RSA chief Art Coviello had a lot to cover at his RSA Conference keynote this week. In fact, he had so much to say that he tossed out his original talk and got straight to the point: his organization’s involvement with the NSA, the urgency of the cyber threat landscape, and how we should all be doing much, much more to collaborate as a security community.
Coviello came out of the gate with the first direct issue by denying the allegations that his company took $10 million from the NSA to build a backdoor into its software and noted that their joint projects were never secret. He says that, like other commercial organizations who work with the government, RSA used the (flawed) encryption algorithm that they named in order to meet their certification requirements, then took it out when NIST said they should. He also spent a few minutes discussing the dual nature of the NSA—the difference between its two purposes of intelligence gathering (offense) and information security (defense)—and reiterated a call to separate the two into different agencies.