Cybersecurity Takes Center Stage at RSA 2024

Story by Joao-Pierre Ruth

Key Points:

• Drawn from multiple branches of American armed forces, the US Cyber Command formally got its start in May 2010. On Wednesday, four key players in Cyber Command’s evolution came together at the RSA Conference in San Francisco.
• Taking the stage were Retired Army General Paul Nakasone, former director of the National Security Agency (NSA), and a former commander of US Cyber Command; Retired Vice Admiral Timothy White, former commander, US 10th Fleet, operational arm of US Fleet Cyber Command; Lieutenant General Stephen Davis, inspector general of the Department of the Air Force; and Retired Colonel Jen Easterly , now director and the Cybersecurity and Infrastructure Security Agency (CISA).
• Garrett M. Graff , contributing editor with WIRED , moderated the panel that brought the quartet together again. “We are diving back into some of the early history of cyber security and about these four people and their role helping to found US Cyber Command,” he said.
• In the mid-2000s, prior to the formation of US Cyber Command, the military, much like other elements of the country, was still getting its arms around the potential risks of cyberspace and the damage bad actors could cause.
• Graff kicked off the discussion asking Nakasone about an inciting incident woven into the US Cyber Command’s founding had to do with an infected flash drive in Afghanistan and Operation Buckshot Yankee -- the defense used against the malware attack that resulted.

Welcome to InformationWeek 's Big Picture!

You already know that every day at InformationWeek brings expert insights and advice to help today’s IT leaders identify the best strategies and tools to drive their organizations forward.

That means original reporting from our team of journalists and unique commentary you won’t see anywhere else! But in case you missed them, here are some of our other must-read favorites from this week:

How Can AI Impact Our Government?

Story by Shane Snider

Key Points:

• In just two years, generative artificial intelligence (GenAI) has sparked a race to adopt (and defend against) the technology in government and the enterprise. It seems every aspect of life will soon be impacted -- if not already feeling AI’s influence.
• Tech luminary, author and Harvard Kennedy School lecturer Bruce Schneier on Tuesday offered his take on the promises and perils of artificial intelligence in key aspects of democracy.
• Schneier contends that five major areas of our democracy will likely see profound changes, including politics, lawmaking, administration, the legal system, and to citizens themselves.
• “… AI is good at persuasion. Politicians will make use of that. Pretty much everyone talks about AI propaganda. Politicians will make use of that, too. But let’s talk about how this might go well … In the past, candidates would write books and give speeches to connect with voters. In the future, candidates will also use personalized chatbots to directly engage with voters on a variety of issues.”
• Schneier believes the one of the biggest impacts will be better services for disadvantaged populations. “AI can help people navigate bureaucracies, filling out forms, applying for services and testing bureaucratic actions. This will help people get the services they deserve … This is a task we don’t have enough qualified humans to perform.”

Surviving Cyberattacks: Pro Tips

Story by Sara Peters

Key Points:

• Cybersecurity leaders who have seen a cyberattack from the inside shared their best advice and cautionary tales, here Monday.
• Patricia Titus , chief information security officer (CISO) of Booking Holdings Inc., moderated the panel "Life After the Breach: A Survivor's Guide." The panelists included Tim Crothers, CISO of Mandiant (part of Google Cloud) ; Russ Ayres , SVP and deputy CISO of credit bureau Equifax ; and John Carlin , a partner at Paul, Weiss, Rifkind, Wharton & Garrison LLP .
• The panelists have extensive experience dealing with the aftermath of a cyber incident. Previously, Crothers worked for Target, joining in 2014 to help rebuild their security reputation shortly after their legendary 2013 data breach.
• Ayres was with Equifax during its 2017 data breach, which exposed the personally identifiable information of 143 million US consumers and 240,000 US consumers' credit card numbers. Carlin served in the US Department of Justice as Acting Deputy Attorney General, developing DOJ's ransomware taskforce, and contributing to the response to the incidents at SolarWinds and Colonial Pipeline.
• In the story above, we share some of the key pieces of advice they gave to CISOs and other IT leaders who may find themselves having their worst day ever.

Properly Narrating Cybersecurity's Importance

Story by Brandon Taylor

Key Points:

• In its early days, the thought of stifling innovation kept the reins loose on the web and rightfully so. The strategy led to massive economic and social growth and as a result we’ve become reliant on it.
• The “Common Good Cyber” panel discussion on Monday at the RSA Conference in San Francisco revealed solutions to institutionalize support for common good cybersecurity that can build adequate funding into law and policy, business processes, and government.
• The panel included Camille Stewart Gloster, Esq , former deputy national cyber director, technology, and ecosystem Security of The White House; Craig Newmark , philanthropist and founder of Craigslist; Megan S. (Stifel), chief strategy officer of the Institute for Security and Technology (IST) ; and Michael Lashlee, CISSP , chief security officer of 萬事達卡 .
• Philip Reitinger , president and CEO of the Global Cyber Alliance , served as the moderator for the discussion.
• The internet is a highway of sorts, but the potholes on the web are drastically different than the ones filled with concrete provided by the hires made by states and governments via taxpayers. When it comes to cybersecurity, why doesn’t the government solve this problem?

Publications vs. GenAI

Story by Carrie Pallardy

Key Points:

• Earlier this year, the New York Times sued the two GenAI powerhouses over the use of its articles to train their large language models (LLMs). Now, eight other newspapers have sued OpenAI and 微软 for the use of copyrighted material.??
• “This lawsuit arises from Defendants purloining millions of the Publishers’ copyrighted articles without permission and without payment to fuel the commercialization of their generative artificial intelligence (“GenAI”) products, including ChatGPT and Copilot ,” according to the complaint .??
• Fair use is at the heart of the disagreement between technology companies and creators with copyrighted material. “The tech companies are arguing that the use is sufficiently transformative and as such is fair use,” Kristin Grant, founder?and managing partner at intellectual property law firm?Grant?Attorneys at Law , tells InformationWeek.??
• While one can argue that the explosion of GenAI is unprecedented, there are still past examples to consider when it comes to making use of copyrighted content.
• Whether licensing deals are the ultimate answer has yet to be determined. The lawsuits filed by the NYT and more recently by the group of eight newspapers will likely take years to resolve. These cases, as well as the others that certainly have the potential to arise, will need to wend their way through district and appellate courts.??

Latest Major Tech Layoff Announcements

Original Story by Jessica C. Davis , Updated by Brandon Taylor

Key Points:

• As COVID drove everyone online, tech companies hired like crazy. Now we are hitting the COVID tech bust as tech giants shed jobs by the thousands.
• Updated May 10, 2024 with layoff announcements from Vacasa , PrepLadder , Simpl , Brilliant Smart Home , and Motional .

• Check back regularly for updates to our IT job layoffs tracker.

Commentary of the Week

Story by Juan José López Murphy

Key Points:

• AI has been present in various forms for some time, but ChatGPT and the emergence of new chatbots competing to offer better solutions have made it accessible to all.?
• According to a 2023 McKinsey report, 55% of companies use AI, whereas in 2017, only 20% employed it in at least one business area. Over the next 10 years, this could translate to a 7% increase in global GDP, according to a projection by Goldman Sachs.?
• Beyond all the benefits it can achieve, considerations must also include data protection, privacy, intellectual property, and bias control in implementation.
• The rapid evolution of technology can render even the most recent forecasts obsolete, making it crucial to adopt a long-term perspective when integrating artificial intelligence as a strategic ally.

Podcast of the Week

Podcast and Story by Joao-Pierre Ruth

Key Points:

• Federal authorities want to identify anonymous cyber attackers who try to tap domestic cloud services to launch attacks, but there has been some pushback from aspects of the industry .
• Some of the complaints against the “know-your-customer” requirements include the potential costs of compliance, effectiveness of the measures, and how it might hurt competition.
• In this episode of DOS Won’t Hunt, Kyle Dewar (Kyle D. ) , director with Tanium , and Chuck Herrin, CISSP, CCSP, NACD.DC , field CTO with F5 , discuss some of the threats the new rules are aimed at, questions raised about tech companies working more closely with federal authorities, and what this may mean for privacy.

WATCH ON-DEMAND NOW!

"Cyber Resiliency in 2024: Availability is Your Best Ability"

An archived virtual event from Thursday, May 2:

Presented by ITPro Today and InformationWeek

Our featured keynote speakers were Juliet Okafor - CEO and Founder at RevolutionCyber, and Christopher Carter - Cyber Advisor and CIO at Crucial Cyber.

Our featured panelists were:

• Cassandra Mack - CISO, Head of Security & GRC at Spekit ??
• Cory Wolff - Director of Offensive Security at risk3sixty
• Nia F. Luckey, LSSBB, GRCA - Technology & Transformation Expert Strategist at Infosys

This broadcast was moderated by our colleague Steven Hill - Independent Analyst, Data Center Technologies at ToneCurve Technology, LLC.

"Cyber Resiliency in 2024: Availability is Your Best Ability"

While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch.

What can you do to keep the company on its feet no matter what is thrown at it?

Here’s what you need to consider to dodge the marketing buzz and bounce back from anything.

Topics included:

• Business resiliency and overcoming obstacles
• Key preparations to make now before ransomware attacks
• How to be prepared for DDoS attacks

This is just a taste of what’s going on. If you want the whole scoop, then register for one of our email newsletters ,?but only if you’re going to read it.?We want to improve the sustainability of editorial operations, so we don’t want to send you newsletters that are just going to sit there unopened. If you're a subscriber already, please make sure Mimecast and other inbox bouncers know that we’re cool and they should let us through.

And if you’re thinking about subscribing, then maybe start with the InformationWeek in Review; it only arrives on our new look Saturdays.