Notable Quotes From RSA 2012

With thousands of security experts, vendors and customers turning out for the weeklong RSA Conference in San Francisco once again, how could there not be a few notable quotes? Here are my picks:

“People in our line of work have been going through hell.”

Art Coviello, executive chairman of RSA, alluding in his keynote to the aftermath of last year’s data breach associated with RSA SecurID.

LOOKING BACK: Quirky moments at Black Hat 2011

IN PICTURES: What’s hot at RSA 2012

“It’s all made of defensible technologies but it is the responsibility of the implementer to turn the switches to on.”

Chris Kemp, CEO of Nebula and founder of OpenStack, speaking at the Cloud Security Alliance meeting.

“The client never knows how many Web apps they have. That’s pretty telling.”

Mat Johansen, manager of threat research at WhiteHat Security.

“If a senior manager wants to go to a porn site, let him. If there’s something bad there, just stop it.”

Nick Young, network support manager Four Seasons Healthcare in the U.K., speaking on Web security during a Cisco media event.

“I find out what they said yes to after they’ve said yes.”

John Stewart, Cisco CISO, on Cisco’s practices regarding “bring your own device.”

“If we put an agent on the device, the user calls us for every blinking problem they have.”

Stewart on why it’s great when you don’t have a software agent on a device.

“I was the only Jewish kid in a mostly Catholic neighborhood in the Bronx. It wasn’t a good thing to be.”

Dr. Martin Hellman, cryptography expert and co-author of the Diffie-Hellman key exchange technology, who credited the young toughs where he grew up for the fortitude to stick to his guns about what he really wanted to do in life.

“You can know if they went to a psychiatrist. You can know if they went to a mosque or a church.”

Scott Charney, Microsoft, speaking in his keynote about the power of GPS geolocation data and privacy.

“Security moves from failure to failure.”

Whitfield Diffie, on the zen of security.

“Voting on the Internet is a bad idea.”

Ron Rivest, cryptography expert.

“When things get hot, clouds dissipate or disappear.”

Adi Shamir, cryptography expert, on cloud computing.

“Maybe we need a ‘Cloud Reliability Alliance.'”

Jeff Jones, director of trustworthy computing at Microsoft on cloud computing.

“Our primary goal is making DOD dependable in the face of cyberwar by a capable enemy. DOD today is not dependable.”

Richard Hale, deputy CIO of cybersecurity for the U.S. Department of Defense.

“Standards have a dark side — the reputation for being cumbersome and slow.”

Patrick Gallagher, director of the National Institute of Standards and Technology.

“Smart grid is $50 billion in the U.S. in technology that will arguably make the grid less secure.”

Stewart Baker, attorney at Steptoe & Johnson.

“There’s an increase in free tools available focusing on industrial control systems. And greater hacker interest.”

Donna Dodson, division chief, computer security division, NIST.

“We don’t know what badness looks like. You have to know what goodness looks like” to understand “the deviations from goodness.”

Neil MacDonald, Gartner analyst, on the basic problem we have today in the way we try to detect hackers infiltrating networks to steal data.

“My fear is we’ll capture more data and not know what to do with it.”

Jon Oltsik, analyst at Enterprise Strategy Group, on the topic of the latest buzzword, Big Data.

“Do you really want to be Nortel where you are available to hackers for 10 years?”

John Kindervag, Forrester analyst.

“We analyzed 267,000 apps for Google Android Market. We found hundreds with excessive functionality that can be constituted as malicious.”

Professor Angelos Stavrou, George Mason University.

“Imagine you’re on the battlefield playing Angry Birds at downtime. Suppose some developer managed to get a Trojan in there.”

John Viega, executive vice president of Perimeter e-Security.

“Privacy policies are written 10 pages long by lawyers and I have no idea what they mean.”

Hart Rossman, chief technology officer at SAIC.

“My mother has malware on her PC.”

Ed Amoroso, chief security officer at AT&T, on the difficulty of the role of the ISP in identifying malware on their customers’ PCs and telling them about it.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security.

Read more about wide area network in Network World’s Wide Area Network section.