Top Obama Administration Officials, Law Enforcement Reach Out at RSA Conference

loretta lynch at RSA

Attorney General Loretta Lynch addresses RSA Conference 2016

SAN FRANCISCO—Many of the Obama administration’s top brass are here in force, addressing some 40,000 practitioners from every part of the technology and information security industry at the annual RSA Conference. Set against the backdrop of the ongoing fight over between Apple and the FBI encryption and backdoors, the tension ebbed and flowed during sessions with Attorney General Loretta Lynch, Secretary of Defense Ashton Carter, and Admiral Mike Rogers, U.S. Navy Commander, U.S. Cyber Command, and director of the NSA. While many speakers will not address the issue directly, the subtext is clear throughout the show, particularly as the public battle brings considerable interest to the privacy and security issues the RSA has centered on for 25 years.

Indeed, in his keynote address, RSA President Amit Yoran called law enforcement’s current stance on encryption “so misguided as to boggle the mind.” Brad Smith, president and chief legal officer of Microsoft, chimed in as well, asserting that we cannot keep people safe in the real world unless we can keep them safe in the virtual world. He lauded Apple and pledged that the tech giant would stand with Apple in its resistance.

Ash Carter at RSA

Secretary of Defense Ashton Carter in Conversation with Ted Schlein of Kleiner Perkins at RSA

While the gravity of the issue and the massive potential impact for many in the sector are boggling many minds here, the administration officials’ sessions also offered more broadly positive comments for businesses outside the tech sector. The conciliatory tone Lynch and Carter often struck centered on the critical need for partnerships between technology and government. They tried to emphasize the ways the administration is reaching out to private entities, both within Silicon Valley and across corporate America at large.

According to Sec. Carter, for example, the United States Cyber Command has three core missions: defending the Department of Defense’s network; helping American companies, the economy and critical infrastructure; and engaging in offensive cyber missions. The second is a key pillar, he said, as the DoD must keep in perspective that the strength of American entities is the strength of the nation. From threat intelligence to the Defense Innovation Unit Experimental he announced yesterday, to be helmed by Google’s Eric Schmidt, Carter believes there is considerable need for industry to engage with government on cyberrisk, and both parties have valuable assets to contribute. “Data security is a necessity, and we must help our companies harden themselves,” Carter said. Indeed, he wants both help for and from the industry. In closing, he said, “We are you. You pay us. We represent you and our job is to protect you, and we’d love to have your help.”

He also noted that the DoD is trying to learn a bit about managing its cyberrisk from the commercial sector’s best practices. “We do grade ourselves and we’re not getting good grades across the enterprise,” Carter told reporters Wednesday, according to Defense News. “I have these meetings where I call everyone in and we have these metrics which tell us how we’re doing [and] if you don’t score well, that is evident to the Secretary of Defense at those meetings.

“We don’t assume for a minute that we’re doing a perfect job at this,” he added. “That’s the whole reason for me to be here and the whole reason for me to be engaging with this community here at this conference.”

Carter also announced that the Department of Defense will be hosting “Hack the Pentagon,” a bug bounty program offering white hat hackers cash for finding and reporting vulnerabilities in the Pentagon’s websites. Many companies have been offering these programs to try to discover their exposure in a controlled setting, without the risk of reputation damage, personal information exposure and business interruption that accompany an unknown hacker finding them instead. Carter called these a “business best practice” to gauge preparedness.

Federal law enforcement also has a notable presence at RSA and is making a pronounced effort to reach out to businesses regarding cyberrisk, threat intelligence, and managing a cyberattack. Indeed, in one session Tuesday, panelists from the Department of Homeland Security, FBI and the White House urged a call to action for businesses to get serious about proactively building bridges with law enforcement and to make use of the many resources the administration is trying to activate to help private industry fortify against cyber threats. The government is working to make it easier for companies to turn to it for help, they said, and attitudes are shifting to more consistently recognize and respect victimized businesses and minimize business interruption.

Some in the audience expressed skepticism, such as one man who seized upon the Q&A portion of a session on government departments’ specific roles in fighting cyber criminals. He asked how the government can be trusted to help industry when it cannot protect itself. But corporate entities should be taking note, particularly of the services available. While many hesitate to share threat intelligence or even successful attacks, Eric Sporre, deputy assistant director of the FBI’s cyber division, stressed that FBI Director James Comey has made it a directive for FBI field offices to develop relationships with local businesses and to treat businesses as crime victims, not perpetrators. In responding to attacks, he noted, the Bureau sometimes even brings in victim services to holistically approach aiding in the investigation and recovery process.

Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, also highlighted the preventative measures his department offers companies, including personal risk assessment services. In some cases, chief information security officers and other executives engaged in cyberrisk management functions have been getting DHS assessments, using them as a tool to drive investment or otherwise sell cyber upwards with the board or C-suite of their organizations.

Steve Jobs’ Lessons on Risk

The video above re-aired last night on 60 Minutes. It features an in-depth account of Steve Jobs from his authorized biographer Walter Isaacson, whose book Steve Jobs was the second-highest selling non-fiction work of 2011, despite not being published until just before Halloween. (The segment has a Part II you can watch here.)

In addition to being a best-selling author, Isaacson also served as the keynote speaker at the RIMS 2012 Annual Conference and Exhibition in Philadelphia this April. Our editor in chief, Morgan O’Rourke, sat down with Walter before the event to discuss what lessons risk managers can take away from life of Jobs.

Here is that interview in full, first published in our print publication Risk Management.

Morgan O’Rourke: What was it about Steve Jobs that made him, and by extension Apple, so successful?

Walter Isaacson: I think there were certain secrets to his success. The most important was focus. He was able to filter out all distractions. For example, when he comes back to Apple in 1997, they’re making 60 different products. He finally stands at a whiteboard and makes a four-square grid that says: home, office, laptop, desktop. He says, “We’re going to make four computers and cancel everything else.” And that focus really got Apple back on track.

Likewise, simplicity was another one of the lessons. He felt that you had to really understand the depth of engineering of a product to make it simple. For example, with the iPod, he insisted that you be able to get whatever you wanted with only three clicks. The engineers kept saying “we can’t do it,” and he would find ways to show them how it could be done.

O’Rourke: Can other companies duplicate his management style or was it more unique to Jobs and Apple in general?

Isaacson: People mistakenly think that his management style was just about being rough on people. He had rough edges, but the key was that he inspired people. I get frustrated when people say he was such a jerk. They’re missing that he was also compelling, charismatic and inspiring. It’s dangerous to think that being rough on employees is the only way to succeed. Instead, his success came from driving employees to do things that they didn’t know they could do.

O’Rourke: Key person risk is an important concern for many companies, probably none more so than Apple. So how do you think Apple will fare as it transitions to life without Jobs?

Isaacson: I think that a combination of [Apple top executives] Tim Cook, Jony Ive, Phil Schiller, Eddy Cue and others can, in total, bring the passion for product that Steve had, which is why Apple is still doing so well. I think that he ingrained in the company his ability to combine art with technology, and everybody there gets that. They all believe in making beautiful, well-designed, aesthetic products. However, when he left Apple the first time, the company did fine for four or five years and started failing. The danger is not that it will start failing now but will it be strong five to ten years from now?

O’Rourke: For a company that is considered extremely innovative, Apple also seemed somewhat risk-averse in that it didn’t pioneer new technologies like mp3 players or smartphones, but rather followed other companies into the market before eventually surpassing them. Was this strategy emblematic of Jobs’ personal risk appetite?

Isaacson:The risk that he took was in doing things that other people thought would not succeed. Not that he got the technology first, but rather that he put it together and decided that a portable music player, for instance, would transform the music industry when everybody else was saying, “Well, other companies are making mp3 players and they stink.” So it wasn’t like he invented the music player. It is just that he pushed the notion by making them really great so he could transform the experience.

O’Rourke: So the risk wasn’t in creating something new but in making something that already existed better?

Isaacson: Right. He would call it “betting the company” on a strategy. It wasn’t like they were going to make 40 peripheral products and see which one worked. They bet the farm on the iPod, which was the first real peripheral they built, and they bet the farm on the iPhone. He was able to package these new devices in a very artistic and appealing way. Sony was trying to make mp3 players, and Microsoft was trying to make tablets. But none of them had the passion to make them really well and to just bet that if you made a great one you would be able to sell it for more than anyone else and sell more copies.

O’Rourke: In addition to Steve Jobs, you have also written biographies on Albert Einstein, Benjamin Franklin, Henry Kissinger and others. Do you see any similarities between these iconic individuals and Jobs? What can business leaders can learn from them?

Isaacson: What they all do is think rebelliously. They think out of the box. Einstein made the leap that time is relative depending on your state of motion. That’s an out-of-the-box leap. You can’t see it, there is no evidence, and it doesn’t make logical sense at first. But he does it as a patent clerk in 1905, it takes about nine years for the rest of the physics community catch up and it’s a pillar of 20th century science.

Steve thought out of the box by saying let’s not do something conventional, let’s come up with new ideas. Think different, as he put it. That’s what set all of those guys apart was that they had an unconventional way of seeing things. That served them to make imaginative leaps.

Now and then someone will come up to me when I talk about Einstein and thinking out of the box and they will say to me, “I’m like Einstein. I’m a good leader because I think out of the box.” And I tell them it helps to know what’s in the box before you learn how to think out of the box. Sometimes when you do something differently, it’s not going to work. You have to make sure that if you’re doing it differently it will work better, not worse.

The Apple/Samsung Smartphone Patent War Continues

 Last December in Risk Management, we reported about the ongoing smartphone patent war being waged between Apple and Samsung that has seen each side seek injunctions throughout the world in an effort to stop their rival from selling products that they believe infringe on their patents. It’s a battle made all the more interesting by the fact that throughout all the legal manuevering, Apple remains Samsung’s biggest customer for smartphone parts.

Today the fight continues as many observers are anticipating that Apple will file for a restraining order banning Samsung from selling its hotly-anticipated Galaxy S III phone, which is expected to make its U.S. debut on June 21. The phone went on sale in Europe last month and in a CNET UK review it was dubbed the “Ferrari of Android phones” and was expected “to give the iPhone a good run for its money.” However, Apple claims that the Galaxy S III violates two of its software patents and wants to prevent its domestic launch from happening (especially since it would give Samsung the chance to gain some market share ahead of a new iPhone release). Samsung disagrees of course, and says that it will “demonstrate to the court that the Galaxy S III is innovative and distinctive.”

The decision to ban the Galaxy S III will need to be made by U.S. District Judge Lucy Koh, who is already set to preside over another Apple vs. Samsung patent trial involving other Samsung phones and tablets expected to begin next month. Koh has said that if Apple seeks the new injunction, it will likely force her to push back the other trail date as she will be forced to reshuffle the other cases on her docket.

“I cannot be an Apple v. Samsung judge,” she said.

So it would seem that Apple’s next move will be based on what case it considers to be of higher priority–the longer-standing issue or the new threat? Either way, the smartphone wars show no sign of a cease-fire.

Walter Isaacson Talks Innovation and Creativity

Walter Isaacson is a man of many stories. He has written biographies of Benjamin Franklin, Albert Einstein and, most recently, Steve Jobs. His latest is a riveting story of the roller-coaster life and intense personality of Apple’s creative entrepreneur. Isaacson brings a combination of wit, history, drama and humanity to the stories of Jobs, Einstein and Franklin, and their contributions to the world.

When Isaacson was working for Time is when he first met Jobs. “I remember siting with Steve and watching him and thinking about what a passion he has for making great products,” said Issacson to RIMS attendees. “But I also saw the other side of Steve Jobs. He’s impatient, petulant, sometimes can be rude, unkind, pushy. But I came away from that meeting still liking him.”

It was that passion, brains and curiosity that attracted so many to Jobs, regardless of his personality flaws. But how does Steve Jobs relate to risk management?

“For me, the first lesson that Steve can teach in terms of risk management is to pay attention — even to the parts unseen,” said Issacson. “Pay attention even to the things that other people aren’t going to see. And you know that that is the key to making a great product and it also plays out in the world of risk.”

Jobs vehemently believed that paying attention to the parts that no one sees is what  makes products perfect. For risk managers, this is a part of their daily job.

Risk managers also possess an ability to have complete focus on the risks at hand. Jobs mastered this skill with his products. “He had a great ability to focus, to filter out distractions,” said Issacson. “I think it came from his time in India — the zen focus.”

Perhaps most importantly in terms of Apple’s success, Jobs knew what people thought were high-risk products or initiatives, and he knew he could eventually get these people to embrace the risk. “He knew how to bend reality at times,” said Isaacson. “That’s why he had a reputation for driving people crazy. But he could also drive people to do things they thought were impossible. He knew how to know what people thought were high risk, but he knew it could work and got these people to believe and achieve the impossible.”

He would’ve made a great risk manager.

Walter Isaacson signs copies of his recently released Steve Jobs biography at the RIMS 2012 Conference & Exhibition.