Tuesday, February 28, 2012

Day 2 - Opening Ceremonies and Public/Private Sharing

So far, so good, in keeping my plan to blog each day...I mean, hey, it is just day two but two days in a row is better than missing my goal on day two.  It was a ridiculously long day and here I am all ready to crash for the night, and it is barely 8pm.  There are people who stay out all night every night....don't know how they do it other then they must be missing out on some of these presentations and sleeping.

This morning included the opening ceremonies and keynote speakers to kick things off and who better to do that than Art Corviello from RSA with some mea culpa on the events from last year.  There are some good sound bites here though that I think are definitely worth sharing, and if anyone in the audience was paying attention, then hopefully they will heed some of the call to action.  All the keynotes are up on the RSA website (http://365.rsaconference.com/community/archive/usa) so if you have the time to check them out, definitely do...otherwise, I will summarize those that I sat through...of course, duty called and I had to step away and missed the last couple of them so you are on your own there.

First off, they opened with a cyber geek version of "You Can't Always Get What You Want".  I am sure they have the changed lyrics out on the web already...it was pretty amusing though with a church choir and two lead singers singing away about things that I know they likely had no idea about.  Made me chuckle first thing in the morning.  Then Art Corviello came out to talk about expanding trust and confidence in the digital world.  He stated consumers are adopting technology faster than government and IT can absorb.  We are well past the "tipping point" where the physical and technical world can be separated and where personal and professional lives are kept apart.  He said that he has never sold on a basis of fear and never intends to but acknowledged that the industry has been going through hell in the last 12 months and that RSA personally feels responsible for that.  They want to apply the lessons that were learned from last year's events first hand to drive strategic and technology roadmaps.

Some key quotes from his presentation were:
"An attack on one of us is an attack on all of us." These attacks are being used as stepping stones to gain access from one victim to another.
"Accepting the inevitability of compromise does not mean accepting the inevitability of loss."  Just because they can get in does to mean you have to allow them to take anything out.  You need to understand your internal assets and environment along with leveraging external intelligence sources. Using the "big data model" (a common theme throughout this conference thus far by the way) allows you to shrink the window of vulnerability.
"We need to champion and develop a new breed of cyber security analysts ... who are offensive in mindset."  He stated that we need to leverage the talent in the military - not just cyber expertise but intelligence and other strategic fields where their knowledge can be applied to cyber. I applaud him for encouraging this idea as I am a huge supporter of finding jobs for our Veterans who are leaving service and having trouble translating their skills to the civilian world.  He offered a way to do just that - looking at what they do on active duty and how very applicable it can be to this career field.
"People are refusing to wait for a top-down approach from government or industry to start sharing."  Grassroot organizations are forming to share actionable data. Those organizations are starting to not just share within their groups but across other groups.  He stated we need to encourage and participate in these efforts along with the ISACs to share with DHS who can serve as the clearing house across industry and the public sector.  RSA is taking this challenge and revealing this week new technologies for sharing within trusted circles.
He closed with a quote of Justice Oliver Wendall Holmes to Franklin D. Roosevelt - "In a war, there is one thing to do - form your battalions and fight."  He used that as the call to action to the audience that we all need to come together as a community to fight the common enemies.  "The knowledge gained by any one of us can become power for all of us."

The next keynote was Scott Charney with Microsoft.  I only caught the first part of this presentation but again, there were some key takeaway points worth sharing.  "Strategy is just thought.  Proof you are implementing that strategy is your products and services." This really resonated with me as I am a strategist but always need to remember that no matter what strategy I may develop, if it is not implemented, then it is nothing.  He too talked about big data - this is definitely a common theme of this conference.

The last session that I feel is worth capturing notes on was the Public/Private Sharing panel discussion which opened with Howard Schmidt and included Mark Weatherford, DHS; Richard Hale, DoD; Patrick Gallagher, NIST; and Deborah Plunkett, NSA.  First of all, I may be a little more critical of this panel because it happens to touch right on what I do.  The biggest disappointment, I think, was there was very little discussion really about public/private sharing.  Sure, each of these had the opportunity to summarize what their priorities are and current initiatives but there was no time for questions to allow time for the private sector to have any input into the session.  Also, it was four separate agencies talking about their four separate programs, and though they tried to say they are all working together, it certainly was not presented as a united front - what it should have been was, "here we are, the public sector, doing the following things together with private sector...any questions?"  Instead, it was an informercial for what each of them are doing and in some cases (<cough...NSA...cough>), what they think should be done which competes with what everyone else is doing.

Mark Weatherford really plugged the National Cybersecurity and Communications Integration Center (NCCIC) which is great except he did not really plug what ICS-CERT and US-CERT are doing which is really where the sharing is beginning to take hold (in ICS-CERT's case, has been there for quite some time).  Lots of talk about continuous monitoring of government systems...and this matters to the public/private sharing initiatives why???  Richard Hale said, and I quote, "we share data from the DIB pilot out to the other government agencies and are trying to figure out a way to share that data out to critical infrastructure."  He is on the record. Then he later said it again - the expansion of the DIB program with the Federal Rule coming out for public comment will be done "in partnership with DHS."  Gallagher discussed their new initiatives to include a new cyber center that will be focused on technology R&D around  use case.  Honestly, I did not capture any take away points from Plunkett but that may be because I felt she was trying to get the jabs in there about how it should be NSA's mission - subtly but still there for sure.

The other sessions I attended today were not really worth summarizing. Interesting but no real takeaways. I also spent quite a bit of time, as my poor feet can tell you, walking around the unbelievably overwhelming expo hall.  It is just sensory overload.  I mean, there are companies giving away race cars, Ferrari's, all expense paid vacations, iPads, computers, TVs, you name it and someone on that floor is giving it away.  It is just insane.  Me, I got a couple free t-shirts and learned about some pretty darn amazing technologies that have been developed.

So if you are still awake, and quite frankly, cannot believe that I am, hope the summary and soundbites were of some interest.  Lots of common themes going on - big data; the community must come together and share; automation is required; and the cloud.  At least I have really felt like what we are working so hard on every day - painfully sometimes due to all the politics - is on track with what these attendees see as what is necessary.  Now, if we could only just get them to put up the data they all think needs to be shared...that is going to be a longer process.  One step at a time though.  To coin one of the quotes above....we are still putting together our battalions.

No comments:

Post a Comment