We are almost halfway through the RSA conference 2017 for this year, below is a recap of the headlines so far
RSA Conference 2017 – Microsoft calls for establishment of a digital Geneva Convention
MS took to the RSA conference 2017 stage to launch a peace initiative! As the public grows more concerned with state-sponsored hacking, Microsoft is calling on tech companies to form a so-called “Digital Geneva Convention” by promising to protect users from nation-state attacks and vowing to never mount offensive cyber-attacks. Sound strange? Well you’re not alone, but who knows it may catch on. We can follow up with a non-proliferation treaty on cyber warfare. Wonder if North Korea will be signing any time soon?
Microsoft president and chief legal officer Brad Smith announced the initiative yesterday at the RSA Conference. “We suddenly find ourselves living in a world where nothing seems off limits to nation-state attacks”
Details of the initiate are outlined in Brad’s blog post here – The need for a Digital Geneva Convention
RSA Conference 2017 – Opening Keynote: RSA CTO & Michael Dell Declare Technical Chaos an Opportunity
As an example of chaos, RSA CTO Ramzan referred to the technological impact on the 2016 US presidential election. “Did it change the course of the US presidential election? Who knows, but it changed the discourse of what followed. It was mainstream front-page news and rocked the foundations of democracy. It demonstrated that our problem isn’t limited to initial cyber-attacks. More, it’s the long tail of chaos it creates.”
“Ambitious enterprise is truly a joint venture between business and security—they need to be on the same side of the room,” he said. “It’s important to innovate, advance, and draw lines that connect, not lines that separate.”
Ramzan outline 3 points for bringing some harmony to the chaos:
- Treat risk as a science, not a dark art. “Think things through all the way to the end and ask yourself ‘what if?’”
- Simplify what you control. “I spoke to a vendor who has 84 vendors. How do you manage so many vendors and justify the ROI from so many? Consolidate your vendors. Work out what works and ditch everyone else.”
- Plan for the chaos you can’t control. “Incident response must have availability, budget and collaboration. Incident response isn’t a wish list. There will be unexpected costs, so get the budget authority. Without it, incident response will fail.”
More Here [InfosecMag]
RSA Conference 2017 – Researchers demonstrate ransomware for industrial control systems
A group of researchers from Georgia Tech School of Electrical and Computer Engineering showed that it’s possible to craft ransomware aimed at compromising and fiddling with industrial control systems.
The team demonstrated their own proof-of-concept ransomware targeting programmable logic controllers (PLCs) at RSA Conference 2017 on Monday, showing how a hacker might disrupt the regular functioning of a water treatment plant.
It’s not ghosts in the its malware – check out the research paper here