As our online and offline lives merge, cybersecurity has crept into mainstream consciousness as both a business and personal concern.
The World Economic Forum predicts that crimes in cyberspace will cost the global economy $445 billion this year. At the same time, the number of smartphone users worldwide is expected to cross 2.1 billion, making the Apple vs. the FBI battle around the issues of encryption and privacy relevant to almost a third of the global population.
Hack attacks are increasing in sophistication and success — 2015 saw a record number of reported data breaches, with 3,930 incidents exposing more than 736 million records, according to Dataloss DB. At the same time, the "Internet of Things" (IoT) is exposing a whole set of new devices, from connected cars to heart rate monitors.
"If you look at the results over the last 10 years, no one would suggest we would have more privacy and security; we have less," said Arthur Coviello, an industry leader, investor and former executive vice chairman of RSA. (RSA is owned by EMC Corp.)
The industry has been working to solve these issues for decades, and next week's RSA Conference, celebrating its 25th year, will be a coming out party of sorts. Cryptologists are suddenly cool, white hat hackers have never been more in demand, and investment dollars are free flowing.
"It's on TV all the time and there are whole movies about IT security and hacking," said Gartner analyst Anton Chuvakin. "It's more of a mainstream issue now."
Last year, venture capital and private equity investors poured $10.8 billion into the global security industry, up from $8.2 billion in 2014, according to Pitchbook. Global security acquisitions accounted for $16.7 billion in deal flow and IPOs accounted for $749.2 million in capital raised.
2016 is on pace to see even more money invested in security start-ups, and the deals are getting bigger. Between Jan. 1 and Feb. 8, $483.6 million was invested across 34 deals, up from $124.8 million across 39 deals in the same period in 2015.
"It's an exciting time," said Coviello. "I have never seen so much VC invested in security and products that will enhance security infrastructures."
More than 33,000 attendees are expected to attend the conference this year. Organizers have assembled an impressive lineup of speakers, including industry and government leaders.
A number of sessions are aimed at doing just that. For example, on Wednesday at 2:30 p.m. Eastern Ted Schlein, a partner at VC firm Kleiner Perkins Caufield and Byers will interview Department of Homeland Security Secretary Ashton B. Carter. Schlein was one of Symantec's early employees and invests in security start-ups, and Carter has made building relationships with Silicon Valley a priority of his tenure.
Fostering a more harmonious relationship between tech and government may be tough as long as the Apple/FBI dispute dominates the headlines. Coviello has made shifting the conversation to a more friendly dialogue a key priority. On Tuesday, he announced a new security and privacy initiative called the Digital Equilibrium Project aimed at developing a "digital constitution" to provide a legal and social framework for situations where security and privacy are at odds.
Another panel will bring together privacy and security experts to discuss moving beyond partisan policies on these issues. The panel features former Department of Homeland Security Secretary Michael Chertoff and former National Security Agency Director Michael McConnell to debate with Nuala O'Conner, CEO for the Center for Democracy and Technology, and Trevor Hughes, president and CEO of the International Association of Privacy Professionals.
"Two administrations have been talking about public-private partnerships for the better part of 12 years, and nothing has changed," said Coviello.
A session on Wednesday aims to test just how well governments and industry partners can work together in the event of an advanced cyberattack. Led by Jason Healey, a senior research scholar at Columbia University, and Dmitri Alperovitch, co-founder and CTO of Crowdstrike, 50 attendees will work through policy responses and actions to combat an imagined cyberattack on a nation-state.
Experts agree that the rise in the IoT opens up a whole new host of challenges. Marie Moe, a research scientist with Scandinavia's largest research organization, SINTEF, will talk about her research into protecting her personal critical infrastructure from hack attacks. Moe has a rare heart condition and relies on a pacemaker — featuring wireless interfaces with network connectivity — to help control every single beat of her heart.
Last year's Jeep hack — which caused the automaker to recall more than a million vehicles — is at the center of several panels. General Motors Co. chief product cybersecurity officer Jeff Massimilla will discuss how the industry can avoid such missteps going forward. A separate panel looks at liability when things do go wrong, Eric Hibbard, CTO for security and privacy at the Federal Trade Commission, will examine emerging theories of liability for manufacturers and vendors when a hacked device turns fatal.
Attendees can also witness the live hacking of a professional police drone. IBM security consultant Nils Rodday will hack into the drone and take control of the device. The goal is to demonstrate just how vulnerable drones currently in use by police forces around the world to execute critical missions are to hackers.
"IoT hacking en masse will make this more of a living room issue," said Chuvakin. "It's a real threat — it's not an existential threat — but it's something that's probably more of a conversation for two or three years in the future."
With security in the spotlight at the RSA Conference, insiders expect companies to announce new deals on Monday. With so many key players in one building, it's an important way to figure out how the complex vendor ecosystem fits together, and which technologies have the most potential to disrupt legacy players.
"This is the entire industry in one building," said Chuvakin. "That's where the conference is valuable."
"Security is a very fragmented industry, and there are a lot of small companies in this space, and it's important to have a broader spectrum across the different companies to understand who's doing well and what technologies are doing well," said JMP Securities analyst Erik Suppiger.
Beyond deals, for analysts who cover the industry, their eyes are trained on advances in some of the less sexy, but continually important security challenges. For example, technology to combat older malware is still very much needed despite recent advances, said Chuvakin. "People still get burned by malicious software."
Of course, it's often the after-hours events that are most fruitful for industry insiders. Security vendors large and small will host a slew of events around the conference, and on Thursday evening RSA is throwing a giant celebration at San Francisco's AT&T Park featuring a live performance from Sheryl Crow.
Organizers are hoping to lure attendees back on Friday with a closing keynote featuring another star: Sean Penn. Previous keynotes have featured Alec Baldwin and Stephen Colbert.
"They have a fresh perspective," said RSA Conference General Manager Linda Gray. "With Sean Penn, apart form his own activism, philanthropy and interest in Internet privacy, he was also involved in the interview with 'El Chapo.' "
In a story published in Rolling Stone, Penn said he used burner phones, encryption and anonymous email addresses to communicate with the Mexican drug lord Joaquin Guzman, known as "El Chapo." Penn acknowledged that the Mexican government and the U.S. Drug Enforcement Administration were likely tracking his movements.
Correction: An earlier version of this story had the wrong day listed for a panel discussion.