RSA Security LLC President Rohit Ghai delivered his opening keynote at the RSA Conference in San Francisco today with a surprisingly optimistic view of the trouble-plagued cybersecurity industry.

“Cybersecurity is getting better, not worse,” Ghai (pictured) told the audience. After a pregnant silence, he added, “Folks, I’m not kidding!”

You might expect a seller of computer and network security services to turn a year of massive data breaches, Russian election meddling, processor security flaws and globally spread viruses launched by nation-states into a sales pitch. Not this time.

Instead, Ghai focused on what he called “silver linings.” These included security industry acceptance of an incremental approach that finally abandons an ultimate “silver bullet” to protect all systems, and new tools using behavior analytics and network visualization technology to better defend against threats.

“We are focused on being a little safer every day, rather than being perfectly unhackable someday,” Ghai told RSA attendees. “We’re seeing the emergence of beautiful security.”

However, Ghai’s remarks were followed by a parade of speakers, including noted cryptographers, company executives and the head of the Department of Homeland Security, who took a less sanguine view of the cybersecurity world. “If you’re on the Titanic and you hear the band playing, it’s kind of a small silver lining,” said Paul Kocher, an independent security researcher who played a key role in the discovery of the microprocessor security flaw last year called Spectre. “We still have a pretty big mess.”

Spectre discovery process flawed

The scope of continued threats and vulnerabilities that the cybersecurity community must wrestle with was outlined over the course of Tuesday’s RSA keynotes as a number of key industry figures delivered their remarks. Even the process of how to handle the discovery of hardware security flaws had room for improvement, as Kocher described the experience during a panel discussion.

Spectre, and its companion vulnerability known as Meltdown, are security vulnerabilities that affect computer chips made over the past 20 years. Kocher and other security researchers quietly provided Intel Corp. with details of their findings in the hopes of allowing the company time to fix some of the bugs before bad actors found ways to exploit them. But word leaked out.

“The embargo process for hardware bugs is something we don’t know how to do,” said Kocher, who cryptically added a sobering note: “There are going to be more of these things.”

Tech companies join accord

Microsoft President Brad Smith

In anticipation that the cybersecurity struggle will get harder, 34 technology companies announced The Cybersecurity Tech Accord on Tuesday in a group pledge to protect users from cyberattacks and stymie efforts by nation states to further cyber warfare. Facebook Inc. and Microsoft Corp. were among the accord participants, while Apple Inc., Alphabet Inc. and Amazon.com Inc. opted out, at least for now.

“Last year was a wakeup call,” said Microsoft President Brad Smith. “The question today is not what 2018 will bring to us but what we will bring to 2018.”

One of changes Microsoft will bring this year includes the use of Linux to secure Internet-enabled devices. On Monday, the company announced a product package called Azure Sphere that includes new chips with Linux built in for security.

Smith delivered a nod to his company’s previously rocky history with Linux technology in his Tuesday remarks. “Did anyone ever think that someone from Microsoft would come here and say that we are shipping a custom Linux kernel?” Smith said.

DHS Secretary sees dimmer threat picture

Homeland Security Secretary Kirstjen Nielsen

In her keynote, Kirstjen Nielsen, Secretary of the Department of Homeland Security, echoed the sobering assessment of the security landscape delivered by others. “The threat picture is getting dimmer, not brighter,” Nielsen said. “Our cyberenemies are bolder, more brazen and savvier than ever before. We will get hit over and over again.”

Nielsen declined to comment directly on Tuesday’s tech company accord, which pledged to block cyberwarfare by nation states. The Secretary was also coy about what initiatives the U.S. might pursue in cyber response to nation state hacking.

“I myself would not call it ‘hack back,’ but we are doing things in the cyber realm,” Nielsen said. “Companies have stepped up.”

Although Ghai’s optimistic view of the cybersecurity space did not appear to be widely shared by his colleagues on Tuesday, incidents happen quickly and response is now moving at warp speed. “He forgot to say whether we’re moving forward or backwards,” Adi Shamir, an Israeli cryptographer, co-inventor of the RSA algorithm and the “S” in RSA, joked in response to Ghai’s remarks. “If you want a silver lining, it’s that our job security is guaranteed.”

Photos: Robert Hof/SiliconANGLE