(upbeat music) >> Announcer: New York City. It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and the Institute For Critical Infrastructure Technology. >> Hey, welcome back everyone. This is theCUBE, live in New York City, in Manhattan. We're here at the Grand Hyatt Ballroom for CyberConnect 2017. Inaugural event presented by Centrify. I'm John Furrier, with my co-host Dave Vellante, both Co-Founders of SiliconANGLE Media. Our next guest is Parham Eftekhari, who's the Co-Founder and Senior Fellow of ICIT. Also part of the team and the lead around putting the content agenda together. These are the guys who put it all together. Really inaugural conference, great success. Turns out, you know we (laughs), we talked about it was going to be big, it was going to be huge. By the numbers, it's just a great beachhead, the right people showed up. Welcome to theCUBE, thanks for joining us. >> Yeah, thank you for having me, excited to be here, good to chat with you again. >> So, we, before the event started, just, you know, a couple months ago when we were talking about the event, we're like, this is, love the name, first event of its kind. Always wondering, you know, will people show up? Right, you know? >> That's right, first-time events, we've talked about this before, there are so many cyber security events out there, and so many organizations competing for a limited time and resources. So, I think to have a, an event like this be such a big success in the first time speaks to the quality of the content, and, you know, Centrify's role and ICIT's role in putting it together. >> I want to give you guys congratulations, to you and your partner, for running a really amazing company and event. You guys go big by thinking small, by being small, being relevant. Your model and how you do business earns trust, it's very community-driven. Same ethos as what we believe in. So, wanted to give you props for that. >> Parham: Thank you. >> It's not usual you see great execution thinking about your audience and constituents, so congratulations. >> Thank you. >> Okay, so, with that, you've got a lot of heavy hitters in your rolodex, you guys got a great community, big names. General's up there, you have big time SiSoS. >> Parham: Yeah. >> What's the vibe? I mean, you guys are dealing with this profile persona all the time. What's on the minds? I mean, obviously the General's banging his fist on the table, virtual table, or he's holding his coffee cup, telling war stories, he's basically saying, if we don't get our act together, industry and government... >> Yeah, well, I think what's happening today, and you know the business of the Institute, we're a research-driven organization, so as an organization that provides objective research, we have the fortunate position to be able to advise to some of these commercial and public sector leaders. And so, in that advisory, we have a really good sense on the pulse of the community. And we're able to hear directly from these individuals, we don't have to look at market research studies, we don't have to look at what some of these third-party groups are talking about. We're able to communicate directly, and we can actually see and feel their feedback to what we're discussing. >> There's no lag to your model, you have your fingers on the pulse. What is it telling you? Obviously, we heard the message here, there's some work to be done, there's some technical core fundamental infrastructure things, there's application-specific things, obviously the threats aren't stopping. >> Parham: That's right. >> What are the, what's-- >> If you look at the program that was built, it really does mirror the way that the Institute believes we need to approach solving these issues. And that comes with a layered security strategy. And so, oftentimes you'll go to these events, and we understand that there's organizations that are looking to make this into more of a marketing opportunity for them. So, unfortunately, the curriculum and content only touches one or two core competencies, which obviously really underscore what the sponsors do. What we've done here at CyberConnect, which is why Centrify's such a great partner, they understand that they may be one of the world's leading identity access management organizations, but they know for us to have a cyber security renaissance and actually make that quantum leap that the General and some of the executives that you were mentioning were discussing all day, we need to have a number of different technologies discussed, and have that education talk about things like the use of machine-learning based artificial intelligence. Talk about how technology can enable automation. Talk about identity access management. Talk about, like we just heard Terry Gravenstein, talk about the importance of building a culture of trust, right? Security has a human element to it, people's one of the biggest problems we have. So, I think this is one of the reasons why this event, to your point earlier, is such a big success only the first year out. >> Parham, we heard a lot today about sort of the partnership, really the imperative, of government and commercial enterprises working together. You do a lot of work in the government. And there seems to be, anyway our impression is, there's a heightened sense of security, for obvious reasons. And, board levels in the commercial side have really tuned in to security. But still, organizations seem to be struggling with what's the right regime. You know, it used to be just an IT problem, or a security team problem, and as you really pointed out many, many times at this event, it's everybody's problem. >> Parham: Yeah. >> So, what are you seeing in terms of, things that commercial enterprises can learn from government, particularly from the top, in the top down initiative. >> Yeah, I think one of the themes you've heard discussed several times today is, and Terry again just talked about us having a seat at the table, I think there's so much media discussion about cyber security. You know, all of our families, our moms, our grandparents, are understanding that cyber security is a major issue. We're even starting to get some more general consensus that cyber security is a national security imperative. And, so I think this is helpful. I think now we have to start to, as cyber security practitioners, we have to speak in the language that resonates with, so, if you're talking to a chief operating officer, and trying to educate them on the impact of ITOT convergence, then you have to speak in the terms that a COO is interested in, versus a CFO, versus your CIO, versus your Board of Directors. So I think language matters, vocabulary matters. And I think it's one of the things that we see, we see starting to percolate up in some of the conversations that we're having. >> Given that humans are the main problem, I mean we all have this assumption, we talk about it in theCUBE all the time, but oh my gosh, internet of things is going to create this huge space of people to attack, a huge attack vector. But if the humans aren't managing the devices, is there potentially an upside there, if that makes sense? >> Yeah, so, you know, I think it all goes back to, tomorrow morning, we'll hear from Dr. Ron Ross and David from Centrify. And they're going to be talking about security by design. In this, Dr. Ross actually put out a paper, 800-160, which really talks about the importance of building better systems, devices, products. So, I think that we are moving towards automation, we're moving towards machine learning, we already see it impacting a lot of our society, and even down to the, to your point, the IoT devices. We just put out a paper about cyborgs and the use of embedded devices in an actual, in humans, trans-humanism. This is all a, this, this ship has, the train has left the station, I guess you could say. I think what's important now is to not make the same mistakes we did the first go around, and pause and not put profits over security and privacy, and actually understand that, if we can't build it with security, certain security requirements there, then we can't get that functionality, or it may not cost the price point that we want it to cost, which may, you know, have it be more affordable for consumers. So I think we have to re-prioritize. >> US companies generally have not taken that pause and put security over profits. It's really been the reverse. And many would say, okay, but it's actually worked out pretty well for US companies, they dominate the technology industry. What do you say to those folks that say, well, profits are actually more important? >> Well, I think, I think it depends, when you say it worked out well, I think if you look at all those individuals that have been impacted by the breaches, I think that's where people are really starting to understand how it's impacting us, and going back to my comment about the national security side, this is no longer just about being able to steal your PII, and maybe doing some fraud in terms of identity theft and what not. When we're talking about meta-data and capitalistic dragnet surveillance, and now if you're looking at who is stealing and curating this information, it could be special interest groups, could be nation states, so now this becomes a much larger issue and a much larger challenge. >> So it's a ticking timebomb, is essentially what you're saying. And so that begs the next question: does really government have to get involved, to begin to impose its will, if you will, on commercial organizations? >> Yeah, I think what's going to happen, and actually we were talking about this at lunch with General Alexander earlier today, it's going to be a balance. You know, the government will be getting involved, they are getting involved, there's a lot of legislation being passed that truly is trying to make a bi-partisan push to address some of these issues. But I think, ultimately, that's going to be, as the General kind of said earlier, it's just going to be the government beating these, these folks virtually on the head until they start to do some self-governance and self-regulation. >> Parham, talk about your relationship with the General, vis-a-vis, this event. I see he had a great keynote, inspiring us, he moved a lot of people, talked about the general common defense versus civil liberties balancing privacy, as you mentioned. What more can you share about some of the things that he sees and feels strongly about, that you guys are seeing in your research in the Institute, because this is interesting, because you got a guy who says, "I'm an Army guy," right, who's now looking through the prism of the future, with past history at the NSA Command Center, Cyber Command Center. >> Yeah. >> He's got a pretty interesting view, and he sees both sides of the coin. >> Yeah. >> You guys are seeing that, people in the tech business are like deer in the headlights. We saw Twitter, Facebook and Alphabet, you know, like (groans). And then the center's trying to grock what Twitter does. >> Parham: Yeah. >> So, I mean, you have this generational gap, you also have historical analog to digital transformation going on. This is a societal impact, this is pretty huge. What does the General truly feel, what's his vision, what's his point of view these days? >> So, I'm not going to speak for the General, I wouldn't dare do that, but I will say that, if you listen to his comments on stage, one of the things he does talk about, and where our relationship is very strong, is the importance of public-private sector collaboration. The General actually received our pinnacle, I'm sorry, was named our pioneer last year at our gala which is actually happening in a couple of days in Washington, DC. And he really, if you listen to his message, he underscores the importance of collaboration, not just within a sector, not just within government, but cross-sector and between public-private sector, and between technology providers and government and legislative community. So, I think one of the things that I am comfortable saying is that, he would encourage more collaboration, and more information sharing, and more trust among the sectors to work together to solve these problems. >> How should people measure success in this business? >> That's a loaded question. I think, I think success needs to be, at this stage, incremental. I think that we need to be realistic in terms of how much quote success can we achieve overnight. We've, as we mentioned earlier, the ship has sailed, and so I think we need to do multiple things simultaneously. We, of course, do need to continue to implement technology and strategies that detect and respond to threats. But I personally would say that the true success is going to really be accomplished when we start to deploy strategies and re-prioritize so we're actually building more secure systems, more secure devices. I think that's going to be... Needs to go hand-in-hand, and we'll hear a lot about that tomorrow with Dr. Ross. >> Would that imply that, either, you know, the rate of growth of breaches starts to moderate, or the amount of data or loss, revenue dollars lost, begins to, you know, slow down its growth rate or-- >> Yeah, at some point that's absolutely going to be the goal, I think that-- >> Is that a reality though, I mean given that everything is growing so fast in our business? >> Oh, yeah, I'm an eternal optimist. I think absolutely, we'll get there. I can't tell you the timeframe, but I do know that venues like this, and the work that ICIT is doing, is really important to getting us to that point. Until we get folks in the media and on Capitol Hill and in federal agencies talking about these issues, so then it's not just the security folks who are focused on this, but a broader group. >> Yeah, and I think that's the opportunity, and as we wrap up day one here, education and content value is what we're seeing. You guys see that all the time, I know I'm preaching to the choir. But again, looking at mainstream media and some of the techniques that the Russians and other states have used to implement means and the election conversations, it's being gamified, we know that. So, the media picks up on it because there's identity politics going on. So, I think there needs to be a wake-up call, I mean, I think the educational process is critical. >> Yeah. >> What's next? >> And, and, and that's where, you know, we feel very fortunate to be in the position that we're in, because ICIT is a neutral, third-party, non-profit, and non-partisan research organization. So what we're doing is putting out content. We're not, we're not, the... I should say it this way, the information comes out-- >> You've no agenda in terms of how to capture? >> Yeah, exactly. >> It's all transparent. >> Our, our, our agenda is national security. Our agenda is improving the security of our nation's critical infrastructure sectors, improving resiliency. And providing trusted advisory to these various stakeholders. >> Well, getting the people here on theCUBE, and having you guys come on, and doing this great event really get, opens up the door for more voices to be heard. >> Parham: Absolutely. >> And we heard from your partner, had some great things to say. This has got to get out there, so the people, the press can report on it-- >> Parham: That's right. We'll turn on the cameras. >> Parham: Yeah. >> Dave, what's your take on the event here? Obviously, as an inaugural event, what's your analysis? >> Well, I mean, we touched on some big topics, right? I mean, the General, in particular, was talking about collaboration with the FBI, you know, Sony came in. >> John: The role of government. >> Privacy, ACLU, Jeffrey Stone. I think, you know, my big takeaway, as we were just discussing, was... And the General said that Sony, for example, he gave that example, can't do it alone. And I, we've been saying this for a while. And John, you predicted this, you said a while back that, that the government's processes, technologies, know-how, is going to seep into commercial businesses. As it has so often. I mean, you look at, you know, space launch, you know, radar, nuclear energy, the internet, et cetera. And I think security, cyber security, is such a big problem, only the government can help solve this problem. >> Well, the government's always been dealing with the moving train, and the corporations and the enterprise have traditionally been buying shrink-wrapped software loaded on a server that's evolved to buying more servers that have been pre-integrated with software. And buying silver bullet solutions, and then leave it alone until something breaks, and then fixes it. And I think, you know, when we were talking and looking at this event, my takeaway here is, the moving train is never going to stop, and the shifting of the game is going to be a cat-and-mouse, good versus bad, new technology versus reality. Open source certainly accelerated the role of the public domain. Treasure troves of information are being amassed, whether it's WikiLeaks or in the open source. This is a problem, and then there's no real, like, real creative solutions. I am not seeing anything. So, to me, this event takeaway is that, this is the first time a step has been taken to saying, whoa, holistic big picture. What is the architecture of a global society, where nation states can compete with no borders. >> Yeah. >> In a digital, virtual space, be effective, have freedom, and then respect for the individual. I mean, no one's ever had that conversation. >> Yeah, well we're excited to have it. We've gotten really great feedback from just some of the conversations that we're hearing in the hallway, as people are taking, learning actionable intelligence, where I can actually take this and instill it. I think a lot of people are actually being inspired, and that's something we need, especially in an industry where every day is about how, you know, cyber security folks don't get in the news when nothing happens. There's a commercial, I think it's an IBM commercial, right, where it's, my, my, nothing happened at work for my dad today, right? That never happens, it's always about what does go wrong, so I think we need to be inspired and motivate ourselves. >> Well, one of the things that we're excited about, as you know, we're community-model like you guys are. You look at some of the early indicators of how blockchain, and even though it's kind of crazy, you know, bubbly with the ICOs and cryptocurrency and overall blockchain, it all comes down to the common thread. We see an open source software over multiple generations, we're seeing it in blockchain, we're seeing it in security. Community matters. And I think the role of individuals and communities will be a big part of the change, as a new generation comes up. Really fundamental, so congratulations. >> Parham: Absolutely, thank you. >> Okay, Parham here's inside theCUBE for our wrap-up of day one of CyberConnect 2017. I'm John, with Dave Vellante. Thanks for watching. (synthesizer music)

>> Narrator: Live from New York City, It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and The Institute for Critical Infrastructure Technology. (synth music tag) >> And government industries together for the first time. A unique kind of collaboration unlike normal events, like black hat or RSA, that are mostly about hacks and really geeky sessions. There's a great place for that, but again, this is the first of its kind, and it's presented by Centrify's theCUBE as an exclusive partner here, I'm John Furrier, co-host of theCUBE, co-founder of SiliconANGLE, my co-founder, Dave Vellante here. Dave, I mean, Centrify really taking an industry proactive role, not having their own event. Instead, using their money to fund an industry event. This is the trend in digital media. Presented by Centrify, not 'sponsored by' or 'their event'. This, we've seen this in the big data space before where events are sponsored for the community. You know, cyber security, really a big topic. You know, General Keith Alexander, retired general, was on stage as the keynote. Really talking about the crisis in the United States and around the world, around cyber security, cyber war, a whole new reality. This is the thrust of the event. >> Well, they say content is king. Well, context is kind of the empire, and the context here is, the world is changing. And the seriousness of that change is significant. General Alexander, many people may not know, General Keith, former, retired General Keith Alexander, he was the first Head of Chief $of Cyber Security at U.S., appointed by Obama. John, he was appointed Director of the NSA in 2005. Now, you guys remember, I'm sure, Stuxnet was right around 2004, 2005 when it was developed, and it bridged the Bush to the Obama administration. So he had the, all the inside baseball. He didn't talk about Stuxnet, but that was, >> He did share some nice war stories. >> Yeah, but that was the first and most significant, the way they got into Natanz, and he was at the center of all that. And he did share some war stories. He talked about Snowden, he talked about collaboration with the FBI, he talked about saving lives. And basically he said, hey, I stood in front of the ACLU. They basically undressed him, right? And then came back and said, hey, this is one of the most ethical agencies, and law-abiding agencies I've ever, he's seen, so he read that note from the head of the ACLU, it was very proud of that. >> Yeah, and the Stuxnet, it was in the news obviously, just yesterday it was reported, actually the day before November 1st, November 2nd, that Stuxnet was highly underestimated. In fact, the digital certificates that were spoofed were, been hanging around, the malware's been out there. Then again, this is, this is an indictment of the problem that we have, which is, we've got to get the security. Now, the things that the General talked about, I want to get your reaction to, because certainly I honed in on a couple key things. "Foundational tech for common defense." So he talked a lot about the Constitution and the role of government, I did a tweet on that, but what is the role of the government? That's the common defense of the United States, citizens and business. One. Not just protect the Department of Defense. At the same time, he did kind of put a plug in that we need the civil liberties and privacy to be addressed. But this is the biggest crisis we have, and it's a problem that can only be solved by working together. And if you look at, Dave, the trends that we're following on theCUBE and SiliconANGLE and Wikibon, the common thread is community. If you look at blockchain and what's going on in that disruptive, decentralized world, the role of the community is critical. If you look at what's going on in security, it's the role of the community. If you look at open source, the biggest success story of our multiple generations and now impacting the younger generation in the computer science industry and the computer industry, open source software. Community. You're starting to see the role of communities where knowing your neighbor, knowing who's involved with things, is really critical, and you can't highlight it any more than this conference that Centrify's presenting with these gurus, because they're all saying the same thing. You've got to share the data. The community's got to work together. So, common defense, maintaining civil liberties and maintaining privacy at the same time, solving the biggest crisis of our time. >> Well the other big thing and, John, you actually made this prediction to me a couple weeks ago, was that government and industry are going to start working together. It's going, it has to happen. General Alexander basically said that, is it the government's role, job, to protect commercial industry? And it was an emphatic yes, and he pulled out his fake version of the Constitution, and said yes, and he got in front of Panetta, in front of the US Senate, and made the case for that. And I think there's no question about it. Industries control critical infrastructure. And industries aren't in a good position to protect that critical infrastructure. They need help from the government, and the government has some of the most advanced technologies in the world. >> And the other thing we've been hearing from this, the executive at Aetna, is attack, maintaining intelligence on the data and sharing is critical to resolve the problem, but his point was that most people spend time on an attack vector that's usually wrong. He said, quote, "You're better off having people be idle, than chasing down on an attack vector that's wrong." So his point is, report that to the agencies quickly, to, one, reverse-engineer the problem. Most likely you're going to get better intel on the attack, on the vector, then you can start working effectively. So he says a lot of problems that are being solved by unconventional means. >> Well, General Alexander said that when he was head of Cyber Command, his number one challenge was visibility, on the attacks, they could only respond to those attacks. So, my question to you, John, is how will data, big data, machine learning, AI, whatever you want to call it, how will that affect our ability as an industry to proactively identify threats and thwart them, as opposed to just being a response mechanism? >> I think it's going to be critical. I think if you look at the AI and machine learning, AI is basically machine learning on steroids, that's really kind of what it is now, but it hopefully will evolve into bigger things, is really going through the massive amounts of data. One of the points that General Alexander talked about was the speed and velocity of how things are changing, and that most IT departments can't even keep up with that right now, never mind security. So machine learning will allow things to happen that are different analysis faster, rather than relying on data lakes and all kinds of old modeling, it's just not fast enough, so speed. The other thing too is that, as you start looking at security, this decentralized approach, most attacks are coming in on state-sponsored but democratized attacks, meaning you don't have, you can use open source and public domain software to provide attacks. This is what he's been talking about. So the number one thing is the data. Sharing the data, being part of a community approach where companies can work in sectors, because there's a lot of trend data coming out that most attackers will come out, or state-sponsored attacks, will target specific things. First of all, the one problem that can be solved immediately is that there's no way any of the United States military and-or energy grid should be attached to the Internet. And you can mask out all foreign attacks just by saying only people in the US should be accessing. That's one network conventional thing you can do. But getting the data out there is critical, but working in sectors. Most attacks happen like on the financial services industry, so if you sit in there and trying to solve the problem and keeping it on the down-low, you're going to get fired anyway, you know? The business is probably going to get hurt. Report it early, with your peers in the community, share some data, anonymize that data, don't make it, you know, privacy breaching, but get it out there. Number one thing. >> Well, here's the problem is, 80 billion dollars is spent a year on security, and the vast majority of that is still spent on perimeter security, and we heard today that the number one problem is things like credential stuffing, and password, poor user behavior, and our response to that is education. Jim Routh talked about, that's a conventional response. We need unconventional responses. I mean, the bottom line is that there's no silver bullet to security. You talked about, critical infrastructure should not be connected to the internet, but even then, when you have an air gap, you go back to Stuxnet, Natanz had an air gap. Mossad got through the air gap. There's always a way to get through somehow. So there's no one silver bullet. It's a portfolio of approaches and practices, and education, and unconventional processes that you have to apply. And as we talked about, >> Well I mean, there's no silver bullet, but there are solutions. And I think that's what he's saying. He gave it, General Alexander gave specific examples, when he was in charge, of the NSA command center was, you know, terrorist attacks being thwarted. Those are actual secure problems on the terrorism front that were solved. There was a silver bullet for that, it's called technology. So as you generalize it, Dave, I can hear what you're saying, because IT guys want a silver bullet. I want to buy a product that solves my security problem. >> So here's the problem I have with that is, I used to read Art Coviello's, you know, memo every year, >> Yeah. >> It was like, he tried to do like the, and he still does. But I look back every year and I say, Do we feel safer and more secure than we were last year? And every year the answer is no. So we, despite all the technology, and we've talked about this on theCUBE with Pat Gelsinger, security is essentially a do-over. We do need unconventional new ways, >> No debate. >> Of attacking the problem. >> No debate. Well I noticed, I'm just highlighting the point, I mean if you look at it from an IT perspective, the old conventional wisdom was, I want to buy a product. Hey, vendor, sell me your security product. What General's kind of pointing out is, he's kind of pointing out and connecting the dots, is like, hey, what they learned in the NSA was, it's an ongoing iterative thing that's happening in real time. It's not an IT solution anymore. It's a more of a holistic problem. Meaning, if you don't under stand the problem space, you can't attack it. So when they talked about the terrorist attack, they had a phone record, and they had to give it to the FBI. The FBI had to get into it. They discovered the guy in basically 24 hours, and then it took a week to kind of vet the information. Luckily they caught it and saved a subway attack in New York City in 2008 that would have been devastating. Okay, still, they were successful, but, weeks. So machine learning, and to your point, is only going to accelerate those benefits. And again, the real counterpoint as General pointed out is, civil liberties and privacy. >> Well, talk- >> I mean, what do you want? You want subway attacks, or you want to have your email, and your email be clean, or you want to have people read your email, and no subway attacks? I mean, come on. >> Well, you and I have talked about this on theCUBE over a number of years, and talking about Snowden, and General Alexander brought it up, you know, basically saying, hey, he told he story and he was pretty emphatic as to, his job is to protect, not only the citizens of the United States, but the infrastructure, and basically saying that we couldn't have done it without the laws that allowed us to analyze the metadata. >> I think, I think, in my opinion, what I think's going to happen is, we're going to have a completely reimagined situation on government. If you look at the trends with GovCloud, what's going on with AWS, Amazon Web Services, in the federal area, is an acceleration of massive agility and change happening. You're going to see a reimagine of credentials. Reimagining of culture around hiring and firing people that are the right people. You know I said, and I always say, there should be a Navy SEALs for cyber, a West Point for cyber. So I think you're going to start to see a cultural shift from a new generation of leaders, and a new generation of citizens in the US, that are going to look at citizenship differently. So for instance, Centrify, which is putting on this event, has an identity solution. That's an easy solution. Take it out of IT's problem, no one should be patching 1200 different IT systems in the government. Screw it. It's like a driver's license. Here's your credential, you know? >> So, >> So there's new ways to think of it. Radical ways, progressive ways, whatever you want to call it, I think those are going to be coming fast. Blockchains is a solution. >> I was going to ask you about that. So, four out of five breaches are password related. From credential stuffing or just bad password behavior. Everybody uses the same password, because they can remember it, across all these sites. So four out of five of the breaches can be traced back to poor password behavior. So, will things like blockchain or single sign-on, really, the answer, that's about the wrong question. When will, and how will, things like blockchain come to front and center, to solve that problem? >> I don't know, Dave. I mean, all I know is in today's Wall Street Journal, Andy Kessler writes a story that if you want to predict the future, it's all about dodgeball. You've got to get in the game and get hit by a few balls to know what's kind of going on around you. >> Dave: So you've got to fail first. >> Everybody has an opinion, nobody actually knows the answer, this has been a premise in the tech business. In my opinion, my opinion is, to reimagine things, you've got to look at it differently. So if you look at Jim Routh, the CSO at Aetna said, he said, look, we're going to solve these problems in a way, and he said, I'm not even a computer science major, I'm a history major, and I'm running Aetna's security practice. And his point was, he's a history major, civilizations crumble when trust crumbles. Okay, so trust is a huge issue, so trust on the government, trust on the systems, trust with email, so that, so he's looking at it and saying, hey, I want systems that don't erode trust, because the civilization of the world will disintegrate. So trust is a big factor, these are the new things that the best minds have to solve. >> I think the other thing, that really important topic that came up is, is public policy, and there was a discussion on sort of the, you know, hacktivists versus state-sponsored terrorism, so the payload, or the signature of a hacktivist malware is dramatically different than that of a state-sponsored initiative. State-sponsored initiatives are much more sophisticated and much more dangerous. And so, Robert Gates, when he was on theCUBE, brought this up, and he said, listen, we have the best technology in the world. The best security in the world. And we apply that largely for defense, and he said, we could go on the offensive. He said the problem is, so can everyone else, and we have, as a nation, a lot more to lose. So when you, we talked about Stuxnet earlier, Stuxnet basically was your tax dollars at work, getting into the hands eventually of the bad guys, who then use that to come back and say, okay, we can attack critical infrastructure, US, so you better be careful. >> It's bigger than that, though, Dave. That's a one, that's an old point, which is a good point, but Stuxnet was the beginning of a movement that state-sponsored actors were doing. In the old days, a state-sponsored actor, in the Iran case, came from a state sponsor, they revealed their hands in their hack a little too early, and we could counter that. But when you look at the specific attacks over the past 15 years, if a state-sponsored attack on the US was happening, it was their, they had to show their hand. That's different now, with WikiLeaks and public domain, states can still remain anonymous and saying "It wasn't us!" And point to these organizations by democratizing hacker tools. So whether it's Stuxnet or something else, you're seeing state-sponsored actors, and I won't, China, Russia, whoever they are, they can actually enable other people who hate the US to attack us. Their signature's not even on it. So by democratizing the hacker tools, increases the number of people that could attack the US. And so the state sponsors aren't even doing anything. >> Well, so, Jim Routh talked about WannaCry and NotPetya, which were, you know, generally believed to be ransomware. He said no, they weren't ransomware. They only collected about 140 thousand from that in US dollars. They were really about state-sponsored political acts. I don't know, sending warnings. We're going to ask him about that when he comes in theCUBE. >> Alright. We've got a big day here. New York City here for CyberConnect 2017, this is the inaugural event presented by Centrify. All the top leaders in the industry and government are here solving the problem, the crisis of our generation's cyber attack security, both government and industry coming together. This is theCUBE, we'll be back, more live coverage after this short break.