Anna Delaney: Hello, welcome to the ISMG Editors' Panel on day two of RSA Conference 2023. My name is Anna Delaney. I'm joined by my colleagues, Mathew Schwartz and Tom Field. We survived day one. How was it for you?
Tom Field: And we're going to do day two.
Delaney: Yes. Well, I hope so. Yeah. So tell me about day one. What's the feeling so far from the conference?
Field: It's exhilarating to be here and to seeing people again. And whether it's sitting in here and talking with our guests, or standing out in the hall, having people come by you haven't seen for three years or two years or whatever. It's just good to be back into the community. And yes, I think we are seeing some common themes in the discussions I've had certainly. We've talked about, AI has come up. And also a fair amount of talk about cloud security and OT security. I think those are highlights of the conversations I've had so far.
Delaney: Tom, AI, for ages, people have been saying AI, the buzzword, ML the buzzword. Are you hearing concrete takeaways about this generative AI?
Field: Not specifically. I would say what I'm hearing is backlash against the marketing buzz that has been ChatGPT. And people here, trying to maybe throw a little bit of cold water and get down to the real conversation and about how this should impact organizations, instead of just the rush to adopt or the rush to ban. Let's have a rational conversation about it.
Delaney: And overall, is the feeling positive for defenders?
Field: I think so.
Delaney: Feedback from yesterday, and the feeling and being back at the conference ...
Mathew Schwartz: I'll second what Tom said about the sense of community, I think there is almost a sense of relief for people to be able to be back at an event like this, where you're not just dialing in virtually so to speak, but getting to see so many people that you haven't seen in so long. So I think that's wonderful sense of energy and exhilaration. It's great being back in our studio here. Love it. Also over at Broadcast Alley, there's a wonderful buzz. As we're seeing people streamed through there. And there was a good showing I thought on the first day, a lot of energy, people seeing what's going on, and some great interviews that we had.
Delaney: And apparently on the conference hall, lots of activity and buzz.
Field: That's right here. There's people come in here. That's what they tell us.
Delaney: Were there any takeaways from your interviews, the sessions you saw?
Schwartz: Yes. So I didn't do any sessions yesterday. But I had some great interviews, looking at how we defend better against attacks, and a lot of level setting, if I can use that term, in terms of how come we're still seeing all these attacks, we have all this investment. We're doing a good job, I think. And several of the people I spoke to said we need to emphasize that fact. We're not being static, we are bringing a better response to bear. But the attackers are very savvy. They're very innovative. And we see that in terms of ransomware attacks. Of course, that's not all we're seeing. But as a lot of what is being seen is what I'm continuing to hear from the organizations such as Sophos, for example, such as IBM Security, that are working with organizations helping them respond to incidents. In the case of IBM, do we manage detection and response as well, just seeing what's going on? , as we know, cybercrime hugely profitable, unfortunately. And the attackers are finding new ways to get in, unfortunately. So how do we deal with that? It's an ever present theme, and the answers are different this year.
Delaney: Tom, you speak with Alberto Yepez. He always gives you the sort of the forecast of the year ahead, the industry forecast. Did you get a sense of where we're going from what he said?
Field: I am going to say I'm a parent. So I love all my interviews, and all my interviewees. They're all equal. But I would single out Alberto for some of the insight because we talked about how now in economic uncertainty is the time when you build innovation. This is the time when companies start and rise. And he reminds me that we saw that in 2008, companies such as CrowdStrike came out of the economic downturn of 2008. And we can look forward to that in the uncertainty we have now. And I buy that, because the cybersecurity concerns haven't diminished, they've increased. There's a national global urgency to respond to the threats and the threat actors that we see. Sometimes I buy into that and I think there's much to look forward to in the year ahead. Might not come from companies whose names we know today, but might come out of companies that are born today.
Delaney: So were there any surprises yesterday, anything that stood out as particularly, like okay, that's different?
Schwartz: Well, the lack of ChatGPT in my discussions. It was a welcome surprise. There was a little bit of discussion. , that's luck. I suppose the dice weren't thrown, but there wasn't too much discussion either of AI and ML and when there was there was a bit of, I think, it was it was possibly presented not as a savior, but as a tool that is growing in usefulness, but it's not going to do everything that we do.
Field: I'll give you a little bit of tension that came out of a couple of interviews, and then we're together, but just the dialogue ahead, talking with Alberto Yepez about the National Cybersecurity Strategy, when it comes to the tenant of putting more accountability on the industry, that makes him a little bit nervous, because how do we do that? But then talking to Eric Goldstein of CISA, about the same topic is something he's very bullish about it. How can we not do that?
Schwartz: Yeah, break the regulations. Perhaps!
Field: We're in the place where I want to be in some of those conversations right now. I want to be talking with some of these industry leaders about it. The sentiment is that we're going to put accountability on you just like Firestone can't sell unsafe tires for a car, and we can't put airplanes up in the sky that have got any sort of issues. How can we put software out into the ecosystem? I like to have some of these conversations. This is the place it's going to happen this week. And I think some of these tensions are going to emerge.
Schwartz: Yeah. Adam Isles, the principal at the Chertoff Group, made a great point. He said, you can look at the sense of urgency that is out there about all of these cybersecurity issues that we're facing, by counting all of the regulations or the government efforts aimed at dealing with it. But he said that creates some fatigue, of course. How do you reconcile all these things, you've got the Biden Administration's National Cybersecurity Strategy, for example. You've got a lot of things coming out of CISA now, for example, and that's just the United States, of course. That is adding a little bit of pressure on cybersecurity professionals.This is what happens though, as we get to where we need to get to. So I thought that was a great point. I also had a fun discussion with Winn Schwartau, a longtime deep thinker, the gentleman who coins electronic Pearl Harbor, for example, had a seminal book on information warfare that came out. I forget 20 years ago, maybe perhaps, and correctly forecasted a lot of the issues we're dealing with today. Fascinating, deep dive into what he says is the threat posed by the metaverse, not just Facebook's VR headset, kind of kerfuffle. But he has a more expansive definition of anything that can alter the way that you interact with or I think, think or feel about things in the sense of if we have systems where if you look at the reality around you as augmenting it, for example, or I'll leave it at that. But his point is that we're having better and better and better technology to the point where it can make us feel like what is reality is not reality? What happens when people get in there and start to mess with that? What sorts of risks are we facing? What if they can predict, and you got these sensors on you that gives some indication of how you're feeling or what your body's doing? How can they predict how you're going to react to different situations? How that could be used against you? So some kind of forward thinking deep thoughts. But it's fun to go there.
Field: There's been a buzzword for it. It came out of the conversation with Alberto Yepez. You all have heard the term "shift left." Well, now in the age of cloud migration, the term is becoming, and apparently it's trademarked - shift up. So there you go. The t-shirt will be issued.
Delaney: So let's look at today. What are you looking forward to?
Schwartz: I am looking forward to the Cryptographers' Panel and I go to my notes here, so I don't get anyone's names wrong. But Whitfield Diffie is going to be moderating; seminal figure. That should be fun because he's usually the cantankerous one. In terms of the good cop, bad cop.
Field: The Mount Rushmore of cryptographers. He's right on it.
Schwartz: He's right on it, definitely. We've got wonderful other people as well. Radia Perlman, distinguished fellow at Dell. She's great. She's been on it before. And one of my favorites, although I don't play favorites, Adi Shamir, the S in RSA. Again, just wonderfully outspoken in past years - things like blockchain. I just remember Adi saying 95%, maybe it was 98%, of what they're proposing to solve with the blockchain can be solved easier and better using other things. So they're not married to the buzzwords. I think we're going to be hearing about cryptocurrencies, for example, quantum computing, no doubt, ChatGPT. And I just love the kind of a breath of fresh air they bring to what can be an often awfully buzzwordy event.
Field: And I would say along the lines of fresh air, we're going to be joined in the studio today by Art Coviello, the former chair of RSA - the company, and in his retirement from RSA, he's become very outspoken, and I think very circumspect on the industry, and he has nothing to hold back. So it's always a terrific conversation. And along the same lines, we've got Hugh Thompson of the RSA Conference, who will be coming in and he's been a big part of what's been the programming this year and can talk about that and about maybe the future of this event.
Anna: Very good. Well, I look forward to watching these interviews and hearing back from the Cryptographers' Panel. Well, thank you. And thank you so much for watching.