(bright music) >> Hello and welcome to today's session of the 2021 AWS Global Public Sector Partner Awards for the award for Best Partner Transformation, Best Cybersecurity Solution. I'm now honored to welcome our next guests, General Keith Alexander, Founder, and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, President and CEO of the New York Power Authority. Welcome to the program gentlemen, delighted to have you here. >> Good to be here. >> Terrific. Well, General Alexander, I'd like to start with you. Tell us about the collective defense program or platform and why is it winning awards? >> Well, great question and it's great to have Gil here because it actually started with the energy sector. And the issue that we had is how do we protect the grid? The energy sector CEOs came together with me and several others and said, how do we protect this grid together? Because we can't defend it each by ourselves. We've got to defend it together. And so the strategy that IronNet is using is to go beyond what the conventional way of sharing information known as signature-based solutions to behavioral-based so that we can see the events that are happening, the unknown unknowns, share those among companies and among both small and large in a way that helps us defend because we can anonymize that data. We can also share it with the government. The government can see a tax on our country. That's the future, we believe, of cybersecurity and that collective defense is critical for our energy sector and for all the companies within it. >> Terrific. Well, Gil, I'd like to shift to you. As the CEO of the largest state public power utility in the United States, why do you think it's so important now to have a collective defense approach for utility companies? >> Well, the utility sector lied with the financial sector as number one targets by our adversaries and you can't really solve cybersecurity in silos. We, NYPA, my company, New York Power Authority alone cannot be the only one and other companies doing this in silos. So what's really going to be able to be effective if all of the utilities and even other sectors, financial sectors, telecom sectors cooperate in this collective defense situation. And as we transform the grid, the grid is getting transformed and decentralized. We'll have more electric cars, smart appliances. The grid is going to be more distributed with solar and batteries charging stations. So the threat surface and the threat points will be expanding significantly and it is critical that we address that issue collectively. >> Terrific. Well, General Alexander, with collective defense, what industries and business models are you now disrupting? >> Well, we're doing the energy sector, obviously. Now the defense industrial base, the healthcare sector, as well as international partners along the way. And we have a group of what we call technical and other companies that we also deal with and a series of partner companies, because no company alone can solve this problem, no cybersecurity company alone. So partners like Amazon and others partner with us to help bring this vision to life. >> Terrific. Well, staying with you, what role does data and cloud scale now play in solving these security threats that face the businesses, but also nations? >> That's a great question. Because without the cloud, bringing collective security together is very difficult. But with the cloud, we can move all this information into the cloud. We can correlate and show attacks that are going on against different companies. They can see that company A, B, C or D, it's anonymized, is being hit with the same thing. And the government, we can share that with the government. They can see a tax on critical infrastructure, energy, finance, healthcare, the defense industrial base or the government. In doing that, what we quickly see is a radar picture for cyber. That's what we're trying to build. That's where everybody's coming together. Imagine a future where attacks are coming against our country can be seen at network speed and the same for our allies and sharing that between our nation and our allies begins to broaden that picture, broaden our defensive base and provide insights for companies like NYPA and others. >> Terrific. Well, now Gil, I'd like to move it back to you. If you could describe the utility landscape and the unique threats that both large ones and small ones are facing in terms of cybersecurity and the risks, the populous that live there. >> Well, the power grid is an amazing machine, but it is controlled electronically and more and more digitally. So as I mentioned before, as we transform this grid to be a cleaner grid, to be more of an integrated energy network with solar panels and electric vehicle charging stations and wind farms, the threat is going to be multiple from a cyber perspective. Now we have many smaller utilities. There are towns and cities and villages that own their poles and wires. They're called municipal utilities, rural cooperative systems, and they are not as sophisticated and well-resourced as a company like the New York Power Authority or our investor on utilities across the nation. But as the saying goes, we're only as strong as our weakest link. And so we need- >> Terrific. >> we need to address the issues of our smaller utilities as well. >> Yeah, terrific. Do you see a potential for more collaboration between the larger utilities and the smaller ones? What do you see as the next phase of defense? >> Well, in fact, General Alexander's company, IronNet and NYPA are working together to help bring in the 51 smaller utilities here in New York in their collective defense tool, the IronDefense or the IronDome as we call it here in New York. We had a meeting the other day, where even thinking about bringing in critical state agencies and authorities. The Metropolitan Transportation Authority, Port Authority of New York and New Jersey, and other relevant critical infrastructure state agencies to be in this cloud and to be in this radar of cybersecurity. And the beauty of what IronNet is bringing to this arrangement is they're trying to develop a product that can be scalable and affordable by those smaller utilities. I think that's important because if we can achieve that, then we can replicate this across the country where you have a lot of smaller utilities and rural cooperative systems. >> Yeah. Terrific. Well, Gil, staying with you. I'd love to learn more about what was the solution that worked so well for you? >> In cybersecurity, you need public-private partnerships. So we have private companies like IronNet that we're partnering with and others, but also partnering with state and federal government because they have a lot of resources. So the key to all of this is bringing all of that information together and being able to react, the General mentioned, network speed, we call it machine speed, has to be quick and we need to protect and or isolate and be able to recover it and be resilient. So that's the beauty of this solution that we're currently developing here in New York. >> Terrific. Well, thank you for those points. Shifting back to General Alexander. With your depth of experience in the defense sector, in your view, how can we stay in front of the attacks, mitigate them, and then respond to them before any damage is done? >> So having run our nations, the offense. I know that the offense has the upper hand almost entirely because every company and every agency defends itself as an isolated entity. Think about 50 mid-sized companies, each with 10 people, they're all defending themselves and they depend on that defense individually and they're being attacked individually. Now take those 50 companies and their 10 people each and put them together and collect the defense where they share information, they share knowledge. This is the way to get out in front of the offense, the attackers that you just asked about. And when people start working together, that knowledge sharing and crowdsourcing is a solution for the future because it allows us to work together where now you have a unified approach between the public and private sectors that can share information and defend each of the sectors together. That is the future of cybersecurity. What makes it possible is the cloud, by being able to share this information into the cloud and move it around the cloud. So what Amazon has done with AWS has exactly that. It gives us the platform that allows us to now share that information and to go at network speed and share it with the government in an anonymized way. I believe that will change radically how we think about cybersecurity. >> Yeah. Terrific. Well, you mention data sharing, but how is it now a common tactic to get the best out of the data? And now, how is it sharing data among companies accelerated or changed over the past year? And what does it look like going forward when we think about moving out of the pandemic? >> So first, this issue of sharing data, there's two types of data. One about the known threats. So sharing that everybody knows because they use a signature-based system and a set of rules. That shared and that's the common approach to it. We need to go beyond that and share the unknown. And the way to share the unknown is with behavioral analytics. Detect behaviors out there that are anonymous or anomalous, are suspicious and are malicious and share those and get an understanding for what's going on in company A and see if there's correlations in B, C and D that give you insights to suspicious activity. Like solar winds, recognizes solar winds at 18,000 companies, each defending themselves. None of them were able to recognize that. Using our tools, we did recognize it in three of our companies. So what you can begin to see is a platform that can now expand and work at network speed to defend against these types of attacks. But you have to be able to see that information, the unknown unknowns, and quickly bring people together to understand what that means. Is this bad? Is this suspicious? What do I need to know about this? And if I can share that information anonymized with the government, they can reach in and say, this is bad. You need to do something about it. And we'll take the responsibility from here to block that from hitting our nation or hitting our allies. I think that's the key part about cybersecurity for the future. >> Terrific. General Alexander, ransomware of course, is the hottest topic at the moment. What do you see as the solution to that growing threat? >> So I think, a couple things on ransomware. First, doing what we're talking about here to detect the phishing and the other ways they get in is an advanced way. So protect yourself like that. But I think we have to go beyond, we have to attribute who's doing it, where they're doing it from and hold them accountable. So helping provide that information to our government as it's going on and going after these guys, making them pay a price is part of the future. It's too easy today. Look at what happened with the DarkSide and others. They hit Colonial Pipeline and they said, oh, we're not going to do that anymore. Then they hit a company in Japan and prior to that, they hit a company in Norway. So they're attacking and they pretty much operate at will. Now, let's indict some of them, hold them accountable, get other governments to come in on this. That's the way we stop it. And that requires us to work together, both the public and private sector. It means having these advanced tools, but also that public and private partnership. And I think we have to change the rhetoric. The first approach everybody takes is, Colonial, why did you let this happen? They're a victim. If they were hit with missiles, we wouldn't be asking that, but these were nation state like actors going after them. So now our government and the private sector have to work together and we need to change that to say, they're victim, and we're going to go after the guys that did this as a nation and with our allies. I think that's the way to solve it. >> Yeah. Well, terrific. Thank you so much for those insights. Gil, I'd also like to ask you some key questions and of course, certainly people today have a lot of concerns about security, but also about data sharing. How are you addressing those concerns? >> Well, data governance is critical for a utility like the New York Power Authority. A few years ago, we declared that we aspire to be the first end-to-end digital utility. And so by definition, protecting the data of our system, our industrial controls, and the data of our customers are paramount to us. So data governance, considering data or treating data as an asset, like a physical asset is very, very important. So we in our cybersecurity, plans that is a top priority for us. >> Yeah. And Gil thinking about industry 4.0, how has the surface area changed with Cloud and IoT? >> Well, it's grown significantly. At the power authority, we're installing sensors and smart meters at our power plants, at our substations and transmission lines, so that we can monitor them real time, all the time, know their health, know their status. Our customers we're monitoring about 15 to 20,000 state and local government buildings across our states. So just imagine the amount of data that we're streaming real time, all the time into our integrated smart operations center. So it's increasing and it will only increase with 5G, with quantum computing. This is just going to increase and we need to be prepared and integrate cyber into every part of what we do from beginning to end of our processes. >> Yeah. And to both of you actually, as we see industry 4.0 develop even further, are you more concerned about malign actors developing more sophistication? What steps can we take to really be ahead of them? Let's start with General Alexander. >> So, I think the key differentiator and what the energy sector is doing, the approach to cybersecurity is led by CEOs. So you bring CEOs like Gil Quiniones in, you've got other CEOs that are actually bringing together forums to talk about cybersecurity. It is CEO led. That the first part. And then the second part is how do we train and work together, that collective defense. How do we actually do this? I think that's another one that NYPA is leading with West Point in the Army Cyber Institute. How can we start to bring this training session together and train to defend ourselves? This is an area where we can uplift our people that are working in this process, our cyber analysts if you will at the security operations center level. By training them, giving them hard tests and continuing to go. That approach will uplift our cybersecurity and our cyber defense to the point where we can now stop these types of attacks. So I think CEO led, bring in companies that give us the good and bad about our products. We'd like to hear the good, we need to hear the bad, and we needed to improve that, and then how do we train and work together. I think that's part of that solution to the future. >> And Gil, what are your thoughts as we embrace industry 4.0? Are you worried that this malign actors are going to build up their own sophistication and strategy in terms of data breaches and cyber attacks against our utility systems? What can we do to really step up our game? >> Well, as the General said, the good thing with the energy sector is that on the foundational level, we're the only sector with mandatory regulatory requirements that we need to meet. So we are regulated by the Federal Energy Regulatory Commission and the North American Electric Reliability Corporation to meet certain standards in cyber and critical infrastructure. But as the General said, the good thing with the utility is by design, just like storms, we're used to working with each other. So this is just an extension of that storm restoration and other areas where we work all the time together. So we are naturally working together when it comes to to cyber. We work very closely with our federal government partners, Department of Homeland Security, Department of Energy and the National Labs. The National Labs have a lot of expertise. And with the private sector, like great companies like IronNet, NYPA, we stood up an excellence, center of excellence with private partners like IronNet and Siemens and others to start really advancing the art of the possible and the technology innovation in this area. And as the governor mentioned, we partnered with West Point because just like any sporting or just any sport, actual exercises of the red team, green team, and doing that constantly, tabletop exercises, and having others try and breach your walls. Those are good exercises to really be ready against the adversaries. >> Yeah. Terrific. Thank you so much for those insights. General Alexander, now I'd like to ask you this question. Can you share the innovation strategy as the world moves out of the pandemic? Are we seeing new threats, new realities? >> Well, I think, it's not just coming out of the pandemic, but the pandemic actually brought a lot of people into video teleconferences like we are right here. So more people are working from home. You add in the 5G that Gil talked about that gives you a huge attack surface. You're thinking now about instead of a hundred devices per square kilometer up to a million devices. And so you're increasing the attack surface. Everything is changing. So as we come out of the pandemic, people are going to work more from home. You're going to have this attack surface that's going on, it's growing, it's changing, it's challenging. We have to be really good about now, how we trained together, how we think about this new area and we have to continue to innovate, not only what are the cyber tools that we need for the IT side, the internet and the OT side, operational technology. So those kinds of issues are facing all of us and it's a constantly changing environment. So that's where that education, that training, that communication, working between companies, the customers, the NYPA's and the IronNet's and others and then working with the government to make sure that we're all in sync. It's going to grow and is growing at an increased rate exponentially. >> Terrific. Thank you for that. Now, Gil, same question for you. As a result of this pandemic, do you see any kind of new realities emerging? What is your position? >> Well, as the General said, most likely, many companies will be having this hybrid setup. And for company's life like mine, I'm thinking about, okay, how many employees do I have that can access our industrial controls in our power plants, in our substations, and transmission system remotely? And what will that mean from a risk perspective, but even on the IT side, our business information technology. You mentioned about the Colonial Pipeline type situation. How do we now really make sure that our cyber hygiene of our employees is always up-to-date and that we're always vigilant from potential entry whether it's through phishing or other techniques that our adversaries are using. Those are the kinds of things that keep myself like a CEO of a utility up at night. >> Yeah. Well, shifting gears a bit, this question for General Alexander. How come supply chain is such an issue? >> Well, the supply chain, of course, for a company like NYPA, you have hundreds or thousands of companies that you work with. Each of them have different ways of communicating with your company. And in those communications, you now get threats. If they get infected and they reach out to you, they're normally considered okay to talk to, but at the same time that threat could come in. So you have both suppliers that help you do your job. And smaller companies that Gil has, he's got the 47 munis and four co-ops out there, 51, that he's got to deal with and then all the state agencies. So his ecosystem has all these different companies that are part of his larger network. And when you think about that larger network, the issue becomes, how am I going to defend that? And I think, as Gil mentioned earlier, if we put them all together and we operate and train together and we defend together, then we know that we're doing the best we can, especially for those smaller companies, the munis and co-ops that don't have the people and a security ops centers and other things to defend them. But working together, we can help defend them collectively. >> Terrific. And I'd also like to ask you a bit more on IronDefense. You spoke about its behavioral capabilities, it's behavioral detection techniques, excuse me. How is it really different from the rest of the competitive landscape? What sets it apart from traditional cybersecurity tools? >> So traditional cybersecurity tools use what we call a signature-based system. Think of that as a barcode for the threat. It's a specific barcode. We use that barcode to identify the threat at the firewall or at the endpoint. Those are known threats. We can stop those and we do a really good job. We share those indicators of compromise in those barcodes, in the rules that we have, Suricata rules and others, those go out. The issue becomes, what about the things we don't know about? And to detect those, you need behavioral analytics. Behavioral analytics are a little bit noisier. So you want to collect all the data and anomalies with behavioral analytics using an expert system to sort them out and then use collected defense to share knowledge and actually look across those. And the great thing about behavioral analytics is you can detect all of the anomalies. You can share very quickly and you can operate at network speed. So that's going to be the future where you start to share that, and that becomes the engine if you will for the future radar picture for cybersecurity. You add in, as we have already machine learning and AI, artificial intelligence, people talk about that, but in this case, it's a clustering algorithms about all those events and the ways of looking at it that allow you to up that speed, up your confidence in and whether it's malicious, suspicious or benign and share that. I think that is part of that future that we're talking about. You've got to have that and the government can come in and say, you missed something. Here's something you should be concerned about. And up the call from suspicious to malicious that gives everybody in the nation and our allies insights, okay, that's bad. Let's defend against it. >> Yeah. Terrific. Well, how does the type of technology address the President's May 2021 executive order on cybersecurity as you mentioned the government? >> So there's two parts of that. And I think one of the things that I liked about the executive order is it talked about, in the first page, the public-private partnership. That's the key. We got to partner together. And the other thing it went into that was really key is how do we now bring in the IT infrastructure, what our company does with the OT companies like Dragos, how do we work together for the collective defense for the energy sector and other key parts. So I think it is hit two key parts. It also goes on about what you do about the supply chain for software were all needed, but that's a little bit outside what we're talking about here today. The real key is how we work together between the public and private sector. And I think it did a good job in that area. >> Terrific. Well, thank you so much for your insights and to you as well, Gil, really lovely to have you both on this program. That was General Keith Alexander, Founder and Co-CEO of IronNet Cybersecurity, as well as Gil Quiniones, the President and CEO of the New York Power Authority. That's all for this session of the 2021 AWS Global Public Sector Partner Awards. I'm your host for theCUBE, Natalie Erlich. Stay with us for more coverage. (bright music)

>> Live from Toronto Canada, it's The Cube, covering Global Cloud and Blockchain Summit 2018, brought to you by The Cube. >> Hello, everyone welcome back to The Cube's live coverage here in Toronto for the first Global Cloud and Blockchain Summit in conjunction with the Blockchain futurist happening this week it's run. I'm John Fourier, my cohost Dave Vellante, we're here with Cube alumni, Bradley Rotter, pioneer Blockchain investor, seasoned pro was there in the early days as an investor in hedge funds, continuing to understand the impacts of cryptocurrency, and its impact for investors, and long on many of the crypto. Made some great predictions on The Cube last time at Polycon in the Bahamas. Bradley, great to see you, welcome back. >> Thank you, good to see both of you. >> Good to have you back. >> So I want to just get this out there because you have an interesting background, you're in the cutting edge, on the front lines, but you also have a history. You were early before the hedge fund craze, as a pioneer than. >> Yeah. >> Talk about that and than how it connects to today, and see if you see some similarities, talk about that. >> I actually had begun trading commodity futures contracts when I was 15. I grew up on a farm in Iowa, which is a small state in the Midwest. >> I've heard of it. >> And I was in charge of >> Was it a test market? (laughing) >> I was in charge of hedging our one corn contract so I learned learned the mechanisms of the market. It was great experience. I traded commodities all the way through college. I got to go to West Point as undergrad. And I raced back to Chicago as soon as I could to go to the University of Chicago because that's where commodities were trading. So I'd go to night school at night at the University of Chicago and listen to Nobel laureates talk about the official market theory and during the day I was trading on the floor of the the Chicago Board of Trade and the Chicago Mercantile Exchange. Grown men yelling, kicking, screaming, shoving and spitting, it was fabulous. (laughing) >> Sounds like Blockchain today. (laughing) >> So is that what the dynamic is, obviously we've seen the revolution, certainly of capital formation, capital deployment, efficiency, liquidity all those things are happening, how does that connect today? What's your vision of today's market? Obviously lost thirty billion dollars in value over the past 24 hours as of today and we've taken a little bit of a haircut, significant haircut, since you came on The Cube, and you actually were first to predict around February, was a February? >> February, yeah. >> You kind of called the market at that time, so props to that, >> Yup. >> Hope you're on the right >> Thank you. >> side of those shorts >> Thank you. >> But what's going on? What is happening in the capital markets, liquidity, why are the prices dropping? What's the shift? So just a recap, at the time in February, you said look I'm on short term bear, on Bitcoin, and may be other crypto because all the money that's been made. the people who made it didn't think they had to pay taxes. And now they're realizing, and you were right on. You said up and up through sort of tax season it's going to be soft and then it's going to come back and it's exactly what happened. Now it's flipped again, so your thoughts? >> So my epiphany was I woke up in the middle of the night and said oh my God, I've been to this rodeo before. I was trading utility tokens twenty years ago when they were called something else, IRUs, do you remember that term? IRU was the indefeasible right to use a strand of fiber, and as the internet started kicking off people were crazy about laying bandwidth. Firms like Global Crossing we're laying cable all over the ocean floors and they laid too much cable and the cable became dark, the fiber became dark, and firms like Global Crossing, Enron, Enron went under really as a result of that miss allocation. And so it occurred to me these utility tokens now are very similar in characteristic except to produce a utility token you don't have to rent a boat and lay cable on the ocean floor in order to produce one of these utility tokens, that everybody's buying, I mean it takes literally minutes to produce a token. So in a nutshell it's too many damn tokens. It was like the peak of the internet, which we were all involved in. It occurred to me then in January of 2000 the market was demanding internet shares and the market was really good at producing internet shares, too many of them, and it went down. So I think we're in a similar situation with cryptocurrency, the Wall Street did come in, there were a hundred plus hedge funds of all shapes and sizes scrambling and buying crypto in the fall of last year. It's kind of like Napoleon's reason for attacking Russia, seemed like a good idea at the time. (laughing) And so we're now in a corrective phase but literally there's been too many tokens. There are so many tokens that we as humans can't even deal with that. >> And the outlook, what's the outlook for you? I mean, I'll see there's some systemic things going to be flushed out, but you long on certain areas? What do you what do you see as a bright light at the end of the tunnel or sort right in front of you? What's happening from a market that you're excited about? >> At a macro scale I think it's apparent that the internet deserves its own currency, of course it does and there will be an internet currency. The trick is which currency shall that be? Bitcoin was was a brilliant construct, the the inventor of Bitcoin should get a Nobel Prize, and I hope she does. (laughing) >> 'Cause Satoshi is female, everyone knows that. (laughing) >> I got that from you actually. (laughing) But it may not be Bitcoin and that's why we have to be a little sanguine here. You know, people got a little bit too optimistic, Bitcoin's going to a hundred grand, no it's going to five hundred grand. I mean, those are all red flags based on my experience of trading on the floor and investing in hedge funds. Bitcoin, I think I'm disappointed in Bitcoins adoption, you know it's still very difficult to use Bitcoin and I was hoping by now that that would be a different scenario but it really isn't. Very few people use Bitcoin in their daily lives. I do, I've been paying my son his allowance for years in Bitcoin. Son of a bitch is rich now. (laughing) >> Damn, so on terms of like the long game, you seeing the developers adopted a theory and that was classic, you know the decentralized applications. We're here at a Cloud Blockchain kind of convergence conference where developers mattered on the Cloud. You saw a great developer, stakeholders with Amazon, Cloud native, certainly there's a lot of developers trying to make things easier, faster, smarter, with crypto. >> Yup. >> So, but all at the same time it's hard for developers. Hearing things like EOS coming on, trying to get developers. So there's a race for developer adoption, this is a major factor in some of the success and price drops too. Your thoughts on, you know the impact, has that changed anything? I mean, the Ethereum at the lowest it's been all year. >> Yup. Yeah well, that was that was fairly predictable and I've talked about that at number of talks I've given. There's only one thing that all of these ICOs have had in common, they're long Ethereum. They own Ethereum, and many of those projects, even out the the few ICO projects that I've selectively been advising I begged them to do once they raised their money in Ethereum is to convert it into cash. I said you're not in the Ethereum business, you're in whatever business that you're in. Many of them ported on to that stake, again caught up in the excitement about the the potential price appreciation but they lost track of what business they were really in. They were speculating in Ethereum. Yeah, I said they might as well been speculating in Apple stock. >> They could have done better then Ethereum. >> Much better. >> Too much supply, too many damn tokens, and they're easy to make. That's the issue. >> Yeah. >> And you've got lots of people making them. When one of the first guys I met in this space was Vitalik Buterin, he was 18 at the time and I remember meeting him I thought, this is one of the smartest guys I've ever met. It was a really fun meeting. I remember when the meeting ended and I walked away I was about 35 feet away and he LinkedIn with me. Which I thought was cute. >> That's awesome, talk about what you're investing-- >> But, now there's probably a thousand Vitalik Buterin's in the space. Many of them are at this conference. >> And a lot of people have plans. >> Super smart, great ideas, and boom, token. >> And they're producing new tokens. They're all better improved, they're borrowing the best attributes of each but we've got too many damn tokens. It's hard for us humans to be able to keep track of that. It's almost like requiring a complicated new browser download for every website you went to. We just can't do that. >> Is the analog, you remember the dot com days, you referred to it earlier, there was quality, and the quality lasted, sustained, you know, the Amazon's, the eBay's, the PayPal's, etc, are there analogs in this market, in your view, can you sniff out the sort of quality? >> There are definitely analogs, I think, but I think one of the greatest metrics that we can we can look at is that utility token being utilized? Not many of them are being utilized. I was giving a talk last month, 350 people in the audience, and I said show of hands, how many people have used a utility token this year? One hand went up. I go, Ethereum? Ethereum. Will we be using utility tokens in the future? Of course we will but it's going to have to get a whole lot easier for us humans to be able to deal with them, and understand them, and not lose them, that's the big issue. This is just as much a cybersecurity play as it is a digital currency play. >> Elaborate on that, that thought, why is more cyber security playing? >> Well, I've had an extensive background in cyber security as an investor, my mantra since 9/11 has been to invest in catalyze companies that impact the security of the homeland. A wide variety of security plays but primarily, cyber security. It occurred to me that the most valuable data in the world used to be in the Pentagon. That's no longer the case. Two reasons basically, one, the data has already been stolen. (laughing) Not funny. Two, if you steal the plans for the next generation F39 Joint Strike Force fighter, good for you, there's only two buyers. (laughing) The most valuable data in the world today, as we sit here, is a Bitcoin private key, and they're coming for them. Prominent Bitcoin holders are being hunted, kidnapped, extorted, I mean it's a rather extraordinary thing. So the cybersecurity aspect of if all of our assets are going to be digitized you better damn well keep those keys secure and so that's why I've been focused on the cybersecurity aspect. Rivets, one of the ICOs that I invested in is developing software that turns on the power of the hardware TPM, trusted execution environment, that's already on your phone. It's a place to hold keys in hardware. So that becomes fundamentally important in holding your keys. >> I mean certainly we heard stories about kidnapping that private key, I mean still how do you protect that? That's a good question, that's a really interesting question. Is it like consensus, do you have multiple people involved, do you get beaten up until you hand over your private key? >> It's been happening. It's been happening. >> What about the security token versus utility tokens? A lot of tokens now, so there's yeah, too many tokens on the utility side, but now there's a surge towards security tokens, and Greg Bettinger wrote this morning that the market has changed over and the investor side's looking more and more like traditional in structures and companies, raising money. So security token has been a, I think relief for some people in the US for sure around investing in structures they understand. Is that a real dynamic or is that going to sustain itself? How do you see security tokens? >> And we heard in the panel this morning, you were in there, where they were predicting the future of the valuation of the security tokens by the end of the year doubling, tripling, what ever it was, but what are your thoughts? >> I think security tokens are going to be the next big thing, they have so many advantages to what we now regard as share certificates. My most exciting project is that I'm heavily involved in is a project called the Entanglement Institute. That's going to, in the process of issuing security infrastructure tokens, so our idea is a public-private partnership with the US government to build the first mega quantum computing center in Newport, Rhode Island. Now the private part of the public-private partnership by the issuance of tokens you have tremendous advantages to the way securities are issued now, transparency, liquidity. Infrastructure investments are not very liquid, and if they were made more liquid more people would buy them. It occurred to me it would have been a really good idea if grandpa would have invested in the Hoover Dam. Didn't have the chance. We think that there's a substantial demand of US citizens that would love to invest in our own country and would do so if it were more liquid, if it was more transparent, if the costs were less of issuing those tokens. >> More efficient, yeah. >> So you see that as a potential way to fund public infrastructure build-outs? >> It will be helpful if infrastructure is financed in the future. >> How do you see the structure on the streets, this comes up all the time, there's different answers to this. There's not like there's one, we've seen multiple but I'm putting a security token, what am i securing against, cash flow, equity, right to convert to utility tokens? So we're starting to see a variety of mechanisms, 'cause you have to investor a security outcome. >> Yeah, so as an investor, what do you look for? >> Well, I think it's almost limitless of what these smart securities, you know can be capable of, for example one of the things that were that we're talking with various parts of the government is thinking about the tax credit. The tax credit that have been talked about at the Trump administration, that could be really changed on its head if you were able to use smart securities, if you will. Who says that the tax credit for a certain project has to be the same as all other projects? The president has promised a 1.5 trillion dollar infrastructure investment program and so far he's only 1.5 trillion away from the goal. It hasn't started yet. Wilbur Ross when, in the transition team, I had seen the white paper that he had written, was suggesting an 82% tax credit for infrastructure investment. I'm going 82%, oh my God, I've never. It's an unfathomable number. If it were 82% it would be the strongest fiscal stimulus of your lifetime and it's a crazy number, it's too big. And then I started thinking about it, maybe an 82% tax credit is warranted for a critical infrastructure as important as quantum computing or cyber security. >> Cyber security. >> Exactly, very good point, and maybe the tax credit is 15% for another bridge over the Mississippi River. We already got those. So a smart infrastructure token would allow the Larry Kudlow to turn the dial and allow economic incentive to differ based on the importance of the project. >> The value of the project. >> That is a big idea. >> That is a big idea. >> That is what we're working on. >> That is a big idea, that is a smart contract, smart securities that have allocations, and efficiencies, and incentives that aren't perverse or generic. >> It aligns with the value of the society he needs, right. Talk about quantum computing more, the potential, why quantum, what attracted you to quantum? What do you see as the future of quantum computing? >> You know, you don't you don't have to own very much Bitcoin before what wakes you up in the middle of the night is quantum computing. It's a hundred million times faster than computing as we know it today. The reason that I'm involved in this project, I believe it's a matter of national security that we form a national initiative to gain quantum supremacy, or I call it data supremacy. And right now we're lagging, the Chinese have focused on this acutely and are actually ahead, I believe of the United States. And it's going to take a national initiative, it's going to take a Manhattan Project, and that's that's really what Entanglement Institute is, is a current day Manhattan Project partnering with government and three-letter agencies, private industry, we have to hunt as a pack and focus on this or we're going to be left behind. >> And that's where that's based out of. >> Newport, Rhode Island. >> And so you got some DC presence in there too? >> Yes lots of DC presence, this is being called Quantum summer in Washington DC. Many are crediting the Entanglement Institute for that because they've been up and down the halls of Congress and DOD and other-- >> Love to introduce you to Bob Picciano, Cube alumni who heads up quantum computing for IBM, would be a great connection. They're doing trying to work their, great chips to building, open that up. Bradley thanks for coming on and sharing your perspective. Always great to see you, impeccable vision, you've got a great vision. I love the big ideas, smart securities, it's coming, that is, I think very clear. >> Thank you for sharing. >> Thank you. The Cube coverage here live in Toronto. The Cube, I'm John Furrier, Dave Vellante, more live coverage, day one of three days of wall-to-wall coverage of the Blockchain futurist conference. This is the first global Cloud Blockchain Summit here kicking off the whole week. Stay with us for more after this short break.

>> Announcer: Live from Las Vegas, it's theCUBE. Covering ServiceNow Knowledge 2018. Brought to you by ServiceNow. >> Welcome back everyone to theCUBE's live coverage of ServiceNow Knowledge18, I'm your host Rebecca Knight along with my cohost Dave Vellante. We're joined by Chris Bedi, he is the CIO of ServiceNow. Thanks so much for coming on the show Chris. >> Thanks for having me. >> So, we're hearing so much about improving employee experience and this is the goal, your goal, and also the collective goal of CIO, so can you tell us a little bit about why this, and how do you see your role in this? >> Yeah for sure, I mean if I rewind three or four years I don't think experience was really on anybody's agenda, or not high on the list. I think, you know, what we've come to realize or I've come to realize is that experience is critical to actually getting the right behavioral and economic outcomes. It is not optional anymore because with the amount of transformation that we're driving through technology it's changing processes, changing the way customers interact with us, suppliers interact with us, and that change needs to be easy. And not just easy for easy sake, but otherwise we don't get the business outcomes we are looking for. So, for me it's very purpose driven to say that for us to get those economic outcomes we have to focus on experience. >> I feel like the CIO role is evolving, and we've talked about this before, I'd love your thoughts on it. You know, it kind of used to be, alright we're going to keep the lights on, granted that's still part of the role but it's table stakes. >> It doesn't go away. (Rebecca laughs) But yes, still part of the role. >> You know, we can outsource our email, you know, what are we going to do with the cloud, okay. That's shifting, you know, with the digital economy, machine intelligence, the economy booming, this war on talent especially in Silicone Valley. Things are changing, how do you see the role changing and where do you see it evolving to? >> Well, I think the CIO role is changing. It's driven really by what's going on in every industry. If you think about it, everything, how fast your company operates, how efficient your processes are, how engaged your employees are via employee experiences, the mode in which you're able to interact with your customers, how digital your supply chain is, everything is powered by technology platforms and CIO's are the ones governing and managing and those technology platforms to deliver those outcomes, and I think it's only going to increase where technology has a bigger and bigger impact and I think that is really driving a shift in the CIO role where CIO's need to be front and center. There is no more, here's the business strategy, here's the technology strategy. They are one and the same thing and I think in our consumer lives we talk about the digital divides or the have's and have nots. I think the same thing is going to play out in enterprises where those enterprises that can figure out how to harness these newer technologies to drive meaningful business outcomes are going to start to separate themselves from the competition and that separation's only going to get bigger with time. So I think there's a tremendous amount of urgency on this topic as well. I was reading a recent article which talked about CEO's priorities for IT and saying favoring speed over cost, and I don't think that's because all of a sudden we're going to become frivolous with our spending. But I think again it just speaks to the urgency and the need for businesses to transform and it's now. >> It's not just harnessing the technologies, it's also harnessing the employee behaviors that need to change in order to create these cultural shifts that you're talking about, right, or? >> Yeah, for sure, and I would say and we had our CIO Decisions yesterday, one of the key topics was, you know, driving cultural transformation and I find that's a lot of what I'm doing and that involves a lot of selling, quite frankly. I mean, I don't have sales in my title, but by the very definition of it we're saying this technology has the promise to unlock a new business model, unlock a new process. Get to that next level of efficiency or productivity. But, you're selling a vision, right, and that means change, and people don't like change. As long as someone else is changing they're fine with it, once it's themselves, so we have to focus a lot and really double down on transformation efforts and play a key role in that, and to link it back to your first question, that transformation gets so much easier if we can deliver compelling experiences, right? So, it's all kind of tied together. >> Four years ago at K15, Frank Slootman sort of threw down the gauntlet to CIO's in the audience and said, you must become business leaders, if you don't become business leaders you'll be a dinosaur. How are you a business leader, and how are you becoming a business leader? >> I think it's really shaping IT's agenda based upon what's important to the organization. And, that's going to be different for different organizations but largely it's going to be things tied to customers, how productive and engaged are the employees, what can we do to drive margin, which is top and bottom line improvement in the economic model, and making sure that IT's goals and objectives are one and the same with the business goals and objectives. So, for example we do at ServiceNow in IT, we have a shared contract with every function. Marketing, sales, you know, professional services, that here's the business outcomes. On my dashboard, you'll seldom see a whole bunch of IT metrics, it's all about did we get to the business metric or not. Cuz if you're not measuring that then I'm not sure what you're measuring. >> Okay, so you, and I'm sure you have a lot of IT metrics, too, but you're able to then tie those IT metrics to business metrics >> Sure. >> And show how a change in one flows through the value to affect another. >> Yeah, I mean, where the role was, that doesn't go away and it's a critical part of the role and I don't want to undermine it which is, all the invisible things that just happen in corporations, you know, the utilities of, is the networking, and phones and all that, that has to be rock solid. That's table stakes, but yeah, for the next part of that, it's really driving those transformational business outcomes. >> So you're a big proponent and advocate of machine learning, how do you see machine learning transforming the modern work experience, the modern workplace and then the employee experience of the modern workplace? >> I think at a very high level, it's around speed and effectiveness of decision making. And, machine learning, I think has the promise or the opportunity for all of us to unlock that next wave of productivity. Just like in the late '90s we had ERP's and they drove a lot of automation, and supply chain and finance organizations around the world got better. They got faster, more efficient. I think machine learning can do that for the entire enterprise by leveraging platforms to help people make faster and better decisions. I know there's a lot written about replacing humans and things like that. I don't buy into that, I think it's just helping us be better and I think there's used cases all over the enterprise. The biggest barriers to machine learning in my mind typically come with talent. How do you do it, and the good news is here, I mean what we embedded with machine learning in the ServiceNow platform, you don't need an army of data scientists that are super hard to find, almost democratizing the ability to leverage machine learning. Second biggest one that when I talk to CIOs, it's lack of the right data, and they don't have the right data perhaps because they haven't yet digitized their processes, so that's a critical precursor. You got to digitize your processes to generate the right data to then feed the algorithms to get the outcome, but yeah machine learning I think is going to materially transform how we operate dramatically over the next three to five years. >> And, I mean, IT systems continue to get more complex. They in many cases becoming more of a black box. I wonder if I could get your thoughts on this. I mean, I remember reading Michael Lewis's book, Flash Boys, and he talked a lot about the flash crash, and nobody could explain it. They chalk it up to a computer glitch, and his premise was a computer glitch is computers are so complex we can't explain them anymore. >> Yeah. >> AI, machine learning, machine intelligence, going to make that even more complex and more of a black box. Is that a problem for us mortals? >> I think it's a problem, (laughs) for us mortals, but I think it's a problem and I'll tie it back to the transformation in human behavior. We're, I'll call it prototyping and rolling out and leveraging machine learning in our own enterprise, and one of the things we've observed is that us humans, us mortals as you call us, we need to know why, so if a machiner is making an algorithmic based recommendation or a decision we need to know why. And, our employees had a hard time accepting the ML based recommendation without knowing the why. So, we had to go back and rework that, and say how do we surface the why in the context of the recommendation and that got people over the hump. So I think it is a super important point where, as these algorithms get more and more sophisticated, our human brains, the way we interpret it, is we still need the why. >> Yeah, so you're trying to white box that, is what you're saying, which again is not easy. I often use the example of, a computer can tell me if I'm looking at a dog, or I joke Silicone Valley if you watch Silicone Valley >> Yeah yeah yeah, >> Hot dog or not hot dog. >> Hot dog, exactly. >> But, try to explain how you know it's a dog, it's hard >> It is challenging. >> To do that. >> Right. >> Especially if you think about data scientists, they are incredibly cerebral and way smarter than me and, they often have a hard time simplifying it enough where its consumable if you will. So, it is a challenge and I think, you know, it's something that'll evolve as we start to use more of it cause we'll just have to figure it out as an industry. >> I want to ask you about, one of the things that we're hearing so much about this conference is the neat things that you're doing around eradicating employee pain points and taking care of all those onerous, annoying, tedious tasks that we have to do, the filling out of paperwork and all of that sort of thing. What are sort of the next things you're thinking about, the other parts of the work day that are annoying for all of us when you sort of think ahead to the product lineup? >> I think, one of the things we do is figure out where you are and you know, digital transformation, right, is great, but it has so many different meanings depending on your company or your industry. So what we did internally is we actually gave definition and an answer to the question of how digital are you? So we take every process and a collection of processes to a department and bubble it up and so on forth, and we rate every process on how fast it is, how intelligent is, which is a measure of machine learning, and what's the experience we're delivering. And taking those three measures, we're able to come up with a score and more than anything it gave us a common language around the enterprise to say, how do we move this from a score of 50 to 70, how do we move this from a 60 to a 90, and which processes are most important to move first, second and third, right, and without that it gets really hard because digital transformation can just feel like this abstract concept and as business leaders, we do better when we have measurement. And once we have a number and a target and a goal, it's easier to get people aligned to that. So, that's been helpful for us as well on a change management aspect. >> So true. Coach K, you guys always have great outside guests come in and speak at your CIO Decisions Conference, I mean Robert Gates is one that, you know, I mean as much as you've accomplished in your life you haven't accomplished nearly as much as that guy. >> Yeah. >> Very humbling. Coach K was your, one of your guests this week, you host that event. >> I do. >> Share with us some of the, some of the learnings from Coach K. >> We had Coach K, Duke's basketball coach, I would argue best coach, best basketball coach >> I'm a Tarheel. >> Sorry, Tarheel here. >> Yeah exactly, Dean Smith. >> We had a couple in the audience- >> He said he's no Dean Smith the other day, (Rebecca laughs) well you know I don't know. >> And I am a college hoops junkie so for me, it was a massive treat. I just wanted to talk to him about so many games and things like that. But he, he really gave a great talk about just how to be a better leader, how to constantly be learning and applying yourself. I mean he's 71 years old and how he needs, he talked about how he had to reinvent himself at least ten times, he's been coaching for 42 years. To meet the players where they are, and changing himself. And every season, the day after the season ends, having a meeting with his managers saying, what do we need to change? And it could be they just won the national championship. So, never resting on his laurels, constantly learning, and he had really interesting anecdotes about when he coached the U.S. Olympic team, and the difference of 18-year-olds right out of high school versus these are the superstars of the NBA, massive egos, and one of the interesting things, he said so many interesting things I could keep going on but just, you know, he said don't leave your ego at the door. Bring your ego, cause that what makes you great. I need you to have that ego Kobe when you're taking that last second shot cause that's what makes you, you. But, also what he spent a lot of time is getting them aligned on values. Here's the core values that which we are going to operate as a team and that are going to allow us to be successful. And I think that leadership lesson applies to any team. He applied it in a very difficult environment while millions of people are watching but, and he talked about how he took that collection of individuals and made them a unit, and that was super powerful. >> Yeah, he coached the first dream team which was Magic, >> Yeah I think he's coached four or five, and >> and I think Byrd might have been hurt but he played, >> yeah. And how he would just >> and Jordan I mean that, try and bring that eclectic mix together. >> And then to hear, have someone be so, you know, I've done all these things, and then be articulate enough to be able to say, and this is what I did >> Yeah and just super humble >> this is how I brought out the best in people. >> Super humble and just, again, constant learning right, I mean John our CEO talks about be a learning animal. I think Coach K embodied that in spades. >> West Point grad too, right, with a lot of discipline >> Yeah. >> That's right, yeah, yeah. >> in his background and >> for sure, >> and it's really inspirational. >> And then he talked about that, that's where he learned a lot of his leadership lessons. >> Really, yeah? >> At West Point. >> Well, Chris it's been so fun talking to you we could, maybe we should get Coach K on with you. A little like, Mike Krzyzewski, yeah >> That would be a treat for me, you and me could talk about Duke Tarheels. >> Yeah, well okay, alright, if you insist. >> We could bring John Wooden into the greatest coaches ever conversation in fairness >> We could, we could. >> to the wizard of Westwood I mean. >> Cool, well thank you. >> Chris, thanks again for coming on. I'm Rebecca Knight for Dave Vellante. We will have more from theCUBE's live coverage of ServiceNow Knowledge '18 coming up just after this. (techno music)

>> Announcer: Live from New York City It's theCUBE. Covering CyberConnect 2017. Brought to you by Centrify and the Institute for Critical Infrastructure Technology. >> Hey welcome back everyone, this is theCUBE's coverage of CyberConnect 2017. Live here in New York City at the Grand Hyatt downtown on 42nd street. I'm John Furrier, my co-host Dave Vellante. This is Centrify's inaugural event that they're presenting and they're underwriting. It's the industry event between industry and government and really around the crisis of our generation which is cyber security and it's impact to the transformation to global society and our coverage here. Our next guest is Shira Rubinoff who is the President of SecureMySocial, which is really cutting edge human aspect of social engineering meets security. Primetech partners, Cybersecurity, IoT and an influencer but also doing some great work advising start-ups great participant in the community and certainly great to have you back on theCUBE. Thanks for joining us. >> Shira: Thank you, pleasure. >> So, you're in the front row. I saw you and Dave, I couldn't get a seat I was in the back of the bus here at the General Keith Alexanders keynote, among other great keynotes here. Really an inaugural event and inaugural events are great because it's the sign of the trends but also you know if they do a second even, it worked. Right, so you never know there's never going to be another event so an inaugural event means something. It means that the world has to the realization that the world is changed, the realities are here and that the old way isn't good enough. >> Shira: Yup. >> And you're in the middle of it. What's your thoughts? What's your reaction to the program? >> Well you know it's interesting, it also even goes back to the old technology days when you buy by brand. No ones going to fault you for buying the brand names. Everyone just went along with buying the trend, buying the brand. And as technology advanced itself as well we started seeing doing it the old way is just not going anywhere today. Especially with the millennials entering the workforce, how things are done, how people approach technology and security is very different. The human factors of information security is taking a front row today, in terms of security, in terms of the weakest link of the chain. Whether it being phishing, finding the entree into an organization through the human ... the weak link of the human, or in terms of tricking people for doing other things while they're downloading malware or even circumventing different technologies that are layered upon each other because there's just too many layers of security on each other and not making it easy for somebody to use the technology and keeping it strong. >> This year you bring up a good point about the human aspect of it. There's an old joke in IT where there's a fork with a cork in it and someone says why is that there? So they don't stick the fork in their eye. And that's a joke on the old system admin joke around human error, around updating. That's been around for a while, but now there's a whole other social engineering going on around the business of cyber attacks. Whether it's mafias or organized hacker units that do it for business, for profit to state governments where the social engineering around the human vulnerabilities are key. This isn't your area, it's your wheelhouse. What is the key thing that's happening? What should people be aware of? What's your analysis? >> Well I think people have to be careful of oversharing. I think there's many different entrees into finding, again when we talk about the human factors whether being government, whether being a technology company, whether being a seasuite, whether it being through social media. It's being trusted the wrong people, trusting the wrong sources, and just being open and not being over careful in checking your sources and making sure you're actually linking up whether it being on the LinkedIn. Also, I was talking to someone earlier that people were accepting LinkedIn invitations from non-trusted sources. And they seemed to look okay but again, a social engineering piece that comes in that allowed others in to actually see context and find a breech within an organization. Sometimes, somewhat like a government it can always be across all communities. >> So that's a very nuance point, lets take LinkedIn for example, mind if I picked on LinkedIn but Facebook I'm an oversharer so I'm probably being hacked 10 ways from Sunday but you can have whatever you want. But lets take LinkedIn as an example. A practitioner could say I work on the servers for Chase Bank and I handle the Apache whatever project. That's metadata that can be used against that person. He's putting it out there, he or she, for a job potentially to showcase their skills. Yet, the bad actors can use that and figure out what communities they're ... >> Exactly. >> And github their participants so it's a gesture signal point, that you ... Am I right, am I getting it right? >> Correct. Correct. And that's what some of the companies actually put allowances around what people are allowed to share on LinkedIn, however there's the double-edged sword because they're telling their employees do not overshare and say specifically what you're doing. The employee themselves are saying, hey I want to be open to recruiters to come find me because who knows what my next gig is. So they're going to over share what they're doing to show all the experience that they have so they're open to other job opportunities. >> This is a really interesting conflict, and again I'm torn because religiously I'm a big believer in the democratization of media and society but what you're talking about really is a counter against the democratization because that's based on sharing, which that's where open sources from and so this is going to be some sort of shift. >> Correct. Correct. Well, that also plays into the whole millennial shift. Of how it's approached through the workforce. Millennial generation share everything, everything is open. My whole life is opening itself up on social media. I want you to know what I'm having for breakfast because you might want to have it too. By the way, this is what I'm working on at work because you might find it interesting. Whether it being their boss or saying don't do this they're saying don't tell me what to do and I'm going to work from home half the time. It's millennial shift and we have to shift with it. It's going that route. >> So to what degree can we take bad human behavior out of the equation? Toiling, technology, maybe it's process education. >> Well I think it has to be many factors. You know, there has to be the education around it. There also has to be implementing the right technology. To warn users if they're doing things the wrong way. For example, my company SecureMySocial, we are a technology assisted self-monitoring company for allow for employers to give employees to self monitor across social media based on compliance organization real time warnings. So it would warn the employee if they the employee themselves would be doing something wrong. So implementing technologies of that sort whether being whatever the organization may be open to. So you have the education piece, you have the partnerships with the right technology companies, and you also have allowing the employees to have the right types of security around what they're doing themselves. Without being so involved in what they're doing because then they're going to have a big push back. So there's a very fine line you have to walk here. >> And the psychology is interesting you mention the millennials too, because that's their norm. >> Shira: Correct. And they want to be part of a tribe, right? >> Shira: Yes. >> So that the belonging aspect of social is becoming a norm. But now we have to have practices. So what do you, what's your vision of this? Because that probably won't stop, that's a behavior that will constantly be there. Is that going to come in a form of product? Solutions? A better identity? I mean ... >> Well it's going to come everywhere, if you look across all generations from the boomers, gen x, millennials. Things shift with the generations as it comes down the path. So certainly through technology is going to shift to, easy to use, no extra steps to download. As Centrify has, they want a one point to contact. They don't want to overlay technologies on technologies which is what I speak about a lot. My background is heavily in psychology and the human aspect. So make things as strong as they can be without cumbersome to the employee. You want them to use it, not break it, not go around it and not just throw it out the window. >> Gee, you're a great guest and music to our ears because as Dave knows, I've been on this rant for a long time. User experience is really about user expectations. And as expectations shift, that's kind of where the puck will be or whether you're skating through the puck or skating with the puck, as some people are. The question comes down to this young generation because General talked about this new cyber warfare but there's West Point, there's no Navy SEAL, and that's going to come from a gamer culture potentially or the younger generation, so I got to ask ya. Do you think that we're going to have a counter culture? Because in every revolution, take the 60's. We're the 50's parents now, right? We're the 50's generation, or are we? So I've been kind of speculating that I think we're on the cusp of a counter culture revolution. The summer of love of digital is coming. Or maybe not, what do you think? >> You know, I think it's very interesting the way it's shifting across generations. I think that the generation, our generation before us are trying to take this millennial generation and put them in a box and saying follow my rules or else you're out and the millennial generations like make me. So it's not going to happen that way. They're going to actually drive the force of how technology is going to be created and how the business world is actually going to react and act towards them and how things are going to flow after them. And just wait for the following generation, things are going to be a lot looser. >> So you think there's going to be some massive change being shifted from their expectations. >> Shira: Correct. Correct. Yes. >> Well, I feel like millennials are in for a great awakening because now they don't have a ton to lose. >> Shira: Yes. >> As they get older and accrue more wealth. >> John: Well millennials are generally lazy, right? (laughter) >> You've got to be careful when you say that. >> As my son would say, they're smart or they're lazy. >> They're the make me generation. >> Exactly >> Alright, fine. Be careful what you wish for. But is there a gamification involved. The psychology of getting humans to behave the way that you need them to behave in order to have good security practices. >> Yes, no I think that's a great question. I think that based on what the millennials are doing now and how the shift is happening through the gen x and millennials kind of intertwining the businesses and the way technology is created and moved forward. I think that it's going to somehow have to combine forces. I think there's going to have to be a little give and take. And I think as time progresses and things mature that it's going to be understood and it's going to be adapted by them and adopted by them, as well. >> So, talk a little bit more about your company. MySocial ... >> Shira: SecureMySocial, yes. >> What does it do? How does it help solve some of these issues? >> So SecureMySocial is just technology assisted self monitoring tool for employers to give employees to self monitor across social media, based on compliance and regulations of the organization. With real time warnings and auto-delete capabilities. Basically, the organization would buy it. Based on where a person would fall in the organization there will be specific rules set to apply to them. Whether it being group rule sets for C level people, marketing and the like, you don't want false positives. And they the people themselves would get a real time warning to their known device. But I will back track a little bit because most organizations, if not all today have certain criteria. What you can and can't do across social media. But the most of the problems, if not 98 or more percent of data loss or reputation happen outside of the office. It happens on lunch breaks, vacations, weekends. We can't monitor peoples personal accounts. So we're making the users themselves, they would get the real time warnings. There's nothing to download, nothing to install. They don't give over any personal information, yet they're protected and we're able to keep it across the whole thing. >> So it's an insurance policy for the employee saying, look here's a little notification because you know that if you say that drunk tweet, let's get real right or do something that's at a concert ... >> The CFO of Twitter mistakenly tweeted out the earnings of Twitter instead of doing a direct tweet. Things happen, mistakes happen. It's the human factors of it all. >> Dave: And your technology could have stopped that? >> We could have stopped it, we could have actually auto deleted it before it even went out. >> It's almost, I don't know if it's happening on the west coast, but around where I live there's all these ... There's speed signs going up. Tells you how fast you're going. >> It's like that angel on your shoulder saying, do you really want to do this? >> It might be 25 and you see it and you go, you're going too fast and it's flashing and you slow down, and it actually works. >> We use ways in California that's more ... >> It lets you know where the cops are. (John laughing) >> There's no cops! There's no cops around. >> I know that's the same, it's just more effective. You get there faster, you don't ... >> If you don't mind I'd like to ... >> It's this subliminal message, says hey whoa yo slow down. >> Like that angel on your shoulder tapping you on the shoulder letting you know. >> Like you said, it's the good angel. >> Now I just wanted to mention also a new venture actually launching at the end of the month. It's called Prime Tech Partners. We're an incubator here in New York City. Near the flat iron district. We're going to be launching the end of November. Focusing on augmented reality, cyber security, information security and e-commerce. Opening up to start-ups. And please check it out, Prime Tech Partners. >> Shira you did some great work, I got to ask you the question because start-ups are the canary in the coal mine. >> Shira: Yup. >> They'll tell you kind of what's happening, give you a barometer. What is going on in the start-up areas around security because there's now a range, diverse range opportunities from lock chain all the way to enterprise. >> Sheri: Sure. >> So, and everything in between. What's the chirping happening in the mines of the start-ups as they create new ventures. >> Well it's interesting because when you talk about what's out there we talk about almost like an umbrella. Sometimes people would put cyber security over the whole umbrella and then fit artificial intelligence, augmented reality, virtual reality, blockchain. Everything kind of falls under there. So, you know it's actually moving along with the system. There's a lot of artificial intelligences making a big play. IoT world, there's quite a bit of technology coming out there. All finding the whole problems and if you look at everything there's a lot of the human aspects of information security that they have to take into account when developing and when pushing it out because at the end of the day, it's all social engineering. It's the human factor, whatever you're creating. >> And we're seeing the same thing on theCUBE entries. We go to hundreds of shows a year. The trend is every part of the stack is impacted by this. >> Shira: Exactly. >> At the infrastructure low level, from multi factor authentication all the way up to Docker and Cooper and Eddies at the dev ops level, the app level. To wearables ... >> Well, wearables certainly. Right? Gaining some ones information. >> John: Geo information. >> Right. Well, here was an interesting ... I went into, I have a law firm that contacted me. They wanted me to some consulting for them. They implement this most beautiful, high-tech, gorgeous office. So I was in there talking to some of the partners and they were plugging in their new smart TV's and their smart fridges. Everything into their network. You don't have breech their network to get their information, we'll breech Sony! You breech into Sony, whatever whoever the manufacturer of the TV, the fridge, whatever it is. They're thinking IoT, well they can gain access into that law firm, gain information and just take all that information and utilize that. So there's so much thought to be put around even the IoT world, artificial intelligence. The human factor takes a step back. >> If it's a network device it can be hacked. >> Exactly. Yes. >> So is part of your mission just to make people aware of humans role in bad security practices? Is that a big part of this? >> Shira: Yes. >> This sort of shining a light on it. >> Yes, I think there's almost like a stop and pause. When you're creating a technology, whatever it is, and people are looking, Oh I'm going to make this stronger. I'm going to make this better, I'm going to make this faster. Oh here let me put another control over it, and here's another control, and by the way they have to go around this and do five things, we're going to have the best thing out there. They're not going to use it, they're going to break it and circumvent it. Stop, there's a person there. How are we going to make the person use this to the best capacity? How's it going to be strong without giving them all those extra layers? Anything you're doing, there's a person there. You got to stop and think and figure out how to utilize the best way. >> Shira, give us some predictions for next year, the end of the year, so predictions are coming. We had our meeting this week, or last week on our predictions, so we're going to put you in the hot seat. Your predictions for next year. Hot trends you expect to see. What are you expecting? What's your prediction for next year? Well, I think IoT is going to take a big forefront. Especially with the smarter cities, the smarter homes. As you're talking about the wearables. Artificial intelligence is going to kind of play into that as well, but I think the people are very excited about becoming let's quote unquote smart, no extra steps, right? When you have the no extra steps, remember you're opening yourself up for something, do it smart. But IoT is really expanding itself into every infrastructure whether it being utilizing, engineering. Whether it being cities itself, whether it being homes. And the wearables are also ... If you look at what's going on with Fitbit, then you have the next Apple and then there's something else every other day that you could put on yourself and you could get any information that you want. >> So people are connecting the IoT to the industrial side of their analog to digital. >> Exactly. Yes. Yes. And I think that's going to become a forefront in the next year. >> Right. What do you think of the event here, so far? >> I think the event is terrific. We've had some amazing speakers here and I think they're all highlighting the fact that we have to share expertise and really come together to bypass the problems that are out there and work as a unit, and certainly Centrify is doing a great job here. I'm very happy to be here. >> Great. Well, good luck with everything next year. Thanks for coming on theCUBE, we really appreciate it. >> Shira: Thank you. Happy to be here. That was commentary, great analysis. An opinion here on theCUBE, here at Centrify's event that they're underwriting for the industry as an industry event called CyberConnect presented by Centrify. I'm John Furrier with Dave Vellante, stay tuned for more live coverage here in New York City after this short break. (electronic music)

(light orchestral music) >> Hello, everyone. Welcome to special CUBEConversation here in theCUBE studio in Palo Alto, California. I'm John Furrier, the co-founder of SiliconANGLE Media and also the co-host of theCUBE. We're here with Junaid Islam, who is the President and CTO of a company called Vidder. Also supports the public sector and the defense community. Teaches a class on cyber intelligence and cyber warfare. Junaid, thank you for coming in. >> Well, thanks for having me, it's great to be here. >> Now, you see, we've been doing a lot of coverage of cyber in context to one, the global landscape, obviously >> Yeah >> And in our area of enterprise and emerging tech you see the enterprises are all shaking in their boots. But you now have new tools like IoT which increases the service area of attacks. You're seeing AI being weaponized for bad actors. But in general, it's just that it's really a mess right now. >> Yeah >> And security is changing. So, I'd like to get your thoughts on it and also talk about some of the implications around the cyber warfare that's going on. Certainly the election's on everyone's mind, you see fake news. But really, it's a complete new generational shift that's happening. With all the good stuff going on, block chain and everything else, and AI, there's also bad actors. Fake news is not just fake content. There's an underlying infrastructure, a critical infrastructure, involved. >> Yeah, you're 100% right. And I think what you have hinted on is something that is only, now, people are getting awareness of. That is, as America becomes a more connected society, we become more vulnerable to cyber attacks. For the past few years, really, cyber attacks were driven by people looking to make twenty bucks, or whatever, but now you really have state actors moving into the cyber attack business. And actually subsidizing attackers with free information. And hoping to make them more lethal attackers against the United States. And this really is completely new territory. When we think about cyber threats almost all of the existing models, don't capture the risks involved here. And it affects every American. Everybody should be worried about what's going on. >> And, certainly, the landscape has changed in security and tech with cloud computing, but more importantly, we have Trump in the office and all this brouhaha over just that in itself. But in concern to that, you're seeing the Russians, we're seeing them involved in the election, you're seeing China putting blocks and everything, and changing how the rules, again. It's a whole global economy. So I got to ask you the question that's on everyone's mind is cyber war is real. We do not have a West Point, Navy SEALs for cyber yet. There's some stuff at Berkeley that's pretty interesting to me. That Michael Grimes at Morgan Stanley is involved with. A bunch of other folks as well. Where a new generation of attacks is happening. >> Junaid: Yeah. >> In the US of A right now. Could you comment and share your thoughts and reactions to what's happening now that's different in the US from a cyber attack standpoint and why the government is trying to move quickly why companies are moving quickly. What's different now? Why is the attacks so rampant? What's changed? >> I think the biggest difference we have now is what I would call direct state sponsorship of cyber attack tools. A great example of that is the Vault 7 disclosure on WikiLeaks. Typically, when you've had intelligence agencies steal one thing from another country, they would keep it a secret. And, basically, use those vulnerabilities during a time of an attack or a different operation. In this case, we saw something completely different. We think the Russians might have stolen, but we don't know. But whoever stole it, immediately puts it back into the public domain. And why do they do that? They want those vulnerabilities to be known by as many attackers as possible, who then, in turn, will attack the United States at across not only public sector organizations, but as private. And one of the interesting outcomes that you've seen is the malware attacks or cyber attacks we saw this year were much more lethal than ever before. If you look at the WannaCry attack and then the NotPetya attack. NotPetya attack started with the Russians attacking the Ukraine. But because of the way that they did the attack, they basically created malware that moved by itself. Within three days, computers in China that were 20 companies away from the original target were losing their data. And this level of lethality we've never seen. And it is a direct result of these state actors moving into the cyber warfare domain. Creating weapons that basically spread through the internet at very high velocity. And the reason this is so concerning for the United States is we are a truly connected society. All American companies have supply chain partners. All American companies have people working in Asia. So we can't undo this and what we've got to do, very quickly, is develop counter measures against this. Otherwise, the impacts will just get worse and worse. >> So in the old days, if I get this right, hey I attack you, I get to see a backdoor to the US. And spy on spy kind of thing. >> Junaid: Yeah. >> Right, so now, you're saying is, there's a force multiplier >> That's right out there with the crowd. So they're essentially democratizing the tools. We used to call it kiddie scripts. Now they're not kiddie scripts anymore, they're real weapons of cyber weaponry that's open to people who want to attack or motivated to attack the US. Is that kind of, am I getting that right? >> That's right. I mean, if you look at what happened in WannaCry, you had people looking for $200 payout, but they were using tools that could have easily wiped out a country. Now, the reason this works for America's enemies, as it were, or adversaries, is in the short run, they get to test out weapons. In the long run, they're really learning about how these attacks propagated. And make no mistake, if there's a political event and it's in their interest to be able to shut down US computers. It's just something we need to worry about and be very conscious of. Of specifically, these new type of attack vectors. >> Now to put my fear mongering hat on because as a computer scientist, myself, back in the day, I could only imagine how interesting this is to attack the United States. What is the government doing? What is the conversations that you're hearing? What are some of the things going on in the industry around? OK, we're seeing so sophisticated, so orchestrated. At many levels, state actors, democratizing the tools for the bad guys, if you will, but we've seen fraud and cyber theft be highly mafia driven or sophisticated groups of organized, black market companies. Forms, I mean, really well funded, well staffed. I mean, so the HBO hack just a couple weeks ago. I mean, it's shaking them down with ransomware. Again, many, many different things. This has got to scare the cyber security forces of the United States. What are they doing? >> So I think, one thing I think Americans should feel happy about is within the defense and intelligence community, this has become one of the top priorities. So they are implementing a huge set of resources and programs to mitigate this. Unfortunately, they will, they need to take care of themselves first. I think it's still still up to enterprises to secure their own systems against these new types of attacks. I think we can certainly get direction from the US government. And they've already begun outreach programs. For example, the FBI actually has a cyber security branch, and they actually assign officers to American companies who are targets. And typically that's actually, I think, started last year. >> John: Yeah. But they'll actually come meet you ahead of the attack and introduce themselves. So that's actually pretty good. And that's a fantastic program. I know some of the people there. But you still have to become aware. You still have to look at the big risks in your company and figure out how to protect them. That is something that no law enforcement person can help you at. Because that has to be pro-active. >> You know we everyone who watches my Silicon Valley podcast knows that I've been very much, talk a lot about Trump, and no one knows if I voted for him or not or actually, didn't vote for him, but that's a different point. We've been critical of Trump. But also at the same time, the whole wall thing is kind of funny, in itself, building wall is ridiculous, but that's take that to the firewall problem. >> Junaid: Yeah. >> Let's talk about tech. The old days, you have a firewall. Right? The United States really has no firewall because the perimeters or the borders, if you will, are not clear. So in the industry they call it "perimeter-less". There's no more moat, there's no more front door. There's a lot of access points into networks in companies. This is changing the security paradigm. Not only at the government level, but the companies who are creating value but also losing money on these attacks. >> Junaid: Yeah. >> So what is the security paradigm today? Is it people putting their head in the sand? Are there new approaches? >> Junaid: Well, yeah. >> Is there a do over, is there a reset? Security is the number one thing. >> So I >> What are companies and governments doing? >> So I think, well first of all, there's a lot of thinking going on but I think there's two things that need to happen. I think one, we certainly need new policies and laws. I think just on the legal side, whether you look at the most recent Equifax breach we need to update laws on people holding assets that they need to become liable. We also need more policies that people need to lock down national critical infrastructure. Like power systems. And then the third thing is the technical aspect. I'd bring it. We actually in the United States actually do have technologies that are counter measures to all of these attacks and we need to bring those online. And I think as daunting as it looks like protecting the country, actually, it's a solvable problem. For example, there's been a lot of press that you know foreign governments are scanning US power infrastructure. And, you know, from my perspective as a humble networking person, I've always wondered why do we allow basically connectivity from outside the United States to power plants which are inside the United States. I mean, you could easily filter those at the peering points. And I know some people might say that's controversial, you know, are we going to spy on >> John: And ports too. >> Yeah. >> Like, you know, ports of New Orleans. I was talking to the CTO there. He's saying maritimes are accessing the core network. >> Yeah, so from my perspective as a technical, I'm not a politician, but I >> (laughs) That's good, thank God! We need more of you out there. >> I would and I've worked on this problem a little bit I would certainly block in-bound flows from outside the United States to critical infrastructure. There is no value or reason, logical reason, you would give a why someone from an external country should be allowed to scan a US asset. And that is technically quite simple for us to do. It is something that I and others have talked about you know, publically and privately. I think that's a very simple step we could do. Another very simple step we could do across the board is basically authenticated access. That is, if you are accessing a US government website, you need to sign in and there will be an MFA step-up. And I think that makes >> What's an MFA step-up. >> Well like some kind of secondary >> OK. >> Say your accessing the IRS portal and you just want to check on something you know, that you're going to sign in and we're going to send a message to your phone to make sure you are you. I know a lot of people will feel, hey, this is an invasion of privacy. But you know, I'll tell you what's an invasion of privacy. Someone stealing 140 million IDs or your backgrounds, and having everything. >> John: That just happened. >> That's a bigger >> John: That's multifactor authentication. >> So I think that >> Unless they hack your cell phone which the bitcoin guys have already done. >> Yeah >> So, it's easy for hackers to hack one system. It's harder for hackers to hack multiple systems. So I think at the national security level, there are a number of simple things we can do that are actually not expensive. That I think we as a society have to really think about doing. Because having a really governments which are very anti-American destabilizing us by taking all of our data out doesn't really help anyone. So that's the biggest loss. >> And there's no risk for destabilizing America enemies out there. They what's the disincentive. Are they going to get put in jail? There's no real enforcement. >> Junaid: Yeah. I mean, cyber is a great leverage. >> So one of the things that I think that most people don't understand is the international laws on cyber attacks just don't exist anymore. They have a long way to catch up. Let me give a counter-example, which is drugs. There are already multilateral agreements on chasing drug traffickers as they go from country to country. And there's a number of institutions that monitor and enforce that. That actually works quite well. We also have new groups focusing on human trafficking. You know, it's slowly happening but in the area of cyber we haven't even started a legal framework on what would constitute a cyber attack. And, sadly, one of the reasons that it's not happening, is America's enemies don't want it to happen. But this is where I think, as a nation, first you have to take care of yourself. And then on a multi-lateral perspective the US should start pushing a cyber security framework world wide, so that if you start getting emails from that friendly prince, who's actually a friend of mine How about you know about putting in some we can actually go back to that country and say hey, you know, we don't want to send you any more money anymore. >> John: Yeah, yeah exactly. Everyone's going to make 18 million dollars if they give them their username, password and social security number. Alright, final question on this segment, around the cyber security piece. What's the action, going forward? I would say it's early days and hardcore days right now. It's really the underbelly of the internet. Globally is attacking, we see that. The government doesn't have enough legal framework yet in place. They need to do that. But there's a lot of momentum around creating a Navy SEALs. You need a version of land, air and sea. Or multidisciplinary combat. >> Junaid: Yeah. >> Efforts out there there's been conversations certainly in some of our networks that we talk about. What's the young generation. I mean, you've got a lot of gamers out there that would love to be part of a new game if you will called cyber defense. What's going on? Is there any vision around how to train young people. Is there an armed forces concept? Is there something like this happening? What's the next what do we need to do as a government? >> So you've actually touched on a very difficult issue. Because if you think about security in the United States it's really been driven by a compliance model. Which is here's these set of things to memorize and this is what you do to become secure. And all of our cyber security training courses are based on models. If there's one thing we learned about cyber attackers is that these people are creative and do something new every time. And go around the model. So, I think one of the most difficult things is actually to develop training courses that almost don't have any boundaries. Because the attackers don't confine themselves to a set of attack vectors. Yet we, in our training do, we say, this is what you need to do. And time and time again people just do something that's completely different. So that's one thing we have to understand. The other thing we have to understand, which is related to that, is that all of US's cyber security plans are public and conferences. All of our universities are open. So we actually have. >> John: The playbook is out there. >> We actually, so one of the things that does happen is if you go to any large security conference you see a lot of people from the countries that are attacking us showing up everywhere. Actually going to universities and learning the course. I think there are two things. One we really need to think deeper about just how attacks are being done which are unbounded. And, two, which is going to be a bit more difficult we have to rethink how we share information on a worldwide basis of our solutions. >> John: Mmm-hmm. >> So probably not the easy answer you wanted. But I think >> Well, it's complex and required unstructured thinking that's not tied up. It's like the classic frog in boiling water dies and you put a frog in boiling water and it jumps out. We're in this false sense of security with these rules. >> Junaid: Yeah. >> Thinking we're secure And we're, people are killing us with this security >> Yeah >> It's scary >> And like I say, it's even worse when we figure out a solution the first thing we do is we tell everybody including our enemies, giving them all a lot of chance to figure out how to attack us. So I think >> So don't telegraph, don't be so open Be somewhat secretive in a ways, is actually helpful. >> I think, sadly, I think we've come to the very unfortunate position now where I think we need to, especially in the area of cyber rethink our strategies because as an open society we just love telling everybody what we do. >> John: So the final question. Final, final question. Is just, again, to end this segment. So cyber security is real or not real. How real is this? Can you just share some color for the folks watching who might say hey, you know I think it's all smoke and mirrors. I don't believe the New York Times. I don't believe this. Trump's saying this. And is this real problem? And how big is it? >> I think it is real. I think we have this calendar year, twenty seventeen, we have moved from the classic, you know, kind of like cyber, attack you know like someone's being fished to really a, the beginning of a cyber warfare. And unlike kinetic warfare where someone blows something up this is a new face that's long and drawn out. And I think one of the things that makes us very vulnerable as a society is we are an open society, we're interlinked with every other global economy. And I think we have to think about this seriously because unfortunately there's a lot of people who don't want to see America succeed. They're just like that. Even though we're nice people >> John: Yeah >> But, it's pretty important. >> It requires some harmony, it requires some data sharing. Junaid Islam, President and CTO of Vidder. Talking about the cyber security cyber warfare dynamic that's happening. It's real. It's dangerous. And our countries and other countries need to get their act together. Certainly, I think, a digital West Point, a digital Navy SEALs needs to happen. And I think this is a great opportunity for us to kind of do some good here and keep an open society while maintaining security. Junaid, thanks for sharing your thoughts. I'm John Furrier with theCUBE, here in Palo Alto. Thanks for watching. (dramatic orchestral music)

(perky music) >> Hello everyone. Welcome to a special CUBE Conversation here in the CUBE studio in Palo Alto, California. I'm John Furrier the co-founder of SiliconANGLE Media and also the co-host of the CUBE. We're here with Junaid Islam who's the president and CEO of a company called Vidder. Also supports the public sector and the defense community, teaches a class on cyber intelligence and cyber warfare. Junaid thank you for coming in. >> Well thanks for having me. It's great to be here. >> Okay, you know we've been doing a lot of coverage of cyber in context to one, the global landscape obviously. >> Yeah. >> In our area of enterprise and emerging tech, you see the enterprises are all, you know, shaking in their boots. But you now have new tools like IOT which increases the service area of attacks. You're seeing AI being weaponized for bad actors. But in general it's just really a mess right now. >> Yeah. >> And security is changing, so I'd like to get your thoughts on and also talk about, you know, some of the implications around the cyber warfare that's going on. Certainly the election is on everyone's mind. You see fake news. But really it's a complete new generational shift that's happening. With all the good stuff going on, block chain and everything else and AI, there's also bad actors. You know, fake news is not just fake content. There's an underlying infrastructure, critical infrastructure involved. >> Yeah, you're 100% right and I think what you have hinted on is something that is only now people are getting awareness of. As that is as America becomes a more connected society we become more vulnerable to cyber attacks. For the past few years really cyber attacks were driven by people looking to make $20 or whatever, but now you really have state actors moving into the cyber attack business and actually subsidizing attackers with free information and hoping to make them more lethal attackers against the United States. And this really is completely new territory. When we think about cyber threats almost all of the existing models don't capture the risks involved here and it affects every American. Everybody should be worried about what's going on. >> And certainly the landscape has changed in security and tech (mumble) cloud computing, but more importantly we have Trump in the office and there's all this brouhaha over just that in itself, but in concert to that you're seeing the Russians, we're seeing them involved in the election, you're seeing, you know, China putting, you know, blocks on everything and changing how the rules (mumble). It's a whole global economy. So I got to ask the question that's on everyone's mind, is cyber war is real? We do not have a West Point, Navy Seals for cyber yet. I know there's some stuff at Berkeley that's pretty interesting to me that Michael Grimes at Morgan Stanley's involved in with a bunch of other folks as well, where a new generation of attacks is happening. >> Junaid Islam: Yeah. >> In the US of A right now. Could you comment and share your thoughts in reaction to what's happening now that's different in the US from a cyber attack standpoint and why the government is trying to move quickly, why companies are moving quickly, what's different now? Why is the attacks so rampant? What's changed? >> I think the biggest difference we have now is what I would call direct state sponsorship of cyber attack tools. A great example of that is the Vault 7 disclosure on WikiLeaks. Typically when you've had intelligence agencies steal one thing from another country they would keep it a secret and basically use those vulnerabilities during a time of an attack or a different operation. In this case we saw something completely different. We think the Russians might has stolen it but we don't know. But whoever stole it immediately puts it back into the public domain. And why do they do that? They want those vulnerabilities to be known by as many attackers as possible who then in turn will attack the United States at across not only a public sector organizations but as private, and one of the interesting outcomes you've seen is the malware attacks, or the cyber attacks we saw this year were much more lethal than ever before. If you look at the Wannacry attack and then the NotPetya attack. NotPetya started with the Russians attacking the Ukraine but because of the way they did the attack they basically created malware that moved by itself. Within three days computers in China that were 20 companies away from the original target were losing their data. And this level of lethality we've never seen and it is a direct result of these state actors moving into the cyber warfare domain, creating weapons that basically spread through the internet at very high velocity and the reason this is so concerning for the United States is we are a truly connected society. All American companies have supply chain partners. All American companies have people working in Asia. So we can't undo this and what we've got to do very quickly is develop counter-measures against this. Otherwise the impacts will just get worse and worse. >> So the old days, if I get this right, hey, I attack you, I get to see a back door to the US and spy on spy kind of thing- >> Junaid Islam: Yeah. >> So now you're saying is there's a force multiplier out there- >> That's right. >> John Furrier: With the crowd, so they're essentially democratizing the tools, not, we used to call it kiddie scripts. >> Junaid Islam: Yeah. Now they're not kiddie scripts any more. They're real weapons of cyber weaponry that's open to people who want to attack, or motivated to attack, the US. Is that kind of, am I getting that right? >> That's right. I mean if you look at what happened in WannaCry, you had people looking for a $200 payout but they were using tools that could have easily wiped out a country. Now the reason this works for America's enemies as it were, or adversaries, is in the short run they get to test out weapons. In the long run they're really learning about how these attacks propagated and, you know, make no mistake, if there's a political event and it's in their interests to be able to shut down US computers it's just something I think we need to worry about and be very conscious of specifically these new type of attack vectors. >> Now to put my fear mongering hat on, because, you know, as a computer scientist myself back in the day, I can only imagine how interesting this is to attack the United States. What is the government doing? What's the conversations that you're hearing? What are some of the things going on in the industry around okay, we're seeing something so sophisticated, so orchestrated at many levels. You know, state actors, democratizing the tools for the bad guys, if you will, but we've seen fraud and cyber theft be highly mafia-driven or sophisticated groups of organized, you know, under the, black market companies. Forms, I mean really well-funded, well-staffed, I mean so the HBO hack just a couple weeks ago, I mean, shaking them down with ransom-ware. Again there's many, many different things. This has got to scare the cyber security forces of the United States. What are they doing? >> So I think, one thing I think Americans should feel happy about is within the defense and intelligence community this has become one of the top priorities. So they are implementing a huge set of resources and programs to mitigate this. Unfortunately, you know, they need to take care of themselves first. I think it's still up to enterprises to secure their own systems against these new types of attacks. I mean I think we can certainly get direction from the US government and they've already begun outreach programs, for example, the FBI actually has a cyber security branch and they actually assign officers to American companies who are targets and typically that's actually, I think it started last year, but they'll actually come meet you ahead of the attack and introduce themselves so that's actually pretty good. And that's a fantastic program. I know some of the people there. But you still have to become aware. You still have to look at the big risks in your company and figure out how to protect them. That is something that no law enforcement person can help you at because that has to be proactive. >> You know everyone who watches my silicon valley podcast knows that I've been very much, talk a lot about Trump and no one knows if I voted for him or not. I actually didn't vote for him but that's a different point. We've been critical of Trump but also at the same time, you know, the whole wall thing's kind of funny in and of itself. I mean, building a wall's ridiculous. But let's take that to the firewall problem. >> Junaid Islam: Yeah. >> Let's talk about tech. The old days, you had a firewall, all right? The United States really has no firewall because the perimeters or the borders, if you will, are not clear. So in the industry they call it perimeter-less. There's no more mote. There's no more front door. There's a lot of access points into networks and companies. This is changing the security paradigm not only at the government level but the companies who are creating value but also losing money on these attacks. >> Junaid Islam: Yeah. >> So what is the security paradigm today? Is it people putting their head in the sand? Are there new approaches? >> Junaid Islam: Well, yeah. >> Is it a do-over? Is there a reset? Security is a number one thing. What are companies and governments doing? >> So I think, well first of all there's a lot of thinking going on, but I think there's two things that need to happen. I think one, we certainly need new policies and laws. I think just on the legal side, whether if you look at the most recent Equifax breach, we need to update laws on people holding assets that they need to become liable. We also need more policies that people need to lock down national, critical infrastructure like power systems and then the third thing is the technical aspect (mumble). We actually, in the United States we actually do have technologies that are counter measures to all of these attacks and we need to bring those online. And I think as daunting as it looks like protecting the country, actually it's a solvable problem. For example, there's been a lot of press that, you know, foreign governments are scanning US power infrastructure. And, you know, from my perspective as a humble networking person, I've always wondered why do we allow basically connectivity from outside the United States to power plants which are inside the United States? I mean, you could easily, you know, filter those at the peering points and I know some people might say that's controversial, you know. Are we going to spy on- >> John Furrier: Yeah, and ports, too. Like- >> Yeah. >> John Furrier: You know, ports of New Orleans. I was talking to the CTO there. He's saying maritimes are accessing the core network. >> Yeah and so from my perspective as a technical, I'm not a politician, but- >> That's good! Thank God! >> But I- >> We need more of you out there. >> And I've worked on this problem a little bit. I would certainly block inbound flows from outside the United States to critical infrastructure. There is no value or reason, logical reason, you would give of why someone from an external country should be allowed to scan a US asset. And that is technically quite simple for us to do. It is something that I and others have talked about, you know, publicly and privately. I think that's a very simple step we could do. Another very simple step we could do across the board is basically authenticated access. That is if you are accessing a US government website you need to sign in and there will be an MFA step up. And I think this makes sense- >> What's an MFA step up? >> Well like some kind of secondary- >> Okay, yeah. >> So say you're accessing the IRS portal and you want to just check on something, you know, that you're going to sign in and we're going to send a message to your phone to make sure you are you. I know a lot of people will feel, hey, this is an invasion of privacy but you know I tell you what's an invasion of privacy: someone stealing 140 million IDs or your backgrounds and having everything. >> John Furrier: Which just happened. >> That's a bigger- >> So MFA multi- >> That's right, factor. Yeah, yeah. >> John Furrier: Multifactor Authentication. >> Yeah, so I think, again- >> John Furrier: Unless they hack your cellphone which the BitCoin guys have already done. >> Yeah. But, so it's easier for hackers to hack one system. It's hard for hackers to hack multiple systems. So I think at the national security level there are a number of simple things we could do that are actually not expensive that I think we as a society have been, have to really think about doing because having really governments which are very anti-American destabilizing us by taking all of our data out doesn't really help anyone, so that's the biggest loss. >> And it's no risk for the destabilizing America enemies out there. What's the disincentive? They're going to get put in jail? There's no real enforcement, I mean, cyber is great leverage. >> So one of the things that I think most people don't understand is the international laws on cyber attacks just don't exist anymore. They have a long way to catch up. Let me give a counter example which is drugs. There are already multilateral agreements on chasing drug traffickers as they go from country to country. And there's a number of institutions that monitor, that enforce that. That actually works quite well. We also have new groups focusing on human trafficking. You know, slowly happening. But in the area of cyber, we haven't even started a legal framework on what would constitute a cyber attack and sadly one of the reasons it's not happening is America's enemies don't want it to happen. But this is where I think as a nation first you have to take care of yourself and then on a multilateral perspective the US should start pushing a cyber security framework worldwide so that if you start getting emails from that friendly prince who's actually a friend of mine about, you know, putting in some, you know, we can actually go back to that country and say, hey, you know, we don't want to send you any more money anymore. >> John Furrier: Yeah, yeah, exactly. Everyone's going to make $18 million if they give up their user name, password, social security number. >> Junaid Islam: Yeah. >> All right, final question on this segment around, you know, the cyber security piece. What's the action going forward? I would say it's early days and hardcore days right now. It's really the underbelly of the internet globally is attacking. We see that. The government is, doesn't have a legal framework yet in place. They need to do that. But there's a lot of momentum around creating a Navy Seals, you know, the version of land, air, and sea, or multi-disciplinary combat. >> Junaid Islam: Yeah. >> Efforts out there. There's been conversations certainly in some of our networks that we talk about. What's the young generation? I mean, you got a lot of gamers out there that would love to be part of a new game, if you will, called cyber defense. What's going on, I mean, is there any vision around how to train young people? Is there an armed forces concept? Is there something like this happening? What's the next, what do we need to do as a government? >> So you actually touched on a very difficult issue because if you think about security in the United States it's really been driven by a compliance model, which is here's the set of things to memorize and this is what you do to become secure. And all of our cyber security training courses are based on models. If there's one thing we've learned about cyber attackers is these people are creative and do something new every time. And go around the model. So I think one of the most difficult things is actually to develop training courses that almost don't have any boundaries. Because the attackers don't confine themselves to a set of attack vectors, yet we in our training do. We say, well this is what you need to do and time and time again people just do something that's completely different. So that's one thing we have to understand. The other thing we have to understand which is related to that is that all of US's cyber security plans are public in conferences. All of our universities are open so we actually have, there's been- >> John Furrier: The playbook is out there. >> We actually, so one of the things that does happen is if you go to any large security conference you see a lot of people from the countries that are attacking us showing up everywhere. Actually going to universities and learning the course, so I think there's two things. One, we really need to think deeper about just how attacks are being done which are unbounded. And two, which is going to be a little bit more difficult, we have to rethink how we share information on a worldwide basis of our solutions and so probably not the easy answer you wanted but I think- >> It's complex and requires unstructured thinking that's not tied up. I mean- >> Yeah. >> It's like the classic, you know, the frog in boiling water dies and they put a frog in boiling water it jumps out. We're in this false sense of security with these rules- >> Yeah. >> Thinking we're secure, and people are killing us with this. >> Junaid Islam: Yeah and like I say, it's even worse when we figure out a solution. The first thing we do is we tell everybody including our enemies. Giving them a lot of chance to- >> John Furrier: Yeah. >> Figure out how to attack us. So I think, you know, we do have some hard challenges. >> So don't telegraph, don't be so open. Be somewhat secretive in a way is actually helpful. >> I think sadly, I think we've come to the very unfortunate position now where I think we need to, especially in the area of cyber. Rethink our strategies because as an open society we just love telling everybody what we do. >> John Furrier: Yeah, well so the final question, final, final question is just to end the segment. So cyber security is real or not real, I mean, how real is this? Can you just share some color for the folks watching who might say, hey, you know, I think it's all smoke and mirrors? I don't believe The New York Times, I don't believe this, Trump's saying this and is this real problem and how big is it? >> I think it is real. I think we have this calendar year 2017, we have moved from the classic, you know, kind of like cyber attack, you know, like someone's being phished for too, really the beginning of the cyber warfare and unlike kinetic warfare where somebody blows something up, this is a new phase that's long and drawn out and I think one of the things that makes us very vulnerable as a society is we are an open society. We are interlinked with every other global economy. And I think we have to think about this seriously because unfortunately there's a lot of people who don't want to see America succeed. They're just like that. Even though we're nice people. >> John Furrier: Yeah. >> But and so it's pretty important. >> It requires some harmony, it requires some data sharing. Junaid Islam, president and CTO of Vidder talking about the cyber security, cyber warfare dynamic that's happening. It's real. It's dangerous. And our country and other countries need to get their act together. Certainly I think a digital West Point, a digital Navy Seals needs to happen and I think this is a great opportunity for us to kind of do some good here and keep an open society while maintaining security. Junaid thanks for sharing your thoughts. I'm John Furrier with the CUBE here in Palo Alto. Thanks for watching.