RSA executive chairman Art Coviello
In a passionate speech, RSA executive chairman Art Coviello made a call for increased cooperation among governments and the security industry to end the global 'virtual' arms race that threatens the existence of the Internet as a trusted environment to do business.
He likened the ongoing virtual issues such as cyber wars between governments, government surveillance, and breach of privacy to the arms race of the Cold War era which brought the world to the brink of disaster.
Mankind today faces a crossroads-one leads to despair and the other to extinction, he said. "We are in the midst of chaos and confusion, but if we don't figure out digital norms and do so quickly, the alternative may be extinction," he said. "Extinction of the Internet as a trusted environment to do business; extinction as a trusted environment to coordinate research and development; extinction as a trusted environment to communicate with each other."
But all is not lost, he said, referring to President John F. Kennedy who had led the United States through the Cold War era. He quoted from a 1963 Kennedy speech: "Our problems are man-made. Therefore, they can be solved by man."
Coviello was addressing more than 25,000 security professionals from enterprise, government and industry at the RSA Conference 2014 in San Francisco on Tuesday, an annual mega event organized by the security arm of the EMC Corporation.
The RSA-NSA controversy
Coviello addressed the RSA-NSA controversy right after he was a few minutes into his speech, a controversy that had riled many in the security industry.
Reuters had alleged in a report in December 2013 that RSA Security was paid US$10 million by NSA in a secret contract. The deal was to use encryption software (the Dual EC DRBG random number generator) that could help the US intelligence agency in its surveillance programmes. The deal, according to Reuters, was struck in 2006.
Coviello acknowledged some of these accusations, and accused the NSA of exploiting its position of trust with industry.
"Has RSA done work with the NSA? Yes. But the fact has been a matter of public record for nearly a decade," he said. He highlighted that NSA has an offensive arm and a defensive arm - The Information Assurance Directorate (IAD), and RSA, like many other security companies, has worked with the IAD.
"Working with the IAD, we received valuable information on threats and vulnerabilities," he said.
Unfortunately, NSA crossed the line in its relationship with RSA. "When or if the NSA blurs the lines between its defensive and intelligence gathering roles, and exploits its position of trust within the security community, then that's a problem," he lamented. "Because, if in matters of standards, in reviews of technology, or in any area where we open ourselves up, we can't be sure which part of the NSA we're actually working with, and what their motivations are, then we should not work with the NSA at all."