RSA's Coviello breaks keynote script, takes on NSA controversy

CEO pivots discussion to industry rallying cry, invokes memory of JFK
Written by John Fontana, Contributor

RSA CEO Art Coviello abandoned his scheduled keynote presentation on identity at the company's flagship conference Tuesday to address the simmering controversy involving his security company and its alleged collaboration with the NSA.

His presentation, however, included little defense of RSA. The company said in December that it "categorically denies the allegations" that it took $10 milion from the NSA to provide a backdoor into its security software.

Coviello instead took a world view, lumping governments, intelligence agencies, vendors and individual organization alike into one group that he said must unite under a set of guidelines. He then spun a yarn setting up RSA as a leader in that unification.

He invoked a Cold War analogy and quoted from a 1963 speech by then-president John F. Kennedy. "Our problems are man-made. Therefore, they can be solved by man."

Coviello laid out four guidelines he said should define the industry going forward:

1. Renounce cyber weapons

2. Cooperate in investigation and prosecution

3. Ensure economic activity and intellectual property rights

4. Ensure privacy

"Many of you will be skeptical or, worse, cynical that these principles could ever be adopted. Many will think I am naive," he said. But the entire industry must take an active role, he said. "Therefore, we must as an industry strongly advocate for the principles I laid out."

He used company history to set RSA up as an agent for change. He outlined RSA's early work with the government, on open source toolkits and the evolution of algorithms before he mentioned the NSA controversy.

"Unlike nearly 20 years ago when we were seen as leading the charge against the government to secure the privacy of digital infrastructure, we've been accused of being on the other side of that battle," Coviello said.  He went on to say the situation called for context on the state of the industry and the state and evolution of RSA's business.

"Has RSA done work with the NSA? Yes. But the fact has been a matter of public record for nearly a decade," he said. He noted NSA's defensive arm - The Information Assurance Directorate (IAD) - and said RSA and most security companies work with that NSA division.

"When or if the NSA blurs the lines between its defensive and intelligence gathering roles, and exploits its position of trust within the security community, then that's a problem," he said. Creating greater separation between the offensive and defensive roles of the NSA would go far in repairing relations and rebuilding trust, he said.

He then put the conference itself in the role of unifier, noting that the cyber czars of 12 nations are on the agenda to discuss security and privacy. He did not, however, mention the TrustyCon conference that will take place Thursday across the street from where Coviello spoke. The one-day conference was organized after some speakers boycotted the RSA Conference. The theme of the conference is to start a discussion about trust.

Coviello said RSA supports the recommendations of the President's Review Group on Intelligence and Communications Technologies to simplify the role of the NSA. One of the authors of those 46 recommendations, Richard Clarke, spoke the day before during the Cloud Security Alliance Summit at RSA.

"All intelligence agencies around the world need to adopt a governance model that enables them to do more to defend us and less to offend us," he said. He said the fast evolution of the digital world has created chaos and confusion that needs to be sorted out in order to move forward.

Coviello then deftly transitioned into a number of initiatives the company is working on individually and with partners including Intelligence-Driven Security, big data, identity, BYOD, and managed services.

He then closed with another call to heed the words of President Kennedy and make them come to life again and "spur us to action."

In the conference program, the title of Coviello's keynote was originally listed as "Redefining Identity in the Age of Intelligence-Driven Security."

Editorial standards