“Weekend Briefing” is a weekly newsletter sent to subscribers of The Readable every Friday. Our journalists select important news items from the previous week on topics ranging from privacy to policy development in cybersecurity, all to help you stay abreast of the latest breaking issues. And not only is this provided free of cost to our subscribers, but the briefing contains new content exclusive to subscribers, such as our insightful industrial reports.
San Francisco — The annual RSA Conference wrapped up on Thursday, transforming the Moscone Center into a concert hall with Alicia Keys performing at the closing ceremony. Yet, the highlight of the week wasn’t the 16-time Grammy winner’s performance but the insights from four pivotal figures instrumental in establishing the United States Cyber Command 15 years ago. As a reporter, I had the privilege of attending a session where they discussed the origins of this new command. I’ve documented their insights here, offering a glimpse into the pioneering strategies developed for defending cyberspace.
This week, coinciding with the RSA Conference, the U.S. government made two significant announcements that are essential reading for cybersecurity experts. Additionally, one of the standout events I attended was hosted by Accenture among others, titled “Cyber Catalysts: Empowering the Next Generation of Cyber Leaders.” This gathering was particularly impactful, reinforcing the notion that the future of cybersecurity is promising and robust, rather than a bleak cycle of perpetual conflict and fatigue.
In Seoul, discussions on space security took center stage, as reported by Kuksung Nam and Minkyung Shin who attended a key event on this issue in person. Additionally, I have included two more stories covered by these reporters concerning a cyber exercise and a privacy breach resulting from a mistake made by the South Korean government.
Next week, The Readable team will be meeting with experts across Europe, traveling to Dublin, Birmingham, and Leuven. We’ll return next Friday with fresh stories.
This is Dain Oh reporting from San Francisco, and here is your weekend briefing.
1. Narratives played a crucial role in establishing cyber command, reflect US officials after 15 years
San Francisco ― The RSA Conference ― The four pioneers most instrumental in the creation of the United States Cyber Command (USCYBERCOM) 15 years ago—the Four “Horsemen”—assembled at the Moscone Center on Wednesday, having come together to publicly discuss the origins of the organization for the first time. During their keynote session, which traced the development of USCYBERCOM, they frequently used words like “narratives” and “storyboards,” terms not commonly associated with cybersecurity.
General Paul Nakasone, former Commander of USCYBERCOM who retired in February, was joined on stage at the RSA Conference by Vice Admiral Timothy “TJ” White, former Commander of U.S. Fleet Cyber Command and the Cyber National Mission Force. Also participating were Lieutenant General Stephen Davis, Inspector General of the Department of the Air Force, overseeing the Defense Cyber Crimes Center (DC3), and Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA). Together, they engaged in a panel discussion in the presence of the audience who had gathered to hear them speak.
USCYBERCOM was born out of a significant security breach in 2008, described as the “worst military breach in U.S. history.” That year, a USB flash drive loaded with malicious code, found in a parking lot in Afghanistan, was carelessly connected to a computer linked to the U.S. Central Command. This act compromised both classified and unclassified networks of the defense organization and resulted in data being siphoned off to foreign entities. The breach was only publicly acknowledged four months later. The Pentagon then spent nearly 14 months eradicating the worm from its networks through an operation dubbed “Buckshot Yankee.” This incident, which was later attributed to Russian intelligence services, prompted the establishment of USCYBERCOM within the Pentagon in 2010. READ MORE
2. US officials join RSAC to highlight cyber strength against threats
San Francisco ― The RSA Conference ― High-level officials of the United States responsible for national cybersecurity strategies took the stage at the RSA Conference, coinciding with two major announcements from the government.
The speakers included Secretary of State Antony Blinken, who delivered the opening keynote on the first day, and National Cyber Director Harry Coker from the Office of the National Cyber Director (ONCD) at the White House, who spoke for approximately 50 minutes about a new report published by the White House the following day. In their speeches, both officials emphasized their confidence in countering cyber threats, shifting the focus away from the risks and challenges currently facing the government.
This optimistic approach to securing cyberspace was also prominent in other sessions attended by U.S. government officials. Notably, Jen Easterly, Director of the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS), and her predecessor, Chris Krebs, who was the first director of CISA, participated as panelists in a separate keynote session, titled “A World On Fire: Playing Defense in a Digitized World and Winning.” READ MORE
3. RSAC’s executive chair welcomes 40,000 cyber experts at Moscone
San Francisco — The RSA Conference — The 33rd annual RSA Conference, RSAC 2024, commenced in the Golden City on Monday. Themed “The Art of Possible,” the event is currently hosting over 40,000 cybersecurity professionals from more than 130 countries at the Moscone Center through Thursday. Participants are sharing their expertise with the goal of making the world a safer place.
In his keynote speech at the RSA Conference, Hugh Thompson, Executive Chairman of RSAC, reflected on his 16 years as program chair: “The difficult challenges we face daily in cybersecurity, the things that are so hard, and the problems that seem impossible, are actually possible to overcome through community.”
In his address, Thompson applauded the RSAC community, which has spent 33 years collaboratively addressing complex cybersecurity issues. According to the chairman, this year’s conference saw a record number of submissions in response to its call for speakers. READ MORE
4. LevelBlue unveils new security research after its official launch at RSAC
San Francisco ― The RSA Conference ― AT&T and WillJam Ventures, through their joint venture, unveiled their initial findings in the 2024 LevelBlue Futures Report: Cyber Resilience at the RSAC Conference on Tuesday. This announcement came just a day after the official launch of their new company.
LevelBlue, a new standalone managed cybersecurity services business, officially launched on May 6 at the RSAC. Formed through a joint venture between AT&T and WillJam Ventures, an investor with substantial experience in the cybersecurity sector, LevelBlue starts with a robust global workforce of over 1,000 employees. AT&T holds a minority ownership stake in the venture and retains representation on the board.
The research presented at the RSAC Conference reveals that businesses often adopt varied approaches to cybersecurity resilience, face entrenched obstacles, and encounter varying levels of engagement from senior executives on issues of cyber resilience. Notably, while 85% of survey participants perceive that advances in computing technology are escalating risks, 74% acknowledge that the benefits of these innovations surpass the increased cybersecurity risks involved. READ MORE
5. Experts highlight growing threats from integration of cyber, space, and AI technologies
According to a South Korean cybersecurity expert on Wednesday, cyber, space, and artificial intelligence technologies are becoming increasingly intertwined. This convergence necessitates a more integrated approach to assessing threats among emerging technologies.
Yoon Jung-hyun, a research fellow at the Center for Science, Technology, and Cybersecurity at the Institute for National Security Strategy (INSS), highlighted that the world is entering an era of “emerging security.” He pointed out that as modern technologies increasingly influence daily life, their integration could pose substantial security threats that need to be addressed at a national level. Yoon’s comments were made during the National Strategy for Space Cyber Security event, which was co-hosted by the Korean Academy of Space Security and the Korea Association of Cybersecurity Studies. READ MORE
6. Space systems could be targets for cyberattacks, expert says
On Wednesday, a space security expert issued a warning that space systems including launch facilities could become prime targets for attackers seeking to conduct malicious activities against their systems.
Um Jung-sik, a professor in the Department of Military Strategy Studies at the Republic of Korea Air Force Academy, discussed cybersecurity threats to space centers during a presentation at the National Strategy for Space Cyber Security in Seoul. He highlighted that attackers could target space center operations at any stage, from preparation through to completion. READ MORE
7. South Korea participates in US-led multinational cyber military drill
South Korea is enhancing its defense capabilities by participating in a United States-led international cyber military exercise with the Five Eyes alliance.
On Sunday, South Korea’s Cyber Operations Command announced that nine of its personnel will take part in the “Cyber Flag” exercise, scheduled to run from May 5 to 11 in Virginia. According to the press release, 18 countries are participating in this year’s cyber military drill. The South Korean military has not disclosed the names of other participating countries beyond the Five Eyes member states: the United States, the United Kingdom, Canada, Australia, and New Zealand. READ MORE
8. South Korean government website exposes personal information due to incorrect document issuance
South Korea’s online certification website inadvertently exposed the private information of over 1,200 individuals by issuing incorrect documents to users.
On Sunday, the Ministry of the Interior and Safety (MOIS) reported that the GOV.KR website, which provides document issuance services to citizens, mistakenly issued 646 educational certificates on April 1. This error led to the personal data of citizens, including names, addresses, and resident registration numbers, being disclosed to incorrect applicants. READ MORE