Cybersecurity & Tech Foreign Relations & International Law

Keynotes @ RSA

Paul Rosenzweig
Tuesday, February 25, 2014, 1:31 PM
The security company RSA is hosting a conference this week in San Francisco, at which I'll be speaking tomorrow on a minor panel.  This morning however is the big keynote set of speeches.  And what is most striking to me is, if you will forgive me, the lack of humility in the security researcher community.  This conference is teeming with IT folks who are brilliant.  They are great engineers and some of the panels that are being offered are mind-boggling in their intricacy and complexity of cyber work. And yet ...

Published by The Lawfare Institute
in Cooperation With
Brookings

The security company RSA is hosting a conference this week in San Francisco, at which I'll be speaking tomorrow on a minor panel.  This morning however is the big keynote set of speeches.  And what is most striking to me is, if you will forgive me, the lack of humility in the security researcher community.  This conference is teeming with IT folks who are brilliant.  They are great engineers and some of the panels that are being offered are mind-boggling in their intricacy and complexity of cyber work. And yet ... I am watching a panel of really great cryptographers being asked their opinion on whether or not the ITU should take over the network management.  As readers of this blog know, I think that's a huge problem -- and one to which more attention needs to be paid.  So I certainly welcome the question being asked -- but in the back of my mind I wonder whether a PhD in cryptography qualifies one to have an influence on the answer.  To be clear -- I am not saying that an informed discussion excludes anyone.  But there is something about the policy and law field that makes everyone think they can provide the answers -- and naturally, the cryptographers (with one notable exception) opted for technical solutions to block adverse internet governance.   That seems to me a plausible answer -- but not a self-evident one.  And it comes with little (no?) acknowledgment of the possible difficulties in implementing this solution -- i.e. the objections of a lot of sovereign nations. Likewise, in an earlier keynote Niwaf Bitar of Juniper called for greater use of active cyber defenses.  I support that idea generically, as well -- but in the keynote there was not even an acknowledgment of the potential downsides of the proposal.  Again, I am not asking for detailed consideration --- but I wonder if some of the leaders here even recognize the potential problems?  At a minimum, it makes me wonder about the content of an otherwise great talk. Later, if I understand the talk, I'll report on DevOps security myths and DLL-Sideloading.   [Actually, I won't -- because I know that's beyond me!]

Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare