“Security in Knowledge” – Commentary from RSA Conference 2013
At over 20,000 attendees, RSA USA is arguably the largest annual gathering of folks in the cyber security industry.
Like last year, I grazed on the periphery of RSA. Other OSIer’s had full conference access. The B-Sides SF event continues to provide the most bang for the buck ($20 instead of $2000 registration). Likewise the California PUC thought leadership series event on cyber security was free. Both of the former were tight knit and provide good interaction. The RSA Expo was extremely busy but complimentary passes make it a bargain too – these include access to many of the keynote presentations.
Rhetoric and hype are consistently in excess at RSA and rose to new found levels this year. The recent State of the Union Executive Order announcement with a presidential directive on critical infrastructure resilience probably would have been enough to keep the spin room busy. But it was Mandiant’s carefully timed APT1 report that seemed to whip the conference into a state of frenzy.
Suddenly, critical infrastructure protection is ‘cool’ for mainstream cyber security pros. This buzz almost stole the show from the conference theme related to big data security.
The Mandiant booth was packed. APT1 fact sheets were very well done, with one case illustrating the details of espionage attacks on the energy sector. In short this is spooky stuff. The problem with creating so much fear is it can be paralyzing. OMG, everyone is getting hacked, these guys are unstoppable – why try?
In one form or another I heard this concept play out over and over. Top experts are struggling to answer the question: “Are we more secure than we were 10 years ago?” Several of these security leaders are calling #FAIL on themselves and the whole security industry.
Cisco’s John Stewart seemed to handle the question better than most. After suggesting the question is rigged for good debate he offers sobering advice: a sure way to get hacked is to do nothing on cyber security.
This gets me to the main topic of this post. If you are wondering what to do relative to PI System security, your plans should include updates as a priority. PI Server 2012 provides significant security benefits. Also we continue to recommend Windows Server Core as the most secure operating system platform for PI System servers.
Finally, if you find yourself paralyzed by all the hype please contact us. We do offer security advice for the PI System. Let’s have a conversation about PI System security. Or come join your peers at the OSIsoft Users Conference security workshop and training. I’ll see you there!