[Dailydave] RSA

[Dave Aitel]

So I guess my summary would be : Better than expected so far!

The first talk I saw, was a panel discussion lead by CloudStrike's
Dmitri Alperovitch (who is uniquely confused as to how new his Android
exploit talk is - I mean there's products out there that do everything
his talk discusses. Then again, Hype is the coin of the realm here - and
Dmitri is nothing if not a master of Hype). He did a good job as a panel
moderator though. Just enough China-bashing to seem informed but not
overly aggressive.

Also on the panel (picture here
<https://twitter.com/#%21/daveaitel/status/174887397044125697/photo/1>)
was James Lewis (CSIS), Eric Rosenbach (DoD Deputy Assistant Secretary
of Defense for Cyber Policy), Adam Segal (Council on Foreign Relations),
and Martin Libicki (RAND). I liveblogged it on Twitter, to Sean's chagrin.

There's a bill from the GOP coming out today on Cyber (McCain didn't
think the NSA got enough power in the other bill). No doubt it was
written with input from some of these people, and Eric specifically
asked for companies to essentially lobby their representatives in
support of the current bill, so the panel was tinged with a tiny bit of
politics.

But if you were a reporter, and there were a few of them in the room,
probably the most reportable thing I haven't heard elsewhere is that
both Obama and Biden talked with the next Chinese president on his visit
to the US about the economic espionage. Likewise, James Lewis and Martin
Libicki tend to go visit the Chinese every six months (I guess for new
phone trojans?)  to talk about strategic issues, and one of their points
was that the Chinese don't believe that the US doesn't do economic
espionage. Eric (who would know) pointed out how impossible it would be
for the US to do economic espionage the way the Chinese do in our
current system (aka, "who gets this information? Imagine the lobbying
and legal fun!"). Likewise, the Chinese consider it "Information War",
not "Cyber war" and consider the NY Times to be a weapon (which it is!).

Eric also pointed out that the DoD would consider a "prep of the
battlefield" in cyber to the armed attack, which doesn't correspond well
to a previous panel which reportedly said that every time the DHS
examined critical infrastructure, they found an attacker already on it.
Eric said that it is almost certainly not the right thing to do to have
the NSA take the lead role in homeland defense, which is interesting
because earlier in the panel he wanted to make defense a managed service
run by the NSA. What you have is a weird dichotomy, where the NSA has
the capabilities, and the DHS has the authorities. <forboding music>
This is usually a bad sign. </>

Anyways, normally panels are the lamest things ever, but I thought this
one (in particular for Eric) was worth watching. Martin Libicki thinks
too small about cyber imho, but James Lewis was interesting, compared to
what you would expect from the CSIS papers.

-dave




-- 
INFILTRATE 2013 January 10th-11th in Miami - the world's best offensive information security conference.
www.infiltratecon.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120301/09f06666/attachment.html>