Tip:
Highlight text to annotate it
X
>> WELCOME TO "GOVERNMENT
CONTRACTING WEEKLY," SPONSORED
BY AOC KEY SOLUTIONS,
INCORPORATED.
"GOVERNMENT CONTRACTING WEEKLY"
IS THE ONLY TELEVISION PROGRAM
DEVOTED EXCLUSIVELY TO THE
COMPETITIVE AND DYNAMIC WORLD
OF GOVERNMENT CONTRACTING,
A WORLD WHERE COMING IN SECOND
PLACE IS NOT AN OPTION,
BUT WHERE PRINCIPLE-CENTERED
WINNING IS THE ONLY APPROACH.
>> GOOD MORNING. AND WELCOME
TO THIS WEEK'S SPECIAL EDITION
OF "GOVERNMENT
CONTRACTING WEEKLY."
I'M HILARY FORDWICH FROM
KEY SOLUTIONS. THIS MORNING
WE'RE GOING TO FOCUS EXCLUSIVELY
ON THE DYNAMIC, CHALLENGING,
AND MISSION CRITICAL AREA OF
CYBER SECURITY, OR AS I'LL BE
ASKING OUR PANELISTS, IS IT
REALLY A MATTER LIMITED TO
CYBER SECURITY, OR CAN WE MORE
BROADLY ACKNOWLEDGE THAT WE ARE
ENGAGED IN A WORLDWIDE
CYBER WAR? WITH ME THIS MORNING
TO TACKLE THESE CRITICAL ISSUES
ARE SHAWN HENRY, THE PRESIDENT
OF CrowdStrike SERVICES.
SHAWN IS ALSO THE FORMER
EXECUTIVE ASSISTANT DIRECTOR OF
THE FBI. GOOD MORNING, SHAWN.
>> GOOD MORNING.
>> TONY SAGER IS ALSO WITH US.
AND HE IS THE DIRECTOR OF
THE SANDS INSTITUTE.
TONY IS ALSO THE FORMER COO OF
THE INFORMATION ASSURANCE
DIRECTORATE OF THE NSA.
GOOD MORNING, TONY.
>> GOOD MORNING.
>> AND ALSO WE HAVE
ANUP GHOSH, FOUNDER AND CEO
OF INVINCEA. GOOD MORNING, ANUP.
>> GOOD MORNING, HILARY.
>> THANK YOU FOR JOINING ME.
THE FIRST QUESTION I'D LIKE TO
ASK IS REALLY BASICALLY TO YOU,
SHAWN. WHAT IS THE NATURE OF
THE CURRENT THREAT AND HOW BAD
IS IT?
>> WELL, IT'S PRETTY
SUBSTANTIAL. EVERYTHING WE DO IN
OUR LIVES IS PUSHED TO THE
INTERNET. ALL OF OUR
CORPORATIONS, GOVERNMENT, OUR
MILITARY, ALL OF THAT
INFORMATION RESIDES ON
AN INFRASTRUCTURE THAT'S REALLY
INHERENTLY INSECURE. AND THERE
ARE DOZENS OF ADVERSARIES--
FOREIGN INTELLIGENCE SERVICES,
ORGANIZED CRIME GROUPS, EVEN
TERRORIST ORGANIZATIONS, WHO ARE
LOOKING TO STEAL THAT DATA BY
EXFILTRATING IT OFF OF
THE NETWORKS. AND WE'RE TALKING
ABOUT INTELLECTUAL PROPERTY,
RESEARCH AND DEVELOPMENT,
CORPORATE STRATEGIES, FINANCIAL
DATA. ALL OF IT THAT'S BEING
SUCKED OUT OF THE NETWORKS AND
BEING USED BY FOREIGN
GOVERNMENTS TO PROVIDE
A COMPETITIVE ADVANTAGE TO THEIR
COMPANIES AGAINST U.S.
ORGANIZATIONS.
>> NOT TO MENTION THE ATMs UP
AND DOWN MANHATTAN. YES.
>> CERTAINLY, THESE ORGANIZED
CRIME GROUPS, THAT'S RIGHT.
THEY'RE STEALING HUNDREDS OF
MILLIONS OF DOLLARS OUT OF OUR
BANKS. AND THERE HAVE BEEN
ESTIMATES THAT THIS IN THE
HUNDREDS OF THE BILLIONS OF
DOLLARS OF AN IMPACT AGAINST
THE UNITED STATES' ECONOMY.
SO IT'S A SIGNIFICANT THREAT TO
OUR FINANCIAL SECURITY AND OUR
NATIONAL SECURITY.
>> YES. WOULD YOU AGREE WITH
THAT, TONY?
>> YES. YEAH. MY CAREER IN THIS
STARTS IN THE SEVENTIES. AND IT
SEEMS KIND OF QUAINT. BUT BACK
THEN WE THOUGHT OF IT AS, WE
HAVE ONE ADVERSARY, RIGHT?
AND WE ACTUALLY DIDN'T KNOW
VERY MUCH ABOUT THEM.
BUT NOW WE SEE THIS
SORT OF FULL SPECTRUM ACTIVITY
THAT SHAWN SEES FROM THE AMATEUR
TO THE PROFESSIONAL, FROM THE
NATION TO THE CORPORATE AND,
SORT OF, EVERYTHING IN BETWEEN.
>> AND AS SHAWN MENTIONS, IT'S
ACROSS EVERYTHING. IT'S EVERY
SPECTRUM.
>> YEAH. I MEAN, THE NOTION THAT
THIS IS, SORT OF,
A NATION-TO-NATION, YOU KNOW,
AND SO FORTH, HAS REALLY GONE
AWAY. THIS IS A REALLY PERVASIVE
KIND OF PROBLEM THAT WE HAVE
TO DEAL WITH.
>> ALMOST MATRIXED ACROSS THE
NATIONS AND THEN ACROSS ALL THE
DIFFERENT VERTICALS, EVERY
SINGLE THING ANYBODY COULD
VIOLATE REALLY.
>> EVERY SINGLE INDUSTRY IS
TARGETED BY VARIOUS ADVERSARIES.
>> AND THEN YOU'RE, OBVIOUSLY,
ANUP, IN THE BUSINESS OF
HELPING US AND PROTECTING US
AS WELL ON THE COMMERCIAL SIDE.
WHAT ARE YOU SEEING?
>> YEAH. SO WE DEFEND
ENTERPRISES AGAINST THESE
TARGETED ATTACKS. AND, YOU KNOW,
WE SEE 3 MAIN TYPES OF ACTORS
IN THIS SPACE. ONE IS NATION
STATE ADVERSARIES. AND, REALLY,
IF YOU LOOK AT COUNTRIES LIKE
CHINA, THEY'RE AFTER OUR
COUNTRY'S INTELLECTUAL
PROPERTY SO THEY CAN STAND UP
COMPETITIVE INDUSTRIES.
AS TO HOW IMPORTANT IT IS, YOU
JUST NEED TO LOOK BACK AT
THE SUMMIT HELD BY PRESIDENT
OBAMA AND THE CHINESE PREMIER
RECENTLY.
THE NUMBER-ONE TOPIC...
>> ISSUE, ISSUE. YES.
>> WAS CYBER SECURITY. YEAH.
SO ABSOLUTELY IMPORTANT. BUT
CYBER CRIME IS PERVASIVE. AND
THE THIRD ACTOR, REALLY, ARE
HACKTIVISTS, ALL RIGHT? SO
PEOPLE WITH A POLITICAL AGENDA.
TYPICALLY BENT ON CREATING SOME
SORT OF SHAME FOR COMPANIES AND
EXPOSING THEM POTENTIALLY
THROUGH CAPTURING EMAILS AND
MAKING THEM PUBLIC.
>> SO WOULD YOU SAY THAT ANY
FUTURE WAR WE HAVE IS NOT GOING
TO BE ON THE BATTLEFIELD, BUT
IT'S GOING TO BE IN CYBER SPACE?
>> YOU KNOW, I THINK THERE'S
CERTAINLY GOING TO BE A CYBER
COMPONENT. EVERYTHING WE DO IS
POWERED BY THE NETWORK--OUR
COMMUNICATIONS, MOVEMENT OF
TROOPS, MOVEMENT OF SUPPLIES AND
THOSE SORTS OF THINGS. THERE'S
A CYBER COMPONENT TO EVERYTHING
THAT WE DO. AND, CERTAINLY, I
THINK ADVERSARIES WILL LOOK FOR
VULNERABILITIES THAT CAN BE
EXPLOITED TO PROVIDE THEM WITH
SOME TYPE OF ADVANTAGE.
>> YEAH. IT'S REALLY DIFFERENT
THAN, SORT OF, WE MIGHT HAVE
THOUGHT OF HISTORICALLY WHERE
WE'RE FIGHTING OVER A PIECE OF
GROUND OR CONTROL OF A TRADE
ROUTE OR SOMETHING LIKE THAT.
THINK OF CYBER SPACE AS A SHARED
SPACE, RIGHT? SO ALL THE
PARTICIPANTS PRIMARILY HAVE
A VESTED INTEREST IN THAT
IT BE OPERATING...
>> RIGHT. YES, YES.
>> BUT EVERYONE'S TRIED TO
DOMINATE IT, ALL RIGHT? SO
CRIMINALS DON'T WANT IT TO GO
AWAY. THEY'RE NOT TRYING TO
DESTROY IT BECAUSE IT'S SO
LUCRATIVE, RIGHT? NATIONS WANT
TO DOMINATE IT. THEY DON'T WANT
TO MAKE IT DISAPPEAR. SO IT'S
A DIFFERENT KIND OF THING.
AND THE ROLE THAT IT'LL PLAY IS
DIFFERENT THAN WE THINK OF
IN PHYSICAL SPACE.
>> IT'S LIKE CONTROLLING
THE BEAST, REALLY.
>> WE RIGHT NOW HAVE--
YOU THINK ABOUT THE COLD WAR
FROM THE EIGHTIES, RIGHT? WE'RE
CURRENTLY IN A FORM OF COLD WAR
WITH COUNTRIES LIKE CHINA,
RIGHT? AND OCCASIONALLY YOU SEE
THESE HOT SPOTS, RIGHT? JUST THE
OTHER WEEK THE "WASHINGTON POST"
PUBLISHED SEVERAL MAJOR DEFENSE
SYSTEMS THAT WERE COMPROMISED
BY THE CHINESE. AND THAT WAS
THROUGH A CONFIDENTIAL REPORT
THAT WAS LEAKED.
>> AND WE ALSO SEE THAT
BUILDING. WE'VE SEEN THE
ACTUAL BUILDING WHERE THEY'RE
ALL RESIDING. YES.
>> BELIEVE ME, I'M SURE THAT WAS
ONE OF THE MAIN AGENDA ITEMS,
IS, LIKE, "HEY, YOU'VE STOLEN
ALL OUR PLANS." AND CURIOUSLY
ENOUGH, CHINA NOW HAS A STEALTH
FIGHTER JET THAT LOOKS A LOT
LIKE OURS, RIGHT? SO WE HAVE
THESE HOT SPOTS, WHETHER IT'S
CHINA, WHETHER IT'S THE SYRIAN
ELECTRONIC ARMY, WHETHER IT'S
ATTACKS AGAINST OUR BANKING
INSTITUTIONS. YES, CYBER WILL BE
THE PREMIER COMPONENT OF JUST
ABOUT ANY CONFLICT, WHETHER
IT'S LOW INTENSITY OR A HOT WAR.
>> BUT AS YOU MENTIONED, SHAWN,
THAT'S NOT THE ONLY ONE. THERE'S
PROBABLY MANY OTHER NATIONS.
>> THERE ARE DOZENS OF NATIONS
THAT HAVE AN AGGRESSIVE
ELECTRONIC ESPIONAGE CAMPAIGN
AGAINST THE UNITED STATES.
AND, ACTUALLY, IT'S ACTUALLY
AGAINST THE ENTIRE WESTERN
WORLD. THIS IS SOMETHING
THAT'S BEING DONE AGAINST NOT
JUST US BUT OUR ALLIES AS WELL.
>> SO ARE WE ACTUALLY AT WAR?
>> I THINK THAT TERM "WAR" HAS
BEEN USED PROBABLY
INAPPROPRIATELY BY
A LOT OF PEOPLE. I THINK IT'S
SOMETHING WE CERTAINLY NEED TO
BE CONCERNED ABOUT. THERE'S
A CONFLICT EVERY SINGLE DAY.
WE'VE GOT PEOPLE THAT ARE
EMBRACED IN A BATTLE EVERY
SINGLE DAY. SO WE KIND OF USE
THOSE TERMS--I DON'T KNOW THAT I
WOULD GO AS FAR AS USING THE
TERM "WAR" BECAUSE THE
CONNOTATION FOR THAT IS PRETTY
SIGNIFICANT. AND IT BRINGS IN
A LOT OF OTHER ISSUES.
>> SO RATHER THAN WAR, WHAT DO
YOU THINK IS THE WORST-CASE
SCENARIO?
>> I THINK TO HELP PUT IT IN
CONTEXT, WE SHOULD BE THINKING
OF THIS AS A TRADE WAR, RIGHT?
AGAIN, MOST OF THE THEFT OF
INTELLECTUAL PROPERTY IS TO
STAND UP COMPETING INDUSTRIES.
AND WE'RE ACTUALLY LOSING ENTIRE
INDUSTRIES TO THE ASIA/PACIFIC,
RIGHT?
>> BECAUSE OF
THE TECHNOLOGY, YES.
>> SO IF WE THINK ABOUT THIS
AS ILLICIT TRADE, WE CAN
ACTUALLY BEGIN TO INVOLVE LEVERS
OF GOVERNMENT TO DEAL WITH
ILLICIT TRADE THROUGH TRADE
SANCTIONS. THE MEETINGS BETWEEN
OUR COUNTRY'S PRESIDENT
AND CHINA'S PREMIER WAS ABOUT
THIS ILLICIT TRADE. "IF YOU DO
THIS, GUESS WHAT WE CAN DO."
>> A PENALTY, YES. YES.
IT'S ALMOST LIKE THEY'RE
CROSSING THAT LINE. IT'S LIKE,
"YOU INVADE POLAND AND THERE WE
ARE, YES."
>> WELL, THE NATURE OF THE, SORT
OF, ENVIRONMENT RIGHT NOW, THERE
IS NO STAND-ALONE DEFENSE
DEPARTMENT, RIGHT? THE NATURE OF
THE NET ALSO ALLOWS US TO
LEVERAGE EACH OTHER, RIGHT?
I ALWAYS SAY NO ONE IN THE
DEFENSE DEPARTMENT GETS PAID
WITHOUT A COMMERCIAL PARTNER,
RIGHT, WITHOUT SOMEONE TO SHIP
OUR GOODS AND MOVE OUR PEOPLE...
>> AND THAT'S WHAT OUR AUDIENCE
LOVES TO HEAR. THERE ARE
CONTRACTORS INVOLVED IN ALMOST
EVERY ASPECT OF WHAT
THE DEFENSE DEPARTMENT IS DOING.
>> RIGHT. SO YOU GET THIS
INCREDIBLE LEVERAGE FROM THE
POWER OF THE NETWORK AND
INFORMATION AND SO FORTH, BUT
THEN YOU'VE BUILT THIS
INCREDIBLE DEPENDENCY, RIGHT?
SO NO ONE CAN STAND ASIDE FROM
THE CONFLICT OR THE ACTIVITY,
RIGHT? WE'RE ALL INVOLVED AT
SOME LEVEL. SO I THINK THE TRADE
ASPECT OF IT IS AN INTERESTING
WAY TO THINK OF IT BECAUSE IT
REALLY SPEAKS TO THE ECONOMICS,
RIGHT...
>> RIGHT. AND I THINK WHAT'S
GOOD ABOUT WHAT ANUP SAID, IT'S
ALMOST LIKE WE NEED RED LINES IN
THE GROUND IN TERMS OF ILLICIT
TRADE. RED LINES OF TRADE.
>> I THINK THAT THAT'S PROBABLY
THE MOST IMPORTANT ISSUE. I'VE
CALLED FOR THAT FOR A LONG TIME.
WE NEED TO DEFINE THE RED LINES
AND THEN CLEARLY IDENTIFY WHAT
THE PENALTIES ARE FOR BREACHING
THOSE RED LINES.
>> PERFECT.
>> SO WE'VE TALKED ABOUT THE
THREATS THAT ARE OUT THERE AND
WHAT'S FACING OUR NATION, BUT
WHAT ABOUT PREPARATION?
AND WHAT ABOUT ADEQUATE
PROTECTION? ARE WE REALLY
PROTECTED? WHAT DO YOU THINK,
TONY?
>> WELL, I THINK WE'RE AT WHAT I
WOULD CALL KIND OF A FUNNY POINT
IN HISTORY, WHERE THE VAST
MAJORITY OF PROBLEMS THAT ARE
PLAGUING US TODAY FROM THE
THINGS THAT YOU READ ABOUT IN
THE NEWS ARE ACTUALLY KNOWN
PROBLEMS WITH KNOWN SOLUTIONS.
AND YOU CAN SEE THAT IN ANY OF
THE BIG STUDIES THAT PEOPLE HAVE
DONE OF THE VULNERABILITIES AND
ATTACKS THAT ARE OUT THERE.
BUT THAT DOESN'T MAKE THE
PROBLEM SOLUTION EASY. BECAUSE
THE KNOWN SOLUTION MIGHT NOT BE
KNOWN TO YOU, RIGHT? THERE'S
VERY UNEVEN KNOWLEDGE.
>> KNOWN TO US AS A NATION,
YEAH.
>> THE SOLUTION MIGHT BE TOO
EXPENSIVE OR JUST NOT INTEGRATED
WELL INTO THE THINGS THAT YOU'RE
DOING. SO THERE'S A LOT OF WORK
TO BE DONE--YOU KNOW, WE THINK
WE KNOW WHAT TO DO IF YOU THINK
OF THIS AS KIND OF AN 80/20
PROBLEM...
>> RIGHT.
>> WE KNOW WHAT TO DO ABOUT
THESE SORT OF 80, 90 MAINLINE
THINGS.
>> SO WE KNOW WHAT WE KNOW. DO
WE KNOW WHAT WE DON'T KNOW?
>> WELL, THAT LAST 10% IS
A STICKY PART, RIGHT?
THAT'S THE REALLY HARD AND
CHALLENGING PART. THAT'S THE
DOMAIN THAT FOLKS LIKE SHAWN'S
COMPANY HAVE STEPPED INTO, WHICH
IS, ONCE YOU'VE COMMANDED
YOURSELF AND PUT YOUR DEFENSES
IN PLACE, THERE'S A BIG
CHALLENGE IN DEALING WITH THE
UNKNOWNS, THE THINGS YOU HAVEN'T
SEEN BEFORE. AND BEING ABLE TO
UNDERSTAND THE ADVERSARY, WHAT
THEY CAN DO...
>> AND ANTICIPATE THEM,
I WOULD THINK. YEAH.
>> AND BE PREPARED TO DEAL WITH
THOSE. THE CHALLENGE IS, IF
YOU'RE DROWNING IN THE 80%
NOISE--JUST KNOWN PROBLEMS,
KNOWN SOLUTIONS, IT'S VERY HARD
TO TURN YOUR ATTENTION AND YOUR
RESOURCES TO THESE HARDER
PROBLEMS.
>> YES. DO YOU THINK WE'RE
DROWNING, THEN? WHAT DO YOU
THINK, SHAWN?
>> I DO. I THINK FOR THE LAST
TWO DECADES, WE'VE BEEN FOCUSED
SOLELY ON VULNERABILITY
REDUCTION AND BUILDING OUR
DEFENSES, WHICH IS VERY
CRITICAL. WE GOT TO HAVE...
>> WHICH IS GOOD AND WE HAD TO
HAVE. YEAH...
>> A GOOD DEFENSE.
>> GOT TO HAVE A FOUNDATION.
>> BUT I THINK WE ACTUALLY NEED
TO START LOOKING AT WHO THE
ADVERSARIES ARE. THEY'RE GOING
TO KEEP COMING AT US. WHEN WE
TALK ABOUT THESE TARGETED
ATTACKS AND THE FACT THAT
THEY'RE GETTING BILLIONS AND
BILLIONS OF DOLLARS OF VALUE
AND THE RISK IS VIRTUALLY ZERO,
THEY'RE BEING IDENTIFIED AND
THEY'RE BEING CALLED OUT,
AND NOTHING'S HAPPENING.
WE NEED TO START FOCUSING ON
DOING ATTRIBUTION AND, HOW DO WE
MITIGATE THE THREAT FROM THE
ADVERSARIES? WE CAN DO THAT BY
COLLECTING INTELLIGENCE, WHICH
ALLOWS US TO BECOME MORE
PREDICTIVE AND UNDERSTAND IT.
WHEN WE GET THE ABILITY TO
KIND OF SEE AROUND THE CORNER,
SEE WHAT THE EMERGING THREATS
ARE, WHO THE ADVERSARIES ARE,
WHAT THEIR TACTICS ARE, WHAT
THEIR TOOLS ARE--SPECIFICALLY
WHAT TYPES OF CAPABILITIES
THEY'RE BRINGING--WE'RE IN
A MUCH STRONGER POSITION TO BE
NOT JUST FROM A TECHNICAL
PERSPECTIVE BUT TO BE FROM
A POLICY PERSPECTIVE AND FROM
A STRATEGIC PERSPECTIVE.
WHEN YOU UNDERSTAND THE TOTALITY
OF THE ADVERSARY, YOU'RE IN
A MUCH BETTER POSITION TO
DEFEND YOUR NETWORKS AND TO TAKE
ACTIONS AGAINST THAT THREAT.
>> SO BEING PREVENTATIVE
IN ADVANCE, THEN.
>> ABSOLUTELY.
>> YES. ANUP, SO THAT'S REALLY
WHAT YOU'RE INVOLVED IN,
ISN'T IT?
>> THAT'S EXACTLY RIGHT.
>> THAT'S WHY WE NEED YOU.
>> RIGHT. SO WHAT INVINCEA DOES,
IF YOU LOOK AT THE LAST TWO
DECADES, AS SHAWN WAS SAYING,
THE TECHNOLOGY THAT WE'RE USING
TODAY TO DEFEND AGAINST THESE
THREATS WAS REALLY DEVELOPED
IN THE 20th CENTURY. SO IF WE'RE
GOING TO WAR IN THE 21st CENTURY
DEFENDING AGAINST A THREAT USING
20th-CENTURY TECHNOLOGY, WHICH
IS DEFENDING AGAINST KNOWN
ATTACKS, THAT DOESN'T WORK
ANYMORE. THAT DOESN'T WORK FOR
TARGETED ATTACKS. WHAT WE DO IS
SAY, "LOOK, WE DON'T KNOW
EXACTLY WHAT THE ATTACK LOOKED
LIKE, BUT LET'S PUT EVERYONE IN
A SAFE CONTAINER. SO WHEN
THEY'RE ONLINE AND THEY'RE
GETTING EXPLOITED, NOT ONLY DO
WE PREVENT THE BREACH, BUT WE
ACTUALLY PRODUCE THIS INTEL,
THE INTEL THAT WOULD FLOW TO
THESE THREAT INTEL SHOPS.
>> BOTH WAYS. YOU'RE CAPTURING
WHAT THEY'RE DOING. YES...
>> WE'RE CAPTURING THE INTEL.
>> IT'S LIKE FINGERPRINTS ON THE
INTERNET, SORT OF, YEAH.
>> LIKE FINGERPRINTS ON THE
INTERNET. AND SO NOW WE CAN
ACTUALLY NOT ONLY PREVENT THE
BREACH, BUT WE CAN ACTUALLY
POINT BACK TO WHO'S RUNNING
THIS CAMPAIGN, WHO ELSE HAVE
THEY GOTTEN, WHAT IS THEIR
PLAYBOOK, RIGHT? SO IT'S
BEGINNING TO BE PROACTIVE AND
EXERT A PRESSURE BACK ON
THE ADVERSARY TO COST THEM
SOMETHING EVERY TIME THEY COME
AT YOU.
>> AND I WOULD THINK THAT THAT
IN AND OF ITSELF IS PREVENTATIVE
BECAUSE THEN IF THEY KNOW THEY
MIGHT GET CAUGHT, IT'S LIKE
THE FINGERPRINT ANALOGY.
THEY MAY BE A LITTLE BIT LESS
RELUCTANT IF THEY KNOW THEY SAW
THIS AND INITIATED THIS.
>> YOU'RE ABSOLUTELY RIGHT.
>> YOU THINK SO?
>> YOU'RE TURNING THE SPOTLIGHT
ON THE ADVERSARY AND YOU'RE
RAISING THE COST TO THEM. IF YOU
CAN RAISE THE RISK THAT THEY'RE
GONNA BE CAPTURED, IDENTIFIED,
CALLED OUT, THERE MIGHT BE TRADE
>> THAT ALARM'S GOING TO GO OFF.
>> ABSOLUTELY.
>> YEAH, YEAH.
>> PART OF THIS IS THINKING--I
TALKED ABOUT, SORT OF, THE
80/20, RIGHT? THAT 80 OR 90% IS
THE THINGS THAT ARE KIND OF
KNOWN--THE CLASSIC MASS MARKET,
YOU MIGHT CALL THEM, ATTACKS.
PEOPLE FORGET THE 20 PART OF
THAT, RIGHT? THE GOAL IS TO GET
MOST OF THAT BASICS IN PLACE
CHEAP. CHEAP MEANS OFF THE
SHELF, RIGHT, AUTOMATED,
STANDARDIZED, SO THAT YOU HAVE
YOUR ATTENTION AND YOUR
RESOURCES TO DEAL WITH HARDER
PROBLEMS, RIGHT? IT DOESN'T MAKE
SENSE FOR US TO HAVE HUMANS
RUNNING AROUND TRYING TO MADLY
PATCH OUR SYSTEMS AND CONFIGURE
AND TWIST KNOBS AND...
>> SO YOU WANT IT ALL AUTOMATED
TO THE EXTENT THAT WE POSSIBLY
CAN, YEAH.
>> THEY'RE THE BASICS OF KIND
OF RUNNING A SYSTEM, KNOWING
WHAT'S OUT THERE, AND KNOWING
WHEN SOMETHING--OUT OF
SPECIFICATION IS HAPPENING.
THAT'S ALL WELL WITHIN REACH OF
TECHNOLOGY AND GOOD OPERATIONS
AND GOOD HYGIENE, YOU MIGHT
CALL IT, WITHIN THE NETWORK.
BUT IT'S REALLY HARD FOR PEOPLE
TO TURN THEIR ATTENTION TO THESE
MORE SUBTLE PROBLEMS, WHICH IS
WHERE WE NEED TO GO. BUT IF YOU
CAN'T MANAGE YOURSELF, THEN YOU
HAVE NO ABILITY TO BOTH--TURN
YOUR ATTENTION. YOU DON'T HAVE
THE RESOURCES AND YOU DON'T HAVE
MACHINERY TO TURN BACK TO.
WHEN YOU LEARN NEW THINGS ABOUT
THE ADVERSARY, YOU DON'T WANT
TO JUST SHARE IT. YOU WANT TO
TAKE ACTION, RIGHT? YOU WANT TO
TURN TO YOUR TECHNOLOGY AND SAY,
"I WANT TO RECONFIGURE OR CHANGE
SOMETHING SO THAT ATTACK WON'T
WORK."
>> IT'S NOT JUST ENOUGH TO SHARE
INTELLIGENCE. YOU HAVE TO SHARE
ACTIONABLE INTELLIGENCE.
INTELLIGENCE HAS TO ALLOW YOU TO
ACTUALLY TAKE SOME ACTION SO YOU
CAN HELP TO MITIGATE THAT
THREAT.
>> WELL, WITH SOME ANALYSIS.
IT'S NO GOOD HAVING MASSES OF
DATA THAT NO ONE KNOWS WHAT TO
DO WITH. RIGHT, THEN?
>> WELL, PEOPLE TALK ABOUT
THREAT SHARING, YOU KNOW? BUT I
ALWAYS COME BACK TO SHAWN'S
THEME, WHICH IS, THREAT SHARING
IS NOT OUR DESTINATION, RIGHT?
THAT'S NOT THE GOAL. WE SHARE SO
WE CAN TAKE ACTION.
>> YEAH. WE'RE GOING TO ANYWAY.
>> SO THE BETTER WE KIND OF
DESIGN THAT WORK FLOW FROM NEW
LEARNING TO ACTION WITHIN OUR
SYSTEM IS TO PREVENT THAT
THE NEXT TIME OR WHATEVER THE
ACTION'S GOING TO BE. SO WE WANT
TO MAKE THAT FAST, RIGHT? WE
WANT TO MAKE IT AUTOMATED
WHEREVER POSSIBLE BUT
STANDARDIZED IN A WAY THAT IT
SCALES.
>> IT'S GOT TO HAPPEN AT THE
SPEED OF THE NETWORK. YOU CAN'T
SHARE INFORMATION BY EMAIL OR
TELEPHONE. IT'S GONNA HAPPEN
AUTOMATED.
>> AUTOMATED. SO IT HAS TO BE
AUTOMATED. SO ARE YOU SAYING--DO
YOU THINK OUR NATIONAL SECURITY
SYSTEM IS ACTUALLY BROKEN AND
NEEDS TO BE FIXED BECAUSE IT
NEEDS TO BE AUTOMATED? OR ARE WE
THERE AND WHERE DO WE STAND
IN THAT SPECTRUM?
>> SO I THINK WE
FUNDAMENTALLY NEED TO CHANGE
THE PARADIGM. SO WHEN
YOU TALK ABOUT SHARING OF THREAT
INTEL, WHAT WE LOSE SIGHT OF IS,
EVERY TARGETED ATTACK IS PRETTY
MUCH UNIQUE. SO IF I SHARE WITH
YOU, YOU KNOW, THE ATTACK THAT I
GOT, THAT SIGNATURE ITSELF WON'T
BE ALL THAT USEFUL FOR SOMEONE
ELSE. SO WE NEED
TO FUNDAMENTALLY CHANGE THIS
PARADIGM OF SIGNATURE-BASED
DEFENSES TO MORE BROAD DEFENSES
THAT DEFEND AGAINST CERTAIN
CLASSES OF ATTACKS, RIGHT? AND
WHAT I CAN DO IS I CAN TRACE
BACK TO MY ADVERSARY AND EXERT
OTHER PRESSURE ON MY
ADVERSARIES, WHETHER IT'S CHINA
OR ANOTHER COUNTRY. BUT THIS
NOTION OF, "HEY, LET ME COLLECT
THIS SIGNATURE AND JUST SHARE
THAT BROADLY."
THAT'S NOT CUTTING IT ANYMORE.
AND THE ANTIVIRUS
COMPANIES HAVE LEARNED THAT.
THERE'S OVER 200,000 NEW MALWARE
VARIANTS EVERY DAY. WE CAN'T
SHARE ENOUGH INFORMATION. WE
CAN'T SHARE IT FAST ENOUGH, EVEN
AT NETWORK SPEED, TO COMBAT
THE THREAT THAT WAY.
>> YES.
>> WELL, WHAT SHAWN TALKED
ABOUT, WAS, AGAIN, THE
BETTER UNDERSTANDING YOU HAVE OF
THE ADVERSARY--THEN, YOU KNOW,
YOU CAN'T FIGHT THIS JUST ON
THE WIRE, ON THE NETWORK, RIGHT?
SO ECONOMIC PRESSURE,
DIPLOMATIC PRESSURE. YOU KNOW,
THERE'S A WHOLE RANGE OF THINGS
THAT CAN BE BROUGHT TO BEAR.
>> RAMIFICATIONS WE NEED TO
HAVE. YES.
>> SO THE BETTER WE UNDERSTAND,
THE BETTER WE ARE TO ENLIST
THESE OTHER--YOU KNOW, WE MIGHT
SAY THE NATIONAL INSTRUMENTS OF
NATIONAL POWER. BUT YOU HAVE TO
THINK OF THIS AS A WAY TO--
AS A FULL-DIMENSIONAL THING,
NOT A PACKET-TO-PACKET, YOU
KNOW. "I SEE THEIR BAD PACKET,
AND I ZAP IT IN FLIGHT."
I LEARNED FROM THAT.
I STILL HAVE TO DEAL WITH THAT
PROBLEM, BUT I ALSO HAVE TO
THINK, HOW AM I GONNA DEAL WITH
THIS AT A CORPORATE LEVEL OR
AT A NATIONAL LEVEL OF
ENTERPRISE?
>> LOOK AT THE SIGNATURES AS
DIGITAL BULLETS. THEY'RE
INTERESTING. BUT IF SOMEONE'S
SHOOTING AT ME, I DON'T CARE IF
THEY'RE SHOOTING A 9-MILLIMETER
OR A .45.
I JUST WANT TO KNOW WHO'S
SHOOTING AT ME. WHY ARE THEY
SHOOTING AT ME?
HOW DO I STOP THEM?
>> AND ULTIMATELY STOP THEM
BEFORE THEY'VE EVEN GOT THE GUN
OUT. YES. THAT'S WHAT WE NEED TO
DO. RIGHT.
>> SO THE BULLETS ARE
INTERESTING AT THE END OF THE
DAY, HELPING YOU TO POTENTIALLY
IDENTIFY...
>> FORENSICALLY...
>> ABSOLUTELY.
>> BUT NOT TO PREVENT...
>> BUT THAT'S NOT WHAT YOU'RE
LOOKING AT FOR PREVENTION.
YOU HAVE TO LOOK AT THE ACTOR.
YOU DON'T HAVE A MALWARE
PROBLEM. YOU HAVE AN ADVERSARY
PROBLEM. WHO IS THE ADVERSARY?
WHY ARE THEY HERE? WHAT ARE THEY
DOING? HOW DO I STOP THEM?
>> FROM ALL THAT I'M HEARING, IT
SOUNDS TO ME LIKE WE ACTUALLY DO
HAVE A GRIP ON WHAT WE DO NEED,
WHICH IS PART OF THE ISSUE. YOU
DON'T WANT TO HAVE LOTS THAT YOU
DON'T KNOW, THAT WE'VE MOVING IN
THAT RIGHT DIRECTION. A QUICK
YES OR NO. DO YOU THINK WE ARE
MOVING IN THE RIGHT DIRECTION?
SHAWN, WHAT DO YOU THINK?
>> I THINK THAT WE ARE TAKING
STEPS. I DON'T THINK IT'S
HAPPENING FAST ENOUGH. I THINK
THERE'S A LOT MORE TO BE DONE.
>> TONY?
>> I THINK WE'RE HEADED IN THE
RIGHT DIRECTION. I THINK THE
DISCUSSION HAS SHIFTED, AS SHAWN
SAID. I GREW UP IN THE BUSINESS
OF, WE HAVE TO MANAGE OUR
VULNERABILITIES, RIGHT? THAT WAS
DECADES. AND WE'VE KIND OF
SQUEEZED THAT ONE PRETTY HARD.
I THINK IT'S TIME TO SHIFT OUR
THINKING AROUND THIS SORT OF
BROADER THINKING ABOUT THE
ADVERSARY, AND HOW DO WE
INTEGRATE THAT IN WITH THE
VULNERABILITY MANAGEMENT?
>> GREAT. ANUP, ARE WE IN THE
RIGHT DIRECTION?
>> I THINK WE'RE HEADED THERE.
I WANT TO BUILD ON SHAWN'S
ANALOGY. THE DEFENSES OF
YESTERDAY WERE CALLING OUT
BULLETS. TODAY AND TOMORROW,
WE'RE NOW PUTTING OUT KEVLAR
JACKETS FOR OUR BROWSERS AND FOR
OUR OTHER SOFTWARE. AND THEY'RE
GOING TO DEFEND AGAINST ALL
TYPES OF BULLETS. BUT MORE
IMPORTANTLY, WE CAN BEGIN TO
EXERT PRESSURE AGAINST
THE ADVERSARY BY SAYING, "HEY,
YOU SHOT AT ME, AND I DEFLECTED
IT. BUT LET ME TELL YOU WHO'S
SHOOTING."
>> YEAH. WHO'S SHOOTING, AND WE
GOT YOU. AND WE'RE STOPPING
THE NEXT ONES COMING.
>> EXACTLY.
>> AND WE KNOW WHERE YOU BOUGHT
YOUR BULLETS.
>> YEAH! WE KNOW WHERE YOU GOT
THEM. YEAH.
>> SO WHAT ABOUT EDUCATION,
TONY? WHAT ABOUT WHERE THE
NATION NEEDS TO BE, WHERE
COMPANIES NEED TO BE? I KNOW
THAT YOU'RE VERY PASSIONATE
ABOUT WHERE WE'RE GOING WITH
EDUCATION.
>> WELL, IT'S GENERALLY
RECOGNIZED THAT WE HAVE A REAL
PROBLEM IN THIS COUNTRY IN TERMS
OF, WE DON'T HAVE A WORKFORCE
POOL BIG ENOUGH TO WORK THESE
KINDS OF PROBLEMS.
IT'S A SYMPTOM OF THE LARGER
STEM PROBLEM THAT GETS DISCUSSED
A LOT NATIONALLY.
>> SCIENCE/TECHNOLOGY EDUCATION.
YEAH.
>> EXACTLY. WE CALL IT
THE CANNIBALIZATION STAGE,
RIGHT? WE'RE ALL STEALING FROM
EACH OTHER FOR A RELATIVELY
SMALL NUMBER OF PEOPLE...
>> AND THERE ARE SO MANY
PROBLEMS WITH IMMIGRATION ALSO.
BECAUSE ALL THE VISAS.
>> EXACTLY. SO LAST SUMMER, I
WAS ON THE DHS CYBERSKILLS TASK
FORCE, WHICH WAS LOOKING AT THIS
FROM DHS' PERSPECTIVE AS
AN EMPLOYER. AND PART OF THE
RECOMMENDATIONS OF THE TASK
FORCE WAS THAT NO ONE AGENCY
CAN SOLVE THIS PROBLEM FOR
THEMSELVES OR BY THEMSELVES,
RIGHT? IT REALLY IS A PART OF
A LARGER NATIONAL PROBLEM.
IT'S ABOUT DEFINING BETTER WHAT
WE NEED IN THE WORKFORCE,
BEING MORE SPECIFIC ABOUT
THE SKILLS. NOW, AGAIN, I'VE GOT
TO WATCH THIS EVOLVE OVER
CLOSE TO 40 YEARS NOW. AND THE
SECURITY BUSINESS HAS GROWN FROM
WHAT I WOULD CALL A DEVELOPMENT
AND AN ACADEMIC PROBLEM TO
A HUGE OPERATIONAL PROBLEM,
RIGHT, WE ARE SORT OF FIGHTING
EVERY MINUTE EVERY DAY.
SO THE PACE AND THE WAY WE
DEVELOP FOLKS LIKE ME--YOU
TAKE SOMEONE WITH A BASIC
UNDERGRADUATE DEGREE IN SOME
TECHNICAL FIELD AND YOU BRING
THEM INTO THE FBI OR
A GOVERNMENT AGENCY OR COMPANY,
AND YOU CAN OVER SEVERAL YEARS
DEVELOP THEM--THAT SOUNDS PRETTY
LEISURELY NOWADAYS. YOU KNOW, WE
NEED PEOPLE WITH MORE HANDS-ON
SKILLS, MORE DIRECTLY
READY TO GO...
>> TO RAMP UP FASTER,
WAY FASTER, YES.
>> EXACTLY, AND TO BE MORE
CONSCIOUS OF THIS,
THE DYNAMICS OF A CONSTANTLY
CHANGING ENVIRONMENT, RIGHT?
SO I WOULD SAY, IT DOESN'T
MATTER WHAT CREDENTIALS YOU
HAVE. IT'S YOUR ABILITY TO LEARN
NEW SKILLS IS WHAT MAKES
THE DIFFERENCE BETWEEN A GOOD
EMPLOYEE AND A GREAT EMPLOYEE
FOR THE FUTURE.
>> BUT THEN YOU CAN'T ALL
REPLACE--IF SOMEBODY NEEDS
A SECURITY CLEARANCE, THAT'S
WHAT THEY NEED. AND YOU JUST
HAVE TO HAVE IT. AND NOW, OF
COURSE, THERE'S BEEN SUCH
A DEARTH OF RIGHT NOW.
WHAT DO YOU FIND, TONY, IN
TERMS OF FOR YOUR COMPANY, WHAT
ARE YOU FINDING, SHAWN, IN
WHAT TONY JUST SAID?
>> I TAKE IT TO ANOTHER STEP.
ABSOLUTELY, IN TERMS OF THE
WORK FORCE, WE'VE GOT TO HAVE
PEOPLE WHO ARE ENGINEERS,
MATHEMATICIANS, CRYPTOGRAPHERS.
THEY'VE GOT TO UNDERSTAND
THE TECHNOLOGY. THAT'S CRITICAL.
BUT FROM AN EDUCATION
STANDPOINT, FROM MY PERSPECTIVE,
I'D LIKE TO SEE THE EDUCATION
OF CEOs, CORPORATE EXECUTIVES,
BOARD OF DIRECTORS TO THE THREAT
BECAUSE THE REALITY OF IT IS,
THERE ARE STILL MANY
ORGANIZATIONS THAT AREN'T
PUTTING ENOUGH EMPHASIS ON THIS
ISSUE BECAUSE THEY DON'T
UNDERSTAND THE RISK TO THEIR
COMPANY, AND MOST IMPORTANTLY,
THE IMPACT ON THEIR COMPANY.
WE NEED TO TURN THIS INTO
A BUSINESS DECISION FOR THEM SO
THAT THEY UNDERSTAND WHAT
THE COSTS ARE TRULY TO THEIR
ORGANIZATION SO THAT THEY INVEST
BOTH THEIR RESOURCES AND THEIR
FUNDING INTO THIS SPACE.
>> AND I THINK THAT YOU'RE NOT
ALONE IN THAT. I MEAN, THE
INDUSTRY IN GENERAL SEEMS TO
RECOGNIZE THAT. I MEAN, GENERAL
ALEXANDER HAS BEEN MAKING THE
TOURS. HE WAS AT NVTC.
HE'S GOING TO BE AT AFCEA.
THEY'RE HAVING MANY
CYBER SECURITY FOCUSES. WHAT DO
YOU SEE? BECAUSE I KNOW YOU HAVE
THE SAME THING AND YOU HAVE THE
SAME DIFFICULTIES IN EMPLOYING
PEOPLE.
>> YEAH. I THINK WE DO NEED TO
SHIFT SOME OF THE EMPHASIS ON
EDUCATION. SO WE'RE SPENDING FAR
TOO MUCH ATTENTION TO WHAT I
WOULD CALL THE NIGHT WATCHMEN,
THE PEOPLE THAT IN ANOTHER
TIME WERE WATCHING CAMERAS
FOR BAD GUYS,
AND TODAY THEY'RE WATCHING
NETWORKS FOR BAD BITS. AND IT
DOESN'T MAKE ANY SENSE. I AGREE
WITH SHAWN THAT WE NEED
EXECUTIVE EDUCATION ABOUT THE
THREAT. WE ALSO NEED VISION.
HOW DO WE SOLVE THIS PROBLEM?
THAT COMES FROM LEADERSHIP THAT
UNDERSTANDS THE THREAT BUT ALSO
CAN CREATE A VISION FOR HOW TO
SOLVE IT. THE OTHER KEY POINT
IS, WE NEED TECHNOLOGY
INNOVATION. THAT'S THE ONE THING
OUR COUNTRY IS BETTER AT THAN
ANY OTHER COUNTRY...
>> AND HAS ALWAYS BEEN
HISTORICALLY. YES, YES...
>> HISTORICALLY HAS BEEN VERY
GOOD AT. SO WE'VE GOT TO GET OUT
OF SAYING, "WE CAN'T SOLVE THIS
PROBLEM," AND GETTING BACK TO
TECHNOLOGY INNOVATION. WE NEED
TO TRAIN MORE ENGINEERS,
GETTING BACK TO THE STEM. MORE
ENGINEERS. THE LEADERS WHO
DEVELOPED SILICON VALLEY, WE
NEED THAT SORT OF LEADERSHIP TO
DEVELOP TECHNOLOGIES THAT
ACTUALLY SOLVE THIS PROBLEM
IN A MEANINGFUL WAY.
>> AND THAT GOES BACK TO WHAT
TONY WAS SAYING ABOUT DIFFERENT
AGENCIES. IT'S NOT JUST DHS.
IT'S INS BECAUSE WE NEED TO HAVE
THOSE SORT OF RESOURCES. AND IF
WE CAN'T, WE'RE NOT GONNA BE
ABLE TO HAVE ANY VISION IF THE
CEOs DON'T KNOW WHAT'S GOING ON
TO EDUCATE THEM. SO IT'S SORT OF
INTEGRATED, EVERYTHING THAT
YOU'RE SAYING. EVERY SINGLE
PERSON'S SAYING THE SAME THING
BUT AT DIFFERENT LEVELS.
>> EXACTLY. I WANT TO SAY
THAT IT'S THINKING OF BEYOND
SORT OF TEACHING OF
THE CYBER SECURITY PART OF IT.
THIS IS FUNDAMENTAL TO THE
FUTURE OF OUR ECONOMY, THE BASIS
OF OUR SOCIETY. YOU KNOW, THE
WAY BUSINESSES WILL OPERATE AND
THE WAY THEY PERCEIVE RISK. AND
SO THERE IS A CHALLENGE HERE IN
THINKING ABOUT IT. BUT, ALSO,
I THINK FROM THE TECHNICAL
SIDE--THOSE OF US THAT GREW UP
IN THE TECHNICAL BUSINESS--WE
ALSO HAVE TO LEARN TO THINK OF
OUR WORK DIFFERENTLY, RIGHT?
REFRAME IT. YOU KNOW, WE'RE NOT
GOING TO TRAIN CEOs TO BE
TECHNOLOGISTS AT THE SAME LEVEL
LIKE ANUP IS.
>> AND THEY DON'T NEED TO BE.
BUT THEY NEED TO JUST SEE--
THEY NEED TO UNDERSTAND EXACTLY
WHAT SHAWN WAS SAYING.
>> THEN REFRAMING THE WAY WE
THINK OF THIS PROBLEM, SORT OF
REFRAMING THE TECHNICAL ISSUES
IN A MANNER THAT RESONATES, THAT
HELPS CLARIFY THE IMPACT AND THE
CONSEQUENCE TO BUSINESS ISSUES
IS REALLY, I THINK,
AN UNDERSERVED PART OF
THE DISCUSSION.
>> SO HERE'S AN EXIT QUESTION.
WHAT ABOUT WHAT GOVERNMENT IS
DOING WITH INDUSTRY, THAT,
IS GOVERNMENT GOING TO START
GETTING DESPERATE FOR THE
SECURITY CLEARANCES AND THE KIND
OF PEOPLE THAT WE NEED?
AND WHEN YOU TALKED ABOUT
THE STEALING OF TALENT, IS THAT
GOING TO BE--ALMOST LIKE
AN INTERNAL WARFARE WITH
THE TALENT WARFARE NATIONALLY,
OR IS THAT HAPPENING ALREADY?
>> SO WHAT WE NEED GOVERNMENT TO
DO IS GET BACK TO THE BUSINESS
OF LEADING BY EXAMPLE INSTEAD OF
MANDATING BY LEGISLATION, ALL
RIGHT? SO I'LL GIVE AN EXAMPLE.
IF YOU THINK BACK TO THE EARLY
1970s AND THE AUTOMOTIVE
INDUSTRY, ACCIDENTS, EVEN AT LOW
SPEED, WERE CAUSING CATASTROPHIC
LOSS OF LIFE, RIGHT?
THE GOVERNMENT WORKING WITH
INDUSTRY SAID, "HEY, WE NEED TO
ENGINEER VEHICLES TO RESIST
CRASHES FROM CATASTROPHIC
DAMAGES, RIGHT?"
>> RIGHT.
>> SO THE WHOLE AUTOMOTIVE
INDUSTRY MOVED IN THE DIRECTION
OF SEATBELTS MANDATED
BY STATE LAWS...
>> BUT GOVERNMENT LED THAT
BECAUSE THE INDUSTRY DID NOT
INITIATE THAT. DIDN'T WANT IT
INITIALLY. YEAH.
>> YEAH. THAT'S RIGHT. BUT IT
CAME BACK TO ENGINEERING SAFER
CARS. WELL, WE NEED TO ENGINEER
MORE RESILIENT SYSTEMS, RIGHT,
THAN CAN TAKE HITS BUT ALSO
CONTINUE TO FUNCTION SO THAT
BUSINESS STAYS ALIVE. AND CEOs
UNDERSTAND THAT. THEY UNDERSTAND
THEY WILL TAKE HITS. YOU CAN'T
PRETEND LIKE YOU'RE NOT GOING TO
HAVE VULNERABILITIES. BUT YOU
NEED TO ENGINEER YOUR SYSTEM SO
THAT WHEN YOU TAKE HITS, YOU CAN
ABSORB THEM, YOU CAN DEFLECT
THEM, AND YOU CAN CONTINUE TO
OPERATE. AND THAT'S ENGINEERING,
THAT'S LEADERSHIP.
>> LEADERSHIP. AND THAT'S WHAT
SHAWN WAS SAYING, THAT THEY
WON'T EVEN BE ABLE TO DO THAT IF
THEY DON'T KNOW WHAT THE
THREATS ARE.
>> THE LEADER SETS THE PACE FOR
THE REST OF THE PACK. THAT'S
VERY CLEAR. IF THE LEADER TAKES
IT SERIOUSLY, THE ORGANIZATION'S
GOING TO TAKE IT SERIOUSLY.
BUT I THINK LEADERS NEED TO
UNDERSTAND, IT'S NOT JUST
A TECHNICAL PROBLEM, RIGHT?
THIS IS NOT THE CIO's PROBLEM
OR THE CISO's PROBLEM.
>> WHICH HISTORICALLY IT WAS
THOUGHT OF.
>> ALWAYS. IT'S ONES AND ZEROS.
"THAT'S NOT ME. THAT'S THEM."
LEADERS NEED TO SEE THIS AS
A BUSINESS DECISION--IMPACT
AND RISK--AND ASSESS IT LIKE
THEY DO EVERY RISK TO THEIR
ORGANIZATION. AND THEY NEED TO
HAVE THE GENERAL COUNSEL AND THE
COO AND THE CHIEF FINANCIAL
OFFICER. BECAUSE THEY ALL OWN
THE DATA, THEY ALL WILL SUFFER
FROM THIS RISK AND THIS IMPACT.
THEY ALL NEED TO BE INVOLVED.
>> SO KEY SOLUTIONS, AS YOU MAY
WELL KNOW IF YOU'RE A FREQUENT
VIEWER, IS THE FORCE BEHIND
THIS PROGRAM, PROVIDING
STRATEGY, CAPTURE, AND PROPOSAL
SUPPORT SERVICES. SO WE ALWAYS
LIKE TO ASK OUR GUESTS,
WHAT DO YOU VIEW IS THE KEY
TO WINNING? AND, OF COURSE,
THIS MORNING SINCE YOU'RE SENIOR
EXECUTIVES FROM, FORMERLY, NSA,
THE FBI, AND ALSO DARPA, WE
THINK YOU HAVE PHENOMENAL
INSIGHTS NOT JUST FROM WHAT
YOU'RE DOING TODAY BUT FROM YOUR
PREVIOUS ROLES. SO, ANUP, I
SHALL START WITH YOU. YOU WERE
AT DARPA. YOU KNEW WHAT IT TOOK
WHEN YOU WERE AT DARPA FOR
A SMALL GOVERNMENT CONTRACTOR,
OR EVEN A MAJOR GOVERNMENT
CONTRACTOR, TO WORK WITH DARPA.
WHAT DID YOU SEE THEN AND WHAT
DO YOU DO NOW THAT ARE YOUR KEYS
TO WINNING?
>> YEAH. JUST TO TIE TOGETHER,
HILARY, SOME OF OUR PREVIOUS
CONVERSATIONS, IT GETS BACK TO
TECHNOLOGY INNOVATION, RIGHT?
THERE IS NO DOUBT THAT CYBER
SECURITY IS RICH WITH REALLY
HARD PROBLEMS, AND THERE'S NO
DOUBT THAT OUR COUNTRY AND OUR
PEOPLE HAVE SKILLS AND
CAPABILITIES TO SOLVE THESE
PROBLEMS. SO AT DARPA, WHAT WE
USED TO DO--AND WHAT DARPA
CONTINUES TO DO--IS FUND
INNOVATION. SO TO SUCCEED AT
DARPA, DON'T BRING IN YOUR
BUSINESS DEVELOPMENT GUY IN
A FANCY SUIT. BRING IN YOUR
BEST TECHNICAL PEOPLE. PRESENT
YOUR BEST IDEAS. AND IF IT'S
A GOOD IDEA AND YOU HAVE A PLAN
AND CAPABILITIES TO EXECUTE,
DARPA WILL FUND IT.
>> YEAH. THAT'S WHAT YOU NEED.
YOU REALLY WANT TO HEAR THE
SUBSTANCE OF WHAT IS THERE...
>> BEST IDEAS.
>> THE REAL SUBSTANCE YOU WANT
TO HEAR FROM. AND WHAT DO YOU
THINK, TONY? WHAT WAS IT LIKE AT
NSA WHEN PEOPLE WOULD COME TO
YOU WITH AN IDEA AND A CONCEPT?
WHAT IS THE BEST WAY FOR OUR
VIEWERS TO APPROACH
RIGHT NOW NSA?
>> YEAH. I THINK ANY EXECUTIVE
IN THESE KINDS OF BUSINESSES, IN
GOVERNMENT IS FLOODED WITH
THESE REQUESTS. "CAN WE JUST GET
AN HOUR OF YOUR TIME AND BRING
OUR PowerPoint," AND ALL THAT.
AND THAT ALMOST NEVER WORKS.
>> RIGHT.
>> SO MY ADVICE TO VENDOR
FRIENDS AND NEW ACQUAINTANCES
WAS AROUND A COUPLE OF TOPICS.
ONE IS, MAKE SURE THAT YOU KNOW
WHO YOUR COMPETITION IS. ANY
VENDOR THAT TOLD ME THEY HAVE
NO COMPETITION WAS IMMEDIATELY
SUSPECT. YOU KNOW, BECAUSE EVEN
IF YOU DON'T, PEOPLE BELIEVE YOU
DO. SO YOU MIGHT BE REPLACING
OR BYPASSING A DIFFERENT
PROBLEM, BUT YOU SHOW THAT YOU
UNDERSTAND WHERE YOU KIND OF FIT
IN THE PROBLEM THAT YOU'RE
TRYING TO SOLVE AND THE OTHER
APPROACHES THAT PEOPLE HAVE
TAKEN TO TRY AND SOLVE THAT
PROBLEM. AND A LOT OF FOLKS
DID NOT REALLY SEEM TO
UNDERSTAND THAT PART OF--THAT
WAS NOT PART OF THEIR PITCH. AND
I WAS ALWAYS LOOKING FOR THAT.
>> WELL, THEN YOU CAN
DIFFERENTIATE YOURSELF, TOO,
WHEN YOU KNOW YOUR COMPETITION.
IF YOU'RE A DIFFERENTIATOR AS
WELL. YES.
>> EXACTLY. YOU KNOW, BECAUSE
THE UPSIDE TO BEING IN THIS
POSITION IS YOU SEE HUNDREDS OF
THESE THINGS. SO YOU HAVE KIND
OF A SENSE OF WHAT'S AVAILABLE.
THE SECOND WAS ABOUT MAKING SURE
EVERY VENDOR KNOWS, NO MATTER
HOW GOOD YOUR TECHNOLOGY OR YOUR
TOOL OR WHATEVER, YOU WILL NOT
BE THE ONLY VENDOR IN MY SPACE.
AND THEREFORE I HAVE TO
UNDERSTAND HOW I WOULD TAKE WHAT
YOU'RE DOING, INTEGRATE IT IN TO
A COMPLEX OPERATIONAL
ENVIRONMENT IS. AND IT'S NOT HOW
COOL THE TOOL IS, IT'S HOW DO I
USE THAT? AND IF I HAVE TO
ABSORB LOTS OF COSTS TO MAKE IT
PART OF MY ENVIRONMENT, IT MIGHT
NOT BE WORTH IT. IN FACT, IT
PROBABLY ISN'T.
>> PROBABLY ISN'T. AND THEN
QUICKLY, JUST AN ANSWER FROM
YOU, SHAWN.
>> I THINK JUST BUILDING ON WHAT
ANUP AND TONY SAID, IT'S ALL
ABOUT SOLVING A PROBLEM. WHAT
ARE THE SOLUTIONS? HOW DO YOU
SOLVE THE PROBLEMS? YOU REALLY
GOT TO UNDERSTAND WHAT THE
ISSUES ARE AND BRING THAT
TO BEAR.
>> SUPER. THANK YOU. AND THANK
YOU, GENTLEMEN, FOR BEING HERE.
THIS MORNING, EACH TIME WE ENTER
INTO A DISCUSSION ABOUT CYBER
SECURITY, OR, AS SOME WOULD SAY,
CYBER WARFARE, WE'RE REMINDED OF
WHAT A CRITICAL MISSION THIS
WORK IS IN ALLOWING US TO
MAINTAIN THE QUALITY OF LIFE AND
THE VALUES THAT WE'RE SO DEARLY
HOLDING CLOSE TO US AND
TREASURE. MEETING THESE
CHALLENGES IS NO SMALL TASK. AND
WE'RE BLESSED TO HAVE HAD SUCH
SMART AND DEDICATED PEOPLE
MEETING THESE HEAD-ON THREATS
THIS MORNING. IT'S BEEN OUR
PLEASURE TO HAVE SUCH PEOPLE
WITH US TODAY. I'D LIKE TO THANK
ANUP GHOSH OF INVINCEA.
THANK YOU VERY MUCH, ANUP.
TONY SAGER OF THE SANDS
INSTITUTE, THANK YOU, AND,
SHAWN HENRY FROM CrowdStrike
SERVICES.
>> THANKS, HILARY.
>> I'D ALSO LIKE TO THANK
YOU, OUR VIEWERS, FOR ONCE
AGAIN, MAKING
"GOVERNMENT CONTRACTING WEEKLY"
A REGULAR PART OF YOUR WEEK.
AND WE'LL SEE YOU NEXT SUNDAY.
>> YOU'VE BEEN WATCHING
"GOVERNMENT CONTRACTING WEEKLY,"
SPONSORED EACH WEEK BY AOC
KEY SOLUTIONS, INCORPORATED.
"GOVERNMENT CONTRACTING WEEKLY"
IS THE ONLY TELEVISION PROGRAM
DEVOTED EXCLUSIVELY TO
THE COMPETITIVE AND DYNAMIC
WORLD OF GOVERNMENT CONTRACTING.
FOR ADDITIONAL INFORMATION,
COMMENTS, QUESTIONS, OR
SUGGESTIONS, PLEASE WRITE US AT
GOVERNMENTCONTRACTING
WEEKLY.COM.