The Internet of Things was expected to be the hot topic at last year's RSA Conference, and the emerging technology is expected to once again get most of the attention. However, experts said the growing encryption debate may share the spotlight.
RSA Conference 2016, or RSAC, is taking place Feb. 29 to March 4 at the Moscone Center in San Francisco. According to a report by Britta Glade, senior content manager for RSA Conference, the top topic submissions this year were IoT, industrial control systems (ICS) and the Industrial Internet of Things, encryption, and artificial intelligence and machine learning.
However, even though the Internet of Things is once again expected to be the biggest subject at the conference, the focus on the topic has shifted. According to Glade, the IoT submissions last year tended to be "observational," but this year, they "seem to have moved into the 'solutioning' phase of the maturity curve."
"There's a greater focus on the importance of security in the overall risk posture, as companies bring new solutions to market, and organizations are dealing with more 'things' being connected to the network," Glade wrote. "While we still anticipate rough roads ahead, as organizations work to balance accessibility and transparency ... with security, privacy and risk tolerance, we are heartened to see substantial solutions-based conversations percolating and look forward to meaty conversations around Internet of Things across our agenda."
Rebecca Herold, CEO of Privacy Professor, told SearchSecurity "IoT is the big security [and] privacy boogeyman, ready to pounce from the darkness at infosec and privacy pros."
"The massive numbers and wide range of types of IoT devices being launched without any security and privacy controls is creating a high-risk environment, with unknown consequences," Herold said. "A subset of this that I have been working on a lot is medical and health IoT devices, and the associated security and privacy risks."
Although the team that set the agenda for RSA Conference 2016 expect ICS to be the second biggest topic, an RSAC spokesperson told SearchSecurity there were about 1,700 session submissions this year on the topic of encryption. Most experts that spoke to SearchSecurity said encryption would likely end up being a big topic at this year's conference, because the topic is integral to a number of high-profile stories in the news recently.
"Encryption and privacy have been hot topics for some time, and seem to keep getting hotter," said Eric Chiu, president and co-founder at HyTrust Inc., based in Mountain View, Calif. "Be it unlocking the devices used by a criminal who committed serious crimes -- [such as] San Bernardino -- or organizations trying to share information across international boundaries (Privacy Shield), the concerns over the ability to snoop or use encryption backdoors in the name of improving security is at odds with the need to have strong encryption to improve security."
The conference even has a keynote roundtable discussion exploring why the encryption controversy is only the beginning of the overall security and privacy debate. The keynote will be moderated by Art Coviello, former RSA president, who unexpectedly retired in February 2015 due to health concerns.
Bruce Schneier, author and CTO for Resilient Systems Inc., based in Cambridge, Mass., noted that while encryption will likely be a big topic in RSAC sessions, an interesting water-cooler topic could be all of the acquisitions in the infosec industry.
The biggest acquisition in the news is Dell's planned purchase of EMC, which owns RSA, for $67 billion. Defense-contracting giant Raytheon agreed to acquire network security provider Websense for $1.9 billion. Trend Micro has agreed to buy HP TippingPoint for $300 million. Cloud access security broker Blue Coat acquired both Elastica for $280 million and Perspecsys for an undisclosed amount. And Splunk acquired behavioral analytics firm Caspida for $190 million, just to name a few.
RSA Conference 2014 set an all-time high, with more than 28,500 attendees, 410 sessions and a total of 604 speakers. RSAC 2015 had a massive number of 33,000 attendees, according to a conference spokesperson, more than 490 sessions scheduled and more than 680 total speakers who appeared at the event.
This year marks the 25th anniversary of the RSA Conference, and the event is still growing, with almost 500 sessions and more than 700 speakers scheduled. Attendance for RSAC 2016 won't be known until after the conference ends.
Amit Yoran, president of RSA, the security division of EMC, will give the opening keynote for the conference -- his second since taking over as president of RSA in October 2014. Yoran's address looks to continue his call from last year for a "radical change" in the cybersecurity industry.
"RSA is re-engineering across the board," Yoran said last year. "By this time next year, we won't be the same RSA you've known for decades."
It's hard to argue RSA has undergone the transformation that Yoran predicted, but the company has refocused efforts on usability through innovation, and shifted away from data loss prevention and cryptography in favor of more cloud security efforts.
Other corporate executives making keynote speeches include Brad Smith, president and chief legal officer at Microsoft; Christopher Young, senior vice president and general manager of Intel's security group; Martin Fink, executive vice president and CTO for Hewlett Packard Enterprise; Michael Brown, president and CEO for Symantec; and Mark McLaughlin, chairman, president and CEO for Palo Alto Networks.
In addition to the security professionals, there will be keynotes from Adm. Michael Rogers, director of U.S. Cyber Command, National Security Agency and chief of the Central Security Service; David Rothkopf, CEO and editor of the FP Group, which publishes Foreign Policy magazine; and Nick Bostrom, professor in the faculty of philosophy at Oxford University and founding director of the Future of Humanity Institute.
Beyond the keynotes, sessions and tutorials, RSAC 2016 will once again feature opportunities for attendees to earn continuing legal education or continuing professional education credits by attending track sessions and keynotes. It also features a number of special events, beginning with the Innovation Sandbox Contest.
The Learning Labs experience at RSA 2016, which targets security professionals with more than 10 years of experience for in-depth simulations and role plays, expects to be much bigger, with 11 sessions compared with just four at last year's conference.
This year's Learning Labs will include a live cyberexercise, simulating how the government and security industry would cooperate in the wake of a national cyberattack crisis; exercises to teach attendees to measure, manage and transform their security cultures; a discussion on how a CISO can create an effective information security strategy; exercises on how to best secure industrial IoT; and lessons on how to prepare your organization before a zero-day attack.
Learn why it's time to tackle IoT security.