from the Hard Rock Hotel in Las Vegas it's the queue recovering the Hojo Kahn 2018 to you by Osho hello everyone welcome back to the cubes exclusive coverage here live in Las Vegas for the first ever security conference around blockchains called Osho con it's put on by host show and industry participants small but intimate and the smartest people in in the industry kind of coming together trying to solve and understand the future for security as it relates to blockchain I'm John furrow your host of the cube next guys anneal keelson who's the CEO of encrypt formerly the NSA's variety experience with security across the board from early days many waves of technology innovation had a panel here talking about you know securing the blockchain and the nuclear codes some basically implying that do you know if you had to secure it the nuclear it's welcome to the cube well thanks thanks John it's great to talk to you um that's exactly it right so the blockchain is is meant to really provide high assurance for a lot of really big transactions right so the internet evolved over time to to hold information to to share information who has ever meant to conduct transactions now we do a lot of e-commerce commerce on it but it wasn't meant to be unchanging right but the blockchain is it said that so the idea is is if we lose control of that if we don't secure it in a way that we can protect our most important digital assets and it's not good enough for anything and so that's why I compared it to you know what would it take to secure something like the nuclear launch codes on it clearly we wouldn't you know there's no reason to but some mindset it's my shift shared focus on okay think that level of impact absolutely money right these people are putting you know it doesn't matter whether you're you're 16 and you're putting your only 500 dollars in crypto or whether you're an institutional investor with five hundred million dollars in it right that that's catastrophic if you lose it right and yet we don't always treat it that way we haven't made the systems easy enough to use for the general user right yeah so we talked about adoption right I mean let's let's talk so if you don't mind let's talk about adoption Yeah right that's why we're here is we're trying to figure out what's it gonna take to get to the next billion users and crypto well it has to be easy and we don't make it easy today in a secure enough way it has to be baked in from the beginning can't be like okay I built an app I built some architecture do some blockchain well by the way security is really hard because we have to make it so complex right for users because it's complex in general right if we build the app first and we get it deployed to say even 50,000 people and then we go back and say you know what we need to build this tree it's more expensive right it's harder to do it's a lays deployment and it confuses users because now they're changing the way that they're interactive let's talk about the adoption in context to architecture it's one of the things that we've been covering certainly the cube folks know in our audience cloud computing has changed the architecture of how people deploy IT and technologies get DevOps horizontally scalable you've had a lot experience over the years and generations of computing evolving through the trend lines here the architecture is interesting so if you think about the architecture of security and blotching in general the security paradigm has to be compatible with a new architecture so it's kind of a moving train at multiple levels so what is the preferred architecture what are some of the blockchain architects and or if you're gonna have token economics you have to have certain business model and our workflows that ties into the technology enablement how should people think about an architectural view to make the adoption or user interface or user experience or where the expectation is kind of new has it all come together so I'm challenging people to think about it differently right so so the blockchain in itself is really pretty secure right it creates an immutable ledger a mutable record where we're going to get in trouble and where we do get in trouble is when you start to transact with it right where you start to actually use a device right whether it's your own phone or it's a computer right you're transacting with it and people don't have the security mechanisms built in there you know and it goes back to what we've talked about for the last 20 years whether it was with the trust computing group the global platform right they've designed the standards so you've got probably in this PC you've got the waltz I guess it's a MacBook Cermak yes yes and your phone right in most computers you've got the security primitives that you need to use hardware to secure those transactions but we're not using them yeah we've been waiting for that kind of killer app to use hardware to secure transactions and blockchain might just be that it's talked about the hard work is doesn't that conversation of kids coming up a lot here in the hallways I was the custodial services today these are two kind of the the business conversation that converts them to technology which is okay hardware is actually a good time to actually implement this Google's doing a lot of stuff with their two-factor authentication with a hardware component you hear Stephan spray get rivets talking about a solution he has it is it the time it's like the perfect storm for just a simple hardware solution I think it is and it and you're right it has to be simple right hardware solutions can get complex we can make them too difficult to use but they don't have to be we like I said we have the firm that was built into most these devices I mean in the billions of devices yeah if you thought to Steven you've heard him talking about the number of devices that are there carrying the primitives he needs needs to use for his his hardware um but if we don't make it simple enough then users won't adopt if they won't use it you know have you used a hardware wallet I'm sure you probably have it yet right it's it's not a simple process today because it requires external pieces external components it's it's it's not a workflow that we understand it's not something we can train to and grown up with it's interesting when I was also talking to Steve off-camera because he had the interviews over but we're talking about the supply chain compromise honestly Bloomberg kind of had the story they had the facts wrong but we kind of understand that that's this hack has been out there for a while around modifying and or a rootkit on the boards you have an brach cat Adam demo live demo on stage and 2015 where they actually showed malware that could not be removed from from memory so I mean it's not this is not new right so but the supply chain has always been and you've been the government you got to know where all the components are right so the old days oh hey outsourced manufacture in China build it the cheapest way possible commodity and D Ram was went down this rip path years and years ago and Japan dominated that and it was low commodity low margin or high Kimani low margin and then Pentium comes out so you're starting to see that hardware supply chain changing what's different now what do people got to do to make sure that the hardware is better what's your opinion on that I don't know if it needs to be better but wouldn't what we need to know is is where the hard work came from we need to know that the hardware is what we expected it to be right that's a really unique question you know we all buy Hardware all the time and you just expect it if it came from vendor that it's what you expected and and and let's talk about something even simpler it's not talking about maliciousness most computers you buy are built to order today right you order you order all the different components yet when you get that at home you don't check to make sure you got the actual RAM that you asked for you have no idea none of us do that right and and likely the vendor doesn't really have a great record to know that absolutely they put in there what you specifically wanted now they intend to write but there's no there's a lot of room in that for changes to be made that aren't expected I guess that for good or bad from malicious or non malicious intent so what that means is that we really need to get used to saying you know what I got this new piece of hardware I got to conduct transactions with that are really critical to my financial survival my my personal privacy and we can't trust them until we know we should be able to trust them so that's where hard work comes into play what sort of trans you're seeing in the hallway conversations you had here and your talk I see people grab you after and talk to you two hallways what are some of the hallway conversations that you've been having here at Osho con I you know the most common question has been how do you convince people that security is important I mean that which is a really really basic way and you know right now life just point them to to news after news article you know to say you know you've got the hardware were reported tax yeah you've got the privacy attacks with with a lot of social media and and and internet companies um if summary this today doesn't believe that security is important I don't know you'll have to convince them so then it becomes a question of how do you get them to adopt it and you know getting getting your your family members to adopt two-factor authentication when it's not as as easy as not adopting it yeah it's sometimes a hard place yeah one things I worry about just kind of just because I'm paranoid sometimes is that yeah what is going on in my with my kids I got four kids 16 to 23 you know I got a Wi-Fi in my house they've got a password on it I'm sure it's been hacked but they're downloading music what the movies I don't know what they're doing at gaming mean there's a service area in my house is pretty much who knows what's going on right I don't even know what's going on in my network this is kind of this in my mind will paranoid but that's what average people think about these days it's like okay I got my own home network at these things going on I'm out in the wild is it a device centric security model that we're moving to do you see it where you know hey my phone you know I don't I know when I leave my phone at home and it takes me three seconds to realize I got to turn the car right so yeah and I leave my wallet at the restaurant when I'm done my meal so these are kind of device centric philosophy is that a better direction you think so I don't know that you can yes and no right for the personal devices but now you know if you go to most networks right with IOT you may have 40 or 50 devices on your network yeah things that don't move you know you may have a light bulb that's got a key to it right it's really about making sure that you own it and then you own the keys I mean that's what it okay that's what security all comes down to you right is key ownership so when you take a look at how you do that we need the systems in place that help us understand where those keys are what they're doing and how we how we cut them off if we need to that's awesome well I was I want to get into what your company's doing but I also wanna I talked about trip I had Middle East general Keith Alexander was with us on at with Amazon almost new region I know you worked with him at the NSA and you know one of the things he's doing at his new startup is a crowdsourcing we're hearing some of that in here as well where people are using crowdsourcing as a way of the security mechanism is that something that you think is viable do you think that this crowd sourcing idea is gonna be helpful or it's just a small piece of the puzzle I think it's I think it's a small piece of the puzzle I think it's the opposite end of the spectrum then a device centric hardware component I think it takes both pieces right it's a matter of making sure you you you know what you have and they use only what you trust and that you're able to connect to the network in a way that you're comfortable and then that crowdsource piece comes in to make sure that you're monitoring kind of all those transactions so so you're a big believer I'm assuming based on the conversation that hardware and software combination is gonna be the preferred user interface I think work it has to be I think we've proven that over the last 20 years I mean cell phones are a good example of that yeah right although we do get some spoofing today and that's been a big talker this cost it's not as prevalent as it was in 1994 yeah yeah I mean I like the idea too of we mean hey if we have we want to know what's in my computer I'd love to go look at a blockchain ledger and say here's what's in my Mac right now wouldn't you that's a good use case of blockchain but but what if you didn't even have to go look at it right what if every time you booted it up it checked it against a a record that was on the blockchain that said you know this is what your Mac should look like and it said you know what you can go ahead and connect to the internet go ahead and conduct that transaction that's the great Act go ahead and that's a great use case all right so what encrypt your company what do you guys doing what's the main focus of your opportunity that you're pursuing so we formed it in May of this year to focus on blockchain security when I left the agency I realized there was this really big gap in the conversation people are having around it I think it's a transformational technology as a skills gap technology gap all the above what are you saying it's both right you've got computer science graduates that come out without a good understanding of hardware security you know it's not being taught in most curriculums it's a it's a it's a general understanding of how to apply the hardware against it it's a general under Sun derp standing of what you can trust right yeah we've got generate a generation now that have grown up with with iPhones in their hands they just assume it's it's okay to use it's just thing you mentioned the computer science programs but I would agree interview started in the 80s so we had to learn computer architectures EE class actually right and you know as gates and all that you know the hard core component stuff as well as coding systems a systems kind of programming model now it's a little bit different more diverse it'll ease a lot of you know new opportunities within computer science so it's broad and certainly in a skill gap that's what comes up a lot we hear obviously more cyber security jobs are open and ever before automation is a term that's been coming known in the cloud business where you starting to see that now a security host shows got this automation component that they're adding in for tooling is the tooling and for developers who actually building stuff out there's it early innings how would you put the progress of some of the tooling that that's reliable I mean this is you know you still got people trying to build products and companies I need help what's the status in your mind the ecosystem around platforms and tooling and open source so over the last ten years there's been a great push to to create better tools I'm a lot of it was done in the open source a lot of those done around Linux because it work Windows honestly Microsoft has done a great job in getting secure boot implemented on every on every PC they supply you know Apple does a great job with their boot security but it they're not making available and mobile is probably the worst example right that the TE the trusted execution environment which is the secure space in a mobile phone isn't open for most developers to access right so you know that hardware component isn't there it's not available so yeah I know I always get this updates when I go to China Hey Apple has an update for you it's like the download mmm is this really Apple right I mean no turn off my iPhone right I mean but this is kind of the the interception of you know the the the fraudulent some of the some of malicious things are going on and that that still is concern but I think generally speaking you got entrepreneurs here not noticed at this conference and some of the earlier investor conferences we've been to there's a ton of alpha entrepreneur activity real smart people trying to build durable technology and solutions this is the main focus so it's kind of like and the capital Mars as we know is pretty much in the toilet right now but you know it's still growth and so we're trying to unpack that what's your opinion on entrepreneurship because it every trough is always an OP tick and we'll probably see some growth and those company that survive and thrive will probably be the leaders right what are you seeing what's your opinion of the landscape event ventures out there so so the crypto markets been really interesting it's all been focused on consumer and crypto there's there and even on the floor today there's a big push into the enterprise market for blockchain and deployments you know Simba is a company that's got a great toolset here today you had to help see how big enterprises understand how to deploy smart contracts into a blockchain in the enterprise you know to me the exciting part is the use case is outside of cryptocurrency and tokens the blockchain brings two to the marketplace I think that's where we'll see the next wave entrepreneurship I'm coming to fundraise that on stage at a comments like hey you know when one of the Q&A sessions substance you think your best proposal and substitute database with blockchain if it means the same is probably not Neri absolutely I'm teasing out essentially that the you know the old guard being replaced with the new guard same same models two new faces you know taking over the industries that not only mean changing them so to speak and security kind of hence to the same way where if you're going to have a distributed and decentralized architecture with IOT with all these things connected with digital assets and digital devices this crews gonna be thought differently what's what's your current take on how to tackle that that world I mean is there a certain approach you found so so so there's I'm not sure going to answer your actual question but but there's there's this really interesting debate like you said aundrea said you know if you can replace database with with blockchain is probably not the right fit and a lot of early crypto adopters have made that argument jimmy song says that publicly all the time right there's no place for blockchain in the enterprise essentially right and and you know you can you can swing both ways but the blockchain offers something to to an enterprise that doesn't require the distribution it offers the ability to create immutability right now the inability to change that record which we don't have in most cases today yeah you know and it's fairly simple and easy to deploy and are not for smart contracts so if we go back to the the use case we talked about where every time a machine boots up and it creates a record of that machine and writes it we've never had that capability we've tried we you know when I was at the agency we built a system that sort of did that but it didn't have the same sort of underlying strength of mechanism yeah it would allow us to trust it forensic way almost you know I interviewed Jimmy song and to have consensus event and you know I don't necessarily agree with him on that point it's like I think there's use cases in the enterprise that actually make blockchain very viable and it's almost like the cloud world you have public and private hybrid coming I mean so that's kind of my take on it and because it's interesting me iBM has been advertising heavily and others are looking at supply chain is low-hanging fruit opportunities right let me talk about the computer and supply chain so supply chain is a chain it's with valued change right than value chains now are changing so you can track it in a way that's efficient that's why wouldn't that be a use case so that's kind of mind dude do you agree with that absolutely I mean I think the distributed nature for a crypto makes a lot of sense but the blockchain in a non distributed manner right in a permission to blockchain makes a lot of sense for a lot of different use cases in big organizations I I agree I've talked to different different people that have just tried to replace databases with blockchain because it sounded cool yeah raising money or want to get some attention get some momentum I want to ask you a question on your new venture and Cripps because you talk to a lot of folks out there you certainly you're historic and pedigree is amazing and security and you've seen a lot of things I'm sure what have you learn what's your observation what's the the learnings that you can take away and share from your conversations is there any patterns that you're seeing emerging that's that's that could help people either navigate understand orientate towards something that they might want to use with the what have you learned so I think the biggest thing I've learned is that this community is the most diverse community I've ever worked with in in technology right you've got people from all walks of life and it's absolutely amazing I mean just walking around the show here walking around consensus I mean it just drives diversity like you've never seen before in tech conferences and that diversity is his driven a thirst for knowledge so the people are completely open to to discussions about security that they've never had before in other realms right so when I talked to him about Harbor based security they get excited and want to learn more and and honestly in the PC community over the last 15 years I got a little pushback on that right there's a while we've heard about that we don't want to right it works the way it is people here realize they're building something brand-new yeah and it's time to build it right and that they really want this to succeed for their own reasons right whether it's a corporate enterprise or whether it's a almost a crypto anarchist right they've all got the same sorts of goals and it's and if there's a cultural thing to I think the Bitcoin money aspect of it pretty much anyone on the age of three that I kind of take a straw poll on it's like they all this is gonna change the world like rabbit knows but it's great right oh I actually heard that in the hallway earlier yes and then the phone just traveling somebody that never heard of Bitcoin how does get a revolution coming on I want to ask you a final question five years where are we in your mind shoot the arrow forward what's happening in five years how does this these dots connect in next couple years or so so I think that if we were able to lay in the groundwork today to make user accessibility to the blockchain easy enough and secure enough I think you'll see that it grows in ways that we that we really can't imagine right you know I can't predict the crypto markets but I think you'll see people starting to use tokens in different ways and I think there's some incredible use cases for tokenization for rewards programs things like that I think enterprises in the next five years are gonna start to figure out what use cases make sense I think they're gonna see great efficiency I think they'll see you know much greater scalability and ease of use the use cases really are gonna be driving all this absolutely well I want to final question since just popped in my head I want to get this out there one trend I'm hearing here at this conference and seeing it kind of boil in into this community is the conversation not just about cryptography and and security cyber security on a global scales now come in because of the hacks gives the nation-states because of the geopolitical landscape you know cyber security is a big conversation now but always probably in the wheelhouse a lot of these guys but a lot of these guys are also kind of adjacent involved with cybersecurity your view of the impact the cybersecurity pressure is gonna have on the industry this industry so I think that that you're hearing the conversation because suddenly security became really really important to people personally right in the past if if you lost money with your bank account it was refunded to you now if somebody steals your private key you're out whatever money was attached to that private key recourse right so it's very personal so people have started to think about all the different things that they need to do to really protect those keys I mean it's it's it's almost an organic conversation that we've been trying to drive for you know 40 years in the space yeah and one of things I worry about is the whole regulatory dry aspect is because it can be a driver or an enabler and a driver or it could be dampening innovation and that's always something to watch out for I think there's a Senate discussion today about it I think there's some great work going on in that space both its senior levels in the Congress as well as the regulatory commissions but it's going to take a lot of Education there's a lot of fear around this space well thanks for come on looking forward to having more conversation with you great to have you on the cube and sharing your insight give a quick plug for n Crypt what do you guys doing what's the update status of the company how do people get ahold of you why do they why should they call you what's what's the update well so like I said we formed in May we've we've grown faster than we would have expected to because there's a thirst for the sorts of things that we're doing them we're we're always happy to talk to talk to any enterprise or a consumer about the use cases around the products that they have how did it fit into the blockchain environment and how to do it securely properly so encrypt calm and kr ypt die here in Maryland we're in Maryland DC area so cool great absolutely basic appreciated live from Toshio con us two cubes coverage of the first security conference John for you watching the Q stay with us for more coverage after this short break