Cybersecurity Certification

Cyber War with China is Possible (Video & Transcript)

This conversation is a recap and insights from an event we hosted recently.

Cyber War with China is Possible (Video & Transcript)

The topic, Cyber War with China, may be perceived by some as controversial, but it was chosen in order to provide a real-world problem that affects everyone, regardless of industry. It also provides a framework around which to discuss cybersecurity.

Disclaimer: This transcript was automatically generated using speech to text software. It’s imperfect, and we recommending listening to the actual video over reading this for the most accurate presentation.

Sid: 

Hey, everybody. Welcome. Wanted to recap our event that we had last night and talk through some insights and thoughts we had on it. Had a really wonderful event talking about the topic of what would cyber war with China look like. We had three different presenters: we had John Monken from PGM, we had short both George Bokas from Crowdstrike and Pete Seeber from Rocus Networks.

And that just ran through a number of different topics related to the theme of what cyber war with China would look like. We start, of course, with the disclaimer that none of us is looking for a cyber war with China but the realization that China is an adversary and that although we may not all agree politically on the right way to deal with them and the things that are happening in the world today, there is really no question that they are actively doing things to undermine our economy, our military, our way of life, and if we’re not at least cognizant of those things, then we’re going to end up in a place that we don’t want to be. Chris emceed the event last night, and I thought they’re wonderful job so the backdrop for that so Chris the folks the missed out if you just give us a quick rundown of some of the background history and wife tries important and some of the things that you talk about last night.

Chris: 

Yeah, I know.

Of the things that I try to set as the backdrop is the idea of what’s called a revolution in military affairs, and I use the analogy of the match in a line which is intense fortifications that the French built along the German border in the 1930s in order to prevent another World War I trench warfare type work happen and the promise of a revolution in military affairs is that when a new technology comes about.

Whichever military is preparing to fight, the last war is going to be the one who’s on the losing end or likely to be on the losing out because they’re not prepared to fight the next quarter so the case of the example of the French for the national line, the national line would have been an excellent fortification had the Germans conducted war for the same way that they did in World War I, but with the technology that came out of the time, largely the combustion engine and advances in the power behind him of the combustion engine and a couple of decades between those wars, are led to the Germans having the ability to move motorized and mechanized vehicles essentially driving around their national line through Holland and Belgium and when they did that across the frontrunner card they were to move very quickly and basically emasculate a will you know hundreds of thousands of French soldiers in a very short period of time and early on the war you know take over you know all of western Europe outside of outside of Britain so I’m sending that backdrop like what what’s a technology today that could cause the same type of game changing can treat him where the war would play out and I say that because at least in you know at the present the US military still the dominant the dominant military in the world when it comes to finding a last movie anyone questions got more crackers more you know worships more technology more what jobs or military from a traditional warfare standpoint more lethal.

Anyone that comes for us but the question is if your country like China and you know about these traditionally been advantages you’re gonna look for asymmetric at rand which and what that means is basically I’m gonna look for something that for a very small cost can can change can offset you’ll all be avenged.

And to try and spend much of the last twenty five years of pursuing that type of technology while still continuing to build their own military but cyber warfare is a big asymmetric advantage so for very little cost can have you know their quote one guy you know thousands of times the impact of your house gonna spend a dollar I could spend one dollar on building the ship or an airplane or based on one dollar on cyber the the the multiple on that investment in cyber is you know thousands and thousands of times larger than that you know putting it into something of a traditional military us so I was kind of the backdrop from a you know how would this play out you know I think that I don’t think that the US are trying to at present are actively seeking war with one another and I think both countries would prefer to avoid that but often times a small event can lead to something larger and and and so forth so if it’s such a small event were like that happen would probably be in the south trying to see there’s contested area there were trying to claims the entirety of the South China Sea the USS those are international waters that are you know that supporting freedom of navigation for any country military or commercial to to move their assets through those waters and trying to says no you trying to permission to come into what is our territorial and so that’s that’s probably where the US military the Chinese military most likely to bump into one another and you could see some type of accident escalating into into something larger but all that traditional military so then the question is what happens.

Sid: 

It is beyond them there’s nothing that says that there will be a military conflict you know can be state actors operating into each other whether they’re obvious about it and you know see declared thing or they just try to get away with that they can have an impact as we’ve seen with Russian elections and things like that where you can you know we do our best to attribute those things to that actor but there’s usually no smoking gun that says you did this this is an act of war so and I think we as a country can be very hesitant given our history of warfare last couple decades now to enter into a Connecticut racial we can lose lives and everything.

And probably more likely to let things slide and maybe do some sanctions or something like that but not really you know engage the same level so we may not be protesting the war in another country is essentially yeah.

Chris: 

Yeah no it’s a and there’s a very very strong incentive on the part of an adversary like China or Russia to create a degree of uncertainty as to whether or not well what was that the government I’m trying to did that or was that a criminal in China’s interest acting without the government’s you know approval or is it someone else another country another criminal that’s sort of making it looks like this attack originated from trying out but it’s it’s hard even for our intelligence agencies I’m to get you know a hundred percent certainty that but something happened there I think they can still get a very high degree of certainty based on the sophistication of the attacks that the patterns that you know for previous things that have been seen but yeah there’s a there’s a ton of incentive in one of the things that we talk about is the the boundary lists nature cyber warfare we used an example on the two thousand eight war where Russia invaded the country of Georgia.

Chris: 

And when that happened the country of Georgia took a number of their technical assets there you know defense ministries you know online assets and move them to servers in the United States and because they were being attacked by Russia in a circle or for instance in and out when that happened be attackers then followed and and one after the service in the United States or you’re out Russian actors fighting against what are essentially corporate servers but located here in the United States and so is that an act of war is about an act of war the.

Sid: 

Anyway that company respond back and state and nation state actor.

Chris: 

Totally.

Sid: 

You know where it was where’s that fall legally in and what the ramifications of a your company or a state representing the United States of America by taking an aggressive action against.

Chris: 

You know.

Sid: 

Essentially no country.

Chris: 

No it’s some it’s a fascinating and again just legally uncharted waters from the fact that I mean we have the NSA and we have the sense intelligent she the U. S. has a number of intelligence agencies with cyber capabilities DOT and spy agencies but.

Even with all that the vast majority of cyber capability real resides in that the commercial sector units so you have this weird dynamic where the US government doesn’t have a monopoly on offensive capability and so you can have criminals you can have you know criminal so looking for monetary gain typically you can just have visual and he’s looking to you know rah rah America kind of stuff and you can have corporations looking defend their corporate interests so as an example of a scenario that yeah you know that private company that’s now hosting the country of George’s you know defense ministry and other online assets what happens is they now reach into the country of Russia to take down the origin of attack is that legal is that illegal a lot of this is really murky and just you know and so what that murky yes actors will take advantage about.

Sid: 

Certain.

Chris: 

Where the US might hesitate to do the thing that is legally sufficient or company or us state government or any actor in U. S. might be worried about I want to get into a lawsuit on one have criminal charges for breaking some loss will take a concerted action in overseas actor an authoritarian government or criminal act or terrorist might have might not have the same concerns so they’re playing by a difference.

Segment 2 = Sid = 0

Sid: 

Absolutely I think one of the things that’s interesting to look at as well as the way that we as Americans view that is very distinct separation between the government and the private sector there’s overlap in the private sector supports the government through contracts and things but those are two very distinct entities and we talk about China.

There’s essentially no separation between the Chinese government and the quote unquote private sector in China and their their if not controlled with very heavily influenced by the government there so when a private sector company walk away for example does something day in beds of that something in the hardware of their cellphones or software or any of that you can pretty much assume that that’s at the behest her with the knowledge of the Chinese government whereas in America there is a at thinking very healthy distrust of government and.

A you know the tendency of the private sector to try to protect the privacy of the citizens and they have that the ability to do so without the government can’t four seven most cases to not do that and the government can’t forces companies to nationally do things that are to the benefit of the country as a whole which is a great thing you know for a free society but then that also means that we’re not playing on an even playing field or at the very least we have to recognize that when companies in China doing something that it’s.

Essentially be viewed as the government trying to do that thing where is the UPS it’s not true states were if apple or Google or Facebook do something is not simply because the government told them to stop the behest of the government it may not serve the government’s interest in the ops is definitely not true.

Chris: 

Yeah I don’t think so technology companies in the U. in the US Silicon Valley based technology can be some very big libertarian streak which would make them sort of like keep the government away from me I think the best and most public example about was after the massacre in California when the FBI wanted access to cell phone all right the the perpetrator in that in that instance and apple wouldn’t cracked their own encryption they wouldn’t give him a back door because they didn’t want to create a precedent for.

And where they can just happen over and over again and it was going to go to court and you know yet behind of finding some other way around it that apple’s prop presumably since closed off but but it’s you know you you this pretty good example of how you know the government and corporations may work together in the US but there is that healthy distrust and if anything there’s a legal process that’ll that so just like that we’re going to court or you have warrants to mandate wire tapping and so forth for the telecom.

With that that’s been pretty well proven process over over decades now but if you have been in China you have a company that you know you’ve got Communist Party members that are.

The highest level of that they’ve got state backed financing for a lot of what they’ve done all of that stuff the government in the company far more intertwine and the company is going to in many cases acting commercial interest but it’s you know it it’s a much much closer relationship when it comes to acting up from a nap scurry standpoint and in here in the United States there’s a tension between freedom and security and so you you saw after nine eleven is probably the best example of the patriot act where if you want a lot of security you you end up giving up someone liberty one in where you know the more of a police state you have to catch terrorists in the case of nine eleven well you’re gonna have local police or or or you know organizations like the FBI looking at American citizens and that creates a certain amount of discomfort for a lot of Americans not to cancel on that swings back and forth depending on the nature of the hostility but it there is that kind of attention I don’t think you know the same type of mindset exist China where you know the state there there isn’t concepts such as freedom the way that they are cultural values like that is there.

Sid: 

We spoke a little bit last night about the cyber strategy in China and I think it’s more than just a simple you know going after your network strain and there’s there’s kind of a multi faceted approach to.

Chris: 

To.

Sid: 

Their cyber strategy you talk about the community can’t.

Chris: 

Yeah I think that nation states like China and Russia they incorporate cyber as part of a broader strategy it’s not something that exists in.

So I used the Russian example they didn’t just invade Georgia where they didn’t just do a cyber attack being made in Georgia they did a cyber attack with the express intent of taking down the communication mechanism within the country of Georgia so they could communicate with their citizens war with the outside so it was a it was a coordinated attack and and China follows the same kind of strategy where it’s cyber is a means to a broader national strategy of the the main the main legs of that are controlling its own population so preventing civil unrest home trying to as you know lots of facial recognition technology cameras ever to censor their own population it exported a lot of that where they’ve on the use that technology to intimidate Chinese nationals in countries like Australia or do you know what kind of reach out and say Hey we got your family back home I’d hate for something bad to happen to them but we know what you’re doing in trying our Australian and U. S. rush really.

Showed population control for the local Chinese population but also diaspora Chinese that have moved overseas you might not have loyalty to the Chinese government but they’ve got family or friends.

Second is traditional counterintelligence so the OPM hack is probably the best example of that were twenty three million security clearance records were hacked into and the backgrounds on all those individuals and trying out their ability to merge that enter information synthesize it with a hack of United Airlines half American tell now they have the the principal airline that US government uses for commercial travel the principal hotel but the US government use for travel if they can lay all that hack information together they can start to see patterns of movement where I know that you know since the US but a person with security clearance.

Who is travel to these locations and I can also see what Chinese nationals have troubles locations or been in those locations around the same time start to use it to find spies within the country trying to respond Americans because they’re  

The thing and and the US does that kind of stuff too so you know that’s a big that’s you know friendly countries Israel does that kind of stuff to the US and vice versa so I think that’s more in the traditional spy world but the industrialized countries where trying has been extremely extremely aggressive relatives United States they basically used stealing trade secrets as a form of national strategy catch up technologically with the United States and the the best example of that but I showed was a picture of the F. thirty five fighter jet the United States is spent about a trillion and a half dollars developing and there’s a picture of the you know Chinese equivalent trap that is like identical just a different color paint because they hacked into Lockheed Martin still you’ll still blueprints in the plans for that so that’s an example of stealing defense technology but they have presumably hacked into apple and you know all these other technologies in the United States of trying to steal whatever they can’t work if you don’t even need to happen to it if it’s being manufactured in China they can a lot of times force the technology to be turned over or you have to turn over some elements of the technology in order for it to be manufactured so at any stop along the way the ability to extract that technology and use it so example is Japanese company comes in and wants to develop on they compete for a high speed rail line in China the government of trying to force them to do a joint venture with a Chinese company they do that the Chinese company learns how to build I you know these really expensive high speed trains and bend the Max contract through.

Yeah same kind of thing is the F. thirty five where they are copying be you know they got a same train with a different set of paint on it it’s not necessarily innovation but it catches them up by their ability still that so recently seen US pushing back pretty strongly about and then the last thing is using the supply chain to about zero day volatile is is the walleye scenario so there’s a lot of push back the United States banning the use of while way telecom technology to roll out the five G. networks in the US the US is putting a lot of pressure on its allies Poland Australia United Kingdom to not to not use that technology because if China controls access or has access to what is critical infrastructure communication networks for five G. their ability to monitor that were shot back down the event of a of a conflict is you know could.

Massive rescue any western.

Sid:

Not now I think that that summed it up pretty well an obvious all of this leads to not just a military advantage there’s lots of scenarios that you could talk talk about that there are able to take the cyber capabilities levers as to military bands but also just the political economic advantage as well and you know I talked about this a little bit after the event last night where I think that we as Americans don’t have the same perspective in terms of time lines as some other countries in the world right we look at things in terms of best case maybe electric election cycle right now maybe a decade if we’re lucky wears a lot of these a lot of the citizens of the roof of the world not countries look at things in terms of generations and they’re happy to lay the groundwork for planet may take a hundred years for them to rise to a level superiority we don’t have the same type of outlook and we take for granted that you know where the top he’d now we always will be and and that’s a dangerout assumption.

Chris: 

Yeah I think the US is on.

Things are set for several years is that when there was the Cold War and the USSR was an adversary United States it there is a healthy competitive.

We didn’t know when the US assume that we were just normal.

Healthy fear US and fascinating to me to watch China has risen but until very recently not be spoken of in the same way or it’s a country that’s actively seeking to displace the United States and and as it rises in power it’s exerting its influence certainly in the Pacific in a way that we have in the United States is not had to deal with sort of sense you know you can argue the US got lazy because we’ve been number one and one of the things that comes out of that is people in the US are more focused on in findings you see Republicans saying that Democrats of the enemy Democrats saying Republicans.

While all that’s going on you’ve got other countries around the world that are that they they see the US as an adversary but we don’t we just see them as a place where our stuff gets man out and you know we’re we’re too busy focused inward when there’s certain external threats that job better actively seeking under minus economically politically military you know across.

Sid: 

Absolutely let’s talk a little bit about some of the things that our presenters brought up last night and the panel discussions we had word person job market PGM and I thought his presentation on the at eastern interconnection and that the power grid in these United States was extremely interesting a couple things that jumped out at me.

Or the fact that our system is.

Pretty much completely digital and we don’t have any good mechanism to.

Take that back to legacy systems of control whereas other countries like Russia it’s all letterman electro mechanical right and there’s it’s not hackable it’s not something that others there there’s a massive technology advantage or dated a operation perspective but if it were to come to a time of war cyber war or near war whatever happens to be we don’t have the same capability go after their system purely based structure as they have to go after ours said that that was that was something I hadn’t really thought about before and those is pretty insightful of the scary yeah.

Chris:

Yeah I know its I think one of the risks that we have an United States certainly the commercial sector where you’re incentivized to maximize profit and minimize expense and where domestically you’re you’re not have been you waited to thinking out anything on the you know you don’t mainland US is at risk of warfare she don’t build that into the technology but cyber because of boundaries changes all that I thought that kind of the scariest piece of.

What that what John talk about is that I get the the switching mechanism for the peace you know that piece of equipment they’ve got you know fifty six hundred of them in the region that they serve their deep this particular piece of equipment has a lead time of six to twelve months it’s critical so it doesn’t work like they’re great doesn’t it’s not manufactured in the state I’m sorry if you had all the money he said I want one it’s a six a twelve month time before you get and this is a famous hackable right so if you’re an adversary you’ve got access or you can get access to.

To that technology and US I mean our music arguably the number one thing when you take out our power grid like just communications rebel down water system but I like all these other things that are kind of power to operate will fall and you know rapid order so just imagine a scenario where there’s some type of event in the South China Sea but coordinated with that is an attack on our car here were you don’t just lose power for a few hours or even days but it just goes down for weeks to months you know but you know after that you don’t have clean water and and like all of a sudden as a society is an economy where are massively distracted with little ability to recover from it in short order it’s it’s pretty I I don’t I would describe as showing very vulnerable and I think that’s on the river.

Sid: 

Yes one of the things I thought about to that as well as their we talked about last night in terms of eighty a war where there is a military conflict or something there’s no Burke or declared war it’s very clear to us that there’s another stay actor that is doing things and we got you something back we will defend I go see a scenario where.

Nothing’s declared nothing’s obvious and the economic impact the social impact like me think about the way that we react as a society right now with some of the things that we see in the news whether it’s political things you know racial education you know all these contentious topics right natural disaster comes through you can affect the same results of a major hurricane by taking the power grid down for a period of time you know we don’t have your food in your water and your communication capability and all those things are widespread area and the chaos that would ensue the social economic impact of that you know all the lost wages all of the you know the the retail spending it’s not happen everything we seem to these major disasters had over the years you can have the same impact in you can do it basically on command whether it’s you can judge a military operation.

Chris:

Yeah.

Sid:

So what things that John brought up that that was a great example of vulnerability sure system is every familiar with you know I haven’t seen an end of things with all these devices are house now refrigerators thermostats television speakers all the stuff cameras and one little example you gave that was I thought it a great you’re very real example something happen is all this stuff smart thermostats out there is a and adversarial actor were to take control of a number of those those thermostats whether it’s through zero day vulnerability or software or anything just all at once came and all of them to decrease the temperature in the middle of the summer from seventy degrees to fifty degrees it would overload the power rating and bring the whole system down and it’s a very simple thing that’s not a you’re not busting through the firewall of some major energy company you’re not you know hacking a government or major corporation this is the every day I when I bought something installed in my house and never bother to change the default password type of thing that happens everywhere and so it’s just amazing very very simple thing that they can do and as such a bring our system to its knees.

Chris: 

That’s one of most frustrating things about it from a defense standpoint is only needed one vulnerability right so it’s like a man and a line like you have this whole impenetrable line but there’s one gate but I can drive through well you can have it the whole thing could be hundreds of miles long but all I need is a road to get all my tanks or you know this one little opening and the rest the rest doesn’t matter and that’s you know there’s there’s a hundred or a thousand of those weaknesses all along the way from top to bottom and you know they could just export one I mean you’ve seen this with you know the Russians stated was highlighted last night the Russians did this in Ukraine and they took the great down and in twenty fifteen and they basically ripped out all the digital stuff they were able to do this I don’t think you want to be able to.

I just have been running it kind of manually since number one time to try to go back as soon as they went back on the Russians took it down again so that since you know twenty fifteen they’ve been running our entire grid manually and we don’t have the ability to do that here one of the things that I my brother brings up all the time is that you know as a as a tanker in the army of the tank has a number of different statuses so you you have it when you’re a hundred percent up and running but it has and there’s a lot of digital stuff in there but in the end the day like you can go to a fully integrated mode where the you can fire the main gun in the tank with like no power no anything and you’re literally turning the turret by cranking something it was a firing pin it hits the boxes of fully analog back up that like several systems would have to fail and it’s the ultimate redundancy and it’s far less capable than when you’re you’re operating at that you know that the you know lawful status but it’s also it’s the ultimate back on we don’t have that workers.

Will have that for water system we don’t have that for all these critical infrastructure systems the United States that we are fully dependent on and there’s no analog backup for any of them it’s really scary to see you know our dams on nuclear power plants all over power plants there’s no there is no one plug it in just go to the analog alternative and it’s got it’s less efficient than we have less information but it still works it’s like digital or nothing and right and that’s a it’s a massive risk is the only way.

Sid:

Yeah absolutely one of the other things I think that’s important to talk about is the fact that you know we talk about zero day of all abilities these things were there’s a better hardware you would I can’t do anything about that you know we can’t other than where we source our computers and phones from right but the majority of the hacks that we see out there the way these adversaries get into systems it’s not through the firewall it’s through somebody open email clicking on a link or downloading attachment running.

Sets I think something that that it’s important remind people who did this last night of what can I do what’s the thing that we can do to personally to be more secure to be.

To increase our national security through personal security so getting back to like the I. T. example the jacket last night like change the default password on your smart devices are on your wifi router or things like that so I think that’s a.

The thing to keep in mind that even though this is a national issue there are things that individuals need to be able to do need to do in order for us to be secure the country everybody needs to play the part to make that happen.

Chris: 

I think it was the director of national intelligence appears ago said if if if someone in another country wants to make his life difficult from a US spy standpoint they do things like change the default password on devices set up two step authentication might very very basic stuff this isn’t mission impossible superstars it’s just the basic stuff and and a lot of it’s simply because if I take a year when I want to I want to exploit you like you may say I’m just insignificant the Chinese government when one of it may but maybe you know somebody who they would want to get maybe work in a company whose systems they might wanna acts or maybe you are a vendor to a company or when your customers as a company but somewhere in your ecosystem and if you put up the center of the Chinese government wants to target you I will just assume that all of us have secrets that we don’t want the rest of the world were barest you know to to varying degrees people have things that they keep a secret for a reason and and if someone gets access to older technology they get full access to your phone what’s the odds that they find out one of those what’s the odds they use that embarrassment war you know fear of changing your status why you’re burning your marriage fear of getting fired from your job zero costing you money and.

And they use that leverage to then get you to do something that it’s not in the best of your.

That is like very traditional spycraft but you know with technology and all of our pockets with our phones or all the devices that we’ve gotten our house houses how you know you have to ask yourself if if they targeted you how hard would it be for them to listen in on here you know smart speaker in your house your your Google home relaxing how hard would it be for them to tap into the microphone camera.

What would happen if they just had and was funnier stream of everything you sound or soft wrote it down and I’m guessing like a lot of people would cringe at the thought of and so it’s it’s but the good news is there at least on that front very basic things you can do to sort of not make yourself the weakest link protectors.

You know make it harder you know if someone really wants to have a nation state really really wants to get you either probably gonna get you eventually but you certainly don’t have to make it easy for and you can not be awake weeks like.

Sid:

I will search from from George focused last night he says security engineer crosstrek and hit a few interesting things to say he he got into several very specific adversary groups in China and some of the things they’ve done here to talk about the Marriott hack impact and you talk about a few different ones as well that they have done and how easy it is to get those things in the market so it’s a zero day vulnerability with USB drives or any other technology hardware that we buy or even software demos and a lot of times these vulnerabilities will sit dormant until they’re activated so we may know nothing about it there’s not really a an easy way to identify it it’s not like it’s going to show up on some of your our standard things because it’s not doing anything just sitting there waiting for the signal to come alive and connect to where it needs to connect to that get a command but sits dormant until that point and that was I think kind of a an eye opener for a lot of people that you know I may have I may be walking around right now with something bad in my pocket.

The the story that he told the whole like to relate with with justice is that there’s there’s a there’s an organization that the I think it was stone hand of the of the entity in China with the kind of the the nickname stump handout wanted to penetrate this organization so what they did is the way they penetrated is there was an employee who had it inspected USB drive the stock into a computer and that sent out a package it then contacted a Chinese server that delivered more of our kind of open the door like more that’s so they eventually found out that you know there’s this U. S. B. and they go to the guy to see where you get this should be sticks and I just bought it at a store down the street so the so the folks in contract went to that store down the street and bought the U. S. B. they bought for B. U. S. B. drives that were there in the store for sell the same USB drives and they plugged into a computer and all them start unloading this this malicious code show they had and so then the question becomes like well and what point in the supply chain were those USB drives compromise with a compromised at the factory back in China with a compromise that a distributor here in the United States did someone just walk into the store by known open a mop load the malware and then back at her back up and just return them or they just you know what we’re into so many spots along the way but at the end of the day you have.

Chris:

The Chinese government now infiltrating a network simply because someone put a U. S. B. drive in the computer think about where the you know how many things you buy online some technical do dad whatever that has to be or you know Askey plugged into a computer to be set up by USB drive that do that is manufactured in China and you know if I want to target your computer how much you know about what the owner abilities you exposing yourself to because of the supply chain skirts just a fascinating and kind of scary way to live your life because at this point in time there’s not a ton of non yeah there’s not a ton of options that aren’t made in China so it’s a you know it’s a it’s a it’s a fascinating approach and it’s it in some ways makes you feel really vulnerable because there’s just nothing you can do about it. You can’t practically live your life without hooking up to something somewhere at some point.

Segment 4, Sid = 2, Chris = 0

Sid:

Yeah I think so the numbers that our third speaker put out last night were.

A seventy five percent of computers in ninety percent cellphones yep are manufactured in China.

Chris: 

Yeah so imagine some cyber war scenario.

Goes about there’s a large zero day vulnerability and you know imagine you said I think we match of eighty percent of the people in this room is phones.

Stop working and you can’t get a replacement because you know you’re founders powers down there’s just you know just a broken.

And you can’t get a replacement because the replacements are manufactured trying like how disruptive is that two US economy to your ability to communicate with your family or loved ones with what do you do business with how for government leaders to communicate like everyone is dependent on computers calls at this point yeah I know myself.

Sid: 

You know I don’t even have a land line anymore right everything’s everything’s via voice.

Chris: 

Yeah.

Sid:

Right so I’ve got my cell phone to get them on to the house voice all that stuff but it all relies on the interview internet connection to be able to work in the first place so you take down don’t you take down the wifi router you essentially disabled.

SId: 

Any means of communication for most people to to to talk to the family work government any of that.

Chris: 

Yeah and the the example that Pete gave he showed a picture of a hardware and bad so was it’s you know it shows on the tip of a finger it’s if you if you hold up next to a penny it’s about the size of the date you know yeah said two thousand three on the penny that’s about the size of the piece of hardware that was indicted in a particular mother board of a company that was acquired by Amazon Amazon through a WS ABS on web services was building the the servers that or where you’re going to be used by the CIA and NSA and so the Chinese were able to use the you know the answer to this one company in their hardware for this one company and then it gets sucked up in the only reason I got found is because some Canadian group did like a very thorough and detailed audit of the actual physical hardware and then found this thing that wasn’t on the schematics and said you know what is this I mean this thing is tiny you wouldn’t you know and think about if you ever seen a mother board how busy that is you would never notice that and so wasn’t even a software Hackett was just relying on the supply chain well how many of those other things are out there they just haven’t found and you know much like that you know the old copper analog phone lines oppose have largely been ripped out there skewer and pure of those available and so and even if that wasn’t even those are available the switch is that they’re going to our server racks it is just so many digitized points of vulnerability that could take down you know our communication system US TV radio you know cell phone communication a land line communication internet communication all that stuff which is why why why is you don’t know when the US government does not want while way building the telecom backbone of the next generation internet in the US or any of our allied countries because of how disruptive that could be they recognize our critical that is to our economic and you know vitality.

Sid: 

I for one am very glad that we released come to that realization is a country that that there is a threat there first step is recognizing it you’ll be able to see that is there before you do anything about it I don’t feel that we’re doing everything we should but at least we’d call it what it is and hopefully that’ll get us in the right direction toward taking some solid steps to be more secure nation.

Chris: 

No totally think that there are critical manufacturing assets the United States that the US government has for decades team teach of strategic importance of for example the US is always building inner there’s no point time we’re not building an aircraft carrier they take five or so years to build but we want to maintain the expertise to builder or so we have a foundation that if you want to build tankers at once because a big war we would have the ability to do that and we do that with summary that occurs in tanks and planes and so there’s not but we we have things that aren’t as strategic like TV’s and there’s no TV you can find matter fact and you us and then you have all the stuff in the middle that maybe it’s a manufactured by an allied country but you you find yourself saying what would we do if you suddenly could get motherboards.

Our servers or cellphones or whatever and I know what point to those become critical where just the cost of cheapest manufacturing isn’t the only cost centering when you’re making them and I think that’s what makes this subwoofers not just the nineteen problem it’s a it’s a it’s a it’s a national strategy problem but it’s it’s something that affects you should never it’s not something you can just outsourced to a far wall because of how it affects all.

Sid: 

Right right courses off this pool between the securities like when you talked earlier about you know security liberty there’s also the security in the economics of security right if we were to try to manufacture all those things United States just the cost of labor alone would make a lot of its products unaffordable and unsustainable for companies actually build them so.

Chris: 

Perversion that by having a strong economic ties between the US and China it creates a disincentive to ever go to war because both countries don’t want to have the economic costs so it’s it’s a fascinating complex topic and I don’t think you know it you that I I said last night with some of this is I happen to be on the US side and see trying as an adversary but it doesn’t mean that China isn’t doing what’s in its best interest of the country to advance its own interest but I I think that just recognizing that trying to advancing its interest can be in the disinterest the United States and not everything is went went and a lot of the things trying to has done I’ve been trying to wins in America loses they just get the recognition of that I would guess that you know if there were a hundred some people in the room I don’t think anyone walked out at room without having her mind changed to some extent this to the the nature of the risk or how much more complex this topic is that one.

Sid: 

Yeah so last night we had a lot of really good questions and we ran out of time to answer all of them were there any questions that were asked her or not ask that you want to talk about now that are either reiterate are going to.

Chris:

There was there were several questions arrest about US offensive capability and and you know how do we stand you know how scared is trying out of us questions like that and I think that you know part of the reason it’s so so many people feel vulnerable the room is that most Americans are used to us being number one and there’s no question that whoever is number two when the US wants to invade a country right wrong or indifferent we just assume we have air superiority and we can take out their end of sensibilities and fire plans where we feel like it and in the cyber realm the the gap between us and our competitors even at the gap exists and I don’t even know for sure that we are number one but the gap is a lot smaller there’s you haven’t really small and weak nation states like North Korea that can’t compete with the U. S. an internal traditional military way that can feel some cyber capabilities that can do a whole lot of damage and also the gap between the US North Korea on that playing field is not nearly as small you see the same with Iran and you see the same with with Russia mean Russia’s economy is like a one trillion or some dollar economy compared to what twenty trillion dollar US from a traditional military standpoint they’re never going to be able to afford the ships and planes everything to keep up a a traditional military fight but their ability to you know use information worker cyber worker to influence elections influence all the comments that you read on your major sites a lot of those are Russians that are playing the role of outrage Americans the just feeds a lot of internal divisiveness in the US and I think that the Chinese have started to do some of the same so it’s kind of funny to read an article it’s critical China and then see a comment.

It just seems it’s just often enough for you say like that wasn’t written by an American but it’s written in English and it’s trying to pretend that it was and it’s their way of influencing the you know it’s a it’s a psychological operations to influence the the mindset of the American persona someone reading the comments so but yes we do have offensive capabilities north things trying is terrified of us cutting off their access to oil that’s why they care so much about the south currency because they don’t produce oil domestic United States so you’re terrified about your phone or computer stopping working imagine trying to run a country when you can’t access oil that’s pretty destructive and something the Americans can do to disrupt trying to so it’s not that they don’t have weaknesses and not with the stuff isn’t taking into account but the cyber domain is something there’s no major war that the US is fodder even globally you have Russia and Ukraine and Russia and order the you know the closest that you seem.

Yeah operationalize center and gonna worker standpoint but there’s been no cyber World War three or cyber Pearl Harbor that anyone can point to to understand how this actually gonna play out.

Sid: 

Yeah we talked about that before where we believe that there’s going to be some sort of event whether it’s a your actual.

Traditional conflict job is not maybe a you know a cyber attack that doesn’t even sense but we recognize that it was an attack or maybe one is successful takes on the power grid or you know affects manufacturing or some other part of our lives it really care about and it’s gonna take something big like that to be a wake up call for us as a country not to say this is more important than inviting you have about these other things this is something that we need to rally the nation behind and get everybody into I guess as though the thing I’d like to leave this with this for berbee out there there are things that you can do now to protect yourselves online in your house on your phones and that does have a direct relationship to our national security and even if that’s not the most important thing to your personal security should be so doing this things like change your passwords on a regular basis having heart password using a password manager multi factor authentication on anything you’re logging into that’s important just be careful what what’s out there you know we’re actually running some courses come up here for personal sensation you know where you can figure out how to get your information off of some of those those databases that are out there so that it makes it more difficult for somebody to exploit you and I may just be getting your bank account you know that maybe this criminal actors out there they’re trying to get a monetary gain.

Or maybe nation state actors they’re trying to you know figure out how to get into your company Sir gonna get your email passwords and things like that Sir there are definitely concrete steps that everybody can and should take to make themselves more secure and we’re firm believers that that personal security is what’s going to help increase our national security so what courage all of you to to take just twenty minutes and change your most important passwords take a look around and see what you’re doing online what you’re doing with your your your cyber hygiene and and taking up this one little action today take that action to try to make yourself a little bit more less role.

Chris anything else you’d like to say here forever.

Chris

I just we posted some really interesting articles on a cyber war is coming dot com and they’re worth checking out I’m just something we threw up quickly to just kind of have a spot where you can see a list of curated.

No we real out of stock but we we don’t want to put the most interesting ones there so someone takes only a couple minutes read some of them are longer rates but really fascinating stop so if you listen this far into this conversation and you think this kind of stuff is interesting I would totally recommend checking out because there’s there’s more there and we’ll just keep posting them as we as we come across.

Sid:

It as a great conversation starter for the night last night yeah we’ve got those articles up there.

Ought to kind of frame the conversation so.

Chris: 

Yeah.

Sid: 

Definitely in the shin comments on there feel free to jump in the rear on deck indiscretion cool.

Chris: 

Thanks.

Sid: 

Thanks a lot talk to you next time.

About Jonathan Boggiano

Jon is an innovator, leader, and investor who focuses on forging organizations that positively impact the greater good. His twin passions are building things (products, experiences, and companies) and mentoring professionals.