SAN FRANCISCO — Cybersecurity threats are now a household worry, putting the thousands of professionals who flock to the annual RSA cybersecurity conference here in an unusually influential position.
“The threat level is now Code Red,” said Avivah Litan, a security analyst with Gartner, a consulting company. Familiar threats, such as hacking by groups backed by governments, are not new, but they've become more severe in the last year. Plus there are new ones, such as the use of botnets to take down Internet service for an entire region.
The events of the last year “have opened the public’s, and the government’s, eyes that the problem is bigger than they thought it was,” said Gus Coldebella, an attorney with Fish & Richardson in Washington D.C. and former acting General Counsel of the U.S. Department of Homeland Security under George W. Bush.
The rhetoric around threat vectors and hacking is always strong at RSA, if only because most of the estimated 40,000 attendees are bent on convincing potential corporate customers that without their products and services designed to prevent or discover hacks, they are vulnerable to attack.
But many attending say concern at this year’s conference is unprecedented, between Russian involvement in events leading up to the presidential election, a botnet attack that took many websites on the East Coast offline for a day in October and an ever-growing rap sheet of ransomware attacks.
"It's gone to the next level," said Gartner's Litan.
Three topics especially dominate this year's conference.
Nefarious nation states
The first is the threat nation-states pose as cyber attackers. The FBI and multiple other U.S. security agencies publicly accused Russia of attempting to influence the outcome of the 2016 presidential race by stealing data to discredit Democratic officials. Donald Trump, then Republican nominee and now president, at times has doubted Russia's involvement.
Discussions of possible nation-state hacking have long been a staple at computer security conferences, but they have tended to focus on things like infrastructure hacks that might take down the power grid or hits on the banking system.
Russian meddling in the run-up to the election was not on the short list of frequently predicted attacks.
"The crisis is not what we were given to expect," said Bruce McConnell, a global vice president at the EastWest Institute, a non-partisan think tank, where he heads the cooperation in cyberspace initiative.
"We are in a fundamentally different environment,” said McConnell.
Two other topics are also top of mind.
The first is October's attack on an East coast Internet company that knocked a wide swathe of major companies offline for much of a day. It was the first known wide-scale use of a cyber weapon known as a botnet.
That botnet, called Mirai, was also the first major use of the massive zombification of millions of "Internet of Things," or connected devices, in homes and businesses across the world. It represented a new and scary normal. Multiple workshops at RSA will be devoted to the threat from both the botnet and IoT devices.
The other is the continued rise of ransomware attacks, which are becoming a scourge on businesses. RSA this year devotes an entire Monday seminar to ransomware.
Using often extremely sophisticated and highly personalized phishing emails attacks, cyber criminals get malware onto a computer or network, then lock it down and demand a ransom payment in untraceable electronic currency to unlock it.
'Windows of opportunity'
While ransomware is nothing new, it's becoming hugely popular among cybercriminals, with hospitals, businesses and even public agencies targets of choice. Ransomware attacks grew 160 times year-over-year, from 4 million attack attempts in 2015 to 638 million in 2016 according to a report by security firm SonicWall.
The computer security world is also waiting for President Trump to release an expected executive order on cybersecurity, several versions of which have been leaked in the past two weeks. While it's unclear how different Trump's focus will be from previous administrations, the degree of uncertainty offers both promise and concern for the industry.
"In security, opportunity exists when conflict and fear prevail," said J.J. Thompson, CEO of Rook Security in Indianapolis, Ind.
"The administration is shaking everything up. Those who have the foresight to see the windows of opportunity will thrive. Those who run in fear will miss out," he said.
Follow cybersecurity reporter Elizabeth Weise at RSA at @eweise.