantly from a discussion perspective.
Like any new model/technology, using cloud services also brings risks. Those risks include: collateral exposure to attacks against another customer of the cloud service provider; getting past audits when you do not have good visibility into the cloud provider, issues involving electronic discovery, and a lack of visibility into the movement and treatment of data. These risks, and strategies to mitigate them, will be discussed heavily at RSA Conference Europe 2011.
A couple of years ago the discussions were quite basic but now they are looking at specific areas like service level agreements with providers, what sort of language companies have to include in there? How do we audit third party providers, multi-tenancy for example, or e-discovery or that kind of shared environment?
Recently the US encountered some serious problems regarding the country’s information security. What is the situation in Europe?
HT: No country is fully prepared for the new types of threats that exist in cyber space. Cybercrime has matured, and criminal organisations now behave like corporations and are highly skilled and motivated. Additionally, in the past year we have seen the rise of hacktivism. We’ve also seen a set of “advanced threats;” attacks which combine technical and social skill to attack large enterprises in novel ways. Given these shifts, we need to rethink security, and what it means to be “secure”. We need to come together with public and private partnerships to share information and stay ahead of attackers. That coming together, that sharing, is the essence of RSA Conference.
LL: Our latest addition to the keynote line-up is Stefano Grassi, Vice President Security and Safety, Poste Italiane, Chairman, European Electronic Crime Task Force (EECTF), who will present a keynote entitled, “European Electronic Crime Task Force: State of Cyber Crime in Europe” . Grassi will provide very relevant insights on this topic. The EECTF is comprised of global government agencies and private businesses to support analysis and best practices against cybercrime in Europe. Grassi’s keynote will cover survey results from the EECTF’s 2011 European Cybercrime Survey.
Who are the headline speakers at RSA Conference Europe 2011?
LL: Each year we work hard to provide delegates with the most exciting and provocative line-up of keynote speakers. Apart from the already mentioned speakers, RSA Conference Europe will also obviously welcome back Hugh as a keynote speaker.
HT: I will be looking at the science (and art) of security fragility in my keynote entitled: “Pillars of Trust? The Science of Security Fragility”. Security is fragile because it has overlooked critical dependencies, which frequently fail. My presentation will pull striking examples from IT, physics, weather, and business and introduce The Five Laws of Security Fragility.
LL: We are also very excited to have Sir Tim Berners-Lee presenting the Closing Keynote on Thursday 13th October. In his talk the “Evolving Web Technology and Some Security Challenges Which Surround It”, Sir Tim will look back at how web technology has evolved, and how it may evolve in the future, including: web applications, the web of data, and decentralised social networks. He will also point out some things he would like to see the security community provide to him as a user of connected computer systems in today’s world.
Other Keynote Speakers this year include:
- Arthur W Coviello, Jr. Executive Vice President, EMC Corporation and Executive Chairman, RSA, The Security Division of EMC
- Thomas P. Heiser, President, RSA, The Security Division of EMC
- Adrienne Hall, General Manager, Trustworthy Computing, Microsoft Trustworthy Computing
- Sean Doherty, Vice President and Chief Technical Officer, Enterprise Security Group, Symantec Corporation
- Philippe Courtot, Chairman & Chief Executive Officer, Qualys, Inc.
- Ambika Gadre, Senior Director, Product Management, Cisco Systems.