WEBVTT 1 00:00:00.000 --> 00:00:02.730 Anna Delaney: Hello, and welcome to Proof of Concept - the ISMG 2 00:00:02.730 --> 00:00:05.370 talk show - where we analyze today's and tomorrow's 3 00:00:05.400 --> 00:00:09.090 cybersecurity challenges with experts in the field and discuss 4 00:00:09.090 --> 00:00:12.240 how we can potentially solve them. We are your hosts. I'm 5 00:00:12.240 --> 00:00:15.210 Anna Delaney, director of productions here at ISMG. 6 00:00:15.630 --> 00:00:18.030 Tom Field: I'm Tom Field, senior vice president of editorial, 7 00:00:18.030 --> 00:00:22.500 also at ISMG. Anna, welcome to the last week of August; in many 8 00:00:22.500 --> 00:00:24.210 ways, the last week of summer. 9 00:00:24.660 --> 00:00:27.750 Anna Delaney: It's scary. And I remember the time, when at 10 00:00:27.750 --> 00:00:31.230 school, you're excited for the new year. Are you looking 11 00:00:31.230 --> 00:00:33.090 forward to this new academic year? 12 00:00:33.000 --> 00:00:35.400 Tom Field: Anna, there's still a part of me, I can remember 13 00:00:35.400 --> 00:00:38.730 standing in my elementary school on the playground. And watching 14 00:00:38.730 --> 00:00:42.150 people drive by the main street in their cars and thinking, 15 00:00:42.210 --> 00:00:46.140 "Boy, I want to be like them someday." In some ways, I still 16 00:00:46.140 --> 00:00:49.140 hold on to that. And if I drive by an elementary school, I'm 17 00:00:49.140 --> 00:00:50.130 kind of proud of that. 18 00:00:51.350 --> 00:00:52.940 Anna Delaney: Well, September always reminds me of new 19 00:00:52.940 --> 00:00:56.270 stationery. So that's what I like about it. What's on your 20 00:00:56.270 --> 00:01:00.050 mind? What's top of mind in the security world this week? 21 00:01:00.080 --> 00:01:02.300 Tom Field: Oh, Anna, there's so much. Think about just what 22 00:01:02.300 --> 00:01:06.620 happened in the last week with the Twitter whistleblowing. But 23 00:01:06.620 --> 00:01:13.100 I think the story that's gaining legs by the day is the breach of 24 00:01:13.100 --> 00:01:18.320 Twilio and other companies like that. Twilio had literally 25 00:01:18.440 --> 00:01:22.250 scores of customers impacted by the breach. There are other 26 00:01:22.250 --> 00:01:27.560 organizations as well we're seeing, let's go back and think 27 00:01:27.560 --> 00:01:32.090 about some of the ones that have come up. What is it? Authy has 28 00:01:32.090 --> 00:01:38.510 come forward. You've also had DoorDash, LastPass. I suspect 29 00:01:38.510 --> 00:01:40.670 we're not done; Signal, certainly. 30 00:01:40.000 --> 00:01:43.363 Anna Delaney: You're obviously right, we're not done. That's 31 00:01:43.436 --> 00:01:48.042 the worrying thing. And I think it's been referred to as one of 32 00:01:48.115 --> 00:01:52.502 the most sophisticated hacks because it's so patient, and so 33 00:01:52.575 --> 00:01:54.550 targeted, and yet so broad. 34 00:01:54.850 --> 00:01:59.470 Tom Field: You know one of the quotes that got me was someone 35 00:01:59.470 --> 00:02:04.120 saying that it was well-planned and executed with surgical 36 00:02:04.120 --> 00:02:07.540 precision. And think about it: the threat actors had private 37 00:02:07.540 --> 00:02:11.500 phone numbers of employees, they have more than 169 counterfeit 38 00:02:11.500 --> 00:02:15.190 domains mimicking Okta and other security providers. And they had 39 00:02:15.190 --> 00:02:19.720 the ability to bypass two-factor authentication protections that 40 00:02:20.020 --> 00:02:26.020 used one-time passwords. This was not just someone on a block 41 00:02:26.020 --> 00:02:27.040 renting a service. 42 00:02:27.330 --> 00:02:30.509 Anna Delaney: Yeah, absolutely! No phishing attack required. 43 00:02:30.579 --> 00:02:34.726 It's all through SMS. So, not good news. Well, we'll see how 44 00:02:34.795 --> 00:02:38.805 that evolves. But I actually thought the Twitter story was 45 00:02:38.874 --> 00:02:43.298 huge as well, as you mentioned. Former head of Twitter has filed 46 00:02:43.367 --> 00:02:47.307 this explosive whistleblower disclosure. I mean, have you 47 00:02:47.377 --> 00:02:50.902 looked at the list of vulnerabilities. I'm sure you 48 00:02:50.971 --> 00:02:55.188 have. But it's an insider threat stream, it seems, to work at 49 00:02:55.257 --> 00:02:59.612 Twitter. But let's see. I mean, of course, there's the midterms 50 00:02:59.681 --> 00:03:03.829 coming up. So security concerns are like flashing over right 51 00:03:03.898 --> 00:03:04.590 before us. 52 00:03:04.000 --> 00:03:07.741 Tom Field: Anna, think about it. We're coming into the last third 53 00:03:07.810 --> 00:03:12.245 of 2022 right now. I just hosted two security roundtable dinners 54 00:03:12.314 --> 00:03:16.541 last week. And I can tell you that the CISOs and the security 55 00:03:16.610 --> 00:03:20.767 leaders in each of those are bracing now for what's going to 56 00:03:20.837 --> 00:03:24.648 be the SolarWinds or the Log4j of 2022. They're bracing 57 00:03:24.717 --> 00:03:28.874 themselves for even as we speak. And you know that we're not 58 00:03:28.944 --> 00:03:33.170 going to get through this last third of the year without some 59 00:03:33.240 --> 00:03:37.397 major cybersecurity headlines. And I think what we're seeing 60 00:03:37.466 --> 00:03:41.485 right now, you talked about Twitter. So we've seen part of 61 00:03:41.554 --> 00:03:45.850 that story come out and more of that story is going to emerge. 62 00:03:45.919 --> 00:03:50.215 And with the Twilio breach and similar infiltrations, the news 63 00:03:50.285 --> 00:03:54.650 never gets better as the weeks go on and as organizations start 64 00:03:54.719 --> 00:03:58.877 to realize just how much more was compromised. I don't think 65 00:03:58.946 --> 00:04:01.510 these stories are over by a longshot. 66 00:04:01.000 --> 00:04:04.900 Anna Delaney: Yeah, for sure. I'm sure our guests today will 67 00:04:04.900 --> 00:04:08.740 have thoughts and opinions on these stories. Why don't you 68 00:04:08.740 --> 00:04:09.850 introduce our first guest? 69 00:04:09.970 --> 00:04:13.240 Tom Field: Oh, I'm delighted to. A return visit here from Ari 70 00:04:13.270 --> 00:04:16.750 Redbord. He's the head of legal and government affairs with TRM 71 00:04:16.750 --> 00:04:20.470 Labs. Ari, welcome back from vacation. There is plenty to 72 00:04:20.470 --> 00:04:21.100 talk about. 73 00:04:21.190 --> 00:04:23.050 Ari Redbord: Hey, Tom, thank you so much for having me. Nice to 74 00:04:23.050 --> 00:04:23.740 see you, Anna. 75 00:04:24.770 --> 00:04:27.260 Tom Field: Ari, let's start here. Just about a month ago, 76 00:04:27.440 --> 00:04:30.410 the U.S. Department of the Treasury's Office of Foreign 77 00:04:30.410 --> 00:04:34.940 Assets Control (OFAC) sanctioned virtual currency mixer Tornado 78 00:04:34.940 --> 00:04:38.060 Cash, which of course has been used to launder as they say more 79 00:04:38.060 --> 00:04:42.080 than seven billion worth of virtual currency since its 80 00:04:42.080 --> 00:04:46.400 creation in 2019. Our audience is certainly aware of some of 81 00:04:46.400 --> 00:04:49.280 the key details of the sanctions. But I'd like your 82 00:04:49.280 --> 00:04:51.050 take on how did we get here? 83 00:04:51.380 --> 00:04:53.270 Ari Redbord: Sure. Yeah, no really interesting. And I love 84 00:04:53.270 --> 00:04:55.370 how you sort of phrased the question because it is important 85 00:04:55.700 --> 00:04:58.700 how we got here and what the context is, you know, really. 86 00:04:58.910 --> 00:05:02.240 I'd say for over the last few years, the Treasury Department 87 00:05:02.240 --> 00:05:05.780 has been really sort of surgically going after illicit 88 00:05:05.780 --> 00:05:09.830 actors within the cryptocurrency ecosystem. You know, darknet 89 00:05:09.830 --> 00:05:14.720 mixing services like Helix and Bitcoin Fog, which were actually 90 00:05:14.720 --> 00:05:19.700 conspiring with darknet markets to advertise their services as a 91 00:05:19.700 --> 00:05:23.660 way to launder the illicit proceeds of illicit activity. 92 00:05:23.810 --> 00:05:27.860 They've gone after non-compliant exchanges, mostly Russia based 93 00:05:27.860 --> 00:05:33.080 or exclusively Russia based: Chatex and Suex and Grantex. And 94 00:05:33.080 --> 00:05:35.900 they've been going after darknet markets like Silk Road and 95 00:05:35.900 --> 00:05:39.710 AlphaBay and Hydra, where there's, you know, millions and 96 00:05:39.710 --> 00:05:43.610 millions of dollars of illicit activity flowing through. I 97 00:05:43.610 --> 00:05:48.050 think what really sort of changed the way the U.S. 98 00:05:48.050 --> 00:05:50.510 government was really approaching this was after the 99 00:05:50.510 --> 00:05:54.950 hack of the Ronin blockchain. It was basically North Korea 100 00:05:55.250 --> 00:06:01.100 stealing over $600 million. And the fact that it ultimately was 101 00:06:01.130 --> 00:06:04.040 connected to North Korea meant that, I think, we moved from 102 00:06:04.040 --> 00:06:07.070 this sort of age where hacks were this really bad thing where 103 00:06:07.070 --> 00:06:09.590 a lot of people lost money, you know, let's call it financial 104 00:06:09.590 --> 00:06:14.420 crime, to a true national security threat. So Treasury, 105 00:06:14.420 --> 00:06:16.940 the White House, really the national security apparatus 106 00:06:16.940 --> 00:06:18.950 within the U.S. government started to try to figure out how 107 00:06:18.950 --> 00:06:22.070 to deal with this. And what they started to do was use sanctions, 108 00:06:22.070 --> 00:06:25.160 which has really become the go to tool of foreign policy, 109 00:06:25.160 --> 00:06:27.830 national security over the last few years across 110 00:06:27.830 --> 00:06:32.570 administrations, right? And they tried to start to understand how 111 00:06:32.570 --> 00:06:36.560 is North Korea laundering the proceeds of these hacks. And one 112 00:06:36.560 --> 00:06:40.670 way was through a mixing service called Blender.io, which 113 00:06:40.790 --> 00:06:43.970 Treasury went ahead and sanctioned. And the next was 114 00:06:43.970 --> 00:06:49.310 Tornado Cash. But I'll stop there. But Tornado Cash was 115 00:06:49.310 --> 00:06:52.460 significantly different than any of those other sanctions that I 116 00:06:52.460 --> 00:06:55.400 mentioned earlier, any of those other actions, because it is 117 00:06:55.400 --> 00:06:59.240 entirely decentralized: meaning, it is a smart contract, it is 118 00:06:59.240 --> 00:07:03.380 software, it is not typically sort of the entity or person 119 00:07:03.530 --> 00:07:07.220 that were used to Treasury sanctioning before under their 120 00:07:07.220 --> 00:07:13.370 authorities. And what that meant is, there are a lot of good 121 00:07:13.370 --> 00:07:17.630 reasons to go after, you know, Tornado Cash potentially, or a 122 00:07:17.630 --> 00:07:21.980 mixer that's laundering I'd say a billion dollars, according to 123 00:07:21.980 --> 00:07:28.370 TRM, of North Korea laundered funds. But it also resulted in a 124 00:07:28.370 --> 00:07:33.170 lot of collateral damage of regular users who are using a 125 00:07:33.170 --> 00:07:36.650 privacy enhancing tool, where, you know, in a world in which 126 00:07:36.650 --> 00:07:40.460 there's open transactions more and more, you want some level of 127 00:07:40.460 --> 00:07:41.030 privacy. 128 00:07:41.480 --> 00:07:43.790 Tom Field: So talk about it a little bit more, Ari, because 129 00:07:44.030 --> 00:07:48.020 I'm curious. How do you see the Tornado Cash sanctions impacting 130 00:07:48.020 --> 00:07:49.580 DeFi broadly? 131 00:07:49.870 --> 00:07:51.760 Ari Redbord: Yeah, no, I think it's really interesting. Look, 132 00:07:51.820 --> 00:07:54.970 today, sanctions has always, in my mind at least, been easy. 133 00:07:55.180 --> 00:07:59.950 It's black and white, when it comes to crypto. When Treasury 134 00:07:59.950 --> 00:08:04.330 in the past has added an address to its SDN list, to its 135 00:08:04.330 --> 00:08:07.660 specially designated national list, it has been usually 136 00:08:07.660 --> 00:08:11.200 associated with terrorist financing, okay? If you are a 137 00:08:11.200 --> 00:08:15.880 crypto platform, centralized or decentralized, you want to block 138 00:08:16.270 --> 00:08:21.220 a terrorist financier from your platform. And you essentially 139 00:08:21.220 --> 00:08:25.060 have to, if you are a U.S. person or a U.S. entity. You 140 00:08:25.060 --> 00:08:29.800 have to. But Tornado Cash is different, right? Well, I'd say 141 00:08:29.860 --> 00:08:33.160 to take that a step further, you also probably want to block any 142 00:08:33.160 --> 00:08:36.430 addresses that are actually transacting with that terrorist 143 00:08:36.430 --> 00:08:39.820 financier, because that person is probably funding terrorism in 144 00:08:39.820 --> 00:08:43.240 one way or another. But Tornado Cash is different because of all 145 00:08:43.240 --> 00:08:47.860 the regular users that are also on the platform that are seeing 146 00:08:47.860 --> 00:08:52.300 some sanctions exposure, having engaged now with sanctioned 147 00:08:52.300 --> 00:08:57.490 addresses. And I think that's where really the question comes 148 00:08:57.490 --> 00:09:02.020 down to for DeFi, for cryptocurrency businesses. Which 149 00:09:02.020 --> 00:09:05.770 addresses should we block based on the sanctions, and which 150 00:09:05.770 --> 00:09:08.770 addresses should we not block? And just to sort of put a point 151 00:09:08.770 --> 00:09:13.450 on it, it seems that they have a choice today. And that is, they 152 00:09:13.450 --> 00:09:16.690 either can go ahead and block all of the sanctioned addresses, 153 00:09:16.930 --> 00:09:21.100 okay? Because if you are a U.S. person or a U.S. entity, or ties 154 00:09:21.100 --> 00:09:23.710 to U.S. persons or U.S. entities, you have to block 155 00:09:23.710 --> 00:09:26.440 those addresses. You are prohibited from transacting. The 156 00:09:26.440 --> 00:09:31.000 question is do they go a step further, and block addresses 157 00:09:31.000 --> 00:09:37.240 that have transacted with those first addresses? And what we are 158 00:09:37.240 --> 00:09:41.110 doing at TRM is we're providing data to cryptocurrency 159 00:09:41.110 --> 00:09:44.680 businesses, to exchanges, to DeFi protocols, and they are 160 00:09:44.680 --> 00:09:48.550 making a decision based on that data, whether or not to block 161 00:09:48.550 --> 00:09:49.540 those addresses. 162 00:09:50.440 --> 00:09:52.660 Tom Field: Ari, some have suggested that this move signals 163 00:09:52.660 --> 00:09:57.010 a more aggressive posture by the U.S. when it comes to regulating 164 00:09:57.400 --> 00:10:01.150 decentralized apps. What do you see is the message from the top? 165 00:10:01.390 --> 00:10:04.720 Ari Redbord: Yeah, look, I think that's a big "we'll see." I 166 00:10:04.720 --> 00:10:08.620 think this was an extension, obviously, of things that had 167 00:10:08.620 --> 00:10:13.450 been done before. But I think when Treasury and sort of from 168 00:10:13.510 --> 00:10:16.960 my time there, I can only believe that they were looking 169 00:10:16.960 --> 00:10:20.050 at sort of "Alright, look, we need to stop North Korea from 170 00:10:20.050 --> 00:10:22.990 laundering funds," because when North Korea launders funds, it's 171 00:10:22.990 --> 00:10:24.730 not just about money, right? It's about weapons 172 00:10:24.730 --> 00:10:27.010 proliferation, it's about ballistic missile systems, it's 173 00:10:27.010 --> 00:10:31.600 about, you know, a launch potentially on Guam or something 174 00:10:31.600 --> 00:10:33.940 along those lines. It's very, very real. And I think they were 175 00:10:33.940 --> 00:10:37.300 trying to do everything they could. Treasury was to stop the 176 00:10:37.300 --> 00:10:42.190 ability of North Korea to launder funds. I think beyond 177 00:10:42.190 --> 00:10:45.430 Tornado Cash, I think there are a lot more questions as to sort 178 00:10:45.430 --> 00:10:48.760 of how far you extend, you know, going after essentially 179 00:10:48.760 --> 00:10:56.740 decentralized protocols. All of that said, I think what we're 180 00:10:56.740 --> 00:11:01.030 going to see over the next few weeks is significant guidance of 181 00:11:01.030 --> 00:11:04.870 some sort from OFAC to say, "Hey, look, if you've transacted 182 00:11:04.870 --> 00:11:09.790 with Tornado Cash, you know, incidentally or unintentionally, 183 00:11:09.970 --> 00:11:16.270 you know, you are not going to be open to sort of enforcement 184 00:11:16.270 --> 00:11:18.970 action or the types of things." And I think what they would tell 185 00:11:18.970 --> 00:11:22.600 you today is absolutely correct. But I think the industry needs 186 00:11:22.600 --> 00:11:25.030 some guidance, because that will also not just help those 187 00:11:25.030 --> 00:11:29.950 individuals, but it'll help the companies know who and who not 188 00:11:29.950 --> 00:11:32.530 to block. So I think we are going to see some guidance. And 189 00:11:32.530 --> 00:11:35.020 I think that'll probably ultimately speak to your 190 00:11:35.020 --> 00:11:35.830 question as well. 191 00:11:36.160 --> 00:11:37.930 Tom Field: As we go into this last third of the year, do you 192 00:11:37.930 --> 00:11:39.310 think that guidance is forthcoming? 193 00:11:39.870 --> 00:11:44.040 Ari Redbord: I believe it is. But that is just a best guess. I 194 00:11:44.040 --> 00:11:46.800 know, there's been a lot of questions from industry to OFAC. 195 00:11:47.430 --> 00:11:50.490 Congressman Emmer's wrote what I thought was a fairly eloquent 196 00:11:50.490 --> 00:11:53.520 letter, kind of laying out both sides, but then some very 197 00:11:53.520 --> 00:11:57.690 significant questions last week, so they're essentially now going 198 00:11:57.690 --> 00:12:02.880 to have to respond to that letter. I do believe so. And I 199 00:12:02.880 --> 00:12:06.450 also believe that there are probably ways to sort of find a 200 00:12:06.450 --> 00:12:09.990 balance here. And really what we have to do more than anything 201 00:12:09.990 --> 00:12:13.290 else is, on the one hand, we have to stop illicit actors from 202 00:12:13.290 --> 00:12:18.900 taking advantage of these protocols. You know, I talk 203 00:12:18.900 --> 00:12:21.390 about this all the time, it's not just from a national 204 00:12:21.390 --> 00:12:24.180 security perspective; take North Korea out, you know. People 205 00:12:24.180 --> 00:12:27.390 aren't going to put their funds into DeFi, they're not going to 206 00:12:27.390 --> 00:12:29.640 put their funds on a bridge, okay? They're not going to 207 00:12:29.700 --> 00:12:33.210 engage with crypto if they think their funds can be hacked and 208 00:12:33.210 --> 00:12:37.410 gone, you know, in a few days, and one way to stop hacks from 209 00:12:37.410 --> 00:12:40.890 happening is to stop the ability to launder funds. But at the 210 00:12:40.890 --> 00:12:44.640 same time, look, as we move into sort of a more and more open 211 00:12:44.640 --> 00:12:47.640 financial system, people are going to rightfully need some 212 00:12:47.640 --> 00:12:53.070 more degree of privacy. And there's a need for services that 213 00:12:53.070 --> 00:12:55.980 enhance that privacy. So it's finding that balance, and I 214 00:12:55.980 --> 00:12:58.980 think we'll do it. I think the technology answers are there. I 215 00:12:58.980 --> 00:13:01.320 think there are tools like TRM and others that can sort of help 216 00:13:01.320 --> 00:13:05.340 with this. But at the same time, it is balancing and it can't be 217 00:13:05.340 --> 00:13:06.120 one way or another. 218 00:13:06.000 --> 00:13:08.850 Tom Field: Ari, I always enjoy our conversations. I'm going 219 00:13:08.850 --> 00:13:11.280 turn this back to Anna to now introduce our next guest. 220 00:13:11.310 --> 00:13:12.210 Ari Redbord: Love it. Thanks, Tom. 221 00:13:12.660 --> 00:13:15.150 Anna Delaney: Brilliant. Thank you very much. Welcoming to the 222 00:13:15.150 --> 00:13:18.600 studio, Grant Schneider, senior director of the cybersecurity 223 00:13:18.600 --> 00:13:22.320 services at Venable, and of course, former federal CISO. 224 00:13:22.770 --> 00:13:23.970 Very good to see you again, Grant. 225 00:13:24.780 --> 00:13:26.940 Grant Schneider: Anna, great to see you. Thanks for having me. 226 00:13:26.000 --> 00:13:30.170 Anna Delaney: So Grant, as I mentioned earlier, news this 227 00:13:30.170 --> 00:13:32.840 week, surprisingly or unsurprisingly, that Twitter 228 00:13:32.840 --> 00:13:37.490 might not be as secure as it should be, or as it should. So 229 00:13:37.490 --> 00:13:40.730 given the importance that Twitter has played in elections 230 00:13:40.730 --> 00:13:44.720 in recent years, and the fact that we're a mere few weeks away 231 00:13:44.720 --> 00:13:48.230 from the U.S. midterm elections, what's your response to the 232 00:13:48.230 --> 00:13:51.230 allegations and what they mean for election security? 233 00:13:52.500 --> 00:13:54.570 Grant Schneider: Yeah, so I think it's concerning on a 234 00:13:54.570 --> 00:13:59.640 couple of fronts. There's going to be another side to the story, 235 00:13:59.640 --> 00:14:03.840 right? We're going to learn more. But certainly the set of 236 00:14:03.840 --> 00:14:08.400 allegations that have come out are pretty significant, and very 237 00:14:08.400 --> 00:14:13.050 concerning or, you know, would be for any organization, but 238 00:14:13.050 --> 00:14:16.950 particularly for Twitter, because to your point, the 239 00:14:16.980 --> 00:14:22.170 amount of social influence that platform is able to exert 240 00:14:22.170 --> 00:14:28.680 through its individual users, on all sorts of socio and economic 241 00:14:29.430 --> 00:14:32.550 things around the world, but particularly on elections. And 242 00:14:32.550 --> 00:14:37.110 as we get closer to elections, we undoubtedly see more and 243 00:14:37.110 --> 00:14:42.600 more, you know, advertisements pushing around campaigns and 244 00:14:43.290 --> 00:14:47.880 paying ability to influence. You know, Twitter is one of the 245 00:14:47.880 --> 00:14:52.680 tools that politicians use and anyone that wants to participate 246 00:14:52.680 --> 00:14:56.970 in the electoral process use it to influence people. So to think 247 00:14:56.970 --> 00:15:05.220 that a malicious actor could leverage that in a way to skew 248 00:15:05.250 --> 00:15:10.620 potentially or inadvertently influence or deliberately or 249 00:15:10.620 --> 00:15:16.110 inappropriately influence voters is very concerning. So 250 00:15:16.110 --> 00:15:20.010 definitely interested to see what are the allegations, how 251 00:15:20.040 --> 00:15:22.440 Twitter reacts to them beyond, you know, because there's a 252 00:15:22.440 --> 00:15:25.290 whole bunch of misunderstanding here. But what are they actually 253 00:15:25.290 --> 00:15:27.090 able to do from a security standpoint. 254 00:15:27.570 --> 00:15:30.660 Anna Delaney: Yeah, for sure. And this all comes at a time 255 00:15:30.660 --> 00:15:33.240 when geopolitical tensions are high. We've got Russia's war in 256 00:15:33.240 --> 00:15:38.520 Ukraine. And of course, Nancy Pelosi's recent visit to Taiwan. 257 00:15:38.760 --> 00:15:42.600 And I was speaking with one of the members of the FBI at RSA 258 00:15:42.600 --> 00:15:45.840 this year, he said he was genuinely concerned that Russia 259 00:15:45.840 --> 00:15:50.400 will launch cyber retaliatory attacks against the United 260 00:15:50.400 --> 00:15:53.490 States and elections. Infrastructure was one of the 261 00:15:53.490 --> 00:15:57.630 sectors he was most concerned about. What's your advice to the 262 00:15:57.630 --> 00:16:00.810 sector right now? And where should they focus their efforts 263 00:16:00.870 --> 00:16:01.950 over the next few weeks? 264 00:16:03.210 --> 00:16:06.450 Grant Schneider: Yeah, well, in general, the sector is probably 265 00:16:06.480 --> 00:16:10.560 at a freeze from making, you know, real technical or 266 00:16:10.560 --> 00:16:14.790 architectural changes to their systems. In the run up, they 267 00:16:14.790 --> 00:16:19.620 will usually, you know, hit the pause button. So you know, 268 00:16:19.620 --> 00:16:22.350 they're not going to implement something new between now and 269 00:16:22.350 --> 00:16:27.180 the midterms. So they really need to be focused on, you know, 270 00:16:27.480 --> 00:16:31.590 (a) do they have threat intel? Are they able to understand, you 271 00:16:31.590 --> 00:16:34.680 know, who is sniffing around their systems right now, 272 00:16:34.710 --> 00:16:37.950 because, you know, anyone that's looking to do something later is 273 00:16:37.950 --> 00:16:42.870 going to be doing preparatory activity today. You know, can 274 00:16:42.870 --> 00:16:46.080 they detect that? Can they understand what it is, and then, 275 00:16:46.140 --> 00:16:50.340 you know, maybe they're still able to do some red teams or 276 00:16:50.340 --> 00:16:53.760 blue team assessments, to understand what vulnerabilities 277 00:16:53.760 --> 00:16:57.030 are out there and how they can mitigate them. But it's really 278 00:16:57.030 --> 00:17:00.420 making sure that their systems are hardened as much as possible 279 00:17:00.420 --> 00:17:00.930 right now. 280 00:17:01.920 --> 00:17:05.100 Anna Delaney: Good advice. Now, Pelosi, his recent visits to 281 00:17:05.100 --> 00:17:08.670 Taiwan did ruffle some feathers on the international scene. And 282 00:17:08.670 --> 00:17:12.150 in Thai, Taiwanese authorities said that the event provoked an 283 00:17:12.180 --> 00:17:15.120 unprecedented amount of cyberattacks on government 284 00:17:15.120 --> 00:17:18.690 websites. Some commentators, however, have said that the 285 00:17:18.690 --> 00:17:22.530 attacks were more theater than threat. How far do you agree 286 00:17:22.530 --> 00:17:23.250 with this statement? 287 00:17:24.680 --> 00:17:27.200 Grant Schneider: Well, I think the attacks that we see or the 288 00:17:27.200 --> 00:17:29.420 attacks that I've seen, and there could be attacks that, you 289 00:17:29.420 --> 00:17:32.420 know, we don't know about that are more significant, but the 290 00:17:32.480 --> 00:17:37.580 DDoS attacks that we saw on the government websites aren't that 291 00:17:37.580 --> 00:17:43.010 sophisticated of an approach. It is more, you know, particularly 292 00:17:43.010 --> 00:17:47.420 for a nation state, it feels more like it was around sending 293 00:17:47.420 --> 00:17:53.450 a message. It seems to me that if China were looking to do 294 00:17:53.450 --> 00:17:58.730 something more specific, we would know less about it, right? 295 00:17:58.730 --> 00:18:01.340 They would look to do something that's far stealthier than a 296 00:18:01.340 --> 00:18:05.510 DDoS attack. And certainly, their reaction in the kinetic 297 00:18:05.510 --> 00:18:10.640 world of their military exercises all around the island, 298 00:18:10.820 --> 00:18:14.480 coupled with this makes it feel like they definitely wanted this 299 00:18:14.480 --> 00:18:18.470 to be a bit of a show. And they wanted it to be pretty clear 300 00:18:19.400 --> 00:18:22.250 that they have capabilities. And whether these were Chinese 301 00:18:22.280 --> 00:18:25.400 nation-state actors, or someone contracted to them, or even 302 00:18:25.400 --> 00:18:30.200 Chinese national hacktivists, we don't really know. But it 303 00:18:30.200 --> 00:18:33.230 definitely feels that this was more about sending messages than 304 00:18:33.230 --> 00:18:37.610 actually gaining access to systems. Unless they did that 305 00:18:37.610 --> 00:18:39.530 under the covers at the same time. 306 00:18:40.100 --> 00:18:43.700 Anna Delaney: Very good. Well, changing angles slightly. An 307 00:18:43.730 --> 00:18:46.610 interesting article I read last week, the Justice Department is 308 00:18:46.610 --> 00:18:50.870 now filing its most sensitive court documents on paper since 309 00:18:50.870 --> 00:18:53.990 January 2021, to avoid any chance of a breach or 310 00:18:54.200 --> 00:18:57.530 vulnerability in electronic filing systems. I mean, what do 311 00:18:57.530 --> 00:19:00.050 you make of this, that we've got to this point? 312 00:19:01.950 --> 00:19:06.540 Grant Schneider: So a pencil and paper is very secure. It just 313 00:19:06.540 --> 00:19:10.440 comes down to who you share it with. And so from that 314 00:19:10.440 --> 00:19:13.860 standpoint, if you have really secure items, and you want to 315 00:19:13.860 --> 00:19:19.140 just keep them offline, that is an excellent way to enhance the 316 00:19:19.140 --> 00:19:21.600 security. It doesn't guarantee the security. You still have 317 00:19:21.810 --> 00:19:25.440 insider threats, you can still, you know, have documents 318 00:19:25.470 --> 00:19:30.000 misplaced or stolen or other things. You know, the reason we 319 00:19:30.000 --> 00:19:35.490 don't see more people operating offline and with in-paper 320 00:19:35.490 --> 00:19:39.180 documents is it just doesn't scale. And so while this might 321 00:19:39.180 --> 00:19:44.490 work for some very specific and very sensitive cases, I don't 322 00:19:44.490 --> 00:19:48.420 think it's something that scales more broadly. So, you know, it's 323 00:19:48.510 --> 00:19:52.230 a perfectly acceptable approach for really sensitive things. I 324 00:19:52.230 --> 00:19:54.660 don't think we're going see a shift of people away from the 325 00:19:54.660 --> 00:19:59.160 internet. You know, either for e-commerce or for you know, 326 00:19:59.160 --> 00:20:02.040 doing government functions because it's just impractical 327 00:20:02.040 --> 00:20:06.300 for the number of transactions you need to engage in and the 328 00:20:06.300 --> 00:20:09.030 number of constituents you need to engage with. 329 00:20:10.110 --> 00:20:12.720 Anna Delaney: And I presume they're printing these documents 330 00:20:12.720 --> 00:20:14.370 from somewhere, as I'll say there are other security 331 00:20:14.000 --> 00:20:19.040 Grant Schneider: Yes, one would presume they're not actually 332 00:20:14.370 --> 00:20:14.910 questions. 333 00:20:19.040 --> 00:20:22.550 handwriting them out. They certainly could be. So it could 334 00:20:22.550 --> 00:20:27.350 be on a system that is, you know, separated from the 335 00:20:27.350 --> 00:20:30.170 internet. Although I think historically, we've seen that 336 00:20:30.320 --> 00:20:34.730 even in DOD and other organizations, a lot of the 337 00:20:34.760 --> 00:20:37.910 systems that are unconnected actually have a connection 338 00:20:37.910 --> 00:20:43.760 someplace. So I think if they're doing that, again, logistically, 339 00:20:43.760 --> 00:20:47.090 it's going to be really hard to do that in any amount of scale. 340 00:20:47.840 --> 00:20:50.570 And to your point, you're probably starting with a 341 00:20:50.570 --> 00:20:52.070 computer document someplace. 342 00:20:52.760 --> 00:20:55.250 Anna Delaney: Okay, well, thank you so much. Informative as 343 00:20:55.250 --> 00:20:56.120 always. Thank you, Grant. 344 00:20:56.930 --> 00:20:57.590 Grant Schneider: Absolutely. 345 00:20:58.400 --> 00:21:02.180 Anna Delaney: So welcoming back, Ari, please rejoin us. 346 00:21:02.990 --> 00:21:04.100 Ari Redbord: I am rejoined. 347 00:21:05.780 --> 00:21:09.680 Anna Delaney: You both seem to have chosen to embrace adventure 348 00:21:09.710 --> 00:21:14.540 this summer holiday, I think. Grant, you were sailing and Ari, 349 00:21:15.020 --> 00:21:17.300 you were in the wild camping. 350 00:21:17.420 --> 00:21:20.210 Ari Redbord: I was, along the Colorado River. It was amazing. 351 00:21:20.240 --> 00:21:21.050 It was great. 352 00:21:21.000 --> 00:21:23.970 Anna Delaney: So my next question is, I'm casting you 353 00:21:23.970 --> 00:21:27.540 away to a desert island. How would you fare on that island do 354 00:21:27.540 --> 00:21:28.080 you think? 355 00:21:29.740 --> 00:21:34.630 Ari Redbord: So I would be amazing for one night. Which is 356 00:21:34.630 --> 00:21:38.110 how long I stayed on the Colorado River this trip. Then 357 00:21:38.110 --> 00:21:41.200 I'd be like searching the island for a luxury resort of some kind 358 00:21:41.230 --> 00:21:45.790 probably. No, that's funny enough, like so this is like, 359 00:21:45.790 --> 00:21:48.430 you know, guilty pleasure time. But I've always loved Survivor. 360 00:21:48.430 --> 00:21:51.820 Like, that's always been one of my favorite shows. And, you 361 00:21:51.820 --> 00:21:54.430 know, I think my social game would have been okay. I think I 362 00:21:54.430 --> 00:21:57.250 would have been okay at challenges. I think the survival 363 00:21:57.250 --> 00:22:00.670 part of the game, though, I would have struggled 364 00:22:00.670 --> 00:22:03.520 significantly. So I'm not sure I would have made it on the 365 00:22:03.520 --> 00:22:03.910 island. 366 00:22:04.360 --> 00:22:06.100 Anna Delaney: Okay. And Grant, how would you do? 367 00:22:07.120 --> 00:22:09.160 Grant Schneider: Yeah, so my first thought is, "Okay, what 368 00:22:09.160 --> 00:22:12.700 else? What's on the island? What are the resources? Is there a 369 00:22:12.700 --> 00:22:16.060 resort?" That would be a great resource, I guess, to find, but 370 00:22:16.060 --> 00:22:21.610 very much I think mentally I would get into survival mode, 371 00:22:21.610 --> 00:22:26.260 and what do we need, what do we have, whoever the 'we' are, and 372 00:22:26.260 --> 00:22:28.420 then how do we get off the island. You know, how do we 373 00:22:28.420 --> 00:22:30.730 survive on the island but perhaps how do we get off the 374 00:22:30.730 --> 00:22:35.290 island, if that's what we think we need to do. So, not sure how 375 00:22:35.290 --> 00:22:40.060 many days I would make it. But I would certainly give it a go. 376 00:22:41.200 --> 00:22:42.940 Ari Redbord: Anna, this is when you're supposed to say, "The 377 00:22:42.940 --> 00:22:43.870 tribe has spoken." 378 00:22:43.000 --> 00:22:48.550 Tom Field: Anna, my question would be which island? If it's 379 00:22:48.550 --> 00:22:52.300 the islands like from TV where they may coconut cream pies, I 380 00:22:52.300 --> 00:22:55.960 could do that okay. If it's the Tom Hanks island where you talk 381 00:22:55.960 --> 00:22:59.410 to soccer balls, I don't see myself doing so well. 382 00:22:59.980 --> 00:23:04.330 Anna Delaney: Yeah, Well, yes. Let's think about that one. So 383 00:23:04.330 --> 00:23:10.480 what would your luxury item be going off to this island? I'll 384 00:23:10.480 --> 00:23:12.010 give you one luxury item. 385 00:23:12.690 --> 00:23:14.790 Ari Redbord: I love it. Yeah, go for it, Tom. 386 00:23:14.830 --> 00:23:16.330 Tom Field: You can't have pen and paper? 387 00:23:17.860 --> 00:23:22.210 Anna Delaney: Oh, okay. That may be stationary. Yeah, no 388 00:23:22.000 --> 00:23:27.520 Ari Redbord: I am married to a dermatologist. And if I ever 389 00:23:22.210 --> 00:23:22.930 technology. 390 00:23:27.520 --> 00:23:29.710 came home from that desert island with a sunburn, I might 391 00:23:29.710 --> 00:23:33.460 as well not come home at all. So I'm going to go with some 392 00:23:33.460 --> 00:23:34.840 sunscreen probably for me. 393 00:23:42.340 --> 00:23:45.700 Grant Schneider: Oh, I'm thinking to bring something to 394 00:23:45.700 --> 00:23:53.140 start a fire. That's the thing I'd most likely bring. Because 395 00:23:53.140 --> 00:23:56.020 I'm not sure rubbing two sticks together that I'm going to be 396 00:23:56.020 --> 00:23:57.160 very successful with that. 397 00:23:57.850 --> 00:24:00.220 Tom Field: Wait a minute. Can luxury item be the professor? 398 00:24:01.720 --> 00:24:02.440 Ari Redbord: Exactly. 399 00:24:04.600 --> 00:24:08.140 Anna Delaney: Well, yeah. I think we need an extra person on 400 00:24:08.140 --> 00:24:10.960 this island to rescue us. 401 00:24:14.050 --> 00:24:15.790 Grant Schneider: If it can be the professor, can it just be a 402 00:24:15.790 --> 00:24:16.300 sailboat? 403 00:24:19.870 --> 00:24:22.210 Anna Delaney: Very good. Well, this has been enjoyable as 404 00:24:22.210 --> 00:24:24.730 always. Thank you very much. Grant, Ari, Tom. 405 00:24:25.510 --> 00:24:27.190 Grant Schneider: Thank you. 406 00:24:27.550 --> 00:24:29.740 Anna Delaney: Thanks so much for watching. Until next time.