In a little more than a week, executives from world’s leading technology firms will gather in San Francisco for the RSA Conference, the cyber security industry’s biggest show in North America. No hacker con, RSA is something akin to corporate speed dating for companies in the security industry. But, like so much else in the technology world, this year’s conference has become mired in controversy stemming from Edward Snowden’s leak of classified documents related to government surveillance.
In December, Reuters broke the story that, among the documents leaked by Snowden was evidence that RSA, the security division of EMC and parent company to the conference, accepted a $10m payment from the NSA to implement what turned out to be a vulnerable encryption algorithm as the default option for its BSafe endpoint protection product. RSA, the security division of EMC, has denied the allegations that it accepted the money while knowing that the standard, dubbed Dual EC DRBG, was vulnerable to cracking. The company advised customers to stop using that encryption standard soon after NIST, the National Institute for Standards and Technology, advised against its use in September of last year.
All the same, the backlash that followed the Reuters report prompted some prominent speakers to bow out of scheduled RSA talks and has spawned a protest conference: TrustyCon which will take place in RSA’s shadow.
Get the New 2017 SANS Research Report on 'Threat Hunting' -- Written by experts from the SANS Institute, the survey reveals a number of interesting data points about the challenges and benefits of threat hunting.
But Mark Stanislav, the security evangelist at security firm Duo Security, said that, given the light and heat around cyber security, the controversy is unlikely to derail the RSA Conference or- for that matter – to blunt its force. In this Security Ledger podcast, Stanislav tells Security Ledger that the controversy over Dual EC DRBG will be more of a side attraction at a show that takes place against the backdrop of an industry that is changing rapidly with the demise of traditional ‘perimeter-based’ protections, continued large scale data breaches and supply-chain attacks and the advent of mobility, cloud computing and the Internet of Things.
Check out this conversation with Mark using one of the links below.
|Listen on Security Ledger|
|Listen on Soundcloud.com|