Cryptography, Critical Infrastructure, Supply Chain, Bug Bounties and More
Photo: Mathew Schwartz
The RSA Conference returns to San Francisco Feb. 24-27 for its 29th edition. As in years past, the event will kick off on Monday, with keynote speeches debuting Tuesday, featuring some of the biggest names in cybersecurity addressing today’s hottest topics, technologies, conundrums and aspirations.
To help navigate the show, here’s a list of 12 top keynotes.
Tuesday, Feb. 25
- Reality Check: The Story of Cybersecurity [plus guest stars] (Moscone West: 8 a.m. to 9:15 a.m.): The conference keynotes launch with mystery acts, featuring musicians and typically a guest actor – Helen Mirren in 2019, John Lithgow in 2017 – followed by RSA President Rohit Ghai taking to the stage to officially launch the show. In his kick-off presentation, he hit on WannaCry lessons learned in 2018, and last year, he offered a vision of how humans and machines must work together. In this year’s opening keynote sessions, McAfee CTO Steven Grobman will identify cyber defenses needed for tomorrow, while Wendy Nather, Cisco’s head of advisory CISOs, will describe how information security “hearts and minds” must be changed to focus more on distributed users and democratize security practices.
- Cryptographer’s Panel (9:15 a.m. – 10:05 a.m., Moscone West): One of the highlights of the conference is a group of the world’s leading cryptographers – including Ron Rivest and Adi Shamir, the “R” and “S” in RSA – taking the stage as part of the annual cryptographer’s panel to discuss the most pressing issues facing the industry. Shamir was unfortunately absent last year because the U.S. government declined to give the Israeli cryptography expert a visa (see: 10 Highlights: Cryptographers’ Panel at RSA Conference 2019). They’re due to join Whitfield Diffie, Arvind Narayanan and Tal Rabin, with RSA CTO Zulfikar Ramzan moderating.
- Cybersecurity Has a Posse (10:05 a.m. – 10:30 a.m., Moscone West): How is the U.S. Cybersecurity and Infrastructure Security Agency serving as the nation’s risk adviser? In this “fireside chat” discussion, Sovrin Foundation CEO Heather Dahl and Chris Krebs, director of CISA, discusses how the agency is trying to improve cybersecurity.
- Fear and Loathing in Cybersecurity: An Analysis of the Psychology of Fear (11:00 AM – 11:50 AM, Moscone South Esplanade): General mandate: Avoid fear, uncertainty and doubt. Attend this session, however, to dive deep into “the sociology and psychology of fear,” with cybersecurity consultant Jessica Barker demonstrating why trying to scare – or blame – people is never a viable long-term strategy (see: Successful Security? Stop Blaming Users).
- A Forward Look at the Cyberspace Solarium Commission (1:00 p.m. – 1:50 p.m., Moscone South Esplanade): Auburn University’s Frank Cilluffo, Chris Inglis of the U.S. Naval Academy and the Center for Strategic and International Studies’ Suzanne Spaulding join the moderator – New York Times journalist Nicole Perlroth – to discuss takeaways from a report due out next month from the Cyberspace Solarium Commission, a bipartisan group tasked with identifying how to better protect the U.S. against cyberattacks. “Topics include reforming government structure, promoting resilience, collaboration with the private sector, reshaping the cyber ecosystem, preserving and employing military power and strengthening norms,” according to the commission.
- Rocked to the Core (2:20 p.m. – 3:10 p.m., Moscone South Esplanade): In the wake of significant, serious flaws – Heartbleed, Spectre, Meltdown – found in core protocols, this session is set to tackle this difficult question: “How can we create stronger, more secure products?” Panel participants include Marene Allison, CISO of Johnson & Johnson; Phil Venables, a board director and senior cyber adviser at Goldman Sachs; security entrepreneur and researcher Paul Kocher; and moderator Donna Dodson, the chief cybersecurity adviser at the National Institute of Standards and Technology.
Wednesday, Feb. 26
- How to Reduce Supply Chain Risk: Lessons from Efforts to Block Huawei (2:50 p.m. – 3:40 p.m., Moscone South Esplanade): A big story for the past year has been the U.S. government’s efforts to exclude Chinese manufacturers from critical supply chains, including national 5G mobile networks, based on espionage concerns (see: Huawei’s Role in 5G Networks: A Matter of Trust). Those questions come to the RSA keynote stage in this keynote, which will see Katie Arrington, the Pentagon’s cyber information security officer of acquisitions, cybersecurity expert Bruce Schneier, R Street Institute’s Kathryn Waldron as well as Huawei Technologies USA’s Andy Purdy debate this issue. The moderator is Craig Spiezle, founder of the consultancy Agelight.
Thursday, Feb. 27
- The Industrial Cyberthreat Landscape: 2019 Year in Review (8:00 AM – 8:50 AM, Moscone South Esplanade): Dragos CEO Robert Lee is one of the world’s foremost experts on the security of industrial controls systems and environments. Such environments are being increasingly targeted by nation-state actors for reconnaissance and sometimes also to deploy destructive wiper malware or more blended attacks (see: Hackers Increasingly Probe North American Power Grid). Expect Lee’s talk to advance this mantra: Don’t freak out, but do prepare.
- The Future of Transportation Relies on Strong Cybersecurity (10:55 a.m. – 11:25 a.m., Moscone West Stage): Mary T. Barra, chair and CEO of General Motors, is set to speak on how technology is critical for “developing connected, electrified and autonomous vehicles,” to help reduce emissions and congestion, and how the industry desperately needs more technology-skilled new recruits.
- Geopolitical Risks, Elections and Cybersecurity (1:30pm -2:20 p.m., Moscone South Esplanade): Juliette Kayyem, a professor at Harvard’s Kennedy School who formerly served as the assistant secretary at the U.S. Department of Homeland Security, joins Admiral James Stavridis, U.S. Navy (retired) who is the former NATO supreme allied commander, to give their hot takes on today’s top geopolitical risks, including threats to U.S. national security, democracy and industry.
- “Hacking” Stress in Cybersecurity Operations (2:50 p.m. – 3:40 p.m., Moscone South Esplanade): Celeste Paul, a computer scientist and senior researcher with the U.S. National Security Agency who focuses on human factors in cybersecurity, will talk about how to manage the physical and emotional cost that so often accompanies working in various cybersecurity roles. “We are just now learning how to talk about mental health in the information security community,” she says in the overview of her talk, promising to share a “hierarchy of hacker needs” that will “frame the discussion of stress in the information security environment that leads to job dissatisfaction and burnout.”
Friday, Feb. 28
- Coordinated Vulnerability Disclosure: You’ve Come a Long Way, Baby (8:30 a.m. to 9:20 a.m., Moscone South Esplanade): Vulnerability disclosure: How can the industry do better? Katie Moussouris, who launched Microsoft’s and the U.S. Department of Defense’s first bug bounty programs and now runs Luta Security, takes the stage with vulnerability-spotting expert Chris Wysopal, formerly of @Stake and L0pht, who’s now CTO of Veracode.
That’s just a sampling of the more than 30 keynotes happening on two stages. The conference offers a total of more than 500 educational sessions featuring more than 700 speakers (see: RSA Conference 2020 Preview).
This year’s conference has 30 tracks, inluding analytics intelligence and response; application security and DevOps; applied crypto and blockchain; hackers and threats; machine learning and artificial intelligence; and technology operations and infrasructure.
The show is going to cover a massive amount of territory, including everything from this year’s theme – “Human Element” – to secure product design; privacy and compliance; security and IT frameworks; workforce development; security awareness and training; mental health; DevSecOps; threat intelligence and much more (see: 10 Hot Cybersecurity Topics at RSA Conference 2020).
Be sure to watch for our coverage of the event on our news from RSA site.