>> live from Boston, Massachusetts. It's the Cube covering A W s reinforce 2019. Brought to you by Amazon Web service is and its ecosystem partners. >> Well, welcome back. Everyone's Cube Live coverage here in Boston, Massachusetts, for AWS. Reinforce Amazon Web sources. First inaugural conference around security. It's not Osama. It's a branded event. Big time ecosystem developing. We have returning here. Cube Alumni Bill Jeff for VP of strategy and the partnerships that Iron Net Cyber Security Company. Welcome back. Thanks. General Keith Alexander, who was on a week and 1/2 ago. And it was public sector summit. Good to see you. Good >> to see you. Thanks for >> having my back, but I want to get into some of the Iran cyber communities. We had General Qi 1000. He was the original commander of the division. So important discussions that have around that. But don't get your take on the event. You guys, you're building a business. The minute cyber involved in public sector. This is commercial private partnership. Public relations coming together. Yeah. Your models are sharing so bringing public and private together important. >> Now that's exactly right. And it's really great to be here with eight of us were really close partner of AWS is we'll work with them our entire back in today. Runs on AWS really need opportunity. Get into the ecosystem, meet some of the folks that are working that we might work with my partner but to deliver a great product, right? And you're seeing a lot of people move to cloud, right? And so you know some of the big announcement that are happening here today. We're willing. We're looking to partner up with eight of us and be a first time provider for some key new Proactiv elves. AWS is launching in their own platform here today. So that's a really neat thing for us to be partnered up with this thing. Awesome organization. I'm doing some of >> the focus areas around reinforcing your party with Amazon shares for specifics. >> Yes. So I don't know whether they announced this capability where they're doing the announcement yesterday or today. So I forget which one so I'll leave that leave that leave that once pursued peace out. But the main thing is, they're announcing couple of new technology plays way our launch party with them on the civility place. So we're gonna be able to do what we were only wanted to do on Prem. We're gonna be able to do in the cloud with AWS in the cloud formation so that we'll deliver the same kind of guy that would deliver on prime customers inside their own cloud environments and their hybrid environment. So it's a it's a it's a sea change for us. The company, a sea change for a is delivering that new capability to their customers and really be able to defend a cloud network the way you would nonpregnant game changer >> described that value, if you would. >> Well, so you know, one of the key things about about a non pregnant where you could do you could look at all the flows coming past you. You look at all the data, look at in real time and develop behavior. Lana looks over. That's what we're doing our own prime customers today in the cloud with his world who looked a lox, right? And now, with the weight of your capability, we're gonna be able to integrate that and do a lot Maur the way we would in a in a in a normal sort of on Prem environment. So you really did love that. Really? Capability of scale >> Wagon is always killed. The predictive analytics, our visibility and what you could do. And too late. Exactly. Right. You guys solve that with this. What are some of the challenges that you see in cloud security that are different than on premise? Because that's the sea, So conversation we've been hearing. Sure, I know on premise. I didn't do it on premises for awhile. What's the difference between the challenge sets, the challenges and the opportunities they provide? >> Well, the opportunities air really neat, right? Because you've got that even they have a shared responsibility model, which is a little different than you officially have it. When it's on Prem, it's all yours essential. You own that responsibility and it is what it is in the cloud. Its share responsible to cloud provider the data holder. Right? But what's really cool about the cloud is you could deliver some really interesting Is that scale you do patch updates simultaneously, all your all your back end all your clients systems, even if depending how your provisioning cloud service is, you could deliver that update in real time. You have to worry about. I got to go to individual systems and update them, and some are updated. Summer passed. Some aren't right. Your servers are packed simultaneously. You take him down, you're bringing back up and they're ready to go, right? That's a really capability that for a sigh. So you're delivering this thing at scale. It's awesome now, So the challenge is right. It's a new environment so that you haven't dealt with before. A lot of times you feel the hybrid environment governed both an on Prem in sanitation and class sensation. Those have to talkto one another, right? And you might think about Well, how do I secure those those connections right now? And I think about spending money over here when I got all seduced to spend up here in the cloud. And that's gonna be a hard thing precisely to figure out, too. And so there are some challenges, but the great thing is, you got a whole ecosystem. Providers were one of them here in the AWS ecosystem. There are a lot here today, and you've got eight of us as a part of self who wants to make sure that they're super secure, but so are yours. Because if you have a problem in their cloud, that's a challenge. Them to market this other people. You talk about >> your story because your way interviews A couple weeks ago, you made a comment. I'm a recovering lawyer, kind of. You know, we all laughed, but you really start out in law, right? >> How did you end up here? Yeah, well, the truth is, I grew up sort of a technology or myself. My first computer is a trash 80 a trs 80 color computer. RadioShack four k of RAM on board, right. We only >> a true TRS 80. Only when I know what you're saying. That >> it was a beautiful system, right? Way stored with sword programs on cassette tapes. Right? And when we operated from four Keita 16 k way were the talk of the Rainbow Computer Club in Santa Monica, California Game changer. It was a game here for 16. Warning in with 60 give onboard. Ram. I mean, this is this is what you gonna do. And so you know, I went from that and I in >> trouble or something, you got to go to law school like you're right >> I mean, you know, look, I mean, you know it. So my dad, that was a chemist, right? So he loved computers, love science. But he also had an unrequited political boners body. He grew up in East Africa, Tanzania. It was always thought that he might be a minister in government. The Socialist came to power. They they had to leave you at the end of the day. And he came to the states and doing chemistry, which is course studies. But he still loved politics. So he raised at NPR. So when I went to college, I studied political science. But I paid my way through college doing computer support, life sciences department at the last moment. And I ran 10 based. He came on climate through ceilings and pulled network cable do punch down blocks, a little bit of fibrous placing. So, you know, I was still a murderer >> writing software in the scythe. >> One major, major air. And that was when when the web first came out and we had links. Don't you remember? That was a text based browser, right? And I remember looking to see him like this is terrible. Who would use http slash I'm going back to go for gophers. Awesome. Well, turns out I was totally wrong about Mosaic and Netscape. After that, it was It was it was all hands on >> deck. You got a great career. Been involved a lot in the confluence of policy politics and tech, which is actually perfect skill set for the challenge we're dealing. So I gotta ask you, what are some of the most important conversations that should be on the table right now? Because there's been a lot of conversations going on around from this technology. I has been around for many decades. This has been a policy problem. It's been a societal problem. But now this really focus on acute focus on a lot of key things. What are some of the most important things that you think should be on the table for techies? For policymakers, for business people, for lawmakers? >> One. I think we've got to figure out how to get really technology knowledge into the hands of policymakers. Right. You see, you watch the Facebook hearings on Capitol Hill. I mean, it was a joke. It was concerning right? I mean, anybody with a technology background to be concerned about what they saw there, and it's not the lawmakers fault. I mean, you know, we've got to empower them with that. And so we got to take technologist, threw it out, how to get them to talk policy and get them up on the hill and in the administration talking to folks, right? And one of the big outcomes, I think, has to come out of that conversation. What do we do about national level cybersecurity, Right, because we assume today that it's the rule. The private sector provides cyber security for their own companies, but in no other circumstance to expect that when it's a nation state attacker, wait. We don't expect Target or Wal Mart or any other company. J. P. Morgan have surface to air missiles on the roofs of their warehouses or their buildings to Vegas Russian bear bombers. Why, that's the job of the government. But when it comes to cyberspace, we expect Private Cummings defending us everything from a script kiddie in his basement to the criminal hacker in Eastern Europe to the nation state, whether Russia, China, Iran or North Korea and these nation states have virtually a limited resource. Your armies did >> sophisticated RND technology, and it's powerful exactly like a nuclear weaponry kind of impact for digital. >> Exactly. And how can we expect prices comes to defend themselves? It's not. It's not a fair fight. And so the government has to have some role. The questions? What role? How did that consist with our values, our principles, right? And how do we ensure that the Internet remains free and open, while still is sure that the president is not is not hampered in doing its job out there. And I love this top way talk about >> a lot, sometimes the future of warfare. Yeah, and that's really what we're talking about. You go back to Stuxnet, which opened Pandora's box 2016 election hack where you had, you know, the Russians trying to control the mean control, the narrative. As you pointed out, that that one video we did control the belief system you control population without firing a shot. 20 twenties gonna be really interesting. And now you see the U. S. Retaliate to Iran in cyberspace, right? Allegedly. And I was saying that we had a conversation with Robert Gates a couple years ago and I asked him. I said, Should we be Maur taking more of an offensive posture? And he said, Well, we have more to lose than the other guys Glasshouse problem? Yeah, What are your thoughts on? >> Look, certainly we rely intimately, inherently on the cyber infrastructure that that sort of is at the core of our economy at the core of the world economy. Increasingly, today, that being said, because it's so important to us all the more reason why we can't let attacks go Unresponded to write. And so if you're being attacked in cyberspace, you have to respond at some level because if you don't, you'll just keep getting punched. It's like the kid on the playground, right? If the bully keeps punching him and nobody does anything, not not the not the school administration, not the kid himself. Well, then the boy's gonna keep doing what he's doing. And so it's not surprising that were being tested by Iran by North Korea, by Russia by China, and they're getting more more aggressive because when we don't punch back, that's gonna happen. Now we don't have to punch back in cyberspace, right? A common sort of fetish about Cyrus is a >> response to the issue is gonna respond to the bully in this case, your eggs. Exactly. Playground Exactly. We'll talk about the Iran. >> So So if I If I if I can't Yeah, the response could be Hey, we could do this. Let them know you could Yes. And it's a your move >> ate well, And this is the key is that it's not just responding, right. So Bob Gates or told you we can't we talk about what we're doing. And even in the latest series of alleged responses to Iran, the reason we keep saying alleged is the U. S has not publicly acknowledged it, but the word has gotten out. Well, of course, it's not a particularly effective deterrence if you do something, but nobody knows you did it right. You gotta let it out that you did it. And frankly, you gotta own it and say, Hey, look, that guy punch me, I punch it back in the teeth. So you better not come after me, right? We don't do that in part because these cables grew up in the intelligence community at N S. A and the like, and we're very sensitive about that But the truth is, you have to know about your highest and capabilities. You could talk about your abilities. You could say, Here are my red lines. If you cross him, I'm gonna punch you back. If you do that, then by the way, you've gotta punch back. They'll let red lines be crossed and then not respond. And then you're gonna talk about some level of capabilities. It can't all be secret. Can't all be classified. Where >> are we in this debate? Me first. Well, you're referring to the Thursday online attack against the intelligence Iranian intelligence community for the tanker and the drone strike that they got together. Drone take down for an arm in our surveillance drones. >> But where are we >> in this debate of having this conversation where the government should protect and serve its people? And that's the role. Because if a army rolled in fiscal army dropped on the shores of Manhattan, I don't think Citibank would be sending their people out the fight. Right? Right. So, like, this is really happening. >> Where are we >> on this? Like, is it just sitting there on the >> table? What's happening? What's amazing about it? Hi. This was getting it going well, that that's a Q. What's been amazing? It's been happening since 2012 2011 right? We know about the Las Vegas Sands attack right by Iran. We know about North Korea's. We know about all these. They're going on here in the United States against private sector companies, not against the government. And there's largely been no response. Now we've seen Congress get more active. Congress just last year passed to pass legislation that gave Cyber command the authority on the president's surgery defenses orders to take action against Russia, Iran, North Korea and China. If certain cyber has happened, that's a good thing, right to give it. I'll be giving the clear authority right, and it appears the president willing to make some steps in that direction, So that's a positive step. Now, on the back end, though, you talk about what we do to harden ourselves, if that's gonna happen, right, and the government isn't ready today to defend the nation, even though the Constitution is about providing for the common defense, and we know that the part of defense for long. For a long time since Secretary Panetta has said that it is our mission to defend the nation, right? But we know they're not fully doing that. How do they empower private sector defense and one of keys That has got to be Look, if you're the intelligence community or the U. S. Government, you're Clinton. Tremendous sense of Dad about what you're seeing in foreign space about what the enemy is doing, what they're preparing for. You have got to share that in real time at machine speed with industry. And if you're not doing that and you're still count on industry to be the first line defense, well, then you're not empowered. That defense. And if you're on a pair of the defense, how do you spend them to defend themselves against the nation? State threats? That's a real cry. So >> much tighter public private relationship. >> Absolutely, absolutely. And it doesn't have to be the government stand in the front lines of the U. S. Internet is, though, is that you could even determine the boundaries of the U. S. Internet. Right? Nobody wants an essay or something out there doing that, but you do want is if you're gonna put the private sector in the in the line of first defense. We gotta empower that defense if you're not doing that than the government isn't doing its job. And so we gonna talk about this for a long time. I worked on that first piece of information sharing legislation with the House chairman, intelligence Chairman Mike Rogers and Dutch Ruppersberger from Maryland, right congressman from both sides of the aisle, working together to get a fresh your decision done that got done in 2015. But that's just a first step. The government's got to be willing to share classified information, scaled speed. We're still not seeing that. Yeah, How >> do people get involved? I mean, like, I'm not a political person. I'm a moderate in the middle. But >> how do I How do people get involved? How does the technology industry not not the >> policy budgets and the top that goes on the top tech companies, how to tech workers or people who love Tad and our patriots and or want freedom get involved? What's the best approach? >> Well, that's a great question. I think part of is learning how to talk policy. How do we get in front policymakers? Right. And we're I run. I run a think tank on the side at the National Institute at George Mason University's Anton Scalia Law School Way have a program funded by the Hewlett Foundation who were bringing in technologists about 25 of them. Actually. Our next our second event. This Siri's is gonna be in Chicago this weekend. We're trained these technologies, these air data scientists, engineers and, like talk Paul's right. These are people who said We want to be involved. We just don't know how to get involved And so we're training him up. That's a small program. There's a great program called Tech Congress, also funded by the U. A. Foundation that places technologists in policy positions in Congress. That's really cool. There's a lot of work going on, but those are small things, right. We need to do this, its scale. And so you know, what I would say is that their technology out there want to get involved, reach out to us, let us know well with our partners to help you get your information and dad about what's going on. Get your voice heard there. A lot of organizations to that wanna get technologies involved. That's another opportunity to get in. Get in the building is a >> story that we want to help tell on be involved in David. I feel passion about this. Is a date a problem? So there's some real tech goodness in there. Absolutely. People like to solve hard problems, right? I mean, we got a couple days of them. You've got a big heart problems. It's also for all the people out there who are Dev Ops Cloud people who like to work on solving heart problems. >> We got a lot >> of them. Let's do it. So what's going on? Iron? Give us the update Could plug for the company. Keith Alexander found a great guy great guests having on the Cube. That would give the quick thanks >> so much. So, you know, way have done two rounds of funding about 110,000,000. All in so excited. We have partners like Kleiner Perkins Forge point C five all supporting us. And now it's all about We just got a new co CEO in Bill Welshman. See Scaler and duo. So he grew Z scaler. $1,000,000,000 valuation he came in to do Oh, you know, they always had a great great exit. Also, we got him. We got Sean Foster in from from From Industry also. So Bill and Sean came together. We're now making this business move more rapidly. We're moving to the mid market. We're moving to a cloud platform or aggressively and so exciting times and iron it. We're coming toe big and small companies near you. We've got the capability. We're bringing advanced, persistent defense to bear on his heart problems that were threat analytics. I collected defence. That's the key to our operation. We're excited >> to doing it. I call N S A is a service, but that's not politically correct. But this is the Cube, so >> Well, look, if you're not, if you want to defensive scale, right, you want to do that. You know, ECE knows how to do that key down here at the forefront of that when he was in >> the government. Well, you guys are certainly on the cutting edge, riding that wave of common societal change technology impact for good, for defence, for just betterment, not make making a quick buck. Well, you know, look, it's a good business model by the way to be in that business. >> I mean, It's on our business cards. And John Xander means it. Our business. I'd say the Michigan T knows that he really means that, right? Rather private sector. We're looking to help companies to do the right thing and protect the nation, right? You know, I protect themselves >> better. Well, our missions to turn the lights on. Get those voices out there. Thanks for coming on. Sharing the lights. Keep covers here. Day one of two days of coverage. Eight of us reinforce here in Boston. Stay with us for more Day one after this short break.

(upbeat music) >> Live, from Washington DC. It's theCUBE. Covering AWS Public Sector Summit. Brought to you by Amazon Web Services. >> Welcome back everyone to theCUBE's live coverage of the AWS Public Sector Summit here in Washington DC. I'm your host Rebecca Knight, co-hosting alongside of John Furrier. We are excited to welcome to the program, General Keith Alexander former NSA Director, the first Commander to lead the US Cyber Command, Four-star General with a 40 year career. Thank you so much for coming theCUBE, we are honored, we are honored to have you. >> It is an honor to be here. Thank you. >> So let's talk about cyber threats. Let's start there and have you just give us your observations, your thoughts on what are the most pressing cyber threats that keep you up at night? >> Well, so, when you think about threats, you think about Nation States, so you can go to Iran, Russia, China, North Korea. And then you think about criminal threats, well all the things like ransomware. Some of the Nation State actors are also criminals at night so they can use Nation State tools. And my concern about all the evolution of cyber-threats, is that the attacks are getting more destructive, the malware has more legs with worms and the impact on our commercial sector and our nation, increasingly bigger. So you have all those from cyber. And then I think the biggest impact to our country is the theft of intellectual property, right. That's our future. So you look out on this floor here, think about all the technical talent. Now imagine that every idea that we have, somebody else is stealing, making a product out of it, competing with us, and beating us. That's kind of what Huawei did, taking CISCO code to make Huawei, and now they're racing down that road. So we have a couple of big issues here to solve, protect our future, that intellectual property, stop the theft of money and other ideas, and protect our nation. So when you think about cyber, that's what I think about going to. Often times I'll talk about the Nation State threat. The most prevalent threats is this criminal threat and the most, I think, right now, important for us strategically is the theft of intellectual property. >> So why don't we just have a digital force to counter all this? Why doesn't, you know, we take the same approach we did when we, you know, we celebrated the 75th anniversary D-day, okay, World War II, okay, that was just recently in the news. That's a physical war, okay. We have a digital war happening whether you call it or not. I think it is, personally my opinion. I think it is. You're seeing the misinformation campaigns, financial institutions leaving England, like it's nobody's business. I mean it crippled the entire UK, that like a big hack. Who knows? But its happening digitally. Where's the forces? Is that Cyber Command? What do you do? >> So that's Cyber Command. You bring out an important issue. And protecting the nation, the reason we set up Cyber Command not just to get me promoted, but that was a good outcome. (laughing) But it was actually how do we defend the country? How do we defend ourselves in cyber? So you need a force to do it. So you're right, you need a force. That force is Cyber Command. There's an issue though. Cyber Command cannot see today, attacks on our country. So they're left to try to go after the offense, but all the offense has to do is hit over here. They're looking at these sets of targets. They don't see the attacks. So they wouldn't have seen the attack on Sony. They don't see these devastating attacks. They don't see the thefts. So the real solution to what you bring up is make it visible, make it so our nation can defend itself from cyber by seeing the attacks that are hitting us. That should help us protect companies in sectors and help us share that information. It has to be at speed. So we talk about sharing, but it's senseless for me to send you for air traffic control, a letter, that a plane is located overhead. You get it in the mail seven days later, you think, well-- >> Too late. >> That's too late. >> Or fighting blindfolded. >> That's right. >> I mean-- >> So you can't do either. And so what it gets you to, is we have to create the new norm for visibility in cyber space. This does a whole host of things and you were good to bring out, it's also fake news. It's also deception. It's all these other things that are going on. We have to make that visible. >> How do you do that, though? >> What do you do? I do that. (laughing) So the way you do it, I think, is start at the beginning. What's happening to the network? So, on building a defensible framework, you've got to be able to see the attacks. Not what you expect, but all the attacks. So that's anomaly detection. So that's one of the things we have to do. And then you have to share that at network speed. And then you have to have a machine-learning expert system AI to help you go at the speeds the attacker's going to go at. On fake-news, this is a big problem. >> Yeah. >> You know. This has, been throughout time. Somebody pointed out about, you know, George Washington, right, seven fake letters, written to say, "Oh no, I think the King's good." He never wrote that. And the reason that countries do it, like Russia, in the elections, is to change something to more beneficial for them. Or at least what they believe is more beneficial. It is interesting, MIT has done some studies, so I've heard, on this. And that people are 70% more like to re-Tweet, re-Tweet fake news than they are the facts. So. >> Because it's more sensational, because it's-- >> That's food. It's good for you, in a way. But it's tasty. >> Look at this. It's kind of something that you want to talk about. "Can you believe what these guys are doing? "That's outrageous, retweet." >> Not true. >> Not true. Oh, yeah, but it makes me mad just thinking about it. >> Right, right. >> And so, you get people going, and you think, You know, it's like going into a bar and you know, you go to him, "He thinks you're ugly." and you go to me, and you go, "He thinks you're ugly." (laughs) And so we get going and you started it and we didn't even talk. >> Right, right. >> And so that's what Russia does. >> At scale too. >> At scale. >> At the scale point. >> So part of the solution to that is understanding where information is coming from, being able to see the see the environment like you do the physical environment at speed. I think step one, if I were to pick out the logical sequence of what'll happen, we'll get to a defensible architecture over the next year or two. We're already starting to see that with other sectors, so I think we can get there. As soon as you do that, now you're into, how do I know that this news is real. It's kind of like a block-chain for facts. How do we now do that in this way. We've got to figure that out. >> We're doing our part there. But I want to get back to this topic of infrastructure, because digital, okay, there's roads, there's digital roads, there's packets moving round. You mentioned Huawei ripping off CISCO, which takes their R and D and puts it in their pockets. They have to get that. But we let fake news and other things, you've got payload, content or payload, and then you've got infrastructure distribution. Right, so, we're getting at here as that there are literally roads and bridges and digital construction apparatus, infrastructure, that needs to be understood, addressed, monitored, or reset, because you've had email that's been around for awhile. But these are new kinds of infrastructure, but the payload, malware, fake news, whatever it is. There's an interaction between payload and infrastructure. Your thoughts and reaction to that as a Commander, thinking about how to combat all this? >> I, my gut reaction, is that you're going to have to change, we will have to change, how we think about that. It's not any more roads and avenues in. It's all the environment. You know, it's like this whole thing. Now the whole world is opened up. It's like the Matrix. You open it up and there it is. It's everything. So what we have to do is think about is if it's everything, how do we now operate in a world where you have both truths and fiction? That's the harder problem. So that's where I say, if we solve the first problem, we're so far along in establishing perhaps the level so it raises us up to a level where we're now securing it, where we can begin to see now the ideas for the pedigree of information I think will come out. If you think about the amount of unique information created every year, there are digital videos that claim it's doubling every year or more. If that's true, that half of, 75% of it is fiction, we've got a big road to go. And you know there is a lot of fiction out there, so we've got to fix it. And the unfortunate part is both sides of that, both the fiction and the finding the fiction, has consequences because somebody says that "A wasn't true, "That person, you know, they're saying, he was a rapist, "he was a robber, he was a drugger," and then they find out it was all fake, but he still has that stigma. And then the person over here says, "See, they accused me of that. "They're out to get me in other areas. "They can exclaim what they want." >> But sometimes the person saying that is also a person who has a lot of power in our government, who is saying that it's fake news, when it's not fake news, or, you know what, I-- >> So that's part of the issue. >> It's a very different climate >> Some of it is fake. Some of it's not. And that's what makes it so difficult for the public. So you could say, "That piece was fake, "maybe not the other six." But the reality is, and I think this is where the media can really help. This is where you can help. How do we set up the facts? And I think that's the hardest part. >> It's the truth. >> Yeah, yeah. >> It's a data problem. And you know, we've talked about this off camera in the past. Data is critical for the systems to work. The visibility of the data. Having contextual data, the behavioral data. This gets a lot of the consequences. There's real consequences to this one. Theft, IP, freedom, lives. My son was video-gaming the other day and I could hear his friends all talking, "What's your ping start word? "What's your ping time? "I got lag, I'm dead." And this is a video game. Military, lagging, is not a game. People are losing their lives, potentially if they don't have the right tactical edge, access to technology. I know this is near and dear to your heart. I want to get your reaction. The Department of Defense is deploying strategies to make our military in the field, which represents 85% infantry, I believe, some statistic around that number, is relying on equipment. Technology can help, you know, that. Your thoughts on, the same direction. >> Going to the Cloud. Their effort to go to the Cloud is a great step forward, because it addresses just what you're saying. You know, everybody used to have their own data centers. But a data center has a fixed amount of computational capability. Once you reach it, you have to get another data center, or you just live with what you've got. In the Cloud if the problem's bigger, elasticity. Just add more corridors. And you can do things now that we could never do before. Perhaps even more importantly, you can make the Clouds global. And you can see around the world. Now you're talking about encrypted data. You're talking about ensuring that you have a level of encryption that you need, accesses and stuff. For mobile forces, that's the future. You don't carry a data center around with an infantry battalion. So you want that elasticity and you need the connectivity and you need the training to go with it. And the training gets you to what we were just talking about. When somebody serves up something wrong, and this happened to me in combat, in Desert Storm. We were launched on, everybody was getting ready to launch on something, and I said, "This doesn't sound right." And I told the Division Commander, "I don't agree. "I think this is crazy. "The Iraqis are not attacking us down this line. "I think it's old news. "I think somebody's taken an old report that we had "and re-read it and said oh my God, they're coming." And when we found out that was a JSTARS, remember how the JSTARS MTI thing would off of a wire, would look like a convoy. And that's what it was. So you have to have both. >> So you were on the cusp of an attack, deploying troops. >> That's right. >> On fake information, or misinformation, not accurate-- >> Old information. >> Old information. >> Old information. >> Old, fake, it's all not relevant. >> Well what happens is somebody interprets that to be true. So it gets back to you, how do you interpret the information? So there's training. It's a healthy dose of skepticism, you know. There are aliens in this room. Well, maybe not. (laughing) >> As far as we know. >> That's what everybody. >> But what a fascinating anecdote that you just told, about being in Desert Storm and having this report come and you saying, "Guys, this doesn't sound right." I mean, how often do you harken back to your experience in the military and when you were actually in combat, versus what you are doing today in terms of thinking about these threats? >> A lot. Because in the military, when you have troops in danger your first thought is how can I do more, how can I do better, what can I do to get them the intelligence they need? And you can innovate, and pressure is great innovator. (crunching sound) And it was amazing. And our Division Commander, General Griffith, was all into that. He said, "I trust you. "Do whatever you want." And we, it was amazing. So, I think that's a good thing. Note that when you go back and look at military campaigns, there's always this thing, the victor writes the history. (laughing) So you know, hopefully, the victor will write the truthful history. But that's not always the case. Sometimes history is re-written to be more like what they would like it to be. So, this fake news isn't new. This is something where I think journalists, historians, and others, can come together and say, "You know, that don't make sense. "Let's get the facts." >> But there's so much pressure on journalists today in this 24-hour news cycle, where you're not only expected to write the story, but you're expected to be Tweeting about it, or do a podcast about it later, to get that first draft of history right. >> So it may be part of that is as the reporter is saying it, step back and say, "Here's what we've been told." You know, we used to call those a certain type of sandwich, not a good-- (laughing) If memory serves it's a sandwich. One of these sandwiches. You're getting fed that, you're thinking, "You know, this doesn't make sense. "This time and day that this would occur." "So while we've heard this report. "It's sensational. "We need to go with the facts." And that's one of the areas that I think we really got to work. >> Journalism's changing too. I can tell you, from we've talked, data drives us. We've no advertising. Completely different model. In-depth interviews. The truth is out there. The key is how do you get the truth in context to real-time information for those right opportunities. Well, I want to get before we go, and thanks for coming on, and spending the time, General, I really appreciate it. Your company that you've formed, IronNet, okay, you're applying a lot of your discipline and knowledge in military cyber and cutting-edge tech. Tell us about your company. >> So one of the things that you, we brought up, and discussed here. When I had Cyber Command, one of the frustrations that I discussed with both Secretary Gates and Secretary Panetta, we can't see attacks on our country. And that's the commercial sector needs to help go fix that. The government can't fix that. So my thought was now that I'm in the commercial sector, I'll help fix the ability to see attacks on the commercial sector so we can share it with the government. What that entails is creating a behavioral analytic system that creates events, anomalies, an expert system with machine-learning and AI, that helps you understand what's going on and the ability to correlate and then give that to the government, so they can see that picture, so they have a chance of defending our country. So step one is doing that. Now, truth and lending, it's a lot harder than I thought it would be. (laughing) You know, I had this great saying, "Nothing is too hard "for those of us who don't have to do it." "How hard can this be?" Those were two of my favorite sayings. Now that I have to do it, I can say that it's hard, but it's doable. We can do this. And it's going to take some time. We are getting traction. The energy sector has been great to work with in this area. I think within a year, what we deploy with the companies, and what we push up to the Cloud and the ability to now start sharing that with government will change the way we think about cyber security. I think it's a disruptor. And we have to do that because that's the way they're going to attack us, with AI. We have to have a fast system to defend. >> I know you got to go, tight schedule here, but I want to get one quick question in. I know you're not a policy, you know, wonk, as they say, or expert. Well, you probably are an expert on policy, but if we can get a re-do on reshaping policy to enable these hard problems to be solved by entrepreneurs like yourself expertise that are coming into the space, quickly, with ideas to solve these big problems, whether it's fake news or understanding attacks. What do the policy makers need to do? Is it get out of the way? Do they rip up everything? Do they reshape it? What's your vision on this? What's your opinion? >> I think and I think the acting Secretary of Defense is taking this on and others. We've got to have a way of quickly going, this technology changes every two years or better. Our acquisition cycle is in many years. Continue to streamline the acquisition process. Break through that. Trust that the military and civilian leaders will do the right thing. Hold 'em accountable. You know, making the mistake, Amazon, Jeff Bezos, says a great thing, "Go quickly to failure so we can get "to success." And we in the military say, "If you fail, you're a dummy." No, no, try it. If it doesn't work, go on to success. So don't crush somebody because they failed, because they're going to succeed at some point. Try and try again. Persevere. The, so, I think a couple of things, ensure we fix the acquisition process. Streamline it. And allow Commanders and thought leaders the flexibility and agility to bring in the technology and ideas we need to make this a better military, a better intelligence community, and a better country. We can do this. >> All right. All right, I'm thinking Rosie the Riveter. We can do this. (laughing) >> We can do it. Just did it. >> General Alexander, thank you so much for coming on the show. >> Thank you. >> I'm Rebecca Knight for John Furrier. Stay tuned for more of theCUBE. (electronic music)

>> Narrator: Live from New York City, It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify, and The Institute for Critical Infrastructure Technology. (synth music tag) >> And government industries together for the first time. A unique kind of collaboration unlike normal events, like black hat or RSA, that are mostly about hacks and really geeky sessions. There's a great place for that, but again, this is the first of its kind, and it's presented by Centrify's theCUBE as an exclusive partner here, I'm John Furrier, co-host of theCUBE, co-founder of SiliconANGLE, my co-founder, Dave Vellante here. Dave, I mean, Centrify really taking an industry proactive role, not having their own event. Instead, using their money to fund an industry event. This is the trend in digital media. Presented by Centrify, not 'sponsored by' or 'their event'. This, we've seen this in the big data space before where events are sponsored for the community. You know, cyber security, really a big topic. You know, General Keith Alexander, retired general, was on stage as the keynote. Really talking about the crisis in the United States and around the world, around cyber security, cyber war, a whole new reality. This is the thrust of the event. >> Well, they say content is king. Well, context is kind of the empire, and the context here is, the world is changing. And the seriousness of that change is significant. General Alexander, many people may not know, General Keith, former, retired General Keith Alexander, he was the first Head of Chief $of Cyber Security at U.S., appointed by Obama. John, he was appointed Director of the NSA in 2005. Now, you guys remember, I'm sure, Stuxnet was right around 2004, 2005 when it was developed, and it bridged the Bush to the Obama administration. So he had the, all the inside baseball. He didn't talk about Stuxnet, but that was, >> He did share some nice war stories. >> Yeah, but that was the first and most significant, the way they got into Natanz, and he was at the center of all that. And he did share some war stories. He talked about Snowden, he talked about collaboration with the FBI, he talked about saving lives. And basically he said, hey, I stood in front of the ACLU. They basically undressed him, right? And then came back and said, hey, this is one of the most ethical agencies, and law-abiding agencies I've ever, he's seen, so he read that note from the head of the ACLU, it was very proud of that. >> Yeah, and the Stuxnet, it was in the news obviously, just yesterday it was reported, actually the day before November 1st, November 2nd, that Stuxnet was highly underestimated. In fact, the digital certificates that were spoofed were, been hanging around, the malware's been out there. Then again, this is, this is an indictment of the problem that we have, which is, we've got to get the security. Now, the things that the General talked about, I want to get your reaction to, because certainly I honed in on a couple key things. "Foundational tech for common defense." So he talked a lot about the Constitution and the role of government, I did a tweet on that, but what is the role of the government? That's the common defense of the United States, citizens and business. One. Not just protect the Department of Defense. At the same time, he did kind of put a plug in that we need the civil liberties and privacy to be addressed. But this is the biggest crisis we have, and it's a problem that can only be solved by working together. And if you look at, Dave, the trends that we're following on theCUBE and SiliconANGLE and Wikibon, the common thread is community. If you look at blockchain and what's going on in that disruptive, decentralized world, the role of the community is critical. If you look at what's going on in security, it's the role of the community. If you look at open source, the biggest success story of our multiple generations and now impacting the younger generation in the computer science industry and the computer industry, open source software. Community. You're starting to see the role of communities where knowing your neighbor, knowing who's involved with things, is really critical, and you can't highlight it any more than this conference that Centrify's presenting with these gurus, because they're all saying the same thing. You've got to share the data. The community's got to work together. So, common defense, maintaining civil liberties and maintaining privacy at the same time, solving the biggest crisis of our time. >> Well the other big thing and, John, you actually made this prediction to me a couple weeks ago, was that government and industry are going to start working together. It's going, it has to happen. General Alexander basically said that, is it the government's role, job, to protect commercial industry? And it was an emphatic yes, and he pulled out his fake version of the Constitution, and said yes, and he got in front of Panetta, in front of the US Senate, and made the case for that. And I think there's no question about it. Industries control critical infrastructure. And industries aren't in a good position to protect that critical infrastructure. They need help from the government, and the government has some of the most advanced technologies in the world. >> And the other thing we've been hearing from this, the executive at Aetna, is attack, maintaining intelligence on the data and sharing is critical to resolve the problem, but his point was that most people spend time on an attack vector that's usually wrong. He said, quote, "You're better off having people be idle, than chasing down on an attack vector that's wrong." So his point is, report that to the agencies quickly, to, one, reverse-engineer the problem. Most likely you're going to get better intel on the attack, on the vector, then you can start working effectively. So he says a lot of problems that are being solved by unconventional means. >> Well, General Alexander said that when he was head of Cyber Command, his number one challenge was visibility, on the attacks, they could only respond to those attacks. So, my question to you, John, is how will data, big data, machine learning, AI, whatever you want to call it, how will that affect our ability as an industry to proactively identify threats and thwart them, as opposed to just being a response mechanism? >> I think it's going to be critical. I think if you look at the AI and machine learning, AI is basically machine learning on steroids, that's really kind of what it is now, but it hopefully will evolve into bigger things, is really going through the massive amounts of data. One of the points that General Alexander talked about was the speed and velocity of how things are changing, and that most IT departments can't even keep up with that right now, never mind security. So machine learning will allow things to happen that are different analysis faster, rather than relying on data lakes and all kinds of old modeling, it's just not fast enough, so speed. The other thing too is that, as you start looking at security, this decentralized approach, most attacks are coming in on state-sponsored but democratized attacks, meaning you don't have, you can use open source and public domain software to provide attacks. This is what he's been talking about. So the number one thing is the data. Sharing the data, being part of a community approach where companies can work in sectors, because there's a lot of trend data coming out that most attackers will come out, or state-sponsored attacks, will target specific things. First of all, the one problem that can be solved immediately is that there's no way any of the United States military and-or energy grid should be attached to the Internet. And you can mask out all foreign attacks just by saying only people in the US should be accessing. That's one network conventional thing you can do. But getting the data out there is critical, but working in sectors. Most attacks happen like on the financial services industry, so if you sit in there and trying to solve the problem and keeping it on the down-low, you're going to get fired anyway, you know? The business is probably going to get hurt. Report it early, with your peers in the community, share some data, anonymize that data, don't make it, you know, privacy breaching, but get it out there. Number one thing. >> Well, here's the problem is, 80 billion dollars is spent a year on security, and the vast majority of that is still spent on perimeter security, and we heard today that the number one problem is things like credential stuffing, and password, poor user behavior, and our response to that is education. Jim Routh talked about, that's a conventional response. We need unconventional responses. I mean, the bottom line is that there's no silver bullet to security. You talked about, critical infrastructure should not be connected to the internet, but even then, when you have an air gap, you go back to Stuxnet, Natanz had an air gap. Mossad got through the air gap. There's always a way to get through somehow. So there's no one silver bullet. It's a portfolio of approaches and practices, and education, and unconventional processes that you have to apply. And as we talked about, >> Well I mean, there's no silver bullet, but there are solutions. And I think that's what he's saying. He gave it, General Alexander gave specific examples, when he was in charge, of the NSA command center was, you know, terrorist attacks being thwarted. Those are actual secure problems on the terrorism front that were solved. There was a silver bullet for that, it's called technology. So as you generalize it, Dave, I can hear what you're saying, because IT guys want a silver bullet. I want to buy a product that solves my security problem. >> So here's the problem I have with that is, I used to read Art Coviello's, you know, memo every year, >> Yeah. >> It was like, he tried to do like the, and he still does. But I look back every year and I say, Do we feel safer and more secure than we were last year? And every year the answer is no. So we, despite all the technology, and we've talked about this on theCUBE with Pat Gelsinger, security is essentially a do-over. We do need unconventional new ways, >> No debate. >> Of attacking the problem. >> No debate. Well I noticed, I'm just highlighting the point, I mean if you look at it from an IT perspective, the old conventional wisdom was, I want to buy a product. Hey, vendor, sell me your security product. What General's kind of pointing out is, he's kind of pointing out and connecting the dots, is like, hey, what they learned in the NSA was, it's an ongoing iterative thing that's happening in real time. It's not an IT solution anymore. It's a more of a holistic problem. Meaning, if you don't under stand the problem space, you can't attack it. So when they talked about the terrorist attack, they had a phone record, and they had to give it to the FBI. The FBI had to get into it. They discovered the guy in basically 24 hours, and then it took a week to kind of vet the information. Luckily they caught it and saved a subway attack in New York City in 2008 that would have been devastating. Okay, still, they were successful, but, weeks. So machine learning, and to your point, is only going to accelerate those benefits. And again, the real counterpoint as General pointed out is, civil liberties and privacy. >> Well, talk- >> I mean, what do you want? You want subway attacks, or you want to have your email, and your email be clean, or you want to have people read your email, and no subway attacks? I mean, come on. >> Well, you and I have talked about this on theCUBE over a number of years, and talking about Snowden, and General Alexander brought it up, you know, basically saying, hey, he told he story and he was pretty emphatic as to, his job is to protect, not only the citizens of the United States, but the infrastructure, and basically saying that we couldn't have done it without the laws that allowed us to analyze the metadata. >> I think, I think, in my opinion, what I think's going to happen is, we're going to have a completely reimagined situation on government. If you look at the trends with GovCloud, what's going on with AWS, Amazon Web Services, in the federal area, is an acceleration of massive agility and change happening. You're going to see a reimagine of credentials. Reimagining of culture around hiring and firing people that are the right people. You know I said, and I always say, there should be a Navy SEALs for cyber, a West Point for cyber. So I think you're going to start to see a cultural shift from a new generation of leaders, and a new generation of citizens in the US, that are going to look at citizenship differently. So for instance, Centrify, which is putting on this event, has an identity solution. That's an easy solution. Take it out of IT's problem, no one should be patching 1200 different IT systems in the government. Screw it. It's like a driver's license. Here's your credential, you know? >> So, >> So there's new ways to think of it. Radical ways, progressive ways, whatever you want to call it, I think those are going to be coming fast. Blockchains is a solution. >> I was going to ask you about that. So, four out of five breaches are password related. From credential stuffing or just bad password behavior. Everybody uses the same password, because they can remember it, across all these sites. So four out of five of the breaches can be traced back to poor password behavior. So, will things like blockchain or single sign-on, really, the answer, that's about the wrong question. When will, and how will, things like blockchain come to front and center, to solve that problem? >> I don't know, Dave. I mean, all I know is in today's Wall Street Journal, Andy Kessler writes a story that if you want to predict the future, it's all about dodgeball. You've got to get in the game and get hit by a few balls to know what's kind of going on around you. >> Dave: So you've got to fail first. >> Everybody has an opinion, nobody actually knows the answer, this has been a premise in the tech business. In my opinion, my opinion is, to reimagine things, you've got to look at it differently. So if you look at Jim Routh, the CSO at Aetna said, he said, look, we're going to solve these problems in a way, and he said, I'm not even a computer science major, I'm a history major, and I'm running Aetna's security practice. And his point was, he's a history major, civilizations crumble when trust crumbles. Okay, so trust is a huge issue, so trust on the government, trust on the systems, trust with email, so that, so he's looking at it and saying, hey, I want systems that don't erode trust, because the civilization of the world will disintegrate. So trust is a big factor, these are the new things that the best minds have to solve. >> I think the other thing, that really important topic that came up is, is public policy, and there was a discussion on sort of the, you know, hacktivists versus state-sponsored terrorism, so the payload, or the signature of a hacktivist malware is dramatically different than that of a state-sponsored initiative. State-sponsored initiatives are much more sophisticated and much more dangerous. And so, Robert Gates, when he was on theCUBE, brought this up, and he said, listen, we have the best technology in the world. The best security in the world. And we apply that largely for defense, and he said, we could go on the offensive. He said the problem is, so can everyone else, and we have, as a nation, a lot more to lose. So when you, we talked about Stuxnet earlier, Stuxnet basically was your tax dollars at work, getting into the hands eventually of the bad guys, who then use that to come back and say, okay, we can attack critical infrastructure, US, so you better be careful. >> It's bigger than that, though, Dave. That's a one, that's an old point, which is a good point, but Stuxnet was the beginning of a movement that state-sponsored actors were doing. In the old days, a state-sponsored actor, in the Iran case, came from a state sponsor, they revealed their hands in their hack a little too early, and we could counter that. But when you look at the specific attacks over the past 15 years, if a state-sponsored attack on the US was happening, it was their, they had to show their hand. That's different now, with WikiLeaks and public domain, states can still remain anonymous and saying "It wasn't us!" And point to these organizations by democratizing hacker tools. So whether it's Stuxnet or something else, you're seeing state-sponsored actors, and I won't, China, Russia, whoever they are, they can actually enable other people who hate the US to attack us. Their signature's not even on it. So by democratizing the hacker tools, increases the number of people that could attack the US. And so the state sponsors aren't even doing anything. >> Well, so, Jim Routh talked about WannaCry and NotPetya, which were, you know, generally believed to be ransomware. He said no, they weren't ransomware. They only collected about 140 thousand from that in US dollars. They were really about state-sponsored political acts. I don't know, sending warnings. We're going to ask him about that when he comes in theCUBE. >> Alright. We've got a big day here. New York City here for CyberConnect 2017, this is the inaugural event presented by Centrify. All the top leaders in the industry and government are here solving the problem, the crisis of our generation's cyber attack security, both government and industry coming together. This is theCUBE, we'll be back, more live coverage after this short break.