Tens of thousands of cyber professionals, academics, and a handful of public servants have swarmed downtown San Francisco for the annual RSA Conference — one of the largest digital and cyber security events of its kind.
But trying to find a representative from the 3-week-old White House in the convention halls is like playing a game of Where’s Waldo. None appeared to attend, and panels discussing cybersecurity policy worked off of leaked drafts of an executive order abandoned by President Donald Trump’s administration.
The White House did not respond to a request for comment on whether it had sent a representative to San Francisco for the week, and previous requests for comment on plans for the cybersecurity executive order went unanswered.
Rudy Giuliani serves as White House cyber security adviser, though he has said little publicly on the topic since being appointed.
The leaked draft of the executive order on cybersecurity has had a lukewarm response from the community of cyber professionals, largely because there’s not much in it beyond the same general credos established by the Obama administration, and a request that agencies report back to the White House within 60 to 100 days.
Michael Bahar, staff director on the House Intelligence Committee for Rep Adam Schiff, D-Calif., said during a panel here that the U.S. government can’t even begin to assess cybersecurity priorities until it gets to the bottom of what happened with Russian hacking during the elections. “We have to address it, because it’s not stopping,” he said.
The committee is currently conducting an investigation into the hacking, but when asked following the panel, Bahar said he didn’t have a sense of a timeline for its completion, other than it would be done “quickly.”
In the meantime, the White House’s plans to improve U.S. cybersecurity for the government and the private sector — or to establish any sort of cyber norms around nation-state behavior in the digital realm — are unclear.
For people like Jeremiah Grossman, chief of security strategy at SentinelOne, the wall between the private sector and the government is growing taller by the day. Major companies like Yahoo, he said, are seasoned veterans when it comes to breaches, but they aren’t getting the help they need from government investigators, nor is there an ample exchange of ideas on how better to prevent and respond to digital offensives from around the world.
He says the government is always talking about how it wants to work with the private sector, but the “elephant in the room” is always the uncomfortable truth that tech companies “don’t trust” the government.
In contrast, former NSA chief Gen. Keith Alexander described a President Trump prepared to tackle cybersecurity like a business deal: “What I saw was a president who was now very focused and asked each person questions, listened to them, weighed what they said and how they said it, … took in advice, commented back,” he said during a panel session on Monday.
Some former government officials remain concerned about the pace of government action on cybersecurity.
John Carlin, who previously headed up the Justice Department’s national security division, said the White House will need to improve its systems of responding to major cyber attacks, like those from Russia, and soon. “We need to move faster towards figuring out a deterrence model,” he said during a panel about election hacking.
Carlin says that Russia didn’t even have to pull out its most advanced techniques to infiltrate the U.S.
“We already had a dead canary in coal mine when you look at the Sony hack, the weaponizing of information,” he said. “That is going to be extraordinarily difficult to secure.”