![EMC logo]() |
![Art Coviello]()
As someone who speaks at many conferences and hears (and gives) many keynotes, I was struck by the extraordinary passion and commitment in Art Coviello’s keynote at RSA Conference US this week. His call to action certainly echoed his keynotes of the past several conferences, in his conviction that we – all of us – can and should make a difference in achieving a more secure world. But never have I heard his speak more eloquently. If you did not have the opportunity to hear his keynote yet, I hope you will check out the video of the keynote on the RSA Conference site.
In his keynote, Art proposed four principles regarding international support for cybersecurity. The second of these principles focused on international cooperation. I’d like to expand on what that principle means, in terms of concrete actions that individuals throughout the industry have done in this area.
Art called out the importance of cooperation for investigating, apprehending and prosecuting cybercriminals. Information sharing is a fundamental aspect of and vehicle for cooperation in this area, as well as more broadly in terms of effective risk modeling, security strategy, vulnerability awareness and many other areas. EMC’s Kathleen Moriarty is a great example of what an individual can do in this area of information sharing. She has been one of the most visible and effective voices for information sharing in the industry, including developing standards to facilitate information sharing, writing about information sharing, such as in paper she published last year, and working directly with security organizations world-wide to help establish information sharing processes and agreements.
Cooperation in international standards is a second critical area in cooperation. RSA Conference had a great example of that this week, in the interoperability demonstrations for the KMIP and PKCS #11 standards at the OASIS booth in the exhibition hall. It’s extraordinary to see the commitment to cooperation among the participants in these standards, perhaps especially so in an exhibition hall where vendors are vying with one another for mindshare and booth traffic.
A third critical area of cooperation is in joint research. RSA Conference is an incredible place for sharing research, such as the presentation by RSA Labs’ Nikos Triandopoulos on Second-Generation cyberthreats. But even more extraordinary are collaborative research projects, like the Smart Grid security project I’ve mentioned in other blogs, where the cooperation across universities, research institutions, industry and government can produce powerful insights capable of transforming security. The discussion that we have begun with Nancy Leveson of MIT regarding incorporating the STAMP/STPA risk methodology into our project is a great example of this, taking insights from ensuring the safety of control systems and applying them to cyber security.
These examples just scratch the surface of what cooperation in cybersecurity can mean. But like Art’s keynote, perhaps they remind us of what we can accomplish, together.
|
