[Weekend Briefing] 10 takeaways from the RSAC 2022

By Dain Oh and Kuksung Nam, The Readable
July 1, 2022 9:35PM KST

Hello, it’s Dain Oh and Kuksung Nam for The Readable. Today, we published the RSA Conference Recap Report for our readers. You can download it here. Along with the report, we selected 10 takeaways from the conference for this weekend. Enjoy our report and have a great weekend!

1. Avril Haines (Director of National Intelligence, Office of the Director of National Intelligence)

Rethinking the Cybersecurity Challenge from an IC Perspective

If we are in the context of a tactical, particular threat, one of the key aspects of partnership will be providing that information to whoever it is. That might be the victim. That could be private sector. It could be another country. It could be a variety of actors that we are looking at. And we want to be able to do that as quickly as possible. And we often do that through partners in the U.S. government, and yet being able to develop the mechanisms that allow you to do it real time is absolutely crucial.

Avril Haines speaks at the RSA conference 2022. Photographed by Dain Oh

2. Jen Easterly (Director, Cybersecurity and Infrastructure Security Agency)

Cybersecurity as a National Security Imperative

As the newest government agency, I probably spend more than 50% of my time on building the culture of the organization, developing our core values, our core principles, ways to weave these to the fabric of the organization. And at the end of the day, it's all about our people. How are we building an ecosystem that allows us to attract and retain the best talent to be able to help defend the nation in cyber and that comes down to how we treat our people, how we develop them, how we treat other people, how we treat our partners. Culture really at the end of the day is the most important thing when you are trying to build a great organization. (…) They're all connected. The attack surface is enormous. They're all vulnerable. It really means that we have to all work together.

3. Bruce Schneier (Lecturer, Harvard Kennedy School)

What Matters Most

So, what is a hack? Here's my definition. Something that a system permits but is unanticipated and unwanted by its desires or alternatively a clever unintended exploitation of a system, which one subverts the rules of the system to at the expense of some other part of the system, right? This is a subjective term that encompasses an ocean of novelty and cleverness. It's a subversion.

When AI start hacking, everything will change again because they're not going to be constrained in the same ways or have the same limits as people. They will think like aliens and they're going to change hacking speed scale and scope speed is easy. Computers are much faster than people, a human creative process that might take months or years could be compressed. Today is hours or seconds. What could happen when you feed an AI, the entire US tax code, and we'll have figure out without being told that it's smart to incorporate in Delaware or to register your strip in Panama.

We need to be able to quickly and effectively respond to hacks. (…) to figure out how to have that same kind of agility in societies rules and laws

4. Michael Daniel (President and Chief Executive Officer, Cyber Threat Alliance)

Mapping the Cybercriminal Ecosystem

The word Atlas in the physical world is a book of maps, which you can think of as visualizations of the underlying data. we want to be able to do this same thing for the cyber criminal ecosystem. How do we understand the ecosystem as a whole and enable different views of that ecosystem? (…) [the criminal groups] interchange the malware. They move around. They use different tools and techniques so that's no longer sufficient even as a shorthand. The project is responding to that complexity so that we can help drive some of the complexity out. So, we can do a better job.

Michael Daniel speaks at the RSA conference 2022. Photographed by Kuksung Nam

5. Rohit Guy (Chief Executive Officer, RSA)

The Only Constant

First, Identity is the one constant in the ever-changing world of cybersecurity. Second, what matters most and what we protect is the truth. The veracity of information. Finally, we need to stop believing that security versus convenience is a zero-sum tradeoff. Crisis is a terrible thing to waste. Look, I don't know if these three ideas are the perfect lessons to learn from a cyber crisis. But do we need to live through one in order to not waste it? I ask you, are we really going to wait for a cyber pandemic to transform security? Though a cyber crisis may not cost as many human lives, it will spread much faster at the speed of light versus the speed of humans. It could have a massive and debilitating societal and economic impact as it takes out critical infrastructure. When our physical world got disrupted, we went online to remain productive and remain connected. If our digital world is disrupted, where would we go? What would we do? Transforming security will require us to reorient our thinking from being infrastructure centric to identity centric and information centric. It will require us to be mindful enough to care deeply about constants, astute enough to identify and focus on the imperatives, and brave enough to ditch our dogmas. Transform we must, reluctantly or otherwise. Our survival depends on it. Let’s be authors and not just readers. This is our story. Let’s not allow anyone else to write it.

6. Dmitri Alperovitch (Chairman, Silverado Policy Accelerator)

Global Threat Brief: Hacks and Adversaries Unveiled

It's not all gloom and doom out there. We need to re-evaluate cyber warfare assumptions. Here you have a major war break out in Europe. The biggest war that the continent has seen since World War II, and cyber has not been a major topic of conversation and has not been a major impact to Ukraine operations. And I think that as we look forward to future conflicts, we have to appreciate that. Yes, cyber will be an element, there will be tactical attacks that can help forces to disable air defense systems, disable communications etc. but resiliency matters and the adversaries aren't ten feet tall. And if you're able to get back up and running very quickly, that attack is not going to be very useful to the enemy that is trying to execute it. (…) we have to be building up our talent in this domain. We simply don't have enough defenders for everyone. We have to build up capacity. We have to educate people on policy as it's becoming the next frontier in this domain.

7. Niloofar Razi Howe (Sr. Operating Partner, Energy Impact Partners)

Cyber and Modern Conflict: The Changing Face of Modern Warfare

Cybersecurity is protecting our people, our organizations, and our institutions. The values we believe in should be the kind of common ground issue that we can rally around, that we can show progress in, that we can develop solutions to and that we could rebuild trust between government and citizens on.

8. Heather Mahalik (DFIR Curriculum Lead and Sr. Director of Digital Intelligence, SANS Institute and Cellebrite)

The Five Most Dangerous New Attack Techniques

The issue is zero click. You have to do nothing except be a target. Someone wants your device. They will get on your device. This attack literally flies through the air and lands on your iOS or Android device. You don't click it and it immediately self installs. [This is] where my job becomes very difficult. It also self destructs. So, it takes away all the evidence with it. (…) If Pegasus is coming your way, it's not what if. It's when. Once you are targeted, it's going to happen. So you have to educate yourself on how to get beyond this.

9. Tal Goldstein (Head of Strategy, Centre for Cybersecurity, World Economic Forum Centre for Cybersecurity)

Mapping the Cybercriminal Ecosystem

It’s quite clear that cybersecurity is a topic that requires public-private collaboration. So, what we have done in the last two years, we’ve launched partnership against cybercrime which is trying to convene experts and leaders from private companies like Fortinet and Microsoft together with law enforcement, FBI, INTERPOL and EUROPOL and many other agencies as well as nonprofit organization like NCFTA, CDA, other that are already working to promote collaboration and see what we need to enhance collaboration between government and private sector and all the relevant stakeholders.

10. Amy Hogan-Burney (Associate Counsel and General Manager, Digital Crimes Unit, Microsoft)

Mapping the Cybercriminal Ecosystem

So, I think everybody in this conference has heard about a million times that we need to have public-private partnerships. But sometimes it seems like public-private partnerships rely on personal relationships. That is not a good way to scale. But a good way to scale is to understand the threat landscape using this Atlas and then see who also has information and can be working on it and come together in a way where we can scale and not just be based on friends. (…) for big impact we need to kind of go beyond the work over beers and start being more systematic about it.

[News] South Korea Participates in US led Multinational Cyber Exercise for the First Time

The Ministry of National Defense confirmed that South Korea will join the Cyber Flag exercise led by the U.S. Cyber Command for the first time. “The Cyber Flag exercise is expected to be held in October. Approximately twenty people are expected to participate in the exercise,” said Moon Hong-sik, the deputy spokesperson of the Ministry of National Defense, in a press briefing held on Monday. According to the U.S. Cyber Command official website, Cyber Flag is an annual multinational exercise designed to provide realistic virtual defensive cyberspace training. This movement coincides with South Korea’s plans to strengthen its alliance with the U.S. Prior to the announcement, South Korean president Yoon Suk-yeol and his U.S. counterpart held a summit meeting in Seoul on May 21 and agreed to expand cooperation in cyberspace. Furthermore, South Korea’s action is also intended to enhance cyber resilience in the face of evolving cyber threats.


Dain Oh is an award-winning cybersecurity journalist based in South Korea and the founding editor-in-chief of The Readable by S2W. Before joining S2W, she worked as a reporter for The Electronic Times, the top IT newspaper in Korea, covering the cybersecurity industry on an in-depth level. She reported numerous exclusive stories, and her work related to the National Intelligence Service led to her being honored with the Journalist of the Year Award in 2021 by the Korea Institute of Information Security and Cryptology in a unanimous decision. She was also the first journalist to report on the hacking of vulnerable wallpads in South Korean apartments, which later became a nation-wide issue.

Kuksung Nam is a cybersecurity journalist for The Readable. She covers cybersecurity issues in South Korea, including the public and private sectors. Prior to joining The Readable, she worked as a political reporter for one of the top-five local newspapers in South Korea, The Kyeongin Ilbo, where she reported several exclusive stories regarding the misconduct of local government officials. She is currently focused on issues related to anti-fraud, as well as threats and crimes in cyberspace. She is a Korean native who is fluent in English and French, and she is interested in delivering the news to a global audience.