(upbeat music) >> Welcome to theCube's continuous coverage of AWS re:Invent 2021. I'm Dave Nicholson, and we are running one of the industry's most important and largest hybrid tech events this year with AWS and its partners with two live sets on the scene. In addition to two remote studios. And we'll have somewhere in the neighborhood of a hundred guests on the program this year at re:Invent. I'm extremely delighted to welcome a very, very special guest. Right now. He served as the director of the NSA under two presidents, and was the first commander of the U.S Cyber Command. He's a Cube alumni, he's founder and co-CEO of IronNet Cybersecurity. General Keith Alexander. Thanks for joining us today General. >> Thanks, David. It's an honor to be here at re:Invent, you know, with AWS. All that they're doing and all they're making possible for us to defend sector states, companies and nations in cyber. So an honor to be here. >> Well, welcome back to theCube. Let's dive right in. I'd like to know how you would describe the current cyber threat landscape that we face. >> Well, I think it's growing. Well, let's start right out. You know, the good news or the bad news, the bad news is getting worse. We're seeing that. If you think about SolarWinds, you think about the Hafnium attacks on Microsoft. You think about this rapid growth in ransomware. We're seeing criminals and nation states engaging in ways that we've never seen in the past. It's more blatant. They're going after more quickly, they're using cyber as an element of national power. Let's break that down just a little bit. Do you go back to two, July. Xi Jinping, talked about breaking heads in bloodshed when he was referring to the United States and Taiwan. And this has gone hot and cold, that's a red line for him. They will do anything to keep Taiwan from breaking away. And this is a huge existential threat to us into the region. And when this comes up, they're going to use cyber to go after it. Perhaps even more important and closer right now is what's going on with Russia in the Donbas region of eastern Ukraine. We saw this in 2014, when Russia took over the Crimea. The way they did it, staging troops. They did that in 2008 against Georgia. And now there are, by some reports over a hundred thousand troops on the border of Eastern Ukraine. Some call it an exercise, but that's exactly what they did in Georgia. That's what they did in the Crimea. And in both those cases, they preceded those attacks, those physical attacks with cyber attacks. If you go to 2017, when Russia hit the Ukrainian government with the NotPetya attack that had global repercussions. Russia was responsible for SolarWinds, they have attacked our infrastructure to find out what our government is doing and they continue going. This is getting worse. You know, it's interesting when you think about, so what do you do about something like that? How do we stop that? And the answer is we've got to work together. You know, Its slam commissioner addressed it. The meeting with the president on August 25th. This is a great statement by the CEO and chairman of Southern Company, Tom Fanning. He said this, "the war is being waged on our nation's critical infrastructure in particular, our energy sector, our telecommunications sector and financial sector." The private sector owns and operates 87% of the critical infrastructure in the United States, making collaboration between industry and the federal government imperative too, for these attacks. SO >> General, I want to dig just a little bit on that point that you make for generations, people have understood that the term is 'kinetic war', right? Not everyone has heard that phrase, but for generations we've understood the concept of someone dropping a bomb on a building as being an attack. You've just mentioned that, that a lot of these attacks are directed towards the private sector. The private sector doesn't have an army to respond to those attacks. Number one, that's our government's responsibility. So the question I have is, how seriously are people taking these kinds of threats when compared to the threat of kinetic war? Because my gosh, you can take down the entire electrical grid now. That's not something you can do with a single bomb. What are your, what are your thoughts on that? >> So you're hitting on a key point, a theoretical and an operational point. If you look back, what's the intent of warfare? It's to get the mass of people to give up. The army protects the mass of people in that fight. In cyber, there's no protection. Our critical infrastructure is exposed to our adversaries. That's the problem that we face. And because it's exposed, we have a tremendous vulnerability. So those who wish us harm, imagine the Colonial Pipeline attack an order of magnitude or two orders of magnitude bigger. The impact on our country would paralyze much of what we do today. We are not ready for that. That's the issue that Tom Fanning and others have brought up. We don't practice between the public sector and the private sector working together to defend this country. We need to do that. That's the issue that we have to really get our hands around. And when we talk about practice, what do we mean? It means we have to let that federal government, the ones that are going to protect us, see what's going on. There is no radar picture. Now, since we're at re:Invent, the cloud, where AWS and others have done, is create an infrastructure that allows us to build that bridge between the public and private sector and scale it. It's amazing what we can now do. We couldn't do that when I was running Cyber Command. And running Cyber Command, we couldn't see threats on the government. And we couldn't see threats on critical infrastructure. We couldn't see threats on the private sector. And so it all went and all the government did was say, after the fact you've been attacked. That's not helpful. >> So >> It's like they dropped a bomb. We didn't know. >> Yeah, so what does IronNet doing to kind of create this radar capability? >> So, well, thanks. That's a great question because there's four things that you really got to do. First. You've got to be able to detect the SolarWinds type attacks, which we did. You've got to have a hunt platform that can see what it is. You've got to be able to use machine learning and AI to really cut down the number of events. And the most important you need to be able to anonymize and share that into the cloud and see where those attacks are going to create that radar picture. So behavioral analytics, then you use signature based as well, but you need those sets of analytics to really see what's going on. Machine learning, AI, a hunt platform, and cloud. And then analytics in the cloud to see what's going on, creates that air traffic control, picture radar, picture for cyber. That's what we're doing. You see, I think that's the important part. And that's why we really value the partnership with AWS. They've been a partner with us for six years, helping us build through that. You can see what we can do in the cloud. We could never do in hardware alone. Just imagine trying to push out equipment and then do that for hundreds of companies. It's not viable. So SaaS, what we are as a SaaS company, you can now do that at scale, and you can push this out and we can create, we can defend this nation in cyber if we work together. And that's the thing, you know, I really, had a great time in the military. One of the things I learned in the military, you need to train how you're going to fight. They're really good at that. We did that in the eighties, and you can see what happened in 1990 in the Gulf war. We need to now do that between the public and private sector. We have to have those training. We need to continuously uplift our capabilities. And that's where the cloud and all these other things make that possible. That's the future of cybersecurity. You know, it's interesting David, our country developed the internet. We're the ones that pioneered that. We ought to be the first to secure. >> Seems to make sense. And when you talk about collective defense in this private public partnership, that needs to happen, you get examples of some folks in private industry and what they're doing, but, but talk a little bit more about, maybe what isn't happening yet. What do we need to do? I don't want you to necessarily get political and start making budgetary suggestions, but unless you want to, but what, but where do you see, where do we really need to push forward from a public perspective in order to make these connections? And then how is that connection actually happen? This isn't someone from the IronNet security service desk, getting on a red phone and calling the White House, how are the actual connections made? >> So it has to be, the connections have to be just like we do radar. You know, when you think about radars across our nation or radar operator doesn't call up one of the towers and say, you've got an aircraft coming at you at such and such a speed. I hope you can distinguish between those two aircraft and make sure they don't bump into each other. They get a picture and they get a way of tracking it. And multiple people can see that radar picture at a speed. And that's how we do air traffic control safety. We need the same thing in cyber, where the government has a picture. The private sector has a picture and they can see what's going on. The private sector's role is I'm going to do everything I can, you know, and this is where the energy sector, I use that quote from Tom Fanning, because what they're saying is, "it's our job to keep the grid up." And they're putting the resources to do it. So they're actually jumping on that in a great way. And what they're saying is "we'll share that with the government", both the DHS and DOD. Now we have to have that same picture created for DHS and DOD. I think one of the things that we're doing is we're pioneering the building of that picture. So that's what we do. We build the picture to bring people together. So think of that is that's the capability. Everybody's going to own a piece of that, and everybody's going to be operating in it. But if you can share that picture, what you can begin to do is say, I've got an attack coming against company A. Company A now sees what it has to do. It can get fellow companies to help them defend, collective defense, knowledge sharing, crowdsourcing. At the same time, the government can see that attack going on and say, "my job is to stop that." If it's DHS, I could see what I have to do. Within the country, DOD can say, "my job is to shoot the archers." How do we go do what we're authorized to do under rules of engagement? So now you have a way of the government and the private sector working together to create that picture. Then we train them and we train them. We should never have had an event like SolarWinds happen in the future. We got to get out in front. And if we do that, think of the downstream consequences, not only can we detect who's doing it, we can hold them accountable and make them pay a price. Right now. It's pretty free. They get in, pap, that didn't work. They get away free. That didn't work, we get away free. Or we broke in, we got, what? 18,000 companies in 30,000 companies. No consequences. In the future there should be consequences. >> And in addition to the idea of consequences, you know, in the tech sector, we have this concept of a co-op petition, where we're often cooperating and competing. The adversaries from, U.S perspective are also great partners, trading partners. So in a sense, it sounds like what you're doing is also kind of adhering to the old adage that, that good fences make for great neighbors. If we all know that our respective infrastructures are secure, we can sort of get on with the honest business of being partners, because you want to make the cost of cyber war too expensive. Is that, is that a fair statement? >> Yes. And I would take that analogy and bend it slightly to the following. Today every company defends itself. So you take 90 companies with 10 people, each doing everything they can to defend themselves. Imagine in the world we trying to build, those 90 companies work together. You have now 900 people working together for the collective defense. If you're in the C-suite or the board of those companies, which would rather have? 900 help new security or 10? This isn't hard. And so what we say is, yes. That neighborhood watch program for cyber has tremendous value. And beyond neighborhood watch, I can also share collaboration because, I might not have the best people in every area of cyber, but in those 900, there will be, and we can share knowledge crowdsource. So it's actually let's work together. I would call it Americans working together to defend America. That's what we need to do. And the states we going to have a similar thing what they're doing, and that's how we'll work this together. >> Yeah. That makes a lot of sense. General Alexander it's been a pleasure. Thanks so much for coming on to theCube as part of our 2021 AWS re:Invent coverage. Are you going to get a chance to spend time during the conference in Las Vegas? So you just flying in, flying out. Any chance? >> Actually yeah. >> It's there, we're still negotiating working that. I've registered, but I just don't know I'm in New York city for two meetings and seeing if I can get to Las Vegas. A lot of friends, you know, Adam Solski >> Yes >> and the entire AWS team. They're amazing. And we really liked this partnership. I'd love to see you there. You're going to be there, David? Absolutely. Yes, absolutely. And I look forward to that, so I hope hopefully we get that chance again. Thank you so much, General Alexander, and also thank you to our title sponsor AMD for sponsoring this year's re:Invent. Keep it right here for more action on theCube, you're leader in hybrid tech event coverage, I'm Dave Nicholson for the Cube. Thanks. (upbeat music)

(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

>> Woman: From theCUBE studios in Palo Alto in Boston, connecting without leaders all around the world, this is a CUBE conversation. >> Hello everyone, welcome to the special CUBE conversation, I'm John Furrier, host theCUBE here in Palo Alto, California, and doing a remote interview in our quarantine studio where we're getting the stories out there and sharing the content during the time of crisis when we're sheltering in place, as we get through this and get through the other side of the new normal. It's not necessarily normal, but it'll certainly create some normalcy around some of the new work at home, but also cybersecurity, I want to bring in a special guest who's going to talk with me about the impact of COVID-19 on cybersecurity, work at home, work in general, and also businesses practices. So, welcome Bill Welsh, who's the CEO of IronNet, who has taken over the helm run of the operations with General Keith Alexander, CUBE alumni as well, former NSA and former Cyber Command who's now leading a new innovative company called IronNet, which is deploying something really clever, but also something really realistic around cybersecurity so, Bill, thanks for joining me. >> Hey John, thanks for being with you. >> So, obviously, the COVID-19 crisis has created, essentially, a lot of exposure to the real world and, in general, around what it's like to work at home. Obviously, the economy's are crippled. This is an invisible threat. I've been chirping on Twitter and saying we've been fighting a digital war for a long time. There's been, the Internet has provided nation states the opportunity to attack folks using other mechanisms, open source and others, but if you look at this COVID-19, whether it's a bio weapon or not, it has crippled the country in the United States and caused crippling around the world, but it's just a threat and causing disruption, this is almost like a nuke, if you will, digital nuke. This is changing the game. You guys are in the cyber intelligence, cybersecurity area, what's your take on all of this and what are you hearing? >> Well I agree with you, John, I think that this is the invisible enemy, and as you know, right now with that going on, there's going to be adversaries that are going to take advantage of it. You see right now in some of the nation states where they're looking at opportunities to use this, to go after other countries, maybe just to test and see what their vulnerabilities are. You're seeing some activity overseas with nation states where they're looking at some of the military incursions, they're thinking about possible weaknesses with this invisible enemy. You know, it's affecting us in so many ways, whether it's economic, financial, our healthcare system, our supply chains, whether it's our, the supplies and groceries that we get to our people, so these are all challenging times that the adversaries are not going to just sit back and say oh well, you're in a crisis right now, we'll wait for the crisis to be alieved, we are now going to take advantage of it. >> And certainly the death toll is also the human impact as well, this is real world. This is something that we can have a longer conversation on, the time when we get more data in, and we'll certainly want to track this new, kind of digital warfare kind of paradigm, whether it's bio and or packets in cybersecurity, but the real impact has been this at scale exposure of problems and opportunities. For instance, IT folks were telling me that they underprovisioned their VPN access, now it's 100% everyone's at home. That's a disruption, that's not a hurricane, that's not a flood, this is now a new distraction to their operations. Other folks are seeing more hacks and more surface area, more threats from the old side getting hit. This has certainly impacted the cyber, but also people's anxiety at home. How are you guys looking at this, what are you guys doing, what's going on IronNet right now around cyber and COVID-19. >> Yeah, and what we're seeing right now is that our customers are seeing increasing awareness of their employees to understand what is going on around them and one of the things that we formed the company was the ability to assist enterprises of all sizes to collectively defend against threats that target their industries. We believe that collective defense is our collective responsibility. And it can't be just about technology, it's about some of the IT systems you talked about, being able to leverage them together. When I look at our top energy companies that we partner with, these individuals have great operators, but when you think about it, they have operators just for their company. What we're able to do within our environment, in our Iron Dome, is bring all that in together. We bring the human element and the IT element in order to help them solve positive outcomes for their industries. >> I want to dig into that because I think one of the things that I'm seeing coming out of this trend, post-pandemic is going to be the real emphasis on community. You're seeing people realizing through, whether it's doing Zoomification or Cubification, doing CUBE interviews and zooming and talking, I think you're going to see this element of I could do better, I can contribute either to society or to the collective at whole, and I think this collective idea you guys have with Iron Dome is very relevant because I think people are going to say wow, if I contribute, we might not have this kind of crisis again. This is something that's new, you guys have been on this collective thing with Iron Dome for a long time. I think this is pretty clever and I think it's going to be very relevant. Can you explain the Iron Dome collective, intelligence paradigm in the vision? >> Yeah, absolutely. And just to back up a little bit, what I will tell you is that we observed, as far as the problem statement, was that cyber is an element of national power, and people are using it to achieve their political, economic, and military objectives and now what you're seeing is are there other ways, cause while this COVID-19 may or may not have been anything as far as a bio-weapon, now others will see, well here's a way to bring down a country or an economy or something like that. We're also seeing that the cyber attacks are getting more and more destructive, whether it's WannaCry or NotPetya, we're also seeing the toolkits being more advanced, we're seeing how slow the response is by their cyber tools, so what we've looked at is we said wait, stop defending in isolation. That's what enterprises have been doing, they've been defending in isolation, no sharing, no collective intelligence as I would call it. And what we've been able to do is bring the power of those people to come together to collectively defend when something happens. So instead of having one security operation center defending a company, you can bring five or six or seven to defend the entire energy grid, this is one example. And over in Asia, we have the same thing. We have one of our largest customers over there, they have 450 companies, so if you think about it, 450 companies times the number of stock operators that they have in the security operation centers, you can think about the magnitude that we can bring the bearer of the arms, the warriors, to attack this crisis. >> So you're getting more efficiency, more acute response than before, so you got speed. So what you're saying is the collective intelligence provides what value? Speed, quality-- Yeah, it's at cloud scale, network speed, you get the benefit of all these operators, individuals that have incredible backgrounds in offensive and defensive operator experience including the people that we have, and then our partnership with either national governments or international governments that are allies, to make sure that we're sharing that collective intelligence so they can take action because what we're doing is we're making sure that we analyze the traffic, we're bringing the advanced analytics, we're bringing the expert systems, and we're bringing the experts to there, both at a technology level and also a personnel level. >> You know, General Alexander, one of the architects behind the vision here, who's obviously got a background in the military, NSA, Cyber Command, et cetera, uses the analogy of an airport radar, and I think that's a great metaphor because you need to have real-time communications on anything going on in as telemetry to what's landing or approaching or almost like landing that airplane, so he uses that metaphor and he says if there's no communication but it lags, you don't have it. He was using that example. Do you guys still use that example or can you explain further this metaphor? >> Absolutely, and I think another example that we have seen some of our customers really, in our prospects and partners really embrace is this concept of an immersive visualization, almost gaming environment. You look at what is happening now where people have the opportunity, even at home because of COVID-19, my teenage boys are spending way too much time probably on Call of Duty and Fortnite and that, but apply that same logic to cyber. Apply that logic to where you could have multiple players, multiple individuals, you can invite people in, you can invite others that might have subject matter expertise, you might be able to go and invite some of the IT partners that you have whether it's other companies to come in that are partners of yours, to help solve a problem and make it visualized, immersive, and in a gaming environment, and that is what we're doing in our Iron Dome. >> I think that's compelling and I've always loved the vision of abstracting away gaming to real world problems because it's very efficient, those kids are great, and the new Call of Duty came out so everyone's-- >> And they're also the next generation, they're the next generation of individuals that are going to be taking over security for us. So this is a great in mind... Cause this is something they already know, something they're already practicing, and something they're experts at and if you look at how the military is advancing, they've gone from having these great fighter pilots to putting people in charge of drones. It's the same thing with us is that possibility of having a cyber avatar go and fight that initiative is going to be something that we're doing. >> I think you guys are really rethinking security and this brings up my next topic I want to get your thoughts on is this crisis of COVID-19 has really highlighted old and new, and it's really kind of exposed again, at scale because it's an at scale problem, everyone's been forced to shelter in place and it exposes everything from deliveries to food to all the services and you can see what's important, what's not in life and it exposes kind of the old and new. So you have a lot of old antiquated, outdated systems and you have new emerging ones. How do you see those two sides of the street, old and new, what's emerging, what's your vision on what you think will be important post-pandemic? >> Well, I think the first thing is the individuals that are really the human element. So one, we have to make sure that individuals at home are, have all the things that they require in order to be successful and drive great outcomes, because I believe that the days of going into an office and sitting into a cube is yes, that is the old norm, but the new norm is individuals who either at home or on a plane, on a train, on a bus, or wherever they might be, practicing and being a part of it. So I think that the one thing we have to get our arms around is the ability to invite people into this experience no matter where they are and meet them where they are, so that's number one. Number two is making sure that those networks are available and that they're high speed, right? That we are making sure that they're not being used necessarily for streaming of Netflix, but being able to solve the cyber attacks. So there might be segmentation, there might be, as you said, this collective intelligent sharing that'll go across these entities. >> You know, it's interesting, Bill, you're bringing up something that we've been riffing on and I want to just expose that to you and kind of think out loud here. You're mentioning the convergence of physical, hybrid, 100% virtual as it kind of comes together. And then community and collective intelligence, we just talked about that, certainly relevant, you can see more movement on that side and more innovation. But the other thing that comes out of the woodwork and I want to get your thoughts on this is the old IoT Edge, Internet of things. Because if you think about that convergence of operational technologies and Internet technologies, ID, you now have that world's been going on for awhile, so obviously, you got to have telemetry on physical devices, you got to bring it in IT, so as you guys have this Iron Dome, collective view, hallux of view of things, it's really physical and virtual coming together. The virtualization-- >> It's all the above, it's all the above. The whole concept of IoT and OT and whether it's a device that's sitting in a solar wind panel or whether it's a device that's sitting in your network, it could be the human element, or it could actually be a device, that is where you require that cyber posture, that ability to do analytics on it, the ability to respond. And the ability to collectively see all of it, and that goes to that whole visualization I talked to you about, is being able to see your entire network, you can't protect something if you can't see it, and that's something that we've done across IronDome, and with our customers and prospects and with IronDefense, so it's something that absolutely is part of the things we're seeing in the cyber world. >> I want to get your reaction to some commentary that we've been having, Dave Vellante and myself on the team, and we were talking about how events have been shut down, the physical space, the venues where they have events. Obviously, we go to a lot of events with theCUBE, you know that. So, obviously that's kind of our view, but when you think about Internet of things, you think about collective intelligence with community, whether it's central to gamification or Iron Dome that you're innovating on, as we go through the pandemic, there's going to be a boomerang back, we think, to the importance of the physical space, cause at some point, we're going to get back to the real world, and so, the question is what operational technology, what version of learnings do we get from this shelter in place that gets applied to the physical world? This is the convergence of physical and virtual. We see as a big way, want to get your reaction to that. >> I absolutely agree with you, I think that we're going to learn some incredible lessons in so many different ways whether it's healthcare, financial, but I also, believe that's what you said, is that convergence of physical and virtual will become almost one in the same. We will see individuals that will leverage the physical when they need to and leverage the virtual when they need to. And I think that that's something that we will see more and more of of companies looking at how they actually respond and support their customer base. You know, some might decide to have more individuals in an at-home basis, to support a continuity of operations, some might decide that we're going to have some physical spaces and not others, and then we're going to leverage physical IT and some virtual IT, especially the cloud infrastructures are going to become more and more valuable as we've seen within our IronDome infrastructure. >> You know, we were riffing the other day in the remote interviews, theCUBE is going virtual, and we were joking that Amazon Web Services was really created through the trend of virtualization. I mean, VMware and the whole server virtualization created the opportunity for Amazon to abstract and create value. And we think that this next wave is going to be this pandemic has woken us up to this remote, virtual contribution, and it might create a lot of opportunities, for us, for instance, virtual CUBE, for virtual business. I'm sure you, as the CEO of IronNet, are thinking about how you guys recover post-pandemic, is it going to be a different world, are you going to have a mix of virtual, digital, integrated into your physical, whether it's how you market your products and engage customers to solving technical problems. This is a new management challenge, and it's an opportunity if you get it right, it could be a headwind or a tailwind, depending on how you look at it. So I want to get your thoughts on this virtualization post-pandemic management structure, management philosophy, obviously, dislocation with spacial economics, I get that and I always go to work in the office much but, beyond that, management style, posture, incentives. >> Yes, I think that there's a lot of things unpacked there. I mean, one is it is going to be about a lot of more communication. You know, I will tell you that since we have gone into this quarantine, we're holding weekly all hands, every Friday, all in a virtual environment. I think that the transparency will be even more. You know, one of the things that I'm most encouraged by and inspired by is the productivity. I will tell you, getting access to individuals has gotten easier and easier for us. The ability to get people into this virtual environment. They're not spending hours upon hours on commuting or flying on planes or going different places, and it doesn't mean that that won't be an important element of business, but I think it's going to give time back to individuals to focus on what is the most important priorities for the companies that they're driving. So this is an opportunity, I will tell you, our productivity has increased exponentially. We've seen more and more meetings, where more and more access to very high level individuals, who have said we want to hear what you guys are doing, and they have the time to do it now instead of jumping on a plane and wasting six hours and not being productive. >> It's interesting, it's also a human element too, you can hear babies crying, kids playing, dogs barking, you kind of laugh and chuckle in the old days, but now this is a humanization piece of it, and that should foster real communities, so I think... Obviously, we're going to be watching this virtualization of communities, collective intelligence and congratulations, I think Iron Dome, and iron offense, obviously which is core product, I think your Iron Dome is a paradigm that is super relevant, you guys are visionaries on this and I think it's turning out to be quite the product, so I want to congratulate you on that. Thanks for-- >> Thank you, John. Thanks for your time today and stay safe. >> Bill, thanks for joining us and thanks for your great insights on cyber COVID-19, and we'll follow up more on this trend of bio weaponry and kind of the trajectory of how cyber and scale cloud is going to shape how we defend and take offense in the future on how to defend our country and to make the world a safer place. I'm John Furrier, you're watching theCUBE here and our remote interviews in our quarantine studio in Palo Alto, thanks for watching. (lively music)

>>Bye from San Francisco. It's the cube covering RSA conference, 2020 San Francisco brought to you by Silicon angle media. >>Hey, welcome back. Everyone's keeps coverage here in San Francisco at the Moscone center for RSA conference 2020 I'm John, your host, as cybersecurity goes to the next generation as the new cloud scale, cyber threats are out there, the real impact a company's business and society will be determined by the industry. This technology and the people that a cube alumni here, caramel Jaffer, SVP, senior vice president of strategy and corporate development for iron net. Welcome back. Thanks to Shawn. Good to be here. Thanks for having so iron net FC general Keith Alexander and you got to know new CEO of there. Phil Welsh scaler and duo knows how to scale up a company. He's right. Iron is doing really well. The iron dome, the vision of collaboration and signaling. Congratulations on your success. What's a quick update? >> Well look, I mean, you know, we have now built the capability to share information across multiple companies, multiple industries with the government in real time at machine speed. >>Really bringing people together, not just creating collected security or clip to defense, but also collaborating real time to defend one another. So you're able to divide and conquer Goliath, the enemy the same way they come after you and beat them at their own game. >> So this is the classic case of offense defense. Most corporations are playing defense, whack-a-mole, redundant, not a lot of efficiencies, a lot of burnout. Exactly. Not a lot of collaboration, but everyone's talking about the who the attackers are and collaborating like a team. Right? And you guys talk about this mission. Exactly. This is really the new way to do it. It has, the only way it works, >> it is. And you know, you see kids doing it out there when they're playing Fortnite, right? They're collaborating in real time across networks, uh, to, you know, to play a game, right? You can imagine that same construct when it comes to cyber defense, right? >>There's no reason why one big company, a second big company in a small company can't work together to identify all the threats, see that common threat landscape, and then take action on it. Trusting one another to take down the pieces they have folk to focus on and ultimately winning the battle. There's no other way a single company is gonna be able defend itself against a huge decency that has virtually unlimited resources and virtually unlimited human capital. And you've got to come together, defend across multiple industries, uh, collectively and collaboratively. >> Do you mean, we talked about this last time and I want to revisit this and I think it's super important. I think it's the most important story that's not really being talked about in the industry. And that is that we were talking last time about the government protects businesses. If someone dropped troops on the ground in your neighborhood, the government would protect you digitally. >>That's not happening. So there's really no protection for businesses. Do they build their own militia? Do they build their own army? Who was going to, who's going to be their heat shield? So this is a big conversation and a big, it brings a question. The role of the government. We're going to need a digital air force. We're going to need a digital army, Navy, Navy seals. We need to have that force, and this has to be a policy issue, but in the short term, businesses and individuals are sitting out there being attacked by sophisticated mission-based teams of hackers and nation States, right? Either camouflaging or hiding, but attacking still. This is a huge issue. What's going on? Are people talking about this in D C well, >> John, look not enough. People are talking about it, right? And forget DC. We need to be talking about here, out here in the Silicon Valley with all these companies here at the RSA floor and bring up the things you're bringing up because this is a real problem we're facing as a nation. >>The Russians aren't coming after one company, one state. They're coming after our entire election infrastructure. They're coming after us as a nation. The Chinese maybe come after one company at a time, but their goal is to take our electoral properties, a nation, repurpose it back home. And when the economic game, right, the Iranians, the North Koreans, they're not focused on individual actors, but they are coming after individual actors. We can't defend against those things. One man, one woman, one company on an Island, one, one agency, one state. We've got to come together collectively, right? Work state with other States, right? If we can defend against the Russians, California might be really good at it. Rhode Island, small States can be real hard, defends against the Russians, but if California, Rhode Island come together, here's the threats. I see. Here's what it's. You see share information, that's great. Then we collaborate on the defense and work together. >>You take these threats, I'll take those threats and now we're working as a team, like you said earlier, like those kids do when they're playing fortnight and now we're changing the game. Now we're really fighting the real fight. >> You know, when I hear general Keith Alexander talking about his vision with iron net and what you guys are doing, I'm inspired because it's simply put, we have a mission to protect our nation, our people, and a good businesses, and he puts it into kind of military, military terms, but in reality, it's a simple concept. Yeah, we're being attacked, defend and attack back. Just basic stuff. But to make it work as the sharing. So I got to ask you, I'm first of all, I love the, I love what he has, his vision. I love what you guys are doing. How real are we? What's the progression? >>Where are we on the progress bar of that vision? Well, you know, a lot's changed to the last year and a half alone, right? The threats gotten a lot, a lot more real to everybody, right? Used to be the industry would say to us, yeah, we want to share with the government, but we want something back for, right. We want them to show us some signal to today. Industry is like, look, the Chinese are crushing us out there, right? We can beat them at a, at some level, but we really need the governor to go do its job too. So we'll give you the information we have on, on an anonymized basis. You do your thing. We're going to keep defending ourselves and if you can give us something back, that's great. So we've now stood up in real time of DHS. We're sharing with them huge amounts of data about what we're seeing across six of the top 10 energy companies, some of the biggest banks, some of the biggest healthcare companies in the country. >>Right? In real time with DHS and more to come on that more to come with other government agencies and more to come with some our partners across the globe, right? Partners like those in Japan, Singapore, Eastern Europe, right? Our allies in the middle East, they're all the four lenses threat. We can bring their better capability. They can help us see what's coming at us in the future because as those enemies out there testing the weapons in those local areas. I want to get your thoughts on the capital markets because obviously financing is critical and you're seeing successful venture capital formulas like forge point really specialized funds on cyber but not classic industry formation sectors. Like it's not just security industry are taking a much more broader view because there's a policy implication is that organizational behavior, this technology up and down the stack. So it's a much broad investment thesis. >>What's your view of that? Because as you do, you see that as a formula and if so, what is this new aperture or this new lens of investing to be successful in funding? Companies will look, it's really important what companies like forge point are doing. Venture capital funds, right? Don Dixon, Alberta Pez will land. They're really innovating here. They've created a largest cybersecurity focused fund. They just closed the recently in the world, right? And so they really focus on this industry. Partners like, Kleiner Perkins, Ted Schlein, Andrea are doing really great work in this area. Also really important capital formation, right? And let's not forget other funds. Ron Gula, right? The founder of tenable started his own fund out there in DC, in the DMV area. There's a lot of innovation happening this country and the funding on it's critical. Now look, the reality is the easy money's not going to be here forever, right? >>It's the question is what comes when that inevitable step back. We don't. Nobody likes to talk about it. I said the guy who who bets on the other side of the craps game in Vegas, right? You don't wanna be that guy, but let's be real. I mean that day will eventually come. And the question is how do you bring some of these things together, right? Bring these various pieces together to really create long term strategies, right? And that's I think what's really innovative about what Don and Alberto are doing is they're building portfolio companies across a range of areas to create sort of an end to end capability, right? Andrea is doing things like that. Ted's doing stuff like that. It's a, that's really innovation. The VC market, right? And we're seeing increased collaboration VC to PE. It's looking a lot more similar, right? And now we're seeing innovative vehicles like stacks that are taking some of these public sort of the reverse manner, right? >>There's a lot of interests. I've had to be there with Hank Thomas, the guys chief cyber wrenches. So a lot of really cool stuff going on in the financing world. Opportunities for young, smart entrepreneurs to really move out in this field and to do it now. And money's still silver. All that hasn't come as innovation on the capital market side, which is awesome. Let's talk about the ecosystem in every single market sector that I've been over, my 30 year career has been about a successful entrepreneurship check, capital two formation of partnerships. Okay. You're on the iron net, front lines here. As part of that ecosystem, how do you see the ecosystem formula developing? Is it the same kind of model? Is it a little bit different? What's your vision of the ecosystem? Look, I mean partnerships channel, it's critical to every cyber security company. You can't scale on your own. >>You've got to do it through others, right? I was at a CrowdStrike event the other day. 91% of the revenue comes from the channel. That's an amazing number. You think about that, right? It's you look at who we're trying to talk about partnering with. We're talking about some of the big cloud players. Amazon, Microsoft, right? Google, right on the, on the vendor side. Pardon me? Splunk crashes, so these big players, right? We want to build with them, right? We want to work with them because there's a story to tell here, right? When we were together, the AECOS through self is defendant stronger. There's no, there's no anonymity here, right? It's all we bring a specialty, you bring specialty, you work together, you run out and go get the go get the business and make companies safer. At the end of the day, it's all about protecting the ecosystem. What about the big cloud player? >>Cause he goes two big mega trends. Obviously cloud computing and scale, right? Multi-cloud on the horizon, hybrids, kind of the bridge between single public cloud and multi-cloud and then AI you've got the biggies are generally will be multiple generations of innovation and value creation. What's your vision on the impact of the big waves that are coming? Well, look, I mean cloud computing is a rate change the world right? Today you can deploy capability and have a supercomputer in your fingertips in in minutes, right? You can also secure that in minutes because you can update it in real time. As the machine is functioning, you have a problem, take it down, throw up a new virtual machine. These are amazing innovations that are creating more and more capability out there in industry. It's game changing. We're happy, we're glad to be part of that and we ought to be helping defend that new amazing ecosystem. >>Partnering with companies like Microsoft. They didn't AWS did, you know, you know, I'm really impressed with your technical acumen. You've got a good grasp of the industry, but also, uh, you have really strong on the societal impact policy formulation side of government and business. So I want to get your thoughts for the young kids out there that are going to school, trying to make sense of the chaos that's going on in the world, whether it's DC political theater or the tech theater, big tech and in general, all of the things with coronavirus, all this stuff going on. It's a, it's a pretty crazy time, but a lot of work has to start getting done that are new problems. Yeah. What is your advice as someone who's been through the multiple waves to the young kids who have to figure out what half fatigue, what problems are out there, what things can people get their arms around to work on, to specialize in? >>What's your, what's your thoughts and expertise on that? Well, John, thanks for the question. What I really like about that question is is we're talking about what the future looks like and here's what I think the future looks like. It's all about taking risks. Tell a lot of these young kids out there today, they're worried about how the world looks right? Will America still be strong? Can we, can we get through this hard time we're going through in DC with the world challenges and what I can say is this country has never been stronger. We may have our own troubles internally, but we are risk takers and we always win. No matter how hard it gets them out of how bad it gets, right? Risk taking a study that's building the American blood. It's our founders came here taking a risk, leaving Eagle to come here and we've succeeded the last 200 years. >>There is no question in my mind that trend will continue. So the young people out there, I don't know what the future has to hold. I don't know if the new tape I was going to be, but you're going to invent it. And if you don't take the risks, we're not succeed as a nation. And that's what I think is key. You know, most people worry that if they take too many risks, they might not succeed. Right? But the reality is most people you see around at this convention, they all took risks to be here. And even when they had trouble, they got up, they dust themselves off and they won. And I believe that everybody in this country, that's what's amazing about the station is we have this opportunity to, to try, if we fail to get up again and succeed. So fail fast, fail often, and crush it. >>You know, some of the best innovations have come from times where you had the cold war, you had, um, you had times where, you know, the hippie revolution spawn the computer. So you, so you have the culture of America, which is not about regulation and stunting growth. You had risk-taking, you had entrepreneurship, but yet enough freedom for business to operate, to solve new challenges, accurate. And to me the biggest imperative in my mind is this next generation has to solve a lot of those new questions. What side of the street is the self driving cars go on? I see bike lanes in San Francisco, more congestion, more more cry. All this stuff's going on. AI could be a great enabler for that. Cyber security, a direct threat to our country and global geopolitical landscape. These are big problems. State and local governments, they're not really tech savvy. They don't really have a lot ID. >>So what do they do? How do they serve their, their constituents? You know, look John, these are really important and hard questions, but we know what has made technology so successful in America? What's made it large, successful is the governor state out of the way, right? Industry and innovators have had a chance to work together and do stuff and change the world, right? You look at California, you know, one of the reasons California is so successful and Silicon Valley is so dynamic. You can move between jobs and we don't enforce non-compete agreements, right? Because you can switch jobs and you can go to that next higher value target, right? That shows the value of, you know, innovation, creating innovation. Now there's a real tendency to say, when we're faced with challenges, well, the government has to step in and solve that problem, right? The Silicon Valley and what California's done, what technology's done is a story about the government stayed out and let innovators innovate, and that's a real opportunity for this nation. >>We've got to keep on down that path, even when it seemed like the easier answer is, come on in DC, come on in Sacramento, fix this problem for us. We have demonstrated as a country that Americans and individual are good at solve these problems. We should allow them to do that and innovate. Yeah. One of my passions is to kind of use technology and media to end communities to get to the truth faster. A lot of, um, access to smart minds out there, but young minds, young minds, uh, old minds, young minds though. It's all there. You gotta get the data out and that's going to be a big thing. That's the, one of the things that's changing is the dark arts of smear campaigns. The story of Bloomberg today, Oracle reveals funding for dark money, group biting, big tech internet accountability projects. Um, and so the classic astroturfing get the Jedi contract, Google WASU with Java. >>So articles in the middle of all this, but using them as an illustrative point. The lawyers seem to be running the kingdom right now. I know you're an attorney, so I'm recovering, recovering. I don't want to be offensive, but entrepreneurship cannot be stifled by regulation. Sarbanes Oxley slowed down a lot of the IPO shifts to the latest stage capital. So regulation, nest and every good thing. But also there's some of these little tactics out in the shadows are going to be revealed. What's the new way to get this straightened out in your mind? We'll look, in my view, the best solution for problematic speech or pragmatic people is more speech, right? Let's shine a light on it, right? If there are people doing shady stuff, let's talk about it's an outfit. Let's have it out in the open. Let's fight it out. At the end of the day, what America's really about is smart ideas. >>Winning. It's a, let's get the ideas out there. You know, we spent a lot of time, right now we're under attack by the Russians when it comes to our elections, right? We spent a lot of time harping at one another, one party versus another party. The president versus that person. This person who tells committee for zap person who tells committee. It's crazy when the real threat is from the outside. We need to get past all that noise, right? And really get to the next thing which is we're fighting a foreign entity on this front. We need to face that enemy down and stop killing each other with this nonsense and turn the lights on. I'm a big believer of if something can be exposed, you can talk about it. Why is it happening exactly right. This consequences with that reputation, et cetera. You got it. >>Thanks for coming on the queue. Really appreciate your insight. Um, I want to just ask you one final question cause you look at, look at the industry right now. What is the most important story that people are talking about and what is the most important story that people should be talking about? Yeah. Well look, I think the one story that's out there a lot, right, is what's going on in our politics, what's going on in our elections. Um, you know, Chris Krebs at DHS has been out here this week talking a lot about the threat that our elections face and the importance about States working with one another and States working with the federal government to defend the nation when it comes to these elections in November. Right? We need to get ahead of that. Right? The reality is it's been four years since 2016 we need to do more. That's a key issue going forward. What are the Iranians North Koreans think about next? They haven't hit us recently. We know what's coming. We got to get ahead of that. I'm going to come again at a nation, depending on staff threat to your meal. Great to have you on the QSO is great insight. Thanks for coming on sharing your perspective. I'm John furrier here at RSA in San Francisco for the cube coverage. Thanks for watching.

>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Well, welcome back. Everyone's Cube Live coverage here in Boston, Massachusetts, for AWS. Reinforce Amazon Web sources. First inaugural conference around security. It's not Osama. It's a branded event. Big time ecosystem developing. We have returning here. Cube Alumni Bill Jeff for VP of strategy and the partnerships that Iron Net Cyber Security Company. Welcome back. Thanks. General Keith Alexander, who was on a week and 1/2 ago. And it was public sector summit. Good to see you. Good >> to see you. Thanks for >> having my back, but I want to get into some of the Iran cyber communities. We had General Qi 1000. He was the original commander of the division. So important discussions that have around that. But don't get your take on the event. You guys, you're building a business. The minute cyber involved in public sector. This is commercial private partnership. Public relations coming together. Yeah. Your models are sharing so bringing public and private together important. >> Now that's exactly right. And it's really great to be here with eight of us were really close partner of AWS is we'll work with them our entire back in today. Runs on AWS really need opportunity. Get into the ecosystem, meet some of the folks that are working that we might work with my partner but to deliver a great product, right? And you're seeing a lot of people move to cloud, right? And so you know some of the big announcement that are happening here today. We're willing. We're looking to partner up with eight of us and be a first time provider for some key new Proactiv elves. AWS is launching in their own platform here today. So that's a really neat thing for us to be partnered up with this thing. Awesome organization. I'm doing some of >> the focus areas around reinforcing your party with Amazon shares for specifics. >> Yes. So I don't know whether they announced this capability where they're doing the announcement yesterday or today. So I forget which one so I'll leave that leave that leave that once pursued peace out. But the main thing is, they're announcing couple of new technology plays way our launch party with them on the civility place. So we're gonna be able to do what we were only wanted to do on Prem. We're gonna be able to do in the cloud with AWS in the cloud formation so that we'll deliver the same kind of guy that would deliver on prime customers inside their own cloud environments and their hybrid environment. So it's a it's a it's a sea change for us. The company, a sea change for a is delivering that new capability to their customers and really be able to defend a cloud network the way you would nonpregnant game changer >> described that value, if you would. >> Well, so you know, one of the key things about about a non pregnant where you could do you could look at all the flows coming past you. You look at all the data, look at in real time and develop behavior. Lana looks over. That's what we're doing our own prime customers today in the cloud with his world who looked a lox, right? And now, with the weight of your capability, we're gonna be able to integrate that and do a lot Maur the way we would in a in a in a normal sort of on Prem environment. So you really did love that. Really? Capability of scale >> Wagon is always killed. The predictive analytics, our visibility and what you could do. And too late. Exactly. Right. You guys solve that with this. What are some of the challenges that you see in cloud security that are different than on premise? Because that's the sea, So conversation we've been hearing. Sure, I know on premise. I didn't do it on premises for awhile. What's the difference between the challenge sets, the challenges and the opportunities they provide? >> Well, the opportunities air really neat, right? Because you've got that even they have a shared responsibility model, which is a little different than you officially have it. When it's on Prem, it's all yours essential. You own that responsibility and it is what it is in the cloud. Its share responsible to cloud provider the data holder. Right? But what's really cool about the cloud is you could deliver some really interesting Is that scale you do patch updates simultaneously, all your all your back end all your clients systems, even if depending how your provisioning cloud service is, you could deliver that update in real time. You have to worry about. I got to go to individual systems and update them, and some are updated. Summer passed. Some aren't right. Your servers are packed simultaneously. You take him down, you're bringing back up and they're ready to go, right? That's a really capability that for a sigh. So you're delivering this thing at scale. It's awesome now, So the challenge is right. It's a new environment so that you haven't dealt with before. A lot of times you feel the hybrid environment governed both an on Prem in sanitation and class sensation. Those have to talkto one another, right? And you might think about Well, how do I secure those those connections right now? And I think about spending money over here when I got all seduced to spend up here in the cloud. And that's gonna be a hard thing precisely to figure out, too. And so there are some challenges, but the great thing is, you got a whole ecosystem. Providers were one of them here in the AWS ecosystem. There are a lot here today, and you've got eight of us as a part of self who wants to make sure that they're super secure, but so are yours. Because if you have a problem in their cloud, that's a challenge. Them to market this other people. You talk about >> your story because your way interviews A couple weeks ago, you made a comment. I'm a recovering lawyer, kind of. You know, we all laughed, but you really start out in law, right? >> How did you end up here? Yeah, well, the truth is, I grew up sort of a technology or myself. My first computer is a trash 80 a trs 80 color computer. RadioShack four k of RAM on board, right. We only >> a true TRS 80. Only when I know what you're saying. That >> it was a beautiful system, right? Way stored with sword programs on cassette tapes. Right? And when we operated from four Keita 16 k way were the talk of the Rainbow Computer Club in Santa Monica, California Game changer. It was a game here for 16. Warning in with 60 give onboard. Ram. I mean, this is this is what you gonna do. And so you know, I went from that and I in >> trouble or something, you got to go to law school like you're right >> I mean, you know, look, I mean, you know it. So my dad, that was a chemist, right? So he loved computers, love science. But he also had an unrequited political boners body. He grew up in East Africa, Tanzania. It was always thought that he might be a minister in government. The Socialist came to power. They they had to leave you at the end of the day. And he came to the states and doing chemistry, which is course studies. But he still loved politics. So he raised at NPR. So when I went to college, I studied political science. But I paid my way through college doing computer support, life sciences department at the last moment. And I ran 10 based. He came on climate through ceilings and pulled network cable do punch down blocks, a little bit of fibrous placing. So, you know, I was still a murderer >> writing software in the scythe. >> One major, major air. And that was when when the web first came out and we had links. Don't you remember? That was a text based browser, right? And I remember looking to see him like this is terrible. Who would use http slash I'm going back to go for gophers. Awesome. Well, turns out I was totally wrong about Mosaic and Netscape. After that, it was It was it was all hands on >> deck. You got a great career. Been involved a lot in the confluence of policy politics and tech, which is actually perfect skill set for the challenge we're dealing. So I gotta ask you, what are some of the most important conversations that should be on the table right now? Because there's been a lot of conversations going on around from this technology. I has been around for many decades. This has been a policy problem. It's been a societal problem. But now this really focus on acute focus on a lot of key things. What are some of the most important things that you think should be on the table for techies? For policymakers, for business people, for lawmakers? >> One. I think we've got to figure out how to get really technology knowledge into the hands of policymakers. Right. You see, you watch the Facebook hearings on Capitol Hill. I mean, it was a joke. It was concerning right? I mean, anybody with a technology background to be concerned about what they saw there, and it's not the lawmakers fault. I mean, you know, we've got to empower them with that. And so we got to take technologist, threw it out, how to get them to talk policy and get them up on the hill and in the administration talking to folks, right? And one of the big outcomes, I think, has to come out of that conversation. What do we do about national level cybersecurity, Right, because we assume today that it's the rule. The private sector provides cyber security for their own companies, but in no other circumstance to expect that when it's a nation state attacker, wait. We don't expect Target or Wal Mart or any other company. J. P. Morgan have surface to air missiles on the roofs of their warehouses or their buildings to Vegas Russian bear bombers. Why, that's the job of the government. But when it comes to cyberspace, we expect Private Cummings defending us everything from a script kiddie in his basement to the criminal hacker in Eastern Europe to the nation state, whether Russia, China, Iran or North Korea and these nation states have virtually a limited resource. Your armies did >> sophisticated RND technology, and it's powerful exactly like a nuclear weaponry kind of impact for digital. >> Exactly. And how can we expect prices comes to defend themselves? It's not. It's not a fair fight. And so the government has to have some role. The questions? What role? How did that consist with our values, our principles, right? And how do we ensure that the Internet remains free and open, while still is sure that the president is not is not hampered in doing its job out there. And I love this top way talk about >> a lot, sometimes the future of warfare. Yeah, and that's really what we're talking about. You go back to Stuxnet, which opened Pandora's box 2016 election hack where you had, you know, the Russians trying to control the mean control, the narrative. As you pointed out, that that one video we did control the belief system you control population without firing a shot. 20 twenties gonna be really interesting. And now you see the U. S. Retaliate to Iran in cyberspace, right? Allegedly. And I was saying that we had a conversation with Robert Gates a couple years ago and I asked him. I said, Should we be Maur taking more of an offensive posture? And he said, Well, we have more to lose than the other guys Glasshouse problem? Yeah, What are your thoughts on? >> Look, certainly we rely intimately, inherently on the cyber infrastructure that that sort of is at the core of our economy at the core of the world economy. Increasingly, today, that being said, because it's so important to us all the more reason why we can't let attacks go Unresponded to write. And so if you're being attacked in cyberspace, you have to respond at some level because if you don't, you'll just keep getting punched. It's like the kid on the playground, right? If the bully keeps punching him and nobody does anything, not not the not the school administration, not the kid himself. Well, then the boy's gonna keep doing what he's doing. And so it's not surprising that were being tested by Iran by North Korea, by Russia by China, and they're getting more more aggressive because when we don't punch back, that's gonna happen. Now we don't have to punch back in cyberspace, right? A common sort of fetish about Cyrus is a >> response to the issue is gonna respond to the bully in this case, your eggs. Exactly. Playground Exactly. We'll talk about the Iran. >> So So if I If I if I can't Yeah, the response could be Hey, we could do this. Let them know you could Yes. And it's a your move >> ate well, And this is the key is that it's not just responding, right. So Bob Gates or told you we can't we talk about what we're doing. And even in the latest series of alleged responses to Iran, the reason we keep saying alleged is the U. S has not publicly acknowledged it, but the word has gotten out. Well, of course, it's not a particularly effective deterrence if you do something, but nobody knows you did it right. You gotta let it out that you did it. And frankly, you gotta own it and say, Hey, look, that guy punch me, I punch it back in the teeth. So you better not come after me, right? We don't do that in part because these cables grew up in the intelligence community at N S. A and the like, and we're very sensitive about that But the truth is, you have to know about your highest and capabilities. You could talk about your abilities. You could say, Here are my red lines. If you cross him, I'm gonna punch you back. If you do that, then by the way, you've gotta punch back. They'll let red lines be crossed and then not respond. And then you're gonna talk about some level of capabilities. It can't all be secret. Can't all be classified. Where >> are we in this debate? Me first. Well, you're referring to the Thursday online attack against the intelligence Iranian intelligence community for the tanker and the drone strike that they got together. Drone take down for an arm in our surveillance drones. >> But where are we >> in this debate of having this conversation where the government should protect and serve its people? And that's the role. Because if a army rolled in fiscal army dropped on the shores of Manhattan, I don't think Citibank would be sending their people out the fight. Right? Right. So, like, this is really happening. >> Where are we >> on this? Like, is it just sitting there on the >> table? What's happening? What's amazing about it? Hi. This was getting it going well, that that's a Q. What's been amazing? It's been happening since 2012 2011 right? We know about the Las Vegas Sands attack right by Iran. We know about North Korea's. We know about all these. They're going on here in the United States against private sector companies, not against the government. And there's largely been no response. Now we've seen Congress get more active. Congress just last year passed to pass legislation that gave Cyber command the authority on the president's surgery defenses orders to take action against Russia, Iran, North Korea and China. If certain cyber has happened, that's a good thing, right to give it. I'll be giving the clear authority right, and it appears the president willing to make some steps in that direction, So that's a positive step. Now, on the back end, though, you talk about what we do to harden ourselves, if that's gonna happen, right, and the government isn't ready today to defend the nation, even though the Constitution is about providing for the common defense, and we know that the part of defense for long. For a long time since Secretary Panetta has said that it is our mission to defend the nation, right? But we know they're not fully doing that. How do they empower private sector defense and one of keys That has got to be Look, if you're the intelligence community or the U. S. Government, you're Clinton. Tremendous sense of Dad about what you're seeing in foreign space about what the enemy is doing, what they're preparing for. You have got to share that in real time at machine speed with industry. And if you're not doing that and you're still count on industry to be the first line defense, well, then you're not empowered. That defense. And if you're on a pair of the defense, how do you spend them to defend themselves against the nation? State threats? That's a real cry. So >> much tighter public private relationship. >> Absolutely, absolutely. And it doesn't have to be the government stand in the front lines of the U. S. Internet is, though, is that you could even determine the boundaries of the U. S. Internet. Right? Nobody wants an essay or something out there doing that, but you do want is if you're gonna put the private sector in the in the line of first defense. We gotta empower that defense if you're not doing that than the government isn't doing its job. And so we gonna talk about this for a long time. I worked on that first piece of information sharing legislation with the House chairman, intelligence Chairman Mike Rogers and Dutch Ruppersberger from Maryland, right congressman from both sides of the aisle, working together to get a fresh your decision done that got done in 2015. But that's just a first step. The government's got to be willing to share classified information, scaled speed. We're still not seeing that. Yeah, How >> do people get involved? I mean, like, I'm not a political person. I'm a moderate in the middle. But >> how do I How do people get involved? How does the technology industry not not the >> policy budgets and the top that goes on the top tech companies, how to tech workers or people who love Tad and our patriots and or want freedom get involved? What's the best approach? >> Well, that's a great question. I think part of is learning how to talk policy. How do we get in front policymakers? Right. And we're I run. I run a think tank on the side at the National Institute at George Mason University's Anton Scalia Law School Way have a program funded by the Hewlett Foundation who were bringing in technologists about 25 of them. Actually. Our next our second event. This Siri's is gonna be in Chicago this weekend. We're trained these technologies, these air data scientists, engineers and, like talk Paul's right. These are people who said We want to be involved. We just don't know how to get involved And so we're training him up. That's a small program. There's a great program called Tech Congress, also funded by the U. A. Foundation that places technologists in policy positions in Congress. That's really cool. There's a lot of work going on, but those are small things, right. We need to do this, its scale. And so you know, what I would say is that their technology out there want to get involved, reach out to us, let us know well with our partners to help you get your information and dad about what's going on. Get your voice heard there. A lot of organizations to that wanna get technologies involved. That's another opportunity to get in. Get in the building is a >> story that we want to help tell on be involved in David. I feel passion about this. Is a date a problem? So there's some real tech goodness in there. Absolutely. People like to solve hard problems, right? I mean, we got a couple days of them. You've got a big heart problems. It's also for all the people out there who are Dev Ops Cloud people who like to work on solving heart problems. >> We got a lot >> of them. Let's do it. So what's going on? Iron? Give us the update Could plug for the company. Keith Alexander found a great guy great guests having on the Cube. That would give the quick thanks >> so much. So, you know, way have done two rounds of funding about 110,000,000. All in so excited. We have partners like Kleiner Perkins Forge point C five all supporting us. And now it's all about We just got a new co CEO in Bill Welshman. See Scaler and duo. So he grew Z scaler. $1,000,000,000 valuation he came in to do Oh, you know, they always had a great great exit. Also, we got him. We got Sean Foster in from from From Industry also. So Bill and Sean came together. We're now making this business move more rapidly. We're moving to the mid market. We're moving to a cloud platform or aggressively and so exciting times and iron it. We're coming toe big and small companies near you. We've got the capability. We're bringing advanced, persistent defense to bear on his heart problems that were threat analytics. I collected defence. That's the key to our operation. We're excited >> to doing it. I call N S A is a service, but that's not politically correct. But this is the Cube, so >> Well, look, if you're not, if you want to defensive scale, right, you want to do that. You know, ECE knows how to do that key down here at the forefront of that when he was in >> the government. Well, you guys are certainly on the cutting edge, riding that wave of common societal change technology impact for good, for defence, for just betterment, not make making a quick buck. Well, you know, look, it's a good business model by the way to be in that business. >> I mean, It's on our business cards. And John Xander means it. Our business. I'd say the Michigan T knows that he really means that, right? Rather private sector. We're looking to help companies to do the right thing and protect the nation, right? You know, I protect themselves >> better. Well, our missions to turn the lights on. Get those voices out there. Thanks for coming on. Sharing the lights. Keep covers here. Day one of two days of coverage. Eight of us reinforce here in Boston. Stay with us for more Day one after this short break.

>> Narrator: Live, from Washington DC, it's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in our nation's capital. I'm your host, Rebecca Knight. Co-hosting along side John Furrier. We are joined by Jamil Jaffer, he is the VP Strategy and Partnerships at IronNet. Thanks so much for coming on theCUBE. >> Thanks for having me Rebecca. >> Rebecca: I know you've been watching us for a long time so here you are, soon to be a CUBE alumn. >> I've always wanted to be in theCUBE, it's like being in the octagon but for computer journalists. (laughing) I'm pumped about it. >> I love it. Okay, why don't you start by telling our viewers a little bit about IronNet and about what you do there. >> Sure, so IronNet was started about 4 1/2 years ago, 5 years ago, by General Kieth Alexander, the former director of the NSA and founding commander of US Cyber command. And essentially what we do is, we do network traffic analytics and collective defense. Now I think a lot of people know what network traffic analytics are, you're looking for behavioral anomalies and network traffic, trying to identify the bad from the good. Getting past all the false positives, all the big data. What's really cool about what we do is collective defense. It's this idea that one company standing alone can't defend itself, it's got to work with multiple companies, it's got to work across industry sectors. Potentially even with the governments, and potentially across allied governments, really defending one another. And the way that works, the way we think about that, is we share all the anomalies we see across multiple companies to identify threat trends and correlations amongst that data, so you can find things before they happen to you. And so the really cool idea here is, that something may not happen to you, but it may happen to your colleague, you find about it, you're defended against it. And it takes a real commitment by our partners, our companies that we work with, to do this, but increasingly they're realizing the threat is so large, they have no choice but to work together, and we provide that platform that allows that to happen. >> And the premise is that sharing the data gives more observational space to have insights into that offense, correct? >> That's exactly right. It's as though, it's almost like you think about an air traffic control picture, or a radar picture, right? The idea being that if you want to know what's happening in the air space, you got to see all of it in real time at machine speed, and that allows you to get ahead of the threats rather than being reactive and talking about instant response, we're talking about getting ahead of the problems before they happen so you can stop them and prevent the damage ahead of time. >> So you're an expert, they're lucky to have you. Talk about what you've been doing before this. Obviously a lot of experience in security. Talk about some about some of the things you've done in the past. >> So I have to admit to being a recovering lawyer, but you have to forgive me because I did grow up with computers. I had a Tandy TRS-80 Color computer when I first started. 4K of all more RAM, we upgraded to 16K, it was the talk of the rainbow computer club, what are you doing, 16K of RAM? (laughing) I mean, it was-- >> Basic programming language, >> That's right. (laughing) Stored on cassette tapes. I remember when you used to have to punch a hole in the other side of a 5 1/4 floppy disc to make it double sided. >> Right, right. >> John: Glory days. >> Yeah, yeah. I paid my way through college running a network cable, but I'm a recovering lawyer, and so my job in the government, I worked at the House Intelligence Committee, the Senate Foreign Relations Committee and then the Bush administration on the Comprehensive National Cybersecurity Initiative, both the Justice Department and the White House. >> You've seen the arc, you've seen the trajectory, the progress we're making now seems to me slower than it should be, obviously a lot of inertia as Amy Chasity said today about these public sector government agencies, what not. But a real focus has been on it, we've been seeing activity. Where are we with the state of the union around the modernization of cyber and awareness to what's happening? How critical are people taking this threat seriously? >> Well I think I variety of things to say on that front. First, the government itself needs modernize its systems, right? We've seen that talked about in the Obama administration, we've seen President Trump put out an executive order on modernization of federal infrastructure. The need to move to the cloud, the need to move to shared services, make them more defensible, more resilient long-term. That's the right move. We've seen efforts at the Department of Defense and elsewhere. They aren't going as fast as the need to, more needs to happen on that front. IT modernization can really be accelerated by shifting to the cloud, and that's part of why that one of the things that IronNet's done really aggressively is make a move into the cloud space, putting all of our back end in the cloud and AWS. And also, ability, capability to do surveillance and monitoring. When I say surveillance I mean network threat detection not surveillance of the old kind. But network threat detection in the cloud, and in cloud-enabled instances too. So both are important, right? Classic data centers, but also in modern cloud infrastructure. >> Yeah, one of the things people want to know about is what your enemy looks like, and now with the democratization with open source, and democratization of tools, the enemies could be hiding through obscure groups. The states, the bad actors and the state actors can actually run covert activities through other groups, so this is kind of a dynamic that creates confusion. >> No, in fact, it's their actual mode of operating, right? It's exactly what they do, they use proxies, right? So you'll see the Russians operating, looking like a criminal hacker group operating out of the eastern Europe. In part because a lot of those Russian criminal rings, in actuality. You see a lot of patriotic hackers, right? I would tell most people, if you see a patriotic hacker there's probably a government behind that whole operation. And so the question becomes, how do you confront that threat, right? A lot of people say deterrence doesn't work in cyberspace. I don't believe that. I think deterrence can and does work in cyberspace, we just don't practice it. We don't talk about our capabilities, we don't talk our red lines, we don't talk about what'll happen if you cross our red lines, and when we do establish red lines and they're crossed, we don't really enforce them. So it's no surprise that our enemies, or advisories, are hitting us in cyberspace, are testing our boundaries. It's cause we haven't really give them a sense of where those lines are and what we're going to do if they cross them. >> Are we making an progress on doing anything here? What's the state of the market there? >> Well the government appears to have gotten more aggressive, right? We've seen efforts in congress to give the Department of Defense and the US Intelligence Committee more authorities. You can see the stand up of US Cyber Command. And we've seen more of a public discussion of these issues, right? So that's happening. Now, is it working? That's a harder question to know. But the real hard question is, what do you do on private sector defense? Because our tradition has been, in this country, that if it's a nation-state threat, the government defends you against it. We don't expect Target or Walmart or Amazon to have service to air missiles on the roof of your buildings to defend against Russian Bear bombers. We expect the government to do that. But in cyberspace, the idea's flipped on its head. We expect Amazon and every company in America, from a mom and pop shop, all the way up to the big players, to defend themselves against script kiddies, criminal hacker gangs, and nation-states. >> John: And randomware's been taking down cities, Baltimore, recent example, >> Exactly. >> John: multiple times. Hit that well many times. >> That's right, that's right. >> Talk about where the US compares. I mean, here as you said, the US, we are starting to have these conversations, there's more of an awareness of these cyber threats. But modernization has been slow, it does not quite have the momentum. How do we rate with other countries? >> Well I think in a lot of ways we have the best capabilities when it comes to identifying threats, identifying the adversary, the enemy, and taking action to respond, right? If we're not the top one, we're in the top two or three, right? And the question, though, becomes one of, how do you work with industry to help industry become that good? Now our industry is at the top of that game also, but when you're talking about a nation-state, which has virtually unlimited resources, virtually unlimited man-power to throw at a problem, it's not realistic to expect a single company to defend itself, and at the same time, we as a nation are prepared to say, "Oh, the Department of Defense should be sitting on "the boundaries of the US internet." As if you could identify them even, right? And we don't want that. So the question becomes, how does the government empower the private sector to do better defense for itself? What can the government do working with industry, and how can industry work with one another, to defend each other? We really got to do collective defense, not because it makes sense, which it does, but because there is no other option if you're going to confront nation-state or nation-state enabled actors. And that's another threat, we've seen the leakage of nation-state capabilities out to a lot broader of an audience now. That's a problem, even though that may be 2013 called and wants it's hack back, those things still work, right? What we saw in Baltimore was stuff that has been known for a long time. Microsoft has released patches long ago for that, and yet, still vulnerable. >> And the evolution of just cyber essential command, and Cyber Command, seems to be going slow, at least from my frame. Maybe I'm not in the know, but what is the imperative? I mean, there's a lot of problems to solve. How does the public sector, how does the government, solve these problems? Is cloud the answer? What are some of the things that people of this, the top minds, discussing? >> Well and I think cloud is clearly one part of the solution, right? There's no question that when you move to a cloud infrastructure, you have sort of a more bounded perimeter, right? And that provides that ability to also rapidly update, you could update systems in real time, and in mass. There's not going around and bringing your floppy disc and loading software, and it sounds like that's sort of a joke about an older era, but you look at what happened with NotPetya and you read this great Wired article about what happened with NotPetya, and you look at Maersk. And the way that Maersk brought its systems back up, was they had domain controller in Africa that had gone down due to a power surge, where they were able to recover the physical hard drive and re-image all their world-wide domain controls off of that one hard drive. You think about a major company that runs a huge percentage of the world's ports, right? And this is how they recovered, right? So we really are in that, take your disc and go to computers. In a cloud infrastructure you think about how you can do that in real time, or rapidly refresh, rapidly install patches, so there's a lot of that, that's like a huge part of it. It's not a complete solution, but it's an important part. >> Yeah, one of the things we talk about, a lot of tech guys, is that this debate's around complexity, versus simplicity. So if you store your data in one spot, it's easy to audit and better for governing compliance, but yet easier for hackers to penetrate. From an IQ standpoint, the more complex it is, distributed, harder. >> Yeah I think that's right. >> John: But what's the trade off there? How are people thinking about that kind of direction? >> No that's a great question, right? There's a lot of benefits to diversity of systems, there's a lot of benefit to spreading out your crown jewels, the heart of your enterprise. At the same time, there's real resilience in putting it in one place, having it well defended. Particularly when it's a shared responsibility and you have partial responsibility for the defense, but the provider to, I mean, Amazon, and all the other cloud providers, Microsoft and Google, all have it in their own self interest to really defend their cloud really well. Because whether or not you call it shared responsibility, it's your stock price that matters if you get hit, right? And so, instead of you, Amazon, and all the other cloud players have an incentive to do the right thing and do it really well. And so this shared responsibility can work to both side's benefits. That being said, there's an ongoing debate. A lot of folks want to do there stuff on-prem in a lot of ways. You know, a lot of us are old school, right? When you touch it, you feel it, you know it's there. And we're working through that conversation with folks, and I think that at the end of the day, the real efficiency gains and the power of having super computing power at your fingertips for analytics, for consumer purposes and the like. I really think there's no way to avoid moving to a cloud infrastructure in the long run. >> I know you said you were a recovering lawyer, but you are the founding director of the National Security Institute at the Antonin Scalia School of Law. How are you thinking about educating the next generation of lawyers who could indeed become policy makers or at least work on these committees, to think about these threats that we don't even know about yet? >> That's a great question. So one of the things we're doing, is we're working through the process with the state commission on establishing a new LLM and cyber intelligence national security law. That'll be a great opportunity for lawyers to actually get an advanced degree in these issues. But we're also training non-lawyers. One of the interesting things is, you know, One of the challenges DC has, is we make a lot of tech policy, a lot of it not great, because it's not informed by technologists, so we've got a great partnership with the Hewlett Foundation where we're bringing technologists from around the country, mid-career folks, anywhere from the age of 24 to 38. We're bringing them to DC and we're educating them on how to talk to policy makers. These are technologists, these are coders, data scientists, all the like, and it's a real opportunity for them to be able to be influential in the process of making laws, and know how to involve themselves and talk that speak. Cause, DC speak is a certain thing, right? (laughing) And it's not typically consistent with tech speak, so we're trying to bridge that gap and the Hewlett Foundation's been a great partner in that effort. >> On that point about this collaboration, Silicon Valley's been taking a lot of heat lately, obviously Zuckerberg and Facebook in the news again today, more issues around irresponsibility, but they were growing a rocket ship, I mean, company's only 15 years old roughly. So the impact's been significant, but tech has moved so fast. Tech companies usually hire policy folks in DC to speak the language, educate, a little bit different playbook. But now it's a forcing function between two worlds colliding. You got Washington DC, the Silicon Valley cultures have to blend now. What are some of the top minds thinking about this? What are some of the discussions happening? What's the topic of conversations? >> Well look, I mean, you've see it in the press, it's no surprise you're hearing this talk about breaking up big tech companies. I mean, it's astounding. We used to live in world in which being successful was the American way, right? And now, it seems like at least, without any evidence of anti-trust concerns, that we're talking about breaking up companies that have otherwise hugely successful, wildly innovative. It's sort of interesting to hear that conversation, it's not just one party, you're hearing this in a bipartisan fashion. And so it's a concern, and I think what it reveals to tech companies is, man, we haven't be paying a lot of attention to these guys in DC and they can cause real trouble. We need to get over there and starting talking to these folks and educating them on what we do. >> And the imperative for them is to do the right thing, because, I mean, the United States interest, breaking up, say, Facebook, and Google, and Apple, and Amazon, might look good on paper but China's not breaking up Alibaba anytime soon. >> To the contrary. They're giving them low-interest loans and helping them all to excel. It's crazy. >> Yeah, and they have no R&D by the way, so that's been- >> Jamil: Right, because they stole all of our IP. >> So the US invests in R&D that is easily moving out through theft, that's one issue. You have digital troops on our shores from foreign nations, some will argue, I would say yes. >> Jamil: Inside the border. >> Inside the border, inside the interior, with access to the power grids, our critical infrastructure, this is happening now. So is the government now aware of the bigger picture around what we have as capabilities and criticalities that were needed now for digital military? What is that conversation like? >> Well I think they're having this conversation, right? I think the government knows it's a problem, they know that actually in a lot of ways a partnership with tech is better than an adversary relationship. That doesn't change the fact that, for some reason, in the last three, four years, we really have seen what some people are calling a "techlash", right? A backlash against technology. It kind of strikes me as odd, because of course, the modern economy that we've so benefited from is literally built on the back of the innovations coming out of the Silicon Valley, out of the west coast, and out of the DC metro area, where a lot these tech companies are developing some of the most innovative new ideas. Now they're, frankly, helping government innovate. So Amazon's a key part of that effort, right? Here in the public sector. And so I'm hoping that education will help, I know that the arrival of tech companies here to really have that conversation in an open and sensible way, I hope will sort of waft back some of this. But I worry that for too long the tech and the policies have ignored on another. And now they're starting to intersect as you say, and it has the possibility of going wrong fast, and I'm hoping that doesn't happen. >> You know, one of the things that Rebecca and I were talking about was this talent gap between public sector and private sector. These agencies aren't going to go public anytime soon, so maybe they should get equity deals and get a financial incentive. (laughing) You know what I mean? Shrink down the cost, increase the value. But as you get the collaboration between the two parties, the cloud is attracting smart people, because it gives you an accelerant of value. So people can see some entry points to land, some value out of the gate, verus giving up and abandoning it through red tape, or in other processes. So you starting to see smart people get attracted to cloud as a tool for making change. How is that working? And how is that going to work? Cause this could be coming to the partnership side of it. People might not want to work for the government, but could work with the government. This is a dynamic that we see as real. What's your thoughts? >> I think that's exactly right. Having these cloud infrastructures gives the ability to one, leverage huge amounts of computing power, but also to leverage insights and knowledge from the private sector in ways that you never could have imagined. So I really do think the cloud is an opportunity to bring real benefits from private sector innovation into the public sector very rapidly, right? So, broad-clouded option. And that's part of why John Alexander, my boss, and I have been talking a lot about the need for broad-clouded option. It's not just innovative in technology, it's benefits to the war fighter, Right? I mean, these are real, tangible benefits pushing data in real time, the war fighter, You know John Alexander had one of the biggest innovations in modern war fighting, where he's able to take civil intelligence down from weeks and months, down to minutes and seconds, that the naval and our war fighters in Iraq and Afghanistan to really take the fight to the enemy. The cloud brings that power scaled up to a huge degree, right? By orders of magnitude. And so the government recognizes this and yet today we don't see them yet moving rapidly in that direction. So I think the EO was a good move, a good first step in that direction, now we got to see it implemented by the various agencies down below. >> Well we'll kep in touch, great to have you on. I know we're wrapping up the day here, they're breaking down, we're going to pull the plug literally. (laughing) We'll keep in touch and we'll keep progress on you. >> Thank you so much, I appreciate it. >> Rebecca: Jamil, you are now a CUBE alumn, >> I love it, thank you. >> Rebecca: So congrats, you've joined the club. >> I love it. >> I'm Rebecca Knight for John Furrier you have been watching theCUBE's live coverage of the AWS Public Sector Summit. (electronic music)

>> Live from Washington DC, it's theCUBE covering AWS Public Sector Summit 2018. Brought to you by Amazon Web Services and its ecosystem partners. >> Welcome back to our nation's capital. You're watching theCUBE, the worldwide leader in live tech coverage. I'm Stu Miniman, joined by my co-host Dave Vallante. Happy to welcome to the program Matt Olsen, who is the co-founder, president, and chief revenue officer of IronNet cybersecurity, thanks so much for joining us. >> Yeah, great to be here, Stu. Thanks. >> So, obviously, public sector, we've been talking a lot about the cyber, as it were. As a co-founder, always one of the first, give us the why of the company. Why was it founded and a little bit of background. >> Sure, you know, we were founded, I guess out of some frustration. A number of us, including our CEO, Keith Alexander, who was formerly the director of NSA, we came out of the government. And the frustration was, that what we saw happening to companies, big companies, small companies, and the government was getting hit with cyber attacks, you know, consistently and increasingly sophisticated and disruptive, even destructive cyber attacks. So we left the government around the same time, a number of us, and we decided, can we start a company to really take on these threats? What can we do to develop a technology based on the threat landscape that really takes cyber security to the next level? So our mission has always been to protect companies and governments from these types of attacks that are hitting us all the time. >> Yeah, so there's no shortage of security experts inside the government, especially NSA. Actually, I remember Dave and I had talked to, there was a little company called Squirrel that came out of the NSA a little bit later. Oh, what do you know? AWS acquired them last year. So bring us insight a little bit, you know, what's the offering that IronNet has? How do you differentiate yourself in the marketplace? >> Sure, and you're absolutely right. There is a lot of expertise in places like NSA, where I formally worked and a bunch of us formally worked. The offering basically is, network traffic analytics. So we look at the network traffic inside large companies and, right down to the PCAP, so we're looking at the actual network traffic and running analytics. And what that means is not signature-based, but behavioral analytics. Looking for those indicators of malicious activity that we then can alert the SOC operators in these companies that this is something they need to pay attention to right away. Of course the problem always with this area is false positives. You know, how do you make sure that the alerts you're giving to these operators really mean something? So we've done a lot of work to draw down those false positives so that we're giving them alerts that are actionable and meaningful in the context of, you know, a very difficult threat landscape. So that's the basic offering. >> So what's underneath the covers? I mean, what's the secret sauce? Are you using machine intelligence? Share with us. >> Yeah, sure, I think the secret sauce is really a combination of two things. It's analytics algorithms that our data scientists develop. We've got some world-class folks that came out of places like the Defense Research Agency and universities that develop the analytics, the algorithms, but we combine those, that math with real life operators, people who themselves were on the offense at one point, right? They were working to, you know, break into other networks. They were the hackers who understand how the adversary operates like nobody else does. Combining the mathematics, the analytics with real life operators, that I'd say, you know, Dave, is the secret sauce because those are how we develop the analytics and the expert system to produce the alerts and draw down those false positives. >> Yeah, it was interesting. Last week, we were at Cisco Live, talking a lot about networking, and one of the biggest things for networking people is a lot of the network that they own, they don't actually own it anymore. It's in Amazon, it's in, you know, I've got my SAF stuff, public clouds, all that I'm dealing with. So, you know, where do you sit, are you mostly focused on public clouds like AWS or, you know, where in the network? >> So its a great question because there's clearly a movement, right, from on PRAM solutions to cloud solutions. AWS is part of that. So we're partners with AWS. So we've developed our analytics to run in AWS as one of our key cloud providers. So, we, with some of our customers, we're all on PRAM, we're in their data center. These are companies that want us there inside their perimeter, right? But then, with others, we have the ability to have sensors in their network but then do all the analytics, all the backend work in AWS, in the cloud environment. And that makes a lot of sense for many companies, especially when you talk about companies that are a little smaller maybe or, you know, we're not talking about the biggest companies. So they do, a lot of their applications are running in the cloud, so that's been a key transition for us as we've developed our product. >> Matt, what would you say are the biggest threats to organizations that they should be aware of? >> Yeah, you know, the biggest threats are the obvious ones in some ways, but there's no doubt that the nation-states that are carrying out attacks, whether we're talking about China or Iran or North Korea or Russia, are increasingly active and are especially dangerous in a volatile geopolitical landscape like we face today. So we're concerned in working with our customers to make sure that we're taking on the level of threat that we see from nation-states. And that's something, I think, at IronNet we understand particularly well, given that we were operating at that nation-state level when we were all in government. Of course, the most pervasive problem is the criminals. And you see that in all manner of hacks in cyber attacks, that the most common type of attack, including ransomware are occurring at the hands of criminals. >> So rewarding. But, your behavioral analytics can help with that problem. What about, like, the weaponization of social media? I mean, what do you make of that? And, I don't know, is there an answer to that that you can help with? >> You know, the way that social media has been used, you know, for example in the election in 2016, it's obviously a problem that we all are concerned about as citizens. And part of that is, I think there's a combination of the government working together with the private sector, in particular, the social media companies, to come up with better ways to take on that problem to make sure that people who are using those platforms are actually people, and not bots, not Russian trolls. We need to do an education campaign for American citizens, who are coming into this election cycle that were, you know, better prepared for what we saw happen in 2016. I mean, it's a big effort and, you know, I'm not sure, to be honest, that as a country we've totally come to grips with the nature of that problem. >> Yeah, I think you're right. We're just trying to get our heads around it. I interviewed Robert Gates one time and I asked him this question, and I've asked other security practitioners, and I get all kinds of different responses. He said, I want to tell you what he said and then maybe you can respond. I'm paraphrasing, of course, for Dr. Gates. He said we have to be really careful. I was asking him offense or defense, you know. Should we, we probably have some of the best security people in the world, we could go on offense, is that the future of warfare? He said we have to be really careful because we have a lot to lose as well in critical infrastructure. Others have said, no, we should go on the offense to flex our muscles. What do you think the right posture is there? >> You know, I think that's a great point, Dave. There clearly is a balance. I mean, it begins with defense, right. It begins with hardening our defenses, having the right people with the right experience and the right expertise in place to protect our networks because, you know, the best offense really is a good defense and protecting our networks. But we do need to have the capability, and we do have the capability to take offensive action when warranted. One of the challenges, I think, in this space is that we haven't necessarily developed the rules of engagement. You know, under what circumstances should the United States government take action on offense in cyber? You know, we saw this in going after ISIS. You know, going after some of their capability as a terrorist group, targeting people in the United States and taking out some of that capability. That's one way I think that we've clearly done the right thing in going on the offense. Harder to say when you have some of the cyber attacks going after a critical infrastructure. What's the right role for the government in going on the offense? I think, again, the first step is a good defense. And one element of a good defense is working better together. Companies working together, as well as companies working in close coordination and cooperation with the government. >> So it's not so much the technology. Obviously the technology is there, but it's the process around that, the collaboration with, whether it's within agencies or organizations. >> I think that's right. I think there's a lot of good technology. We're, our company, we provide a common defense platform for companies to work together. That's what we do at IronNet. And we're doing that with a number of energy companies right now. But the, I think it's getting that policy in place so that companies understand the technology exists to be faster and better working together. How can we then break down whatever barriers there are to sharing information and having that sort of collaborative approach? And we see that happening more and more across the critical infrastructure, whether we're talking finance or healthcare or energy. >> Matt, what's IronNet's relationship with Amazon? Are you part of the market place? How do you go to market together? >> Yeah, we're a registered partner with Amazon. Amazon is our, one of our cloud providers for our, as I mentioned, for where we run our analytics. I also mentioned this common defense platform. We run the correlations that we do for companies working together. That's all done in AWS, in the cloud. We've found Amazon to be a, really an extraordinary partner as an industry leader and a cloud provider. And so we're very close to, and with Amazon, in both going to market but also in developing our product, so it's been a great partnership for us. >> What do you think of the show? I mean, it's insane, isn't it? >> Yeah, it's amazing, right? Just the parking, finding a parking space was incredible. But once I got in. >> We didn't have to park. >> Yeah, once I got in, it's a fantastic show. >> We did have to register. (laughter) >> Likewise. No, congratulations, it's a great show and Amazon has been terrific for us at IronNet. >> Well, we're glad to cover it and we appreciate you joining us, Matt, for this segment. Be back with more coverage here from the AWS Public Sector show. For Dave Vallante, I'm Stu Miniman and thanks again for watching theCUBE.

(upbeat music) >> Welcome to the special CUBE presentation of the AWS Global Public Sector Partner Awards Program. I'm here with the leader of the partner program, Sandy Carter, Vice President, AWS, Amazon Web Services @Sandy_Carter on Twitter, prolific on social and great leader. Sandy, great to see you again. And congratulations on this great program we're having here. In fact, thanks for coming out for this keynote. Well, thank you, John, for having me. You guys always talk about the coolest thing. So we had to be part of it. >> Well, one of the things that I've been really loving about this success of public sector we talked to us before is that as we start coming out of the pandemic, is becoming very clear that the cloud has helped a lot of people and your team has done amazing work, just want to give you props for that and say, congratulations, and what a great time to talk about the winners. Because everyone's been working really hard in public sector, because of the pandemic. The internet didn't break. And everyone stepped up with cloud scale and solve some problems. So take us through the award winners and talk about them. Give us an overview of what it is. The criteria and all the specifics. >> Yeah, you got it. So we've been doing this annually, and it's for our public sector partners overall, to really recognize the very best of the best. Now, we love all of our partners, John, as you know, but every year we'd like to really hone in on a couple who really leverage their skills and their ability to deliver a great customer solution. They demonstrate those Amazon leadership principles like working backwards from the customer, having a bias for action, they've engaged with AWS and very unique ways. And as well, they've contributed to our customer success, which is so very important to us and to our customers as well. >> That's awesome. Hey, can we put up a slide, I know we have slide on the winners, I want to look at them, with the tiles here. So here's a list of some of the winners. I see a nice little stars on there. Look at the gold star. I knows IronNet, CrowdStrike. That's General Keith Alexander's company, I mean, super relevant. Presidio, we've interviewed them before many times, got Palantir in there. And is there another one, I want to take a look at some of the other names here. >> In overall we had 21 categories. You know, we have over 1900 public sector partners today. So you'll notice that the awards we did, a big focus on mission. So things like government, education, health care, we spotlighted some of the brand new technologies like Containers, Artificial Intelligence, Amazon Connect. And we also this year added in awards for innovative use of our programs, like think big for small business and PTP as well. >> Yeah, well, great roundup, they're looking forward to hearing more about those companies. I have to ask you, because this always comes up, we're seeing more and more ecosystem discussions when we talk about the future of cloud. And obviously, we're going to, you know, be at Mobile World Congress, theCUBE, back in physical form, again, (indistinct) will continue to go on. The notion of ecosystem is becoming a key competitive advantage for companies and missions. So I have to ask you, why are partners so important to your public sector team? Talk about the importance of partners in context to your mission? >> Yeah, you know, our partners are critical. We drive most of our business and public sector through partners. They have great relationships, they've got great skills, and they have, you know, that really unique ability to meet the customer needs. If I just highlighted a couple of things, even using some of our partners who won awards, the first is, you know, migrations are so critical. Andy talked at Reinvent about still 96% of applications still sitting on premises. So anybody who can help us with the velocity of migrations is really critical. And I don't know if you knew John, but 80% of our migrations are led by partners. So for example, we gave awards to Collibra and Databricks as best lead migration for data as well as Datacom for best data lead migration as well. And that's because they increase the velocity of migrations, which increases customer satisfaction. They also bring great subject matter expertise, in particular around that mission that you're talking about. So for instance, GDIT won best Mission Solution For Federal, and they had just an amazing solution that was a secure virtual desktop that reduced a federal agencies deployment process, from months to days. And then finally, you know, our partners drive new opportunities and innovate on behalf of our customers. So we did award this year for P to P, Partnering to Partner which is a really big element of ecosystems, but it was won by four points and in quizon, and they were able to work together to implement a data, implement a data lake and an AI, ML solution, and then you just did the startup showcase, we have a best startup delivering innovation too, and that was EduTech (indistinct) Central America. And they won for implementing an amazing student registration and early warning system to alert and risks that may impact a student's educational achievement. So those are just some of the reasons why partners are important. I could go on and on. As you know, I'm so passionate about my partners, >> I know you're going to talk for an hour, we have to cut you off a little there. (indistinct) love your partners so much. You have to focus on this mission thing. It was a strong mission focus in the awards this year. Why are customers requiring much more of a mission focused? Is it because, is it a part of the criteria? I mean, we're seeing a mission being big. Why is that the case? >> Well, you know, IDC, said that IT spend for a mission or something with a purpose or line of business was five times greater than IT. We also recently did our CTO study where we surveyed thousands of CTOs. And the biggest and most changing elements today is really not around the technology. But it's around the industry, healthcare, space that we talked about earlier, or government. So those are really important. So for instance, New Reburial, they won Best Emission for Healthcare. And they did that because of their new smart diagnostic system. And then we had a partner when PA consulting for Best Amazon Connect solution around a mission for providing support for those most at risk, the elderly population, those who already had pre existing conditions, and really making sure they were doing what they called risk shielding during COVID. Really exciting and big, strong focus on mission. >> Yeah, and it's also, you know, we've been covering a lot on this, people want to work for a company that has purpose, and that has missions. I think that's going to be part of the table stakes going forward. I got to ask you on the secrets of success when this came up, I love asking this question, because, you know, we're starting to see the playbooks of what I call post COVID and cloud scale 2.0, whatever you want to call it, as you're starting to see this new modern era of success formulas, obviously, large scale value creation mission. These are points we're hearing and keep conversations across the board. What do you see as the secret of success for these parties? I mean, obviously, it's indirect for Amazon, I get that, but they're also have their customers, they're your customers, customers. That's been around for a while. But there's a new model emerging. What are the secrets from your standpoint of success? you know, it's so interesting, John, that you asked me this, because this is the number one question that I get from partners too. I would say the first secret is being able to work backwards from your customer, not just technology. So take one of our award winners Cognizant. They won for their digital tolling solution. And they work backwards from the customer and how to modernize that, or Pariveda, who is one of our best energy solution winners. And again, they looked at some of these major capital projects that oil companies were doing, working backwards from what the customer needed. I think that's number one, working backwards from the customer. Two, is having that mission expertise. So given that you have to have technology, but you also got to have that expertise in the area. We see that as a big secret of our public sector partners. So education cloud, (indistinct) one for education, effectual one for government and not for profit, Accenture won, really leveraging and showcasing their global expansion around public safety and disaster response. Very important as well. And then I would say the last secret of success is building repeatable solutions using those strong skills. So Deloitte, they have a great solution for migration, including mainframes. And then you mentioned early on, CloudStrike and IronNet, just think about the skill sets that they have there for repeatable solutions around security. So I think it's really around working backwards from the customer, having that mission expertise, and then building a repeatable solution, leveraging your skill sets. >> That's a great formula for success. I got you mentioned IronNet, and cybersecurity. One of things that's coming up is, in addition to having those best practices, there's also like real problems to solve, like, ransomware is now becoming a government and commercial problem, right. So (indistinct) seeing that happen a lot in DC, that's a front burner. That's a societal impact issue. That's like a cybersecurity kind of national security defense issue, but also, it's a technical one. And also public sector, through my interviews, I can tell you the past year and a half, there's been a lot of creativity of new solutions, new problems or new opportunities that are not yet identified as problems and I'd love to get your thoughts on my concern is with Jeff Bar yesterday from AWS, who's been blogging all the the news and he is a leader in the community. He was saying that he sees like 5G in the edge as new opportunities where it's creative. It's like he compared to the going to the home improvement store where he just goes to buy one thing. He does other things. And so there's a builder culture. And I think this is something that's coming out of your group more, because the pandemic forced these problems, and they forced new opportunities to be creative, and to build. What's your thoughts? >> Yeah, so I see that too. So if you think about builders, you know, we had a partner, Executive Council yesterday, we had 900, executives sign up from all of our partners. And we asked some survey questions like, what are you building with today? And the number one thing was artificial intelligence and machine learning. And I think that's such a new builders tool today, John, and, you know, one of our partners who won an award for the most innovative AI&ML was Kablamo And what they did was they use AI&ML to do a risk assessment on bushfires or wildfires in Australia. But I think it goes beyond that. I think it's building for that need. And this goes back to, we always talk about #techforgood. Presidio, I love this award that they won for best nonprofit, the Cherokee Nation, which is one of our, you know, Native American heritage, they were worried about their language going out, like completely out like no one being able to speak yet. And so they came to Presidio, and they asked how could we have a virtual classroom platform for the Cherokee Nation? And they created this game that's available on your phone, so innovative, so much of a builder's culture to capture that young generation, so they don't you lose their language. So I do agree. I mean, we're seeing builders everywhere, we're seeing them use artificial intelligence, Container, security. And we're even starting with quantum, so it is pretty powerful of what you can do as a public sector partner. >> I think the partner equation is just so wide open, because it's always been based on value, adding value, right? So adding value is just what they do. And by the way, you make money doing it if you do a good job of adding value. And, again, I just love riffing on this, because Dave and I talked about this on theCUBE all the time, and it comes up all the time in cloud conversations. The lock in isn't proprietary technology anymore, its value, and scale. So you starting to see builders thrive in that environment. So really good points. Great best practice. And I think I'm very bullish on the partner ecosystems in general, and people do it right, flat upside. I got to ask you, though, going forward, because this is the big post COVID kind of conversation. And last time we talked on theCUBE about this, you know, people want to have a growth strategy coming out of COVID. They want to be, they want to have a tail win, they want to be on the right side of history. No one wants to be in the losing end of all this. So last year in 2021 your goals were very clear, mission, migrations, modernization. What's the focus for the partners beyond 2021? What are you guys thinking to enable them, 21 is going to be a nice on ramp to this post COVID growth strategy? What's the focus beyond 2021 for you and your partners? >> Yeah, it's really interesting, we're going to actually continue to focus on those three M's mission, migration and modernization. But we'll bring in different elements of it. So for example, on mission, we see a couple of new areas that are really rising to the top, Smart Cities now that everybody's going back to work and (indistinct) down, operations and maintenance and global defense and using gaming and simulation. I mean, think about that digital twin strategy and how you're doing that. For migration, one of the big ones we see emerging today is data-lead migration. You know, we have been focused on applications and mainframes, but data has gravity. And so we are seeing so many partners and our customers demanding to get their data from on premises to the cloud so that now they can make real time business decisions. And then on modernization. You know, we talked a lot about artificial intelligence and machine learning. Containers are wicked hot right now, provides you portability and performance. I was with a startup last night that just moved everything they're doing to ECS our Container strategy. And then we're also seeing, you know, crippin, quantum blockchain, no code, low code. So the same big focus, mission migration, modernization, but the underpinnings are going to shift a little bit beyond 2021. >> That's great stuff. And you know, you have first of all people don't might not know that your group partners and Amazon Web Services public sector, has a big surface area. You talking about government, health care, space. So I have to ask you, you guys announced in March the space accelerator and you recently announced that you selected 10 companies to participate in the accelerated program. So, I mean, this is this is a space centric, you know, targeting, you know, low earth orbiting satellites to exploring the surface of the Moon and Mars, which people love. And because the space is cool, let's say the tech and space, they kind of go together, right? So take us through, what's this all about? How's that going? What's the selection, give us a quick update, while you're here on this space accelerated selection, because (indistinct) will have had a big blog post that went out (indistinct). >> Yeah, I would be thrilled to do that. So I don't know if you know this. But when I was young, I wanted to be an astronaut. We just helped through (indistinct), one of our partners reach Mars. So Clint, who is a retired general and myself got together, and we decided we needed to do something to help startups accelerate in their space mission. And so we decided to announce a competition for 10 startups to get extra help both from us, as well as a partner Sarafem on space. And so we announced it, everybody expected the companies to come from the US, John, they came from 44 different countries. We had hundreds of startups enter, and we took them through this six week, classroom education. So we had our General Clint, you know, helping and teaching them in space, which he's done his whole life, we provided them with AWS credits, they had mentoring by our partner, Sarafem. And we just down selected to 10 startups, that was what Vernors blog post was. If you haven't read it, you should look at some of the amazing things that they're going to do, from, you know, farming asteroids to, you know, helping with some of the, you know, using small vehicles to connect to larger vehicles, when we all get to space. It's very exciting. Very exciting, indeed, >> You have so much good content areas and partners, exploring, it's a very wide vertical or sector that you're managing. Is there any pattern? Well, I want to get your thoughts on post COVID success again, is there any patterns that you're seeing in terms of the partner ecosystem? You know, whether its business model, or team makeup, or more mindset, or just how they're organizing that that's been successful? Is there like a, do you see a trend? Is there a certain thing, then I've got the working backwards thing, I get that. But like, is there any other observations? Because I think people really want to know, am I doing it right? Am I being a good manager, when you know, people are going to be working remotely more? We're seeing more of that. And there's going to be now virtual events, hybrid events, physical events, the world's coming back to normal, but it's never going to be the same. Do you see any patterns? >> Yeah, you know, we're seeing a lot of small partners that are making an entrance and solving some really difficult problems. And because they're so focused on a niche, it's really having an impact. So I really believe that that's going to be one of the things that we see, I focus on individual creators and companies who are really tightly aligned and not trying to do everything, if you will. I think that's one of the big trends. I think the second we talked about it a little bit, John, I think you're going to see a lot of focus on mission. Because of that purpose. You know, we've talked about #techforgood, with everything going on in the world. As people have been working from home, they've been reevaluating who they are, and what do they stand for, and people want to work for a company that cares about people. I just posted my human footer on LinkedIn. And I got my first over a million hits on LinkedIn, just by posting this human footer, saying, you know what, reply to me at a time that's convenient for you, not necessarily for me. So I think we're going to see a lot of this purpose driven mission, that's going to come out as well. >> Yeah, and I also noticed that, and I was on LinkedIn, I got a similar reaction when I started trying to create more of a community model, not so much have people attend our events, and we need butts in the seats. It was much more personal, like we wanted you to join us, not attend and be like a number. You know, people want to be part of something. This seem to be the new mission. >> Yeah, I completely agree with that. I think that, you know, people do want to be part of something and they want, they want to be part of the meaning of something too, right. Not just be part of something overall, but to have an impact themselves, personally and individually, not just as a company. And I think, you know, one of the other trends that we saw coming up too, was the focus on technology. And I think low code, no code is giving a lot of people entry into doing things I never thought they could do. So I do think that technology, artificial intelligence Containers, low code, no code blockchain, those are going to enable us to even do greater mission-based solutions. >> Low code, no code reduces the friction to create more value, again, back to the value proposition. Adding value is the key to success, your partners are doing it. And of course, being part of something great, like the Global Public Sector Partner Awards list is a good one. And that's what we're talking about here. Sandy, great to see you. Thank you for coming on and sharing your insights and an update and talking more about the 2021, Global Public Sector partner Awards. Thanks for coming on. >> Thank you, John, always a pleasure. >> Okay, the Global Leaders here presented on theCUBE, again, award winners doing great work in mission, modernization, again, adding value. That's what it's all about. That's the new competitive advantage. This is theCUBE. I'm John Furrier, your host, thanks for watching. (upbeat music)

(upbeat electronic music) >> Narrator: From theCUBE studios in Palo Alto and Boston, connecting with thought leaders all around the world, this is a CUBE conversation. >> Okay, hello everyone. I'm John Furrier with theCUBE. We're here with Meet the Analysts segment Sunday morning. We've got everyone around the world here to discuss a bit of the news around the EU killing the privacy deal, striking it down, among other topics around, you know, data privacy and global commerce. We got great guests here, Ray Wang, CEO of Constellation Research. Bill Mew, founder and CEO of Cyber Crisis Management from the Firm Crisis Team. And JD, CEO of Spearhead Management. JD, I can let you say your name because I really can't pronounce it. How do I (laughs) pronounce it, doctor? >> I wouldn't even try it unless you are Dutch, otherwise it will seriously hurt your throat. (Ray laughing) So, JD works perfect for me. >> Doctor Drooghaag. >> And Sarbjeet Johal, who's obviously an influencer, a cloud awesome native expert. Great, guys. Great to have you on, appreciate it, thanks for comin' on. And Bill, thank you for initiating this, I appreciate all your tweets. >> Happy Sunday. (Bill laughing) >> You guys have been really tweeting up a storm, I want to get everyone together, kind of as an analyst, Meet the Analyst segment. Let's go through with it. The news is the EU and U.S. Privacy Shield for data struck down by the court, that's the BBC headline. Variety of news, different perspectives, you've got an American perspective and you've got an international perspective. Bill, we'll start with you. What does this news mean? I mean, basically half the people in the world probably don't know what the Privacy Shield means, so why is this ruling so important, and why should it be discussed? >> Well, thanks to sharing between Europe and America, it's based on a two-way promise that when data goes from Europe to America, the Americans promise to respect our privacy, and when data goes form America to Europe, the Europeans promise to respect the American privacy. Unfortunately, there are big cultural differences between the two blocks. The Europeans have a massive orientation around privacy as a human right. And in the U.S., there's somewhat more of a prioritization on national security, and therefore for some time there's been a mismatch here, and it could be argued that the Americans haven't been living up to their promise because they've had various different laws, and look how much talk about FISA and the Cloud Act that actually contravene European privacy and are incompatible with the promise Americans have given. That promise, first of all, was in the form of a treaty called Safe Harbor. This went to court and was struck down. It was replaced by Privacy Shield, which was pretty much the same thing really, and that has recently been to the court as well, and that has been struck down. There now is no other means of legally sharing data between Europe and America other than what are being called standard contractual clauses. This isn't a broad treaty between two nations, these are drawn by each individual country. But also in the ruling, they said that standard contractual clauses could not be used by any companies that were subject to mass surveillance. And actually in the U.S., the FISA courts enforce a level of mass surveillance through all of the major IT firms, of all major U.S. telcos, cloud firms, or indeed, social media firms. So, this means that for all of the companies out there and their clients, business should be carrying on as usual apart from if you're one of those major U.S. IT firms, or one of their clients. >> So, why did this come about? Was there like a major incident? Why now, was it in the court, stuck in the courts? Were people bitchin' and moanin' about it? Why did this go down, what's the real issue? >> For those of us who have been following this attentively, things have been getting more and more precarious for a number of years now. We've had a situation where there are different measures being taken in the U.S., that have continued to erode the different protections that there were for Europeans. FISA is an example that I've given, and that is the sort of secret courts and secret warrants that are issued to seize data without anyone's knowledge. There's the Cloud Act, which is a sort of extrajudicial law that means that warrants can be served in America to U.S. organizations, and they have to hand over data wherever that data resides, anywhere in the world. So, data could exist on a European server, if it was under the control of an American company, they'd have to hand that over. So, whilst FISA is in direct conflict with the promises that the Americans made, things like the Cloud Act are not only in controversion with the promise they've made, there's conflicting law here, because if you're a U.S. subsidiary of a big U.S. firm, and you're based in Europe, who do you obey, the European law that says you can't hand it over because of GDPR, or the American laws that says they've got extrajudicial control, and that you've got to hand it over. So, it's made things a complete mess. And to say has this stuff, hasn't really happened? No, there's been a gradual erosion, and this has been going through the courts for a number of years. And many of us have seen it coming, and now it just hit us. >> So, if I get you right in what you're saying, it's basically all this mishmash of different laws, and there's no coherency, and consistency, is that the core issue? >> On the European side you could argue there's quite a lot of consistency, because we uphold people's privacy, in theory. But there have been incidents which we could talk about with that, but in theory, we hold your rights dear, and also the rights of Europeans, so everyone's data should be safe here from the sort of mass surveillance we're seeing. In the U.S., there's more of a direct conflict between everything, including there's been a, in his first week in the White House, Donald Trump signed an executive order saying that the Privacy Act in the U.S., which had been the main protection for people in the U.S., no longer applied to non-U.S. citizens. Which was, if you wanted try and cause a storm, and if you wanted to try and undermine the treaty, there's no better way of doing it than that. >> A lot of ways, Ray, I mean simplify this for me, because I'm a startup, I'm hustlin', or I'm a big company, I don't even know who runs the servers anymore, and I've got data stored in multiple clouds, I got in regions, and Oracle just announced more regions, you got Amazon, a gazillion regions, I could be on-premise. I mean bottom line, what is this about? I mean, and -- >> Bill's right, I mean when Max Schrems, the Austrian. Bill's right, when Max Schrems the Austrian activist actually filed his case against Facebook for where data was being stored, data residency wasn't as popular. And you know, what it means for companies that are in the cloud is that you have to make sure your data's being stored in the region, and following those specific region rules, you can't skirt those rules anymore. And I think the cloud companies know that this has been coming for some time, and that's why there's been announced in a lot of regions, a lot of areas that are actually happening, so I think that's the important part. But going back to Bill's earlier point, which is important, is America is basically the Canary Islands of privacy, right? Privacy is there, but it isn't there in a very, very explicit sense, and I think we've been skirting the rules for quite some time, because a lot of our economy depends on that data, and the marketing of the data. And so we often confuse privacy with consent, and also with value exchange, and I think that's part of the problem of what's going on here. Companies that have been building their business models on free data, free private data, free personally identifiable data information are the ones that are at risk! And I think that's what's going on here. >> It's the classic Facebook issue, you're the product, and the data is your product. Well, I want to get into what this means, 'cause my personal take away, not knowing the specifics, and just following say, cyber security for instance, one of the tenets there is that data sharing is an invaluable, important ethos in the community. Now, everyone has their own privacy, or security data, they don't want to let everyone know about their exploits but, but it's well known in the security world that sharing data with each other, different companies and countries is actually a good thing. So, the question that comes in my mind, is this really about data sharing or data privacy, or both? >> I think it's about both. And actually what the ruling is saying here is, all we're asking from the European side is please stop spying on us and please give us a level of equal protection that you give to your own citizens. Because data comes from America to Europe, whatever that data belongs to, a U.S. citizen or a European citizen, it's given equal protection. It is only if data goes in the other direction, where you have secret courts, secret warrants, seizure of data on this massive scale, and also a level of lack of equivalence that has been imposed. And we're just asking that once you've sorted out a few of those things, we'd say everything's back on the table, away we go again! >> Why don't we merge the EU with the United States? Wouldn't that solve the problem? (Bill laughing) >> We just left Europe! (laughs heartily) >> Actually I always -- >> A hostile takeover of the UK maybe, the 52nd state. (Bill laughing loudly) >> I always pick on Bill, like Bill, you got all screaming loud and clear about all these concerns, but UKs trying to get out of that economic union. It is a union at the end of the day, and I think the problem is the institutional mismatch between the EU and U.S., U.S. is old democracy, bigger country, population wise, bigger economy. Whereas Europe is several countries trying to put together, band together as one entity, and the institutions are new, like you know, they're 15 years old, right? They're maturing. I think that's where the big mismatch is and -- >> Well, Ray, I want to get your thoughts on this, Ray wrote a book, I forget what year it was, this digital disruption, basically it was digital transformation before it was actually a trend. I mean to me it's like, do you do the process first and then figure out where the value extraction is, and this may be a Silicon Valley or an American thing, but go create value, then figure out how to create process or understand regulations. So, if data and entrepreneurship is going to be a new modern era of value, why wouldn't we want to create a rule based system that's open and enabling, and not restrictive? >> So, that's a great point, right? And the innovation culture means you go do it first, and you figure out the rules later, and that's been a very American way of getting things done, and very Silicon Valley in our perspective, not everyone, but I think in general that's kind of the trend. I think the challenge here is that we are trading privacy for security, privacy for convenience, privacy for personalization, right? And on the security level, it's a very different conversation than what it is on the consumer end, you know, personalization side. On the security side I think most Americans are okay with a little bit of "spying," at least on your own side, you know, to keep the country safe. We're not okay with a China level type of spying, which we're not sure exactly what that means or what's enforceable in the courts. We look like China to the Europeans in the way we treat privacy, and I think that's the perspective we need to understand because Europeans are very explicit about how privacy is being protected. And so this really comes back to a point where we actually have to get to a consent model on privacy, as to knowing what data is being shared, you have the right to say no, and when you have the right to say no. And then if you have a value exchange on that data, then it's really like sometimes it's monetary, sometimes it's non-monetary, sometimes there's other areas around consensus where you can actually put that into place. And I think that's what's missing at this point, saying, you know, "Do we pay for your data? Do we explicitly get your consent first before we use it?" And we haven't had that in place, and I think that's where we're headed towards. And you know sometimes we actually say privacy should be a human right, it is in the UN Charter, but we haven't figured out how to enforce it or talk about it in the digital age. And so I think that's the challenge. >> Okay, people, until they lose it, they don't really understand what it means. I mean, look at Americans. I have to say that we're idiots on this front, (Bill chuckling) but you know, the thing is most people don't even understand how much value's getting sucked out of their digital exhaust. Like, our kids, TikTok and whatnot. So I mean, I get that, I think there's some, there's going to be blow back for America for sure. I just worry it's going to increase the cost of doing business, and take away from the innovation for citizen value, the people, because at the end of the day, it's for the people right? I mean, at the end of the day it's like, what's my privacy mean if I lose value? >> Even before we start talking about the value of the data and the innovation that we can do through data use, you have to understand the European perspective here. For the European there's a level of double standards and an erosion of trust. There's double standards in the fact that in California you have new privacy regulations that are slightly different to GDPR, but they're very much GDPR like. And if the boot was on the other foot, to say if we were spying on Californians and looking at their personal data, and contravening CCPA, the Californians would be up in arms! Likewise if we having promised to have a level of equality, had enacted a local rule in Europe that said that when data from America's over here, actually the privacy of Americans counts for nothing, we're only going to prioritize the privacy of Europeans. Again, the Americans would be up in arms! And therefore you can see that there are real double standards here that are a massive issue, and until those addressed, we're not going to trust the Americans. And likewise, the very fact that on a number of occasions Americans have signed up to treaties and promised to protect our data as they did with Safe Harbor, as they did with Privacy Shield, and then have blatantly, blatantly failed to do so means that actually to get back to even a level playing field, where we were, you have a great deal of trust to overcome! And the thing from the perspective of the big IT firms, they've seen this coming for a long time, as Ray was saying, and they sought to try and have a presence in Europe and other things. But the way this ruling has gone is that, I'm sorry, that isn't going to be sufficient! These big IT firms based in the U.S. that have been happy to hand over data, well some of them maybe more happy than others, but they all need to hand over data to the NSA or the CIA. They've been doing this for some time now without actually respecting this data privacy agreement that has existed between the two trading blocks. And now they've been called out, and the position now is that the U.S. is no longer trusted, and neither are any of these large American technology firms. And until the snooping stops and equality is introduced, they can now no longer, even from their European operations, they can no longer use standard contractual clauses to transfer data, which is going to be a massive restriction on their business. And if they had any sense, they'd be lobbying very, very hard right now to the Senate, to the House, to try and persuade U.S. lawmakers actually to stick to some these treaties! To stop introducing really mad laws that ride roughshod over other people's privacy, and have a certain amount of respect. >> Let's let JD weigh in, 'cause he just got in, sorry on the video, I made him back on a host 'cause he dropped off. Just, Bill, real quick, I mean I think it's like when, you know, I go to Europe there's the line for Americans, there's the line for EU. Or EU and everybody else. I mean we might be there, but ultimately this has to be solved. So, JD, I want to let you weigh in, Germany has been at the beginning forefront of privacy, and they've been hardcore, and how's this all playing out in your perspective? >> Well, the first thing that we have to understand is that in Germany, there is a very strong law for regulation. Germans panic as soon as they know regulation, so they need to understand what am I allowed to do, and what am I not allowed to do. And they expect the same from the others. For the record I'm not German, but I live in Germany for some 20 years, so I got a bit of a feeling for them. And that sense of need for regulation has spread very fast throughout the European Union, because most of the European member states of the European Union consider this, that it makes sense, and then we found that Britain had already a very good framework for privacy, so GDPR itself is very largely based on what the United Kingdom already had in place with their privacy act. Moving forward, we try to find agreement and consensus with other countries, especially the United States because that's where most of the tech providers are, only to find out, and that is where it started to go really, really bad, 2014, when the mass production by Edward Snowden came out, to find out it's not data from citizens, it's surveillance programs which include companies. I joined a purchasing conference a few weeks ago where the purchase of a large European multinational, where the purchasing director explicitly stated that usage of U.S. based tech providers for sensitive data is prohibited as a result of them finding out that they have been under surveillance. So, it's not just the citizens, there's mass -- >> There you have it, guys! We did trust you! We did have agreements there that you could have abided by, but you chose not to, you chose to abuse our trust! And you're now in a position where you are no longer trusted, and unless you can lobby your own elected representatives to actually recreate a level playing field, we're not going to continue trusting you. >> So, I think really I -- >> Well I mean that, you know, innovation has to come from somewhere, and you know, has to come from America if that's the case, you guys have to get on board, right? Is that what it -- >> Innovation without trust? >> Is that the perspective? >> I don't think it's a country thing, I mean like, it's not you or them, I think everybody -- >> I'm just bustin' Bill's chops there. >> No, but I think everybody, everybody is looking for what the privacy rules are, and that's important. And you can have that innovation with consent, and I think that's really where we're going to get to. And this is why I keep pushing that issue. I mean, privacy should be a fundamental right, and how you get paid for that privacy is interesting, or how you get compensated for that privacy if you know what the explicit value exchange is. What you're talking about here is the surveillance that's going on by companies, which shouldn't be happening, right? That shouldn't be happening at the company level. At the government level I can understand that that is happening, and I think those are treaties that the governments have to agree upon as to how much they're going to impinge on our personal privacy for the trade off for security, and I don't think they've had those discussions either. Or they decided and didn't tell any of their citizens, and I think that's probably more likely the case. >> I mean, I think what's happening here, Bill, you guys were pointing out, and Ray, you articulated there on the other side, and my kind of colorful joke aside, is that we're living a first generation modern sociology problem. I mean, this is a policy challenge that extends across multiple industries, cyber security, citizen's rights, geopolitical. I mean when would look, and even when we were doing CUBE events overseas in Europe, in North American companies we'd call it abroad, we'd just recycle the American program, and we found there's so much localization value. So, Ray, this is the digital disruption, it's the virtualization of physical for digital worlds, and it's a lot of network theory, which is computer science, a lot of sociology. This is a modern challenge, and I don't think it so much has a silver bullet, it's just that we need smart people working on this. That's my take away! >> I think we can describe the ideal endpoint being somewhere we have meaningful protection alongside the maximization of economic and social value through innovation. So, that should be what we would all agree would be the ideal endpoint. But we need both, we need meaningful protection, and we need the maximization of economic and social value through innovation! >> Can I add another axis? Another axis, security as well. >> Well, I could -- >> I put meaningful protection as becoming both security and privacy. >> Well, I'll speak for the American perspective here, and I won't speak, 'cause I'm not the President of the United States, but I will say as someone who's been from Silicon Valley and the east coast as a technical person, not a political person, our lawmakers are idiots when it comes to tech, just generally. (Ray laughing) They're not really -- (Bill laughing loudly) >> They really don't understand. They really don't understand the tech at all! >> So, the problem is -- >> I'm not claiming ours are a great deal better. (laughs) >> Well, this is why I think this is a modern problem. Like, the young people I talk to are like, "Why do we have this rules?" They're all lawyers that got into these positions of Congress on the American side, and so with the American JEDI Contract you guys have been following very closely is, it's been like the old school Oracle, IBM, and then Amazon is leading with an innovative solution, and Microsoft has come in and re-pivoted. And so what you have is a fight for the digital future of citizenship! And I think what's happening is that we're in a massive societal transition, where the people in charge don't know what the hell they're talkin' about, technically. And they don't know who to tap to solve the problems, or even shape or frame the problems. Now, there's pockets of people that are workin' on it, but to me as someone who looks at this saying, it's a pretty simple solution, no one's ever seen this before. So, there's a metaphor you can draw, but it's a completely different problem space because it's, this is all digital, data's involved. >> We've got a lobbyists out there, and we've got some tech firms spending an enormous amount of lobbying. If those lobbyists aren't trying to steer their representatives in the right direction to come up with law that aren't going to massively undermine trade and data sharing between Europe and America, then they're making a big mistake, because we got here through some really dumb lawmaking in the U.S., I mean, there are none of the laws in Europe that are a problem here. 'Cause GDPR isn't a great difference, a great deal different from some of the laws that we have already in California and elsewhere. >> Bill, Bill. >> The laws that are at issue here -- >> Bill, Bill! You have to like, back up a little bit from that rhetoric that EU is perfect and U.S. is not, that's not true actually. >> I'm not saying we're perfect! >> No, no, you say that all the time. >> But I'm saying there's a massive lack of innovation. Yeah, yeah. >> I don't, I've never said it! >> Arm wrestle! >> Yes, yes. >> When I'm being critical of some of the dumb laws in the U.S, (Sarbjeet laughing) I'm not saying Europe is perfect. What we're trying to say is that in this particular instance, I said there was an equal balance here between meaningful protection and the maximization of economic and social value. On the meaningful protection side, America's got it very wrong in terms of the meaningful protection it provides to civil European data. On the maximization of economic and social value, I think Europe's got it wrong. I think there are a lot of things we could do in Europe to actually have far more innovation. >> Yeah. >> It's a cultural issue. The Germans want rules, that's what they crave for. America's the other way, we don't want rules, I mean, pretty much is a rebel society. And that's kind of the ethos of most tech companies. But I think you know, to me the media, there's two things that go on with this tech business. The company's themselves have to be checked by say, government, and I believe in not a lot of regulation, but enough to check the power of bad actors. Media so called "checking power", both of these major roles, they don't really know what they're talking about, and this is back to the education piece. The people who are in the media so called "checking power" and the government checking power assume that the companies are bad. Right, so yeah, because eight out of ten companies like Amazon, actually try to do good things. If you don't know what good is, you don't really, (laughs) you know, you're in the wrong game. So, I think media and government have a huge education opportunity to look at this because they don't even know what they're measuring. >> I support the level of innovation -- >> I think we're unreeling from the globalization. Like, we are undoing the globalization, and that these are the side effects, these conflicts are a side effect of that. >> Yeah, so all I'm saying is I support the focus on innovation in America, and that has driven an enormous amount of wealth and value. What I'm questioning here is do you really need to spy on us, your allies, in order to help that innovation? And I'm starting to, I mean, do you need mass surveillance of your allies? I mean, I can see you may want to have some surveillance of people who are a threat to you, but wait, guys, we're meant to be on your side, and you haven't been treating our privacy with a great deal of respect! >> You know, Saudi Arabia was our ally. You know, 9/11 happened because of them, their people, right? There is no ally here, and there is no enemy, in a way. We don't know where the rogue actors are sitting, like they don't know, they can be within the walls -- >> It's well understood I think, I agree, sorry. it's well understood that nation states are enabling terrorist groups to take out cyber attacks. That's well known, the source enables it. So, I think there's the privacy versus -- >> I'm not sure it's true in your case that it's Europeans that's doing this though. >> No, no, well you know, they share -- >> I'm a former officer in the Royal Navy, I've stood shoulder to shoulder with my U.S. counterparts. I put my life on the line on NATO exercises in real war zones, and I'm now a disabled ex-serviceman as a result of that. I mean, if I put my line on the line shoulder to shoulder with Americans, why is my privacy not respected? >> Hold on -- >> I feel it's, I was going to say actually that it's not that, like even the U.S., right? Part of the spying internally is we have internal actors that are behaving poorly. >> Yeah. >> Right, we have Marxist organizations posing as, you know, whatever it is, I'll leave it at that. But my point being is we've got a lot of that, every country has that, every country has actors and citizens and people in the system that are destined to try to overthrow the system. And I think that's what that surveillance is about. The question is, we don't have treaties, or we didn't have your explicit agreements. And that's why I'm pushing really hard here, like, they're separating privacy versus security, which is the national security, and privacy versus us as citizens in terms of our data being basically taken over for free, being used for free. >> John: I agree with that. >> That I think we have some agreement on. I just think that our governments haven't really had that conversation about what surveillance means. Maybe someone agreed and said, "Okay, that's fine. You guys can go do that, we won't tell anybody." And that's what it feels like. And I don't think we deliberately are saying, "Hey, we wanted to spy on your citizens." I think someone said, "Hey, there's a benefit here too." Otherwise I don't think the EU would have let this happen for that long unless Max had made that case and started this ball rolling, so, and Edward Snowden and other folks. >> Yeah, and I totally support the need for security. >> I want to enter the -- >> I mean we need to, where there are domestic terrorists, we need to stop them, and we need to have local action in UK to stop it happening here, and in America to stop it happening there. But if we're doing that, there is absolutely no need for the Americans to be spying on us. And there's absolutely no need for the Americans to say that privacy applies to U.S. citizens only, and not to Europeans, these are daft, it's just daft! >> That's a fair point. I'm sure GCHQ and everyone else has this covered, I mean I'm sure they do. (laughs) >> Oh, Bill, I know, I've been involved, I've been involved, and I know for a fact the U.S. and the UK are discussing I know a company called IronNet, which is run by General Keith Alexander, funded by C5 Capital. There's a lot of collaboration, because again, they're tryin' to get their arms around how to frame it. And they all agree that sharing data for the security side is super important, right? And I think IronNet has this thing called Iron Dome, which is essentially like they're saying, hey, we'll just consistency around the rules of shared data, and we can both, everyone can have their own little data. So, I think there's recognition at the highest levels of some smart people on both countries. (laughs) "Hey, let's work together!" The issue I have is just policy, and I think there's a lot of clustering going on. Clustered here around just getting out of their own way. That's my take on that. >> Are we a PG show? Wait, are we a PG show? I just got to remember that. (laughs) (Bill laughing) >> It's the internet, there's no regulation, there's no rules! >> There's no regulation! >> The European rules or is it the American rules? (Ray laughing) >> I would like to jump back quickly to the purpose of the surveillance, and especially when mass surveillance is done under the cover of national security and terror prevention. I worked with five clients in the past decade who all have been targeted under mass surveillance, which was revealed by Edward Snowden, and when they did their own investigation, and partially was confirmed by Edward Snowden in person, they found out that their purchasing department, their engineering department, big parts of their pricing data was targeted in mass surveillance. There's no way that anyone can explain me that that has anything to do with preventing terror attacks, or finding the bad guys. That is economical espionage, you cannot call it in any other way. And that was authorized by the same legislation that authorizes the surveillance for the right purposes. I'm all for fighting terror, and anything that can help us prevent terror from happening, I would be the first person to welcome it. But I do not welcome when that regulation is abused for a lot of other things under the cover of national interest. I understand -- >> Back to the lawmakers again. And again, America's been victim to the Chinese some of the individual properties, well documented, well known in tech circles. >> Yeah, but just 'cause the Chinese have targeted you doesn't give you free right to target us. >> I'm not saying that, but its abuse of power -- >> If the U.S. can sort out a little bit of reform, in the Senate and the House, I think that would go a long way to solving the issues that Europeans have right now, and a long way to sort of reaching a far better place from which we can all innovate and cooperate. >> Here's the challenge that I see. If you want to be instrumenting everything, you need a closed society, because if you have a free country like America and the UK, a democracy, you're open. If you're open, you can't stop everything, right? So, there has to be a trust, to your point, Bill. As to me that I'm just, I just can't get my arms around that idea of complete lockdown and data surveillance because I don't think it's gettable in the United States, like it's a free world, it's like, open. It should be open. But here we've got the grids, and we've got the critical infrastructure that should be protected. So, that's one hand. I just can't get around that, 'cause once you start getting to locking down stuff and measuring everything, that's just a series of walled gardens. >> So, to JD's point on the procurement data and pricing data, I have been involved in some of those kind of operations, and I think it's financial espionage that they're looking at, financial security, trying to figure out a way to track down capital flows and what was purchased. I hope that was it in your client's case, but I think it's trying to figure out where the money flow is going, more so than trying to understand the pricing data from competitive purposes. If it is the latter, where they're stealing the competitive information on pricing, and data's getting back to a competitor, that is definitely a no-no! But if it's really to figure out where the money trail went, which is what I think most of those financial analysts are doing, especially in the CIA, or in the FBI, that's really what that probably would have been. >> Yeah, I don't think that the CIA is selling the data to your competitors, as a company, to Microsoft or to Google, they're not selling it to each other, right? They're not giving it to each other, right? So, I think the one big problem I studied with FISA is that they get the data, but how long they can keep the data and how long they can mine the data. So, they should use that data as exhaust. Means like, they use it and just throw it away. But they don't, they keep mining that data at a later date, and FISA is only good for five years. Like, I learned that every five years we revisit that, and that's what happened this time, that we renewed it for six years this time, not five, for some reason one extra year. So, I think we revisit all these laws -- >> Could be an election cycle. >> Huh? >> Could be an election cycle maybe. (laughs) >> Yes, exactly! So, we revisit all these laws with Congress and Senate here periodically just to make sure that they are up to date, and that they're not infringing on human rights, or citizen's rights, or stuff like that. >> When you say you update to check they're not conflicting with anything, did you not support that it was conflicting with Privacy Shield and some of the promises you made to Europeans? At what point did that fail to become obvious? >> It does, because there's heightened urgency. Every big incident happens, 9/11 caused a lot of new sort of like regulations and laws coming into the picture. And then the last time, that the Russian interference in our election, that created some sort of heightened urgency. Like, "We need to do something guys here, like if some country can topple our elections, right, that's not acceptable." So, yeah -- >> And what was it that your allies did that caused you to spy on us and to downgrade our privacy? >> I'm not expert on the political systems here. I think our allies are, okay, loose on their, okay, I call it village politics. Like, world is like a village. Like it's so only few countries, it's not millions of countries, right? That's how I see it, a city versus a village, and that's how I see the countries, like village politics. Like there are two camps, like there's Russia and China camp, and then there's U.S. camp on the other side. Like, we used to have Russia and U.S., two forces, big guys, and they managed the whole world balance somehow, right? Like some people with one camp, the other with the other, right? That's how they used to work. Now that Russia has gone, hold on, let me finish, let me finish. >> Yeah. >> Russia's gone, there's this void, right? And China's trying to fill the void. Chinese are not like, acting diplomatic enough to fill that void, and there's, it's all like we're on this imbalance, I believe. And then Russia becomes a rogue actor kind of in a way, that's how I see it, and then they are funding all these bad people. You see that all along, like what happened in the Middle East and all that stuff. >> You said there are different camps. We thought we were in your camp! We didn't expect to be spied on by you, or to have our rights downgraded by you. >> No, I understand but -- >> We thought we were on your side! >> But, but you have to guys to trust us also, like in a village. Let me tell you, I come from a village, that's why I use the villager as a hashtag in my twitter also. Like in village, there are usually one or two families which keep the village intact, that's our roles. >> Right. >> Like, I don't know if you have lived in a village or not -- >> Well, Bill, you're making some great statements. Where's the evidence on the surveillance, where can people find more information on this? Can you share? >> I think there's plenty of evidence, and I can send some stuff on, and I'm a little bit shocked given the awareness of the FISA Act, the Cloud Act, the fact that these things are in existence and they're not exactly unknown. And many people have been complaining about them for years. I mean, we've had Safe Harbor overturned, we've had Privacy Shield overturned, and these weren't just on a whim! >> Yeah, what does JD have in his hand? I want to know. >> The Edward Snowden book! (laughs) >> By Edward Snowden, which gives you plenty. But it wasn't enough, and it's something that we have to keep in mind, because we can always claim that whatever Edward Snowden wrote, that he made it up. Every publication by Edward Snowden is an avalanche of technical confirmation. One of the things that he described about the Cisco switches, which Bill prefers to quote every time, which is a proven case, there were bundles of researchers saying, "I told you guys!" Nobody paid attention to those researchers, and Edward Snowden was smart enough to get the mass media representation in there. But there's one thing, a question I have for Sabjeet, because in the two parties strategy, it is interesting that you always take out the European Union as part. And the European Union is a big player, and it will continue to grow. It has a growing amount of trade agreements with a growing amount of countries, and I still hope, and I think think Bill -- >> Well, I think the number of countries is reducing, you've just lost one! >> Only one. (Bill laughing loudly) Actually though, those are four countries under one kingdom, but that's another point. (Bill chortling heartily) >> Guys, final topic, 5G impact, 'cause you mentioned Cisco, couldn't help think about -- >> Let me finish please my question, John. >> Okay, go ahead. How would you the United States respond if the European Union would now legalize to spy on everybody and every company, and every governmental institution within the United States and say, "No, no, it's our privilege, we need that." How would the United States respond? >> You can try that and see economically what happens to you, that's how the village politics work, you have to listen to the mightier than you, and we are economically mightier, that's the fact. Actually it's hard to swallow fact for, even for anybody else. >> If you guys built a great app, I would use it, and surveil all you want. >> Yeah, but so this is going to be driven by the economics. (John laughing) But the -- >> That's exactly what John said. >> This is going to be driven by the economics here. The big U.S. cloud firms are got to find this ruling enormously difficult for them, and they are inevitably going to lobby for a level of reform. And I think a level of a reform is needed. Nobody on your side is actually arguing very vociferously that the Cloud Act and the discrimination against Europeans is actually a particularly good idea. The problem is that once you've done the reform, are we going to believe you when you say, "Oh, it's all good now, we've stopped it!" Because with Crypto AG scandal in Switzerland you weren't exactly honest about what you were doing. With the FISA courts, so I mean FISA secret courts, the secret warrants, how do we know and what proof can we have that you've stopped doing all these bad things? And I think one of the challenges, A, going to be the reform, and then B, got to be able to show that you actually got your act together and you're now clean. And until you can solve those two, many of your big tech companies are going to be at a competitive disadvantage, and they're going to be screaming for this reform. >> Well, I think that, you know, General Mattis said in his book about Trump and the United states, is that you need alliances, and I think your point about trust and executing together, without alliances, it really doesn't work. So, unless there's some sort of real alliance, (laughs) like understanding that there's going to be some teamwork here, (Bill laughing) I don't think it's going to go anywhere. So, otherwise it'll continue to be siloed and network based, right? So to the village point, if TikTok can become a massively successful app, and they're surveilling, so and then we have to decide that we're going to put up with that, I mean, that's not my decision, but that's what's goin' on here. It's like, what is TikTok, is it good or bad? Amazon sent out an email, and they've retracted it, that's because it went public. I guarantee you that they're talkin' about that at Amazon, like, "Why would we want infiltration by the Chinese?" And I'm speculating, I have no data, I'm just saying, you know. They email those out, then they pull it back, "Oh, we didn't mean to send that." Really, hmm? (laughs) You know, so this kind of -- >> But the TRA Balin's good, you always want to get TRA Balin out there. >> Yeah, exactly. There's some spying going on! So, this is the reality. >> So, John, you were talking about 5G, and I think you know, the role of 5G, you know, the battle between Cisco and Huawei, you just have to look at it this way, would you rather have the U.S. spy on you, or would you rather have China? And that's really your binary choice at this moment. And you know both is happening, and so the question is which one is better. Like, the one that you're in alliance with? The one that you're not in alliance with, the one that wants to bury you, and decimate your country, and steal all your secrets and then commercialize 'em? Or the one kind of does it, but doesn't really do it explicitly? So, you've got to choose. (laughs) >> It's supposed to be -- >> Or you can say no, we're going to create our own standard for 5G and kick both out, that's an option. >> It's probably not as straightforward a question as, or an answer to that question as you say, because if we were to fast-forward 50 years, I would argue that China is going to be the largest trading nation in the world. I believe that China is going to have the upper hand on many of these technologies, and therefore why would we not want to use some of their innovation, some of their technology, why would we not actually be more orientated around trading with them than we might be with the U.S.? I think the U.S. is throwing its weight around at this moment in time, but if we were to fast-forward I think looking in the longterm, if I had to put my money on Huawei or some of its competitors, I think given its level of investments in research and whatever, I think the better longterm bet is Huawei. >> No, no, actually you guys need to pick a camp. It's a village again. You have to pick a camp, you can't be with both guys. >> Global village. >> Oh, right, so we have to go with the guys that have been spying on us? >> How do you know the Chinese haven't been spying on you? (Ray and John laughing loudly) >> I think I'm very happy, you find a backdoor in the Huawei equipment and you show it to us, we'll take them to task on it. But don't start bullying us into making decisions based on what-ifs. >> I don't think I'm, I'm not qualified to represent the U.S., but what we would want to say is that if you look at the dynamics of what's going on, China, we've been studying that as well in terms of the geopolitical aspects of what happens in technology, they have to do what they're doing right now. Because in 20 years our population dynamics go like this, right? You've got the one child policy, and they won't have the ability to go out and fight for those same resources where they are, so what they're doing makes sense from a country perspective and country policy. But I think they're going to look like Japan in 20 years, right? Because the xenophobia, the lack of immigration, the lack of inside stuff coming in, an aging population. I mean, those are all factors that slow down your economy in the long run. And the lack of bringing new people in for ideas, I mean that's part of it, they're a closed system. And so I think the longterm dynamics of every closed system is that they tend to fail versus open systems. So, I'm not sure, they may have better technology along the way. But I think a lot of us are probably in the camp now thinking that we're not going to aid and abet them, in that sense to get there. >> You're competing a country with a company, I didn't say that China had necessarily everything rosy in its future, it'll be a bigger economy, and it'll be a bigger trading partner, but it's got its problems, the one child policy and the repercussions of that. But that is not one of the things, Huawei, I think Huawei's a massively unlimited company that has got a massive lead, certainly in 5G technology, and may continue to maintain a lead into 6G and beyond. >> Oh yeah, yeah, Huawei's done a great job on the 5G side, and I don't disagree with that. And they're ahead in many aspects compared to the U.S., and they're already working on the 6G technologies as well, and the roll outs have been further ahead. So, that's definitely -- >> And they've got a great backer too, the financer, the country China. Okay guys, (Ray laughing) let's wrap up the segment. Thanks for everyone's time. Final thoughts, just each of you on this core issue of the news that we discussed and the impact that was the conversation. What's the core issue? What should people think about? What's your solution? What's your opinion of how this plays out? Just final statements. We'll start with Bill, Ray, Sarbjeet and JD. >> All I'm going to ask you is stop spying on us, treat us equally, treat us like the allies that we are, and then I think we've got to a bright future together! >> John: Ray? >> I would say that Bill's right in that aspect in terms of how security agreements work, I think that we've needed to be more explicit about those. I can't represent the U.S. government, but I think the larger issue is really how do we view privacy, and how we do trade offs between security and convenience, and you know, what's required for personalization, and companies that are built on data. So, the sooner we get to those kind of rules, an understanding of what's possible, what's a consensus between different countries and companies, I think the better off we will all be a society. >> Yeah, I believe the most important kind of independence is the economic independence. Like, economically sound parties dictate the terms, that's what U.S. is doing. And the smaller countries have to live with it or pick the other bigger player, number two in this case is China. John said earlier, I think, also what JD said is the fine balance between national security and the privacy. You can't have, you have to strike that balance, because the rogue actors are sitting in your country, and across the boundaries of the countries, right? So, it's not that FISA is being fought by Europeans only. Our internal people are fighting that too, like how when you are mining our data, like what are you using it for? Like, I get concerned too, when you can use that data against me, that you have some data against me, right? So, I think it's the fine balance between security and privacy, we have to strike that. Awesome. JD? I'll include a little fake check, fact check, at the moment China is the largest economy, the European Union is the second largest economy, followed directly by the USA, it's a very small difference, and I recommend that these two big parties behind the largest economy start to collaborate and start to do that eye to eye, because if you want to balance the economical and manufacturing power of China, you cannot do that as being number two and number three. You have to join up forces, and that starts with sticking with the treaties that you signed, and that has not happened in the past, almost four years. So, let's go back to the table, let's work on rules where from both sides the rights and the privileges are properly reflected, and then do the most important thing, stick to them! >> Yep, I think that's awesome. I think I would say that these young kids in high school and college, they need to come up and solve the problems, this is going to be a new generational shift where the geopolitical landscape will change radically, you mentioned the top three there. And new alliances, new kinds of re-imagination has to be there, and from America's standpoint I'll just say that I'd like to see lawmakers have, instead of a LinkedIn handle, a GitHub handle. You know, when they all go out on campaign talk about what code they've written. So, I think having a technical background or some sort of knowledge of computer science and how the internet works with sociology and societal impact will be critical for our citizenships to advance. So, you know rather a lawyer, right so? (laughs) Maybe get some law involved in that, I mean the critical lawyers, but today most people are lawyers in American politics, but show me a GitHub handle of that congressman, that senator, I'd be impressed. So, that's what we need. >> Thanks, good night! >> Ray, you want to say something? >> I wanted to say something, because I thought the U.S. economy was 21 trillion, the EU is sittin' at about 16, and China was sitting about 14, but okay, I don't know. >> You need to do math man. >> Hey, we went over our 30 minutes time, we can do an hour with you guys, so you're still good. (laughs) >> Can't take anymore. >> No go on, get in there, go at it when you've got something to say. >> I don't think it's immaterial the exact size of the economy, I think that we're better off collaborating on even and fair terms, we are -- >> We're all better off collaborating. >> Yeah. >> Gentlemen -- >> But the collaboration has to be on equal and fair terms, you know. (laughs) >> How do you define fair, good point. Fair and balanced, you know, we've got the new -- >> We did define fair, we struck a treaty! We absolutely defined it, absolutely! >> Yeah. >> And then one side didn't stick to it. >> We will leave it right there, and we'll follow up (Bill laughing) in a later conversation. Gentlemen, you guys are good. Thank you. (relaxing electronic music)

(energetic music) >> Announcer: From our studios in the heart of Silicon Valley; Palo Alto, California. This is a CUBE Conversation. >> Hi everyone, welcome to this special CUBE Power Panel recorded here in Palo Alto, California. We've got remote guests from around the Internet. We have Evan Anderson, Mark Anderson, Phil Lohaus. Thanks for comin' on. Evan is with INVNT/IP, an organization with companies and individuals that fight nation-sponsored intellectual property theft and also author of the huge report Theft Nation Almost a 100 pages of really comprehensive analysis on it. Mark Anderson with the Future in Review CEO of Pattern, Computer and Strategic New Service Chairman of Future in Review Conference, and author of the book "The Pattern Future: "Find the World's Greatest Secrets "and Predicting the Future Using Discovery Patterns" and Phil Lohaus, American Enterprise Institute. Former intelligent analyst, researcher at the American Enterprise Institute, studying competitive strategy and emerging technologies. Guys, thanks for coming on. This topic is, is industrial IoT the new battleground? Mark, you cover the Future Review. Security is the battleground. It's not just a silo'd space. It's horizontally scalable across every single touch point of the Internet, individuals, national security, companies, global, what's your perspective on this new battleground? >> Well, thank you, I took some time and watched your last presentation on this, which I thought was excellent. And maybe I'll try to pick up from there. There's a lot of discussion there about the technical aspects of IoT, or IIoT, and some of the weaknesses, you know firewalls failing, assuming that someone's in your network. But I think that there's a deeper aspect to this. And the problem I think, John, is that yes, they are in your network already, but the deeper problem here is, who is it? Is it an individual? Is it a state? And whoever it is, I'm going to put something out that I think is going to be worth talking more deeply about, and that is, if people who can do the most damage are already in there, and are ready to do it, the question isn't "Can they?" It's "Why have they not?" And so literally, I think if you ask world leaders today, are they in the electric grid? Yes. Is Russia in ours, are we in theirs? Yes. If you said, is China in our most important areas of enterprise? Absolutely. Is Iran in our banks and so forth? They are. And you actually see states of war going on, that are nuisances, but are not what you might call Cybergeddon. And I really believe that the world leaders are truly afraid. Perhaps more afraid of that than of nuclear war. So the amount of death and destruction that could happen if everybody cut loose at the same time, is so horrifying, my guess is that there's a human restraint involved in this, but that technically, it's already game over. >> Phil, Cybergeddon, I love that term, because that's a part of our theme here, is apocalypse now or later? Industrial IoT, or IIoT, or the Internet, all these touch points are creating a surface area that for penetration's purposes, any packet can get in. Nation-states, malware, you name it. It's all problem. But this is the new war battleground. This is now digital Cybergeddon. Forget the wall on the southern border, physical wall. We're talking about a digital wall. We have major threats going on to our society in the United States, and global. This is new, rules of engagement, or no rules of engagement on how to compete in a digital war. This is something that the government's supposed to protect us for. I mean, if someone drops troops in California, physical people, the government's supposed to stop that. But if it's a digital war, it's packets. And the companies are responsible for all this. This doesn't make any sense to me. Break it down, what's the problem? And how do we solve this? >> Sure, well the problem is is that we're actually facing different kinds of threats than we were typically used to facing in the past. So in the past when we go to war, we may have a problem with a foreign country, or a conflict is coming up. We tend to, and by we I mean the United States, we tend to think of these things as we're going to send troops in, or we're going to actually have a physical fight, or we're going to have some other kind of decisive culmination of events, end of a conflict. What we're dealing with now is very different. And it's actually something that isn't entirely new. But the adversaries that we're facing now, so let's say China, Russia, and Iran, just to kind of throw them into some buckets, they think about war very differently. They think about the information space more broadly, and partially because they've been so used to having to kind of be catching up to America in terms of technology, they found other ways to compete with America, and ways that we really haven't been focusing on. And that really, I would argue, extends most prominently to the information space. And by the information space I'm speaking very broadly. I'm talking about, not just information in terms of social media, and emails, and things like that, but also things like what we're talking about today, like IIoT. And these are new threat landscapes, and ones where our competitors have a integrated way of approaching the conflict, one in which the state and private sectors kind of are molded or fused or at least are compelled to work together and we have a very different space here in the United States. And I'm happy to unpack that as we talk about that today, but what we're now facing, is not just about technical capabilities, it's about differences in governing systems, differences in governing paradigms. And so it's much bigger than just talking about the technical specifics. >> Evan, I want you to weigh in on this because one of the things that I feel strongly about, and this is pretty obvious from the commentary, and experts I talk to is, the United States has always been good at defending itself physically, you know war, in being places. Digitally, we've been really good at offense, but terrible on defense, has been the metaphor. I spoke with former four-star General Keith Alexander, who ran the NSA and was first commander of the cyber command, who is now the CEO of IronNet. He and I were talking on-camera and privately and he's saying, "Look it. "we suck at defense digitally. "We're great at offense, we can take someone out "on the offense." But we're talking about IoT, about monitoring. These are technical challenges. This is network nerds, and software engineers have to solve this problem with the prism of defense. This is a new paradigm. This is what we're kind of getting to. And Mark, you kind of addressed it. But this is the challenge. IoT is going to create more points that we have to defend that we suck now at defending, how are we going to get better. This is the paradox. >> Yeah, I think that's certainly accurate. And one of our problems here is that as a society we've always been open. And that was how the Internet was born. And so we have a real paradigm shift now from a world in which the U.S. was leading an open world, that was using the Internet for, I mean there have been problems with security since day one, but originally the Internet was an information-sharing exercise. And we reached a point in human history now where there are enough malicious hackers that have the capabilities we didn't want them to have, but we need to change that outlook. So, looking at things like Industrial IoT, what you're seeing is not so much that this is the battlefield in specific, it's that everything like it is now the battlefield. So in my work specifically we're focused more on economic problems. Economic conflicts and strategies. And if you look at the doctrines that have come out of our adversaries in the last decade, or really 20 years, they very much did what Phil said, and they looked at our weaknesses, and one of those biggest weaknesses that we've always had is that an open society is also unable necessarily to completely defend itself from those who would seek to exploit that openness. And so we have to figure out as a society, and I believe we are. We're running a fine line, we're negotiating this tightrope right now that involves defending the values and the foundational critical aspects of our society that require openness, while also making sure that all the doors aren't open for adversaries. And so we'll continue to deal with that as a society. Everything is now a battlefield and a much grayer area, and IoT certainly isn't helping. And that's why we have to work so hard on it. >> I want to talk about the economic piece on the next talk track of rounds. Theft, and intellectual property that you cover deeply. But Mark and Phil, this notion of Cybergeddon meets the fact that we have to be more defensive. Again, principles of openness are out there. I mean, we have open source. There is a potential path here. Open source software has been, I think, depending on who you talk to, fourth generation, or fifth, depending on how old you are, but it's now mainstream enough now. Are we ever going to get to a formula where we can actually be strong in defense as well as just offense with respect to protecting digitally? >> Phil, do you want that? >> Well, yeah, I would just say that I'm glad to hear that General Alexander is confident about our offensive capabilities. But one of the... To NSA that is conducting these offensive capabilities. When we talk about Russia, Iran, China, or even a smaller group, like let's say an extremist group or something like that, there's an integration between command and control, that we simply don't have here in the States. For example, the Panasonic and Sony examples always come to mind, as ones where there are attacks that can happen against American companies that then have larger implications that go beyond just those companies. So and this may not be a case where the NSA is even tracking the threat. There's been some legislation that's come out, rather controversial legislation about so-called hacking back initiatives and things like that. But I think everybody knows that this is already kind of happening. The real question is going to be, how does the public sector, and how does the private sector work together to create this environment where they're working in synergy, rather than at cross purposes? >> Yeah, and this brings up, I've heard this before. I've heard people talk about the fact that open source nation states can actually empower by releasing tools in open source via the Dark Web or other vehicles, to not actually have, quote, their finger prints, on any attacks. This seems to be a tactic. >> Or go through criminals, right? Use proxies, things like that. It's getting even more complicated and Alexander's talked about that as well, right? He's talked about the convergence of crime and nation-state actions. So whereas with nation-states it's already hard-attributed enough, if that's being outsourced to either whether it's patriotic hackers or criminal groups, it's even more difficult. >> I think you know, Keith is a good friend of all of ours, obviously, good guy. His point is a good one. I'd like to take it a little more extreme state and say, defense is worth doing and probably hopeless. (everyone laughs) So, as they always say, all it takes is one failure. So, we always talk about defense, but really, he's right. Offense is easy. You want to go after somebody? We can get them. But if you want to play defense against a trillion potential points of failure, there's no chance. One way to say this is, if we ignore individuals for a moment and just look at nation-states, it's pretty clear that any nation-state of size, that wants to get into a certain network, will get in. And then the question will be, Well, once they're in, can they actually do damage? And the answer is probably yeah, they probably can. Well, why don't they? Why don't they do more damage? We're kind of back to the original premise here, that there's some restraint going on. And I suspect that Keith's absolutely right because in general, they don't want to get attacked. They don't want to have to come back at them what they're about to do to your banks or your grid, and we could do that. We all could do that. So my guess is, there's a little bit of failure on our part to have deep discussions about how great our defenses either are, or are not, when frankly the idea of defense is a good idea, worthwhile idea, but not really achievable. >> Yeah, that's a great point. That comes up a lot where it's like, people don't want retaliation, so it's a big, critical event that happens, that's noticeable as a counterstrike or equivalent. But there's been discussion of the, I call it "the slow bleed" where they push the line of where that is, like slowly infiltrate, and just cause disruption and inconvenience, as a tactic. This has become something we're seeing a lot of. Whether it's misinformation campaigns on fake news, to just disrupting operations slowly over time, and just kind of, 1,000 paper cuts, if you will. Your guys' thoughts on that? Is that something you guys see out there that's happening? >> Well, you saw Iran go after our banks. And we were pushing Iran pretty hard on the sanctions. Everybody knows they did that. It wasn't very much fun for anybody. But what they didn't do is take down the entire banking system. Not sure they could, but they didn't. >> Yeah, I would just add there that you see this on multiple fronts. You see this is by design. I'm sure that Mark is talking about this in his report but... they talk about this incremental approach that over time, this is part of the problem, right? Is that we have a very kind of black or white conception of warfare in this country. And a lot of times, even companies are going to think, well you know, we're at peace, so why would I do something that may actually be construed as something that's warlike or offensive or things like that? But in reality, even though we aren't technically at war, all of these other actors view this as a real conflict. And so we have to get creative about how we think about this within the paradigm that we have and the legal strictures that we have here in this country. >> Well there's no doubt at least in my non-expert military opinion, but as someone who is a techie, been on the Internet from day one, all my life, and all those tools, you guys as well, I personally think we're at war. 100%, there's no debate on that. And I think that we have to get better policy around this and understand it better. Because it's happening. And one of the obvious areas that we see in the news everyday, it's Huawei and intellectual property theft. This is an economic impact. I mean just look at what's happening in Brexit in the U.K. If that was essentially manipulated, that's the ultimate smart bomb, is to just destroy their financial system, which ended up happening through that misinformation. So there are economic realizations here, Evan,that not only come from the misinformation campaigns and other attacks, but there's real value with intellectual property. This is the report you put out. Your thoughts? >> There's very much an active conflict going on in the economic sphere, and that's certainly an excellent point. I think one of the most important things that most of the world doesn't quite understand yet, but our adversaries certainly understand, is that wars are fought for usually, just a few reasons. And there's a lot of different justification that goes on. But often it's for economic benefit. And if you look at human history, and you look at modern history, a lot of wars are fought for some form of economic benefit, often in the form of territory, et cetera, but in the modern age, information can directly and very quite obviously translate into economic benefit. And so when you're bleeding information, you're really bleeding money. And when I say information, again, it's a broad word, but intellectual property, which our definition, here at INVNT/IP is quite broad too, is incredibly valuable. And so if you have an adversary that's consistently removing intellectual property from what I would call our information ecosystem, and our business ecosystem, we're losing a lot of economic value there, and that's what wars are fought over. And so to pretend that this conflict is inactive, and to pretend that the underlying economy and economic strength that is bolstered or created by intellectual property isn't critical would be silly. And so I think we need to look at those kinds of dynamics and the kind of Gerasimov Doctrine, and the essential doctrine of unrestricted warfare that came out of the People's Republic of China are focused on avoiding kinetic conflict while succeeding at the kinds of conflict that are more preferable, particularly in an asymmetric environment. So that's what we're dealing with. >> Mark and Phil, people waking up to this reality are certainly. People in the know are that I talk to, but generally speaking across the board, is this a woke moment for tech? This Armageddon now or later? >> Woke moment for politicians not for tech, I think. I'm sure Phil would agree with this, but the old guard, go back to when Keith was running the NSA. But at that time, there was a very clear distinction between military and economic security. And so when you said security, that meant military. And now all the rules have changed. All the ways CFIUS works in the United States have changed. The legislation is changing, and now if you want to talk about security, most major nations equate economic security with national security. And that wasn't true 10 years ago. >> That's a great point. That's really profound, I totally agree. Phil. >> I think you're seeing a change in realization in Washington about this. I mean, if you look at the cybersecurity strategy of 2018, it specifically says that we're going to be moving from a posture of active defense to one of defending forward. And we can get into the discussion about what those words mean, but the way I usually boil down is it means, going from defending, but maybe a little bit forward, to actually going out and making sure that our interests are protected. And the reason why that's important, and we're talking about offense versus defense here, obviously the reason why, from what Mark was saying, if they're already in the networks, and they haven't actually done anything, it's because they're afraid of what that offensive response could be. So it's important that we selectively demonstrate what costs we could impose on different actors for different kinds of actions, especially knowing that they're already operating inside of our network. >> That's a great point. I mean, I think that's again another profound statement because it's almost like the pin in the grenade. Once they pull it, the damage is done. Again, back to our theme, Armageddon, now or later? What's the answer to this, guys? Is it the push to policy conversation and the potential consequences higher? Get that narrative going. Is it more technical protection in the networks? What's some of the things that people are talking about and thinking about around this? >> And it's really all of the above. So the tough part about this for any society and for our society is that it's expensive to live in a world with this much insecurity. And so when these kind of low-level conflicts are going on, it costs money and it costs resources. And companies had to deal with that. They spent a long time trying to dodge security costs, and now particularly with the advent of new law like the GDPR in Europe, it's becoming untenable not to spend that defensive money, even as a company, right? But we also are looking at a deepening to change policy. And I think there's been a lot of progress made. Mark mentioned the CFIUS reforms. There are a lot of different essentially games of Whack-A-Mole being played all around the world right now figuring out how to chase these security problems that we let go too long, but there's many, many, many fronts that we need to-- >> Whack-A-Mole's a great example. The visualization of that is just horrendous. You know, not the ideal scenario. But I got to get your point on this, because one of the things that comes up all the time in our conversations in theCUBE is, the government's job is to protect our securities. So again, if someone came in, and invaded my town in Palo Alto, it's not my responsibility to fight for the town. Maybe defend my own house. But if I'm a company being attacked by Russia, or China or Iran, isn't it the government's responsibility to protect me as a citizen and the company doing business there? So again, this is kind of the confusion that people have. If somebody's going to defend their hack, I certainly got to put security practices in place. This is new ground for the government, digitally speaking. >> When we started this INVNT/IP project, it was about seven years ago. And I was told by a very smart guy in D.C. that our greatest challenge was going to be American corporations, global corporations. And he was absolutely right. Literally in this fight to protect intellectual property, and to protect the welfare even of corporations, our greatest enemies so far have been American corporations. And they lobby hard for China, while China is busy stealing from them, and stealing from their company, and stealing from their country. All that stuff's going on, on a daily basis and they're in D.C. lobbying in favor of China. Don't do anything to make them mad. >> They're getting their pockets picked at the same time. And they're trying to do business in China. They're getting their pockets picked. That's what you're saying. >> They're going for the quarterly earnings report and that's all. >> So the problem is-- >> Yeah so-- >> The companies themselves are kind of self-inflicted wounds here for them. >> Yes. >> Yeah, just to add to that, on this note, there have been some... Business to settle interest. And this is something you're seeing a little bit more of. There's been legislation through CFIUS and things like that. There have been reforms that discourage the flow of Chinese money in the Silicon Valley. And there's actually a measurable difference in that. Because people just don't want to deal with the paperwork. They don't want to deal with the reputational risk, et cetera, et cetera. And this is really going to be the key challenge, is having policy makers not only that are interested in addressing this issue, because not all of them are even convinced it's a problem, if you can believe it or not, but having them interested and then having them understand the issue in a way that the legislation can actually be helpful and not get in the way of things that we value, such as innovation and entrepreneurialism and things like that. So it's going to take sophisticated policy-making and providing incentives so that companies actually want to participate and helping to make America safer. >> You're so right about the politicians. Capitol Hill's really not educated. I mean I tell my kids, and they ask the same questions, just look at Mark Zuckerberg and Sundar Pichai present to the government. They don't even know what an Android phone versus an iPhone is, nevermind what the Internet, and how this global economy works. This has become a makeup problem of the personnel in Capitol Hill. You guys see any movement? I'm seeing some change with a new guard, a new generation of younger people coming in. Certainly from the military, that's an easy when you see people get this. But a new generation of young millennials who are saying, "Hey, why are we doing this the old way?" and actually becoming more informed. Not being the lawyer at law-making. It's actually more technically savvy. Is there any movement, any bright hope there? >> I think there's a little hope in the sense that at a time when Congress has trouble keeping the lights on, they seem to have bipartisan agreement on this set of issues that we're talking about. So, that's hopeful. You know, we've seen a number of strongly bipartisan issues supported in Congress, with the Senate, with the House, all agreeing that this is an issue for us all, that they need to protect the country. They need to protect IP. They need to extend the definition of security. There's no argument there. And that's a very strange thing in today's D.C. to have no argument between the parties. There's no error between the GOP and the Democrats as far as I can tell. They seem to all agree on this, and so it is hopeful. >> Freedom has its costs and I think this is a new era of modern freedom and warfare and protection and all these dynamics are changing, just like Cloud 2.0 is changing application developers. Guys, this is a really important topic. Thank you so much for coming on, appreciate it. Love to do a follow-up on this again with you guys. Thanks for sharing your insight. Some great, profound statements there, appreciate it. Thank you very much. >> Thank you. >> Thanks for having us. >> It's been a CUBE Power Panel here from Palo Alto, California with Evan Anderson, Mark Anderson, and Phil Lohaus. Thank you guys for coming on. Power Panel: The Next Battleground in Industrial IoT. Security is a big part of it. Thanks for watching, this has been theCUBE. (energetic music)

(upbeat music) >> Live, from Washington DC. It's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in Washington DC. I'm your host Rebecca Knight, co-hosting alongside of John Furrier. We are excited to welcome to the program, General Keith Alexander former NSA Director, the first Commander to lead the US Cyber Command, Four-star General with a 40 year career. Thank you so much for coming theCUBE, we are honored, we are honored to have you. >> It is an honor to be here. Thank you. >> So let's talk about cyber threats. Let's start there and have you just give us your observations, your thoughts on what are the most pressing cyber threats that keep you up at night? >> Well, so, when you think about threats, you think about Nation States, so you can go to Iran, Russia, China, North Korea. And then you think about criminal threats, well all the things like ransomware. Some of the Nation State actors are also criminals at night so they can use Nation State tools. And my concern about all the evolution of cyber-threats, is that the attacks are getting more destructive, the malware has more legs with worms and the impact on our commercial sector and our nation, increasingly bigger. So you have all those from cyber. And then I think the biggest impact to our country is the theft of intellectual property, right. That's our future. So you look out on this floor here, think about all the technical talent. Now imagine that every idea that we have, somebody else is stealing, making a product out of it, competing with us, and beating us. That's kind of what Huawei did, taking CISCO code to make Huawei, and now they're racing down that road. So we have a couple of big issues here to solve, protect our future, that intellectual property, stop the theft of money and other ideas, and protect our nation. So when you think about cyber, that's what I think about going to. Often times I'll talk about the Nation State threat. The most prevalent threats is this criminal threat and the most, I think, right now, important for us strategically is the theft of intellectual property. >> So why don't we just have a digital force to counter all this? Why doesn't, you know, we take the same approach we did when we, you know, we celebrated the 75th anniversary D-day, okay, World War II, okay, that was just recently in the news. That's a physical war, okay. We have a digital war happening whether you call it or not. I think it is, personally my opinion. I think it is. You're seeing the misinformation campaigns, financial institutions leaving England, like it's nobody's business. I mean it crippled the entire UK, that like a big hack. Who knows? But its happening digitally. Where's the forces? Is that Cyber Command? What do you do? >> So that's Cyber Command. You bring out an important issue. And protecting the nation, the reason we set up Cyber Command not just to get me promoted, but that was a good outcome. (laughing) But it was actually how do we defend the country? How do we defend ourselves in cyber? So you need a force to do it. So you're right, you need a force. That force is Cyber Command. There's an issue though. Cyber Command cannot see today, attacks on our country. So they're left to try to go after the offense, but all the offense has to do is hit over here. They're looking at these sets of targets. They don't see the attacks. So they wouldn't have seen the attack on Sony. They don't see these devastating attacks. They don't see the thefts. So the real solution to what you bring up is make it visible, make it so our nation can defend itself from cyber by seeing the attacks that are hitting us. That should help us protect companies in sectors and help us share that information. It has to be at speed. So we talk about sharing, but it's senseless for me to send you for air traffic control, a letter, that a plane is located overhead. You get it in the mail seven days later, you think, well-- >> Too late. >> That's too late. >> Or fighting blindfolded. >> That's right. >> I mean-- >> So you can't do either. And so what it gets you to, is we have to create the new norm for visibility in cyber space. This does a whole host of things and you were good to bring out, it's also fake news. It's also deception. It's all these other things that are going on. We have to make that visible. >> How do you do that, though? >> What do you do? I do that. (laughing) So the way you do it, I think, is start at the beginning. What's happening to the network? So, on building a defensible framework, you've got to be able to see the attacks. Not what you expect, but all the attacks. So that's anomaly detection. So that's one of the things we have to do. And then you have to share that at network speed. And then you have to have a machine-learning expert system AI to help you go at the speeds the attacker's going to go at. On fake-news, this is a big problem. >> Yeah. >> You know. This has, been throughout time. Somebody pointed out about, you know, George Washington, right, seven fake letters, written to say, "Oh no, I think the King's good." He never wrote that. And the reason that countries do it, like Russia, in the elections, is to change something to more beneficial for them. Or at least what they believe is more beneficial. It is interesting, MIT has done some studies, so I've heard, on this. And that people are 70% more like to re-Tweet, re-Tweet fake news than they are the facts. So. >> Because it's more sensational, because it's-- >> That's food. It's good for you, in a way. But it's tasty. >> Look at this. It's kind of something that you want to talk about. "Can you believe what these guys are doing? "That's outrageous, retweet." >> Not true. >> Not true. Oh, yeah, but it makes me mad just thinking about it. >> Right, right. >> And so, you get people going, and you think, You know, it's like going into a bar and you know, you go to him, "He thinks you're ugly." and you go to me, and you go, "He thinks you're ugly." (laughs) And so we get going and you started it and we didn't even talk. >> Right, right. >> And so that's what Russia does. >> At scale too. >> At scale. >> At the scale point. >> So part of the solution to that is understanding where information is coming from, being able to see the see the environment like you do the physical environment at speed. I think step one, if I were to pick out the logical sequence of what'll happen, we'll get to a defensible architecture over the next year or two. We're already starting to see that with other sectors, so I think we can get there. As soon as you do that, now you're into, how do I know that this news is real. It's kind of like a block-chain for facts. How do we now do that in this way. We've got to figure that out. >> We're doing our part there. But I want to get back to this topic of infrastructure, because digital, okay, there's roads, there's digital roads, there's packets moving round. You mentioned Huawei ripping off CISCO, which takes their R and D and puts it in their pockets. They have to get that. But we let fake news and other things, you've got payload, content or payload, and then you've got infrastructure distribution. Right, so, we're getting at here as that there are literally roads and bridges and digital construction apparatus, infrastructure, that needs to be understood, addressed, monitored, or reset, because you've had email that's been around for awhile. But these are new kinds of infrastructure, but the payload, malware, fake news, whatever it is. There's an interaction between payload and infrastructure. Your thoughts and reaction to that as a Commander, thinking about how to combat all this? >> I, my gut reaction, is that you're going to have to change, we will have to change, how we think about that. It's not any more roads and avenues in. It's all the environment. You know, it's like this whole thing. Now the whole world is opened up. It's like the Matrix. You open it up and there it is. It's everything. So what we have to do is think about is if it's everything, how do we now operate in a world where you have both truths and fiction? That's the harder problem. So that's where I say, if we solve the first problem, we're so far along in establishing perhaps the level so it raises us up to a level where we're now securing it, where we can begin to see now the ideas for the pedigree of information I think will come out. If you think about the amount of unique information created every year, there are digital videos that claim it's doubling every year or more. If that's true, that half of, 75% of it is fiction, we've got a big road to go. And you know there is a lot of fiction out there, so we've got to fix it. And the unfortunate part is both sides of that, both the fiction and the finding the fiction, has consequences because somebody says that "A wasn't true, "That person, you know, they're saying, he was a rapist, "he was a robber, he was a drugger," and then they find out it was all fake, but he still has that stigma. And then the person over here says, "See, they accused me of that. "They're out to get me in other areas. "They can exclaim what they want." >> But sometimes the person saying that is also a person who has a lot of power in our government, who is saying that it's fake news, when it's not fake news, or, you know what, I-- >> So that's part of the issue. >> It's a very different climate >> Some of it is fake. Some of it's not. And that's what makes it so difficult for the public. So you could say, "That piece was fake, "maybe not the other six." But the reality is, and I think this is where the media can really help. This is where you can help. How do we set up the facts? And I think that's the hardest part. >> It's the truth. >> Yeah, yeah. >> It's a data problem. And you know, we've talked about this off camera in the past. Data is critical for the systems to work. The visibility of the data. Having contextual data, the behavioral data. This gets a lot of the consequences. There's real consequences to this one. Theft, IP, freedom, lives. My son was video-gaming the other day and I could hear his friends all talking, "What's your ping start word? "What's your ping time? "I got lag, I'm dead." And this is a video game. Military, lagging, is not a game. People are losing their lives, potentially if they don't have the right tactical edge, access to technology. I know this is near and dear to your heart. I want to get your reaction. The Department of Defense is deploying strategies to make our military in the field, which represents 85% infantry, I believe, some statistic around that number, is relying on equipment. Technology can help, you know, that. Your thoughts on, the same direction. >> Going to the Cloud. Their effort to go to the Cloud is a great step forward, because it addresses just what you're saying. You know, everybody used to have their own data centers. But a data center has a fixed amount of computational capability. Once you reach it, you have to get another data center, or you just live with what you've got. In the Cloud if the problem's bigger, elasticity. Just add more corridors. And you can do things now that we could never do before. Perhaps even more importantly, you can make the Clouds global. And you can see around the world. Now you're talking about encrypted data. You're talking about ensuring that you have a level of encryption that you need, accesses and stuff. For mobile forces, that's the future. You don't carry a data center around with an infantry battalion. So you want that elasticity and you need the connectivity and you need the training to go with it. And the training gets you to what we were just talking about. When somebody serves up something wrong, and this happened to me in combat, in Desert Storm. We were launched on, everybody was getting ready to launch on something, and I said, "This doesn't sound right." And I told the Division Commander, "I don't agree. "I think this is crazy. "The Iraqis are not attacking us down this line. "I think it's old news. "I think somebody's taken an old report that we had "and re-read it and said oh my God, they're coming." And when we found out that was a JSTARS, remember how the JSTARS MTI thing would off of a wire, would look like a convoy. And that's what it was. So you have to have both. >> So you were on the cusp of an attack, deploying troops. >> That's right. >> On fake information, or misinformation, not accurate-- >> Old information. >> Old information. >> Old information. >> Old, fake, it's all not relevant. >> Well what happens is somebody interprets that to be true. So it gets back to you, how do you interpret the information? So there's training. It's a healthy dose of skepticism, you know. There are aliens in this room. Well, maybe not. (laughing) >> As far as we know. >> That's what everybody. >> But what a fascinating anecdote that you just told, about being in Desert Storm and having this report come and you saying, "Guys, this doesn't sound right." I mean, how often do you harken back to your experience in the military and when you were actually in combat, versus what you are doing today in terms of thinking about these threats? >> A lot. Because in the military, when you have troops in danger your first thought is how can I do more, how can I do better, what can I do to get them the intelligence they need? And you can innovate, and pressure is great innovator. (crunching sound) And it was amazing. And our Division Commander, General Griffith, was all into that. He said, "I trust you. "Do whatever you want." And we, it was amazing. So, I think that's a good thing. Note that when you go back and look at military campaigns, there's always this thing, the victor writes the history. (laughing) So you know, hopefully, the victor will write the truthful history. But that's not always the case. Sometimes history is re-written to be more like what they would like it to be. So, this fake news isn't new. This is something where I think journalists, historians, and others, can come together and say, "You know, that don't make sense. "Let's get the facts." >> But there's so much pressure on journalists today in this 24-hour news cycle, where you're not only expected to write the story, but you're expected to be Tweeting about it, or do a podcast about it later, to get that first draft of history right. >> So it may be part of that is as the reporter is saying it, step back and say, "Here's what we've been told." You know, we used to call those a certain type of sandwich, not a good-- (laughing) If memory serves it's a sandwich. One of these sandwiches. You're getting fed that, you're thinking, "You know, this doesn't make sense. "This time and day that this would occur." "So while we've heard this report. "It's sensational. "We need to go with the facts." And that's one of the areas that I think we really got to work. >> Journalism's changing too. I can tell you, from we've talked, data drives us. We've no advertising. Completely different model. In-depth interviews. The truth is out there. The key is how do you get the truth in context to real-time information for those right opportunities. Well, I want to get before we go, and thanks for coming on, and spending the time, General, I really appreciate it. Your company that you've formed, IronNet, okay, you're applying a lot of your discipline and knowledge in military cyber and cutting-edge tech. Tell us about your company. >> So one of the things that you, we brought up, and discussed here. When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta, we can't see attacks on our country. And that's the commercial sector needs to help go fix that. The government can't fix that. So my thought was now that I'm in the commercial sector, I'll help fix the ability to see attacks on the commercial sector so we can share it with the government. What that entails is creating a behavioral analytic system that creates events, anomalies, an expert system with machine-learning and AI, that helps you understand what's going on and the ability to correlate and then give that to the government, so they can see that picture, so they have a chance of defending our country. So step one is doing that. Now, truth and lending, it's a lot harder than I thought it would be. (laughing) You know, I had this great saying, "Nothing is too hard "for those of us who don't have to do it." "How hard can this be?" Those were two of my favorite sayings. Now that I have to do it, I can say that it's hard, but it's doable. We can do this. And it's going to take some time. We are getting traction. The energy sector has been great to work with in this area. I think within a year, what we deploy with the companies, and what we push up to the Cloud and the ability to now start sharing that with government will change the way we think about cyber security. I think it's a disruptor. And we have to do that because that's the way they're going to attack us, with AI. We have to have a fast system to defend. >> I know you got to go, tight schedule here, but I want to get one quick question in. I know you're not a policy, you know, wonk, as they say, or expert. Well, you probably are an expert on policy, but if we can get a re-do on reshaping policy to enable these hard problems to be solved by entrepreneurs like yourself expertise that are coming into the space, quickly, with ideas to solve these big problems, whether it's fake news or understanding attacks. What do the policy makers need to do? Is it get out of the way? Do they rip up everything? Do they reshape it? What's your vision on this? What's your opinion? >> I think and I think the acting Secretary of Defense is taking this on and others. We've got to have a way of quickly going, this technology changes every two years or better. Our acquisition cycle is in many years. Continue to streamline the acquisition process. Break through that. Trust that the military and civilian leaders will do the right thing. Hold 'em accountable. You know, making the mistake, Amazon, Jeff Bezos, says a great thing, "Go quickly to failure so we can get "to success." And we in the military say, "If you fail, you're a dummy." No, no, try it. If it doesn't work, go on to success. So don't crush somebody because they failed, because they're going to succeed at some point. Try and try again. Persevere. The, so, I think a couple of things, ensure we fix the acquisition process. Streamline it. And allow Commanders and thought leaders the flexibility and agility to bring in the technology and ideas we need to make this a better military, a better intelligence community, and a better country. We can do this. >> All right. All right, I'm thinking Rosie the Riveter. We can do this. (laughing) >> We can do it. Just did it. >> General Alexander, thank you so much for coming on the show. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE. (electronic music)