The tenor of this year’s RSA Conference was about opening doors, not closing them. While previous conferences had huddled around topics like encryption, network access control, SQL injection prevention and stopping terrorism, this year’s focus was personal iPhones and iPads on business networks, and the threat of activist reprisals from the Internet hive mind known as “Anonymous.”
At the network to the programming level, everyone was talking about externally controlled devices accessing internal networks. Whether the control of those devices is wielded by an employee (as in the case of an iPad), or by an outside party accessing a controlled data stream (as in an API), this year’s RSA Conference made it clear that restricting network access is no longer an option.
That means practices like white-listing—blocking access to all websites except those sanctioned by IT—are being removed by necessity. As one executive speaking on a panel hosted by Cisco quipped, “I don’t care if the senior VP is looking at porn anymore.”
Christopher Young, senior vice president of Cisco’s security and government group, said that this revolution is, at its heart, about a change in the usage of technology in our lives.
“The big trend we’re all dealing with is about the seamless integration of technology into all of our lives,” he said. “What we need to go along with this is a transition to the seamless integration of security into our lives. Security is cumbersome for the average users, and they’ll go to great lengths to avoid it whenever they can. That presents us with a major problem: Do we lock it down, or do we free it up?”
At the Wednesday afternoon keynote sessions, the topic veered away from personal devices on private networks, and sailed into the murkier waters of hacktivism. In a panel discussion with PBS NewsHour correspondent Jeffrey Brown, the rise of Anonymous was discussed. Eric Strom, special agent with the FBI, said that Anonymous is an entirely new problem for the agency.
Whereas the criminal underworld is insular and difficult to penetrate, Anonymous is wide open and inviting, said Strom. Additionally, Anonymous tends to be staffed with much younger members.
“They’re very open about what they want to do, whether it’s intrusion, or hacking into something,” he said. “That’s the tipping point for us. If they’re just complaining about something, they have every right to do that. It’s when they take that step across the line, or hack into a system and go after someone in law enforcement and their family, that’s when we step in.”
Strom said that much of the work that’s been done at the FBI around Anonymous attacks involved outreach to the companies that have been targeted. “The positive side is that the FBI has been very proactive with companies,” he said. “A lot of times, we’ll put companies in touch with other companies: prior victim with a potential victim. We’ll ask, ‘What’d you do to defend yourselves?’ ”