RSA conference 2017
Brad Smith, President and Chief Legal Officer of Microsoft Corp

We are almost halfway through the RSA conference 2017 for this year, below is a recap of the headlines so far

RSA Conference 2017 – Microsoft calls for establishment of a digital Geneva Convention

MS took to the RSA conference 2017 stage to launch a peace initiative!  As the public grows more concerned with state-sponsored hacking, Microsoft is calling on tech companies to form a so-called “Digital Geneva Convention” by promising to protect users from nation-state attacks and vowing to never mount offensive cyber-attacks. Sound strange?  Well you’re not alone, but who knows it may catch on.  We can follow up with a non-proliferation treaty on cyber warfare.  Wonder if North Korea will be signing any time soon?

Microsoft president and chief legal officer Brad Smith announced the initiative yesterday at the RSA Conference. “We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks”

Details of the initiate are outlined in Brad’s blog post here – The need for a Digital Geneva Convention

RSA conference 2017RSA Conference 2017 –  Opening Keynote: RSA CTO & Michael Dell Declare Technical Chaos an Opportunity

As an example of chaos, RSA CTO Ramzan referred to the technological impact on the 2016 US presidential election. “Did it change the course of the US presidential election? Who knows, but it changed the discourse of what followed. It was mainstream front-page news and rocked the foundations of democracy. It demonstrated that our problem isn’t limited to initial cyber-attacks. More, it’s the long tail of chaos it creates.”

“Ambitious enterprise is truly a joint venture between business and security—they need to be on the same side of the room,” he said. “It’s important to innovate, advance, and draw lines that connect, not lines that separate.”

Ramzan outline 3 points for bringing some harmony to the chaos:

  1. Treat risk as a science, not a dark art. “Think things through all the way to the end and ask yourself ‘what if?’”
  2. Simplify what you control. “I spoke to a vendor who has 84 vendors. How do you manage so many vendors and justify the ROI from so many? Consolidate your vendors. Work out what works and ditch everyone else.”
  3. Plan for the chaos you can’t control. “Incident response must have availability, budget and collaboration. Incident response isn’t a wish list. There will be unexpected costs, so get the budget authority. Without it, incident response will fail.”

More Here [InfosecMag]

RSA conference 2017

RSA Conference 2017 – Researchers demonstrate ransomware for industrial control systems

A group of researchers from Georgia Tech School of Electrical and Computer Engineering showed that it’s possible to craft ransomware aimed at compromising and fiddling with industrial control systems.

The team demonstrated their own proof-of-concept ransomware targeting programmable logic controllers (PLCs) at RSA Conference 2017 on Monday, showing how a hacker might disrupt the regular functioning of a water treatment plant.

It’s not ghosts in the its malware – check out the research paper here

Receive Weekly RoundUp

No spam guarantee.