IoT security threat to become real post-Mirai at RSA Conference 2017

IoT security tops the list of RSA Conference 2017 submissions after IoT devices were abused by threat actors, but the topics experts worry about are much more far-reaching.

IoT security has topped the list of RSA Conference submissions for the past three years. But for RSAC 2017, experts finally think the dangers are real for enterprises.

RSA Conference 2017 will take place Feb. 13 to 17 at the Moscone Center in San Francisco. According to a blog post by Britta Glade, senior content manager for RSA Conference, internet of things (IoT) security was once again the No. 1 submission topic, with ransomware, frameworks and processes, predicting threats, intelligence sharing and General Data Protection Regulation (GDPR) rounding out the top five topics.

Cris Thomas, strategist at Tenable Network Security, based in Columbia, Md., noted it shouldn't be a surprise to see IoT security threats and ransomware atop the RSA Conference 2017 submission list.

"When looking at the RSAC submissions, it is important to remember that the call-for-papers closed back in August. Submissions, therefore, will likely cover topics that were 'hot' last summer," Thomas told SearchSecurity. "While most of the talks will still be relevant today, they may not reflect the topics that everyone is talking about."

John Bambenek, threat systems manager at Fidelis Cybersecurity, based in Bethesda, Md., said IoT security threats have been big for RSA Conference submissions because they are easier to understand.

"IoT gets press because it's a big unknown tied to a hip and trendy topic. It helps that it's mostly consumer-facing. It's hard to get the general public to understand some novel use of a macro inside an Office document used by Chinese intelligence to target government dissidents," Bambenek told SearchSecurity. "It's easy to get people to understand that their toaster can become infected and used against them. But let's be honest, fear is a viable marketing strategy to sell more products."

Michael Patterson, CEO of Plixer International Inc., based in Kennebunk, Maine, said this year is different than those past because IoT security threats came to the forefront in October 2016.

"This year, there has been a very specific driver; Mirai was released, and the code was published. This made attacks on IoT devices more prevalent, and the botnet of devices had a massive impact," Patterson told SearchSecurity. "The largest DDoS [distributed denial-of-service] attacks in history occurred in 2016 and were traced to Mirai."

However, experts said the IoT security threat is still somewhat disconnected from the concerns of enterprises because the devices being abused are mainly consumer routers. Scott Petry, CEO of Authentic8 Inc., based in Mountain View, Calif., said that for enterprises, "it's not an IoT issue -- it's a network resiliency issue."

"IoT may be interesting in the abstract, but the material risk that CIOs have to deal with is traditional systems on traditional networks. IoT has become a thing that leadership needs to pay homage to, but the fact remains that the current resources that employees use to run the business remain vulnerable," Petry told SearchSecurity. "Millions of home routers may be used in a DDoS [attack], but what can the CIO of a firm do about that? Change their home router password away from the default? For [more than] 90% of the business, [IoT security threats] aren't either specific to IoT or related to their business."

Other topics

Experts couldn't quite agree on the major water-cooler topics for RSA Conference 2017, but many pointed to turmoil in global politics being a thread that could present in a number of different ways.

Multiple experts mentioned the changes that could come with the new U.S. administration of President Donald Trump. The executive order banning immigration is off to a rocky legal start, but caused waves in the tech sector. And experts are wary about potential changes to tax law, H-1B visas, outsourcing, regulatory accountability and how the Trump administration will approach government cybersecurity as a whole.

Experts also noted international issues, including Brexit and GDPR, should be talking points for RSAC attendees, but it's unclear if those topics will take hold.

Philip Lieberman, president of Lieberman Software Corp., based in Los Angeles, thinks the reorganization of the EMEA market could have big implications for enterprise.

"Since the establishment of the EU, sales of software and IT products to the EU region and regional profitability have been terrible for U.S.-based companies," Lieberman told SearchSecurity. "With the breakup of the EU, we see light at the end of the tunnel of the market opening up to U.S. software companies. We also see the potential repatriation of overseas funds to the [U.S.] as having a dramatic effect on domestic investment."

Chris Carlson, vice president of product management at Qualys Inc., based in Redwood City, Calif., said, "The EU GDPR will change how organizations approach cybersecurity protection, possibly moving from a mandate or compliance-based approach to a best-practices approach to protecting and defending an organization."

Other topics that can be seen throughout the RSAC schedule are artificial intelligence, headlined by a keynote by Eric Schmidt, executive chairman for Alphabet Inc., and machine learning, on which Zulfikar Ramzan, CTO for RSA, will offer a keynote speech.

However, experts said attendees should beware of the claims around AI. Thomas said people should "closely examine any such claims to see if it's really AI or just [a] fancy algorithm they claim is AI."

Daniel Miessler, director of advisory services at IOActive Inc., based in Seattle, said he expects machine learning to be "integrated into everything" at RSAC this year.

"The hidden story is that just as machines have beat us at chess, Go and poker, we're about to see them pass us in security analyst capabilities -- at least in certain areas. Probably not a popular message for a bunch of security people attending RSAC, though, right?" Miessler told SearchSecurity. "Machine learning is bigger than almost anyone thinks it is, and its impact on infosec will be extraordinary. But what we'll hear from vendors is that it's just a nice little upgrade to their products that makes the analyst's job easier."

Agenda highlights

RSA Conference has beaten its own all-time highs for attendance the past three years running, but it is unclear if that growth will continue.

RSA Conference statistics

An RSAC spokesperson said attendance figures for this year's show won't be known until after the conference ends.

The opening keynote this year will be given by RSA's Ramzan after another shakeup within the company, with previous RSA President Amit Yoran stepping down in December to take a position as the CEO of Tenable and being replaced by Rohit Ghai. Yoran reportedly said his decision to leave was not influenced by the recent acquisition of EMC by Dell.

Ghai will be the third president of RSA in as many years. Yoran took over as president of RSA in October 2014 following the unexpected retirement of former executive chairman of RSA and executive vice president of EMC Art Coviello in February 2014 due to health reasons. Ghai had filled various roles in RSA's parent company EMC since December 2009, including COO of EMC's information intelligence group and most recently president of EMC's enterprise content division. Ghai was appointed president and CEO of RSA on Jan. 10, 2017.

Yoran brought major changes to RSA in his time, refocusing the company's efforts from data loss prevention and cryptography in favor of more cloud security efforts and identity-as-a-service plans. Ghai has not yet outlined his aims for the company.

Other corporate executives making keynote speeches include Brad Smith, president and chief legal officer at Microsoft; Mark McLaughlin, chairman, president and CEO for Palo Alto Networks; Matt Moynahan, CEO for Forcepoint; Terence Spies, distinguished chief technologist for Hewlett Packard Enterprise; Hugh Thompson, CTO for Symantec; David Ulevitch, vice president for Cisco's security business group; and Christopher Young, senior vice president and general manager for Intel Security.

In addition to the security professionals, there will also be keynotes from Rep. Michael McCaul (R-Texas), chairman of the House Committee on Homeland Security; Dame Stella Rimington, author and former director general of MI5; Late Night host Seth Meyers; and Neil deGrasse Tyson, astrophysicist and director of the Hayden Planetarium in New York City.

Special events

Beyond the keynotes, sessions and tutorials, RSA Conference 2017 will once again feature opportunities for attendees to earn continuing legal education or continuing professional education credits by attending track sessions and keynotes. And it also features a number of special events, beginning with the Innovation Sandbox Contest.

The Learning Labs experience at RSA 2017, which targets security professionals with more than 10 years of experience for in-depth simulations and role plays, has increased in size once again, with 16 sessions this year, compared to 11 sessions last year and just four in 2015.

This year's Learning Labs will include lessons on how to track and analyze the behavior of ransomware, a hands-on simulation of IT/OT convergence, hacking challenges, threat modeling practice, an introduction to cryptography, help developing a privacy impact assessment and more.

Next Steps

Learn more about the fear stemming from IoT security threats and vulnerabilities.

Catch up on RSAC coverage from last year.

Get info on why there aren't any major changes expected in RSA after the Dell-EMC merger.

Dig Deeper on Security operations and management