If you’ve met me, you know I’m pretty direct, so I’m going to preface this whole post by saying: yup, this is being written by a marketer. As SafeBreach’s CMO, I know that going to RSA means being crushed by the immense force of vendors trying to stand out and in some cases using gimmicks. We’re certainly a part of that: did anyone get their tarot read at our booth this year?
As corny and paid-for as it can all seem, there’s a reason we’re all trying to get your attention: we’re solving some really freakin’* important problems. So what did we do this year? Instead of only Go Hack Yourself** t-shirts and pushing you to our breaches and bourbon event we wanted to dive deep into discussions not taking place in Mascone so we partnered with our friends at ICIT (if you don’t know them you should) and brought some ridiculously smart people together from CISA to top enterprises to discuss securing the nation’s critical infrastructure.
Here are my top takeaways from that discussion:
What We Don’t Talk About Enough: Security in Agriculture
The first point of discussion, and one which you probably weren’t hearing much around RSA, was about the need, and necessity, for security in agriculture. The panel discussed how despite agriculture being absolutely integral to our current way of life, economic model, and general societal stability, it’s almost never discussed within the context of cybersecurity.
And we get it. Farms aren’t the first thing you think of when you’re thinking about ransomware. The idea of agriculture remains an agrarian field-to-table operation in many people’s minds. But much of the agricultural production in the Western world is as industrialized as any other multinational industry: there are complex webs of supply chains to deal with within these industries, all of which could be ripe for compromise.
It gets even more complex when considering agriculture as a key part of critical infrastructure – maybe the key part. If a threat actor was able to compromise the filtration systems, delivery mechanisms or water supply to parts of the agricultural industry, even small changes or compromises could have a direct effect on human life. One thing that history tells us without any doubt is that when people’s access to food is threatened, there is a distinct possibility of civil unrest.
Securing the Future of Transport
A more expected but also massively critical area discussed by our panel was the future of transportation from the security lens. In the years ahead, we will see avenues and modes of transport that we’ve only seen in science fiction. Connected and autonomous cars, air mobility vehicles, space tourism and democratization all lie ahead of us. With each of these come huge opportunities, but unsurprisingly, they also come with a fair share of risk.
Many of our panelists went as far as to say they would not yet trust autonomous vehicles from a security—and therefore, safety—perspective, highlighting that we are currently unable to even secure them.
Our attendees summarized the problems associated with transportation pretty neatly when they said that a huge leap in cyber technology was needed in order to secure the equivalent leaps forward in transportation. The speed that these technologies have evolved puts them well above the current capabilities of the United States to regulate and secure them. (An example of this type of legislation would be developing more stringent security for satellite technology, which has been spoofed by nation-states in the past, and could have devastating consequences of the transportation modes mentioned above.)
A Cultural Shift: Demanding Better Security in Every Aspect of Life
Though filled with fascinating conversation, all of these discussions could be summarized as simply as this: a significant and sustained cultural change is necessary, at every level of society, to ensure that our critical national infrastructure is safe. Because technology was not as embedded in people’s lives as other industries, this cultural change has been a struggle to bring about, but it’s still monumentally important.
Our panel considered these the most salient points with regards to the need for cultural change:
- The importance of basic cyber hygiene, ensuring that individuals and organizations understand that these are the front line of defense against cybercriminals. (We’re still seeing this priority again and again in our conversations with CISOs and other security experts.)
- The need for accountability: while understanding your environment and supply chain is key, outsourcing doesn’t absolve you of responsibility for your own organization’s risk.
- Finding a method to talk to your board about cyber and speaking a language they understand; that is, the business impact of risk and need to discuss cyber resilience. (We’ll have some helpful content for you around this soon.)
- Ensuring that shareholders understand the value in a robust security program and changing the economic incentives around cybersecurity.
Ninety minutes ended up being not nearly enough time to dig deeper into these topics, so we plan on continuing the conversation on an ongoing basis. In the meantime, you can always schedule a 1:1 discussion with SafeBreach and we’ll help you be part of that cultural shift we mentioned.
*Sorry that you had to read “really freakin’” today. You know what I meant.
**We reality nailed it with that one.