Dailydave mailing list archives
RSA
From: Dave Aitel <dave () immunityinc com>
Date: Thu, 01 Mar 2012 10:16:40 -0500
So I guess my summary would be : Better than expected so far! The first talk I saw, was a panel discussion lead by CloudStrike's Dmitri Alperovitch (who is uniquely confused as to how new his Android exploit talk is - I mean there's products out there that do everything his talk discusses. Then again, Hype is the coin of the realm here - and Dmitri is nothing if not a master of Hype). He did a good job as a panel moderator though. Just enough China-bashing to seem informed but not overly aggressive. Also on the panel (picture here <https://twitter.com/#%21/daveaitel/status/174887397044125697/photo/1>) was James Lewis (CSIS), Eric Rosenbach (DoD Deputy Assistant Secretary of Defense for Cyber Policy), Adam Segal (Council on Foreign Relations), and Martin Libicki (RAND). I liveblogged it on Twitter, to Sean's chagrin. There's a bill from the GOP coming out today on Cyber (McCain didn't think the NSA got enough power in the other bill). No doubt it was written with input from some of these people, and Eric specifically asked for companies to essentially lobby their representatives in support of the current bill, so the panel was tinged with a tiny bit of politics. But if you were a reporter, and there were a few of them in the room, probably the most reportable thing I haven't heard elsewhere is that both Obama and Biden talked with the next Chinese president on his visit to the US about the economic espionage. Likewise, James Lewis and Martin Libicki tend to go visit the Chinese every six months (I guess for new phone trojans?) to talk about strategic issues, and one of their points was that the Chinese don't believe that the US doesn't do economic espionage. Eric (who would know) pointed out how impossible it would be for the US to do economic espionage the way the Chinese do in our current system (aka, "who gets this information? Imagine the lobbying and legal fun!"). Likewise, the Chinese consider it "Information War", not "Cyber war" and consider the NY Times to be a weapon (which it is!). Eric also pointed out that the DoD would consider a "prep of the battlefield" in cyber to the armed attack, which doesn't correspond well to a previous panel which reportedly said that every time the DHS examined critical infrastructure, they found an attacker already on it. Eric said that it is almost certainly not the right thing to do to have the NSA take the lead role in homeland defense, which is interesting because earlier in the panel he wanted to make defense a managed service run by the NSA. What you have is a weird dichotomy, where the NSA has the capabilities, and the DHS has the authorities. <forboding music> This is usually a bad sign. </> Anyways, normally panels are the lamest things ever, but I thought this one (in particular for Eric) was worth watching. Martin Libicki thinks too small about cyber imho, but James Lewis was interesting, compared to what you would expect from the CSIS papers. -dave -- INFILTRATE 2013 January 10th-11th in Miami - the world's best offensive information security conference. www.infiltratecon.com
_______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com http://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- RSA Dave Aitel (Mar 01)