A Vision of the Role for Machines in SecurityRSA President Rohit Ghai on Humans and Machines Working Together as 'Trustworthy Twins'
One of the biggest leaps over the next four decades will be humans and machines working in cooperation to solve the problems that face the planet, whether it's a lack of drinking water or ensuring that the global supply chain functions correctly, says RSA President Rohit Ghai, who kicked off the Tuesday keynote presentation at the RSA Conference 2019 in San Francisco.
See Also: The Essential Guide to Security
This is the concept of "trustworthy twins," where humans and machines work together, focusing on those areas for which they are best suited, Ghai said. That means taking advantage of human creativity combined with a machine's ability to quickly and reliably find answers to questions. It's based on the notion of paired programming, where two developers can write better and more secure code compared to a solo effort by one engineer, the RSA president said.
"Stop waiting for humans or machines to get better at things they are terrible at," Ghai said. "Implement a security program with machines and humans working together. Humans asking questions; machines hunting answers."
Joining Ghai during Tuesday's keynote, Niloofar Razi Howe, a cybersecurity strategist and entrepreneur, addressed the role that trust plays in security and how it will evolve.
"Trust does not require perfection. It requires transparency, accountability, honesty and reliability," she said. She also noted that the industry needs better digital risk management technology to help solve many of these issues.
"What we protect is not applications or data or critical infrastructure. We are in the business of protecting trust," Ghai added.
Coming to Grips With AI
Following Ghai and Razi Howe, Steve Grobman, the CTO of McAfee, took to the stage to describe the benefits and drawbacks of artificial intelligence.
Grobman spoke about the many benefits that the industry points to when discussing machine learning and artificial intelligence, including helping to fill the skills gap when it comes to building a better cyber defense or analyzing data.
At the same time, cybercriminals and threat actors can turn these technologies toward their advantage, such as with deep fakes on social media. False positives generated by machines also remain a concern.
"We must embrace AI but never ignore its limitations," Grobman said. "It's just math. It's fragile. And there is a cost to both false positives and false negatives."
IT and OT Convergence
Wrapping up the opening session, Matt Watchinski, vice president of Cisco Talos, and Liz Centoni, senior vice president of Cisco IoT, spoke about the dangers facing companies that are investing heavily in internet of things devices as part of digital transformation.
Watchinski spoke about Talos' role in exposing VPNFilter, malware that managed to create a botnet comprising some 500,000 connected devices, including home routers and storage devices. The FBI eventually disabled the botnet, which authorities believe was the work of the Russian-backed group called Sofacy, which also goes by the names Fancy Bear and APT28.
One area where IoT has made serious inroads is within the manufacturing sector, and as these factories become more and more connected, security teams have attempted to bridge the gap between IT and operational technology, Centoni said. This is difficult because IT and OT have different agendas and different approaches, and what works for one, might not work for the other, she added.
Centoni urged security teams to "be the bridge between IT and OT."