CISA leaders, policy vets set for cyber conference with regs, deterrence and more on agenda

February 24, 2020

The annual RSA security conference launches today in San Francisco under the shadow of a global health crisis, but with a roster chock-full of key cybersecurity players and high-profile panels addressing emerging cyber rules on 5G, supply-chain, privacy and more, and front-burner issues such as deterrence, investment and litigation.

The theme of this year’s RSA Conference, which runs through Friday, is “the human element” in cybersecurity with a goal of helping “the industry mature while preparing individuals to grow into their roles as defenders of the world.”

A couple of major sponsors pulled out last week amid concerns over the Coronavirus but RSA said the show would go on. The annual Mobile World Congress scheduled for this week in Barcelona was recently canceled due to health concerns.

“RSA Conference will continue to follow the guidance of the CDC and the WHO and is in close communication with the City of San Francisco to monitor all new developments pertaining to the Coronavirus,” RSA said on Thursday.

Things get underway today with the related “Cloud Security Alliance Summit at RSA,” a full day of sessions featuring IT industry leaders.

RSA president Rohit Ghai kicks things off Tuesday with a keynote intended to underscore the “human element” theme. He’ll be followed on the Moscone Center West main stage by McAfee’s Steve Grobman, Cisco’s Wendy Nather and the always popular “cryptographers panel.”

Cybersecurity and Infrastructure Security Agency Director Christopher Krebs engages in a “fireside chat” Tuesday morning.

After the keynotes, the panels get started Tuesday including a session on “5G strategy among free market democracies,” with former Homeland Security Secretary Michael Chertoff and former Director of National Intelligence retired Adm. Dennis Blair on a panel.

Also Tuesday, CISA assistant director Bob Kolasky and Internet Security Alliance president Larry Clinton are on a panel discussing the role of corporate boards in cybersecurity, and another panel features former DHS cyber leader Suzanne Spaulding and others discussing the work of the Cyberspace Solarium Commission.

And another panel on Tuesday discusses “China’s global technology theft,” with John Demers of the Department of Justice; William Evanina from the Office of the Director of National Intelligence; Catherine Lotrionte of the Center for Strategic and International Studies; and Major General Thomas E. Murphy from the Office of the Secretary of Defense.

On Tuesday afternoon, Donna Dodson of the National Institute of Standards and Technology is part of a discussion on “How can we create stronger, more secure products? We need to challenge development life cycles and understand and address failure implications.”

A headline session Wednesday will be in the afternoon on the main stage in Moscone South: a conversation on supply-chain risk featuring Katie Arrington from the Department of Defense, Huawei’s Andy Purdy, security technologist Bruce Schneier, Kathryn Waldron of the R Street Institute, and Craig Spiezle of the Agelight Advisory and Research Group.

On Wednesday morning, Naomi Lefkovitz leads a conversation on the National Institute of Standards and Technology’s new privacy framework.

Senior officials from the departments of State, Justice and Defense discuss cyber deterrence policy Wednesday morning. Another panel takes a look at the state of cyber litigation on Wednesday afternoon.

On Thursday morning, Robert Lee of Dragos delivers a keynote from the Moscone South main stage on the “industrial cyberthreat landscape” and Bruce Schneier speaks on “hacking society.”

Andy Ellis of Akamai speaks on “20 years in security’s grand challenges” from the Moscone West main stage.

Also on the West main stage, Mary Barra, chairman and CEO of General Motors, delivers a speech, “The Future of Transportation Depends on Strong Cybersecurity.”

Panel sessions on Thursday include “Going Cyber-Nuclear: Is it time for a big red button?” with Cyber Threat Alliance president Michael Daniel, William Cole of Attivo Networks, Stanley Lowe of Zscaler and Anne Marie Zettlemoyer of Mastercard.

Allan Friedman, who leads the National Telecommunications and Information Administration’s software transparency initiative, will be on a panel Thursday to discuss “Revisiting Public-Private Collaboration: Asian and Global Perspectives,” with officials from Singapore.

Former Federal Trade Commission member Julie Brill discusses privacy issues on a panel that includes an official from Ireland and a consumer advocate from California — two jurisdictions that have been pushing the envelope on privacy policy.

Participants on another panel Thursday afternoon address the question, “Do investors care about cyber-risk?”

On Friday, CTA’s Daniel, the former Obama White House cybersecurity coordinator, delivers a presentation on “How Threat Sharing Hones Your Competitive Edge.”

Keynotes Friday from the Moscone South main stage include Katie Moussouris, CEO of Luta Security, and Chris Wysopal, co-founder and Chief Technology Officer of Veracode, on coordinated vulnerability disclosure.

And Microsoft Azure’s Chief Technology Officer Mark Russinovich discusses “Collaborating to Improve Open Source Security: How the Ecosystem Is Stepping Up.”

Sidelines and sandboxes

Beyond the panels and keynotes, there will also be plenty of gatherings on the sidelines among key members of the cybersecurity ecosystem.

For instance, participants in the CISA-led ICT Supply-Chain Risk Management Task Force expect to hold informal discussions on next steps to promote the effort and the activities of a new “tiger team” established to coordinate activities.

The Open Cybersecurity Alliance, a recently formed group of tech and security firms, is organizing discussions as it seeks ways to help vendors integrate their security products and share threat information across different platforms.

The conference is also featuring “12 different sandboxes” under the motto, “Don’t get lectured, get hands-on.” According to RSA, topics include aerospace, car hacking, industrial control systems, IoT, medical devices, supply chain, and elections.

| CISA leaders, policy vets set for cyber conference with regs, deterrence and more on agenda