Cybersecurity AI hype matures at RSAC 2018

Cybersecurity AI hype matures at RSAC 2018

After two years working its way through the hype cycle at the RSA Conference, cybersecurity AI led all submissions to the conference in 2018.The RSA C

Lessons learned from Meltdown and Spectre disclosure process
Philip Tully: AI cyberattacks, AI arms race are coming
Red team assessments and post-assessment posture improvement

After two years working its way through the hype cycle at the RSA Conference, cybersecurity AI led all submissions to the conference in 2018.

The RSA Conference 2018 will take place April 16 to 20 at the Moscone Center in San Francisco. According to a blog post by Britta Glade, senior content manager for RSA Conference, IoT — which had been the number one topic submission for the past three years — has been dethroned. For RSAC 2018, cybersecurity AI was the top submission followed by human manipulation, industrial control system and supply chain attacks, blockchain, and IoT rounding out the top five topics.

Glade noted that the topics around cybersecurity AI show a maturing view of the technology.

“The 2016 submissions showed fear of machines taking over the world. 2017’s lens showed the pendulum swinging far to the other extreme and humans were to head on vacation and be universally replaced by machines. This year, the pendulum seems to have swung center as we work to establish a symbiotic relationship between man and machine with both important pieces of the relationship with neither fully replacing the other,” Glade wrote in a blog post. “We are learning to harness AI as a tool to complement, magnify, and amplify our activities, though we are recognizing some limitations as we explore new applications.”

This idea of AI being complementary to human abilities is one that’s been pushed forward by speakers at other infosec events, most notably by Garry Kasparov in a keynote address at DEFCON 2017. Jake Williams, founder and president of Rendition Infosec, said the maturing views of cybersecurity AI are real.

AI’s place is as a force multiplier, making us better at security analysis.
Jake Williamsfounder and president, Rendition Infosec

“We’ve definitely seen a shift in the treatment of AI in infosec, from fear, to over enthusiasm, to an understanding of how it can truly be used,” Williams told SearchSecurity. “AI isn’t something to fear outright, nor can it completely replace humans in security. AI’s place is as a force multiplier, making us better at security analysis.”

Rick Holland, CISO and vice president of strategy at Digital Shadows, told SearchSecurity that he has seen this maturing view of cybersecurity AI over the past six months, and added that “the other part of this is that buyers are recognizing and rejecting the AI marketing messages that many vendors promise but don’t deliver.”

Williams said there was a slight difference in the hype cycle around AI.

“I think the change is a natural part of a hype cycle, but AI is a little special in that it has been the subject of many science fiction horror stories,” Williams said. “A typical hype cycle is: indifference to over-adoption to sane adoption. AI had fear instead of indifference.”

Human manipulation (or social engineering?)

The second most common topic submission for RSAC 2018, according to Glade, was human manipulation, which “explored the psychological nudge achieved by parties intent on eliciting specific emotional thoughts and behaviors, an impact that will likely be felt for years to come in areas such as reputational damage and the like.”

Glade noted the examples of human manipulation went beyond topics like influencing the 2016 U.S. presidential election and hit upon issues of data integrity. However, Rachel Tobac, CEO of SocialProof Security, said the term “human manipulation” might be a more friendly way to describe social engineering to those outside the infosec community.

“We have those technical words we all understand and we also need to use words that others are familiar with. Inherently they will be similar, with one more technical than the other,” Tobac told SearchSecurity. “They seem, to me, like two different words to define the same problem. Social engineering is defined as any act that convinces someone to take an action that may or may not be in that person’s or companies’ best interest. That being said, I think human manipulation and social engineering could be defined similarly.”

Despite the European Union’s General Data Protection Regulation going into effect very soon, the topic only ranked number nine out of 10 on topic submissions. Similarly, workforce diversity in infosec has been a hot topic, but ranked tenth in RSAC 2018 submissions.

Keynote speakers

The RSA Conference itself came under fire for a lack of female keynote speakers, sparking the OURSA counter conference to be held on April 17 in San Francisco.

Initially, RSAC 2018 had just one female keynote speaker on the agenda — Monica Lewinsky — and following the controversy added four more female keynote speakers to the agenda — Kirstjen Nielsen, secretary of the Department of Homeland Security; Jane McGonigal, game designer; Reshma Saujani, founder and CEO of Girls Who Code; and Margot Lee Shetterly, author of Hidden Figures.

Linda Gray Martin, director and general manager of RSA Conferences, didn’t comment on the controversy or on the criticism that the female keynote speakers weren’t infosec professionals.                   

“Our team worked diligently leading up to RSAC to nail down the final keynote program of esteemed, diverse experts who will bring forward-thinking, actionable and life-affirming stories to the keynote stage on a variety of industry-relevant topics, including artificial intelligence, cyberbullying, gamification, the history of technology, and innovation, among others,” Gray Martin told SearchSecurity. “We certainly believe in a diverse speaking program and we have an open dialogue about the need for speaker diversity with our sponsors. It is important to select the right person to present the content and we rely on our sponsors’ expertise to make those decisions.”

In contrast, the male keynote speakers scheduled for RSAC 2018 contain a familiar list of industry standbys — Christopher Young, CEO of McAfee; Rohit Ghai, president of RSA; Samir Kapuria, senior vice president and general manager of cyber security services at Symantec; John Stewart, senior vice president and chief security and trust officer at Cisco; Rami Rahim, CEO of Juniper Networks; Brad Smith, president and chief legal officer at Microsoft; and Marc van Zadelhoff, general manager of IBM Security.

Agenda highlights

RSA Conference has beaten its own all-time highs for attendance the past four years running, although the growth has been slowing.

An RSAC spokesperson said attendance figures for this year’s show won’t be known until after the conference ends, but the conference currently has 621 sessions and around 810 speakers scheduled.

Special events

Beyond the keynotes, sessions and tutorials, RSAC 2018 will once again feature a number of special events, beginning with the Innovation Sandbox Contest.

The Learning Labs experience at RSAC 2018, which targets security professionals with more than 10 years of experience for in-depth simulations and role plays, has increased in size once again with 18 sessions, compared to 16 in 2017, 11 in 2016 and just four in 2015.

This year’s Learning Labs will include lessons on web application testing; practical malware analysis; a practical investigation of blockchain applications; ethical dilemmas in cybersecurity; an introduction to modern cryptography and more.

Go to Source

COMMENTS