RSAC 2024: Same GenAI Buzz, but OT Cybersecurity Starts to Gain Visibility

This May I returned to RSA Conference (RSAC) one of the biggest information security shows globally, to see how last year’s conversations around AI and other tech topics had developed. As before, my focus was on cybersecurity for operational technology (OT) and critical infrastructure, with a particular interest in the Internet of Things (IoT) and offerings aimed at securing energy grids. The following are the most important points I discussed with fellow attendees and exhibitors on the show’s expo floor, and were also the subject of various talks I attended.

Generative AI Was the Big Topic Again

Overall, the buzz from this year’s show was similar to that in 2023. Generative AI (GenAI) was once again the question on everyone’s minds, whether as a tool to combat cyber threats or as a threat itself. In briefings and conversations, some contacts rolled their eyes at mentions of GenAI, while others demonstrated how they use the technology to create step-by-step playbooks for responding to attacks—for instance, on cellular base stations—enabling human operators to more quickly remove credentials from insider threats and isolate compromised assets before the attack can spread further.

Some of the eye-rolling is justified. As some companies on the expo floor noted, when customers ask them about GenAI, they are really just asking about automation. GenAI, at its most promising, learns from data and makes decisions without explicit instructions, whereas automation is just a way of enhancing the efficiency of predefined tasks. Confusing the two risks devaluing the promise of GenAI and relegating it to a meaningless buzzword.

OT Cybersecurity Is Grabbing More Attention

Given Guidehouse Insights’ focus on utilities and energy infrastructure, the important question for me was whether cybersecurity for OT, IoT, and critical infrastructure was more prominent than last year. The short answer is yes: compared with RSAC 2023, there were more booths that mentioned security for critical infrastructure, and more sessions focused on OT cybersecurity. The show’s greatest focus remains on IT-oriented solutions, but security companies increasingly highlight how interconnected IT and OT systems are and the implications of that interconnectedness for defending from attacks.

Ransomware attacks on industrial targets grew by nearly 50% in 2023, and the number of distinct ransomware variants grew by 28%. Since the most recent conflict in Ukraine began in February 2022, it has been a proving ground for threat groups and malware aimed at destabilizing generation facilities and distribution networks. As some speakers pointed out, these attackers are using the skills they’ve learned in Ukraine to attack targets in the rest of the world.

The challenge for utilities and other critical infrastructure industries will not just be keeping these attackers out—several speakers at RSAC 2024 argued that threat actors are probably already inside. Instead, companies need to prioritize plugging their most critical vulnerabilities and managing the rest. This fits in with the show’s tagline this year, which was “The Art of Possible”—reflecting the need both for pragmatism in dealing with cyber threats and for thinking beyond the traditional arms race mentality of cybersecurity.