Immediate Vault Immediate Access

Top Obama Administration Officials, Law Enforcement Reach Out at RSA Conference

loretta lynch at RSA

Attorney General Loretta Lynch addresses RSA Conference 2016

SAN FRANCISCO—Many of the Obama administration’s top brass are here in force, addressing some 40,000 practitioners from every part of the technology and information security industry at the annual RSA Conference. Set against the backdrop of the ongoing fight over between Apple and the FBI encryption and backdoors, the tension ebbed and flowed during sessions with Attorney General Loretta Lynch, Secretary of Defense Ashton Carter, and Admiral Mike Rogers, U.S. Navy Commander, U.S. Cyber Command, and director of the NSA. While many speakers will not address the issue directly, the subtext is clear throughout the show, particularly as the public battle brings considerable interest to the privacy and security issues the RSA has centered on for 25 years.

Indeed, in his keynote address, RSA President Amit Yoran called law enforcement’s current stance on encryption “so misguided as to boggle the mind.” Brad Smith, president and chief legal officer of Microsoft, chimed in as well, asserting that we cannot keep people safe in the real world unless we can keep them safe in the virtual world. He lauded Apple and pledged that the tech giant would stand with Apple in its resistance.

Ash Carter at RSA

Secretary of Defense Ashton Carter in Conversation with Ted Schlein of Kleiner Perkins at RSA

While the gravity of the issue and the massive potential impact for many in the sector are boggling many minds here, the administration officials’ sessions also offered more broadly positive comments for businesses outside the tech sector. The conciliatory tone Lynch and Carter often struck centered on the critical need for partnerships between technology and government. They tried to emphasize the ways the administration is reaching out to private entities, both within Silicon Valley and across corporate America at large.

According to Sec. Carter, for example, the United States Cyber Command has three core missions: defending the Department of Defense’s network; helping American companies, the economy and critical infrastructure; and engaging in offensive cyber missions. The second is a key pillar, he said, as the DoD must keep in perspective that the strength of American entities is the strength of the nation. From threat intelligence to the Defense Innovation Unit Experimental he announced yesterday, to be helmed by Google’s Eric Schmidt, Carter believes there is considerable need for industry to engage with government on cyberrisk, and both parties have valuable assets to contribute. “Data security is a necessity, and we must help our companies harden themselves,” Carter said. Indeed, he wants both help for and from the industry. In closing, he said, “We are you. You pay us. We represent you and our job is to protect you, and we’d love to have your help.”

He also noted that the DoD is trying to learn a bit about managing its cyberrisk from the commercial sector’s best practices. “We do grade ourselves and we’re not getting good grades across the enterprise,” Carter told reporters Wednesday, according to Defense News. “I have these meetings where I call everyone in and we have these metrics which tell us how we’re doing [and] if you don’t score well, that is evident to the Secretary of Defense at those meetings.

“We don’t assume for a minute that we’re doing a perfect job at this,” he added. “That’s the whole reason for me to be here and the whole reason for me to be engaging with this community here at this conference.”

Carter also announced that the Department of Defense will be hosting “Hack the Pentagon,” a bug bounty program offering white hat hackers cash for finding and reporting vulnerabilities in the Pentagon’s websites. Many companies have been offering these programs to try to discover their exposure in a controlled setting, without the risk of reputation damage, personal information exposure and business interruption that accompany an unknown hacker finding them instead. Carter called these a “business best practice” to gauge preparedness.

Federal law enforcement also has a notable presence at RSA and is making a pronounced effort to reach out to businesses regarding cyberrisk, threat intelligence, and managing a cyberattack. Indeed, in one session Tuesday, panelists from the Department of Homeland Security, FBI and the White House urged a call to action for businesses to get serious about proactively building bridges with law enforcement and to make use of the many resources the administration is trying to activate to help private industry fortify against cyber threats. The government is working to make it easier for companies to turn to it for help, they said, and attitudes are shifting to more consistently recognize and respect victimized businesses and minimize business interruption.

Some in the audience expressed skepticism, such as one man who seized upon the Q&A portion of a session on government departments’ specific roles in fighting cyber criminals. He asked how the government can be trusted to help industry when it cannot protect itself. But corporate entities should be taking note, particularly of the services available. While many hesitate to share threat intelligence or even successful attacks, Eric Sporre, deputy assistant director of the FBI’s cyber division, stressed that FBI Director James Comey has made it a directive for FBI field offices to develop relationships with local businesses and to treat businesses as crime victims, not perpetrators. In responding to attacks, he noted, the Bureau sometimes even brings in victim services to holistically approach aiding in the investigation and recovery process.

Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, also highlighted the preventative measures his department offers companies, including personal risk assessment services. In some cases, chief information security officers and other executives engaged in cyberrisk management functions have been getting DHS assessments, using them as a tool to drive investment or otherwise sell cyber upwards with the board or C-suite of their organizations.

Security Technology: Reducing Risk for Law Enforcement

 

Nowhere is the work environment more unpredictable than on the front line. Front line employees, whether they work in customer service or high-level security, are constantly exposed to the biggest element of risk—the human element. Working in the field exposes employees to a variety of unpredictable factors, interacting with the public and operating in different environments, making it difficult to predict risks and properly protect employees from external threats.

This is particularly true in law enforcement and security industries, with “police officer” being named as one of America’s most dangerous jobs. It’s no wonder organizations (both public and private sector) are looking for solutions, especially when considering what is at risk. Obviously, employee safety is of paramount concern to any organization and should always be top priority, but there are other elements to consider. Attacks on employees or property can result in huge legal costs, and without physical evidence, it can be hard to recoup this loss. Businesses must also consider the risk to their public image.

To help fight crime and reduce the risks to their front line workers, many government law enforcement agencies and private security organizations are using technology solutions. These solutions, such as advanced security recordings and tracking devices, can act as deterrents. While providing law enforcement officers with more protection, they also help collect irrefutable evidence to protect the company from a legal perspective.

Personal security cameras

These personal security cameras have been adopted by numerous law enforcement agencies around the world, including the City of Clare Police Department in Michigan. The body-worn cameras are attached to the police officer’s uniform—recording footage and displaying a live feed on their front-facing screen. This works in two ways, by providing reliable video evidence from the officer’s perspective of the crime scene and also acting as a deterrent. This approach of alerting members of the public to the fact that they’re being recorded has been shown to reduce the occurrence of criminal activity.

GPS

While GPS systems have existed for a long time, more and more law enforcement agencies are taking full advantage of their benefits—particularly when it comes to pursuing vehicles. Tested with police departments in Arizona and Florida, GPS ‘darts’ are currently in development to reduce the risk to police officers and the general public posed by high speed traffic pursuits. The darts are fired using compressed air and discreetly attach to the vehicle being chased. This means the officer in pursuit can track the vehicle remotely, without the need to initiate a chase at dangerous speeds.

Drones

Perhaps the most controversial of these technologies, drone surveillance has been a hot topic in recent news. While opposition to their use is primarily in relation to privacy or military usage, for law enforcement they provide an affordable and convenient alternative to police helicopters. These small portable flying police drones are equipped with HD surveillance cameras, providing a birds-eye view of crime scenes or events. This live video feed can be monitored and recorded remotely, allowing officers to survey any danger in the area before making a physical appearance. Like body worn cameras, the video footage can also serve as valuable evidence in court. The future of drone technologies being adopted by police departments remains up in the air, however, as some public opposition looks to restrict their usage.

Gunshot detection

Possibly the most innovative of these technologies, gunfire locators or gunshot detection systems have proven to be extremely valuable in protecting front line workers and increasing response time in high gun crime areas. Already used in many cities throughout the United States, these systems use numerous super sensitive microphones (dispersed through a geographic area and connected to a central processor) to immediately alert police to the exact location, and even direction, of gunshots fired in the area.

While some of these technologies have yet to reach their potential, their benefits suggest it won’t be long before they’re fully integrated into police and security industries—and seeing widespread use around the world. While tracking devices and security cameras are nothing new, their improvement and innovative applications in recent years have made them invaluable. From collecting evidence to improving safety for front line workers, these high-tech security solutions effectively reduce risks faced by organizations operating in the sector.