Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Don't expect AI to save our security skins, warns RSA boss

And the government isn't helping either

RSA 2016 RSA president Amit Yoran used the opening keynote of his company's conference to warn about the dangers of trusting new technology – and to launch a stinging attack on government stupidity over encryption.

Yoran acknowledged that deep learning and AI systems were going to be a theme of the conference this year – indeed RSA is launching its own behavioral analytics engine at the show – but said the industry can't rely on such systems to solve real-world security problems.

People got very excited about AI when Google's AlphaGo deep learning system beat the European Go champion five times in a row. It was an impressive achievement, he said, but hardly a good demo of AI for the security industry.

"Go has defined boundaries and all players must follow a set of unchanging rules that are knowable and static," he said.

"In cyber security, our opponent isn't playing by the same game and they don't play by our rules: they don't even have rules. Our problem isn't a technology problem, they aren't beating us with better technology; they beat us by being more creative, more patient, and more persistent."

To beat the crooks, companies need to train their own hunters and give them the freedom to act, Yoran said. If companies are putting most of their effort into security compliance they are missing the point, he warned.

Schoolin' your guests

Yoran said that this year's conference had more government speakers and visitors than ever before. That's welcome, he said, but the industry needs to educate the government and tell it when it's being dumb.

"Weakening encryption was so misguided as to boggle the mind," he said. "We are in a golden age of surveillance. Weakening encryption is solely for ease of police in catching petty criminals. No terrorists and nation states would use weak technology, but if we adopt it you can bet they'll target us. We need to be respectful but make sure our voices are heard."

He also slammed the US administration's approach to the Wassenaar Arrangement governing the export of technology. The initial revision of this treaty would have banned large chunks of security technology from being exported, and Yoran welcomed the American government's decision to back down on the issue.

Yoran's comments were echoed by subsequent speakers. Former president of RSA Art Coviello, who popped in to pick up a lifetime achievement award, said that the industry had had these discussions before in the crypto wars of the 1990s, and the equations hadn't changed – breaking encryption is a dumb idea.

Microsoft president Brad Smith was equally blunt about government's overly intrusive approach to data in his keynote. Encryption is a key issue, he said, but so too is law enforcement's attempts to overturn two centuries of case law by going after cloud servers.

Redmond can and does work with law enforcement, Smith said, citing the Paris terrorist attacks. Microsoft handed over content from messages from 14 individuals as police sought to locate terrorists on the run, and it did so in an average time of 30 minutes, only pausing to check that the requests were lawful.

But in its Dublin case, Microsoft will stand firm on attempts by law enforcement to get data from its cloud servers. The company will continue to fight this case, he said, because it's a key legal issue.

"We believe that when the government wants to investigate a business it should go to the business, not the cloud service provider instead," Smith said. "It has worked that way for two centuries and should stay that way. Businesses have a right to know they are being investigated." ®

Similar topics

TIP US OFF

Send us news


Other stories you might like