1
00:00:00,120 --> 00:00:03,040
Speaker 1: So this cloud Flare outage today was a real issue

2
00:00:03,080 --> 00:00:05,760
Speaker 1: for people on Twitter or on Zoom or anybody trying

3
00:00:05,800 --> 00:00:09,639
Speaker 1: to engage in actual commerce. Tony Katz, Tony kats today,

4
00:00:09,720 --> 00:00:12,399
Speaker 1: good to be with you. That's real disruption. And we

5
00:00:12,440 --> 00:00:14,560
Speaker 1: saw a disruption. I want to say it was a

6
00:00:14,600 --> 00:00:17,599
Speaker 1: year ago when Delta went down and all the airports

7
00:00:17,640 --> 00:00:21,280
Speaker 1: had the issues. Well what caused that this time? It's

8
00:00:21,280 --> 00:00:24,520
Speaker 1: a group called cloud Flare where you see this all

9
00:00:24,560 --> 00:00:26,439
Speaker 1: the time. You got to click a little box and

10
00:00:26,520 --> 00:00:29,800
Speaker 1: get to the website. I'm not quite sure what it does.

11
00:00:30,240 --> 00:00:33,120
Speaker 1: I'm not quite sure why everybody needs it, certainly elon

12
00:00:33,200 --> 00:00:36,599
Speaker 1: musk over at X. But every time there's an issue

13
00:00:36,640 --> 00:00:39,800
Speaker 1: like this, you gotta wonder what kind of damage is

14
00:00:39,840 --> 00:00:43,680
Speaker 1: being done, not only to commerce, but to the company.

15
00:00:44,080 --> 00:00:48,000
Speaker 1: Doctor Marcus Rodgers joins me right now, Professor, Associate Dean

16
00:00:48,080 --> 00:00:51,880
Speaker 1: of Faculty in the director of the cyber Forensics Lab

17
00:00:52,120 --> 00:00:56,040
Speaker 1: at Purdue Polytechnic Institute at Purdue University, right here in

18
00:00:56,080 --> 00:00:59,400
Speaker 1: my beloved Indiana, not too far up the road. And sir,

19
00:00:59,640 --> 00:01:01,800
Speaker 1: I think we start with a basic I appreciate taking

20
00:01:01,800 --> 00:01:04,200
Speaker 1: the time. What in the world is cloud flare?

21
00:01:05,200 --> 00:01:08,520
Speaker 2: Cloud flair is a large company, they look after the

22
00:01:08,560 --> 00:01:12,640
Speaker 2: security component, so their main thing is security. So when

23
00:01:12,720 --> 00:01:15,040
Speaker 2: we talk about why all these companies have that is

24
00:01:15,040 --> 00:01:18,520
Speaker 2: because all these companies require security. So they help secure

25
00:01:18,560 --> 00:01:23,040
Speaker 2: these companies from attacks. And as ironic as it sounds,

26
00:01:23,120 --> 00:01:26,880
Speaker 2: they're supposed to protect companies from outages, which in this case,

27
00:01:27,160 --> 00:01:29,399
Speaker 2: they seem to be the one that caused it. So,

28
00:01:29,440 --> 00:01:32,720
Speaker 2: like I said, they're probably one of the largest security

29
00:01:32,760 --> 00:01:36,160
Speaker 2: companies in the world, and pretty much every large company

30
00:01:36,600 --> 00:01:39,560
Speaker 2: has cloud flare in their environment.

31
00:01:39,880 --> 00:01:42,840
Speaker 1: How do I always hear about in the world of

32
00:01:42,880 --> 00:01:46,720
Speaker 1: cyber and the world of tech redundancies and having different

33
00:01:46,720 --> 00:01:49,200
Speaker 1: ways of doing things. Does it make sense that one

34
00:01:49,240 --> 00:01:51,400
Speaker 1: company has so much of the space.

35
00:01:52,280 --> 00:01:54,680
Speaker 2: No, And this is one of the problems that we

36
00:01:54,760 --> 00:01:58,240
Speaker 2: in the security industry warned against way back. You look

37
00:01:58,320 --> 00:02:01,200
Speaker 2: at where we're dealing with what was something called a

38
00:02:01,240 --> 00:02:04,160
Speaker 2: single point of failure problem. Right now, when these large

39
00:02:04,160 --> 00:02:08,840
Speaker 2: companies basically become so big, so ubiquitous that everybody uses

40
00:02:08,880 --> 00:02:11,640
Speaker 2: them and there's no other choices, then you have single

41
00:02:11,639 --> 00:02:14,240
Speaker 2: points of failure. So if that company happens to have

42
00:02:14,280 --> 00:02:17,959
Speaker 2: a problem, then it affects almost everybody. In all the

43
00:02:18,040 --> 00:02:20,800
Speaker 2: largest companies we saw this with Amazon a few weeks

44
00:02:20,800 --> 00:02:24,240
Speaker 2: ago when Amazon Aws went down, because they're the one

45
00:02:24,240 --> 00:02:27,480
Speaker 2: of the largest cloud providers out there, they were a

46
00:02:27,480 --> 00:02:30,600
Speaker 2: single point of failure. So this is now a big issue.

47
00:02:30,720 --> 00:02:32,800
Speaker 2: You really don't have to go out now and attack

48
00:02:33,000 --> 00:02:36,320
Speaker 2: multiple companies to cause problems. You only have to attack

49
00:02:36,400 --> 00:02:39,080
Speaker 2: one of these large single points of failure, and the

50
00:02:39,240 --> 00:02:40,519
Speaker 2: entire Internet's impacted.

51
00:02:41,040 --> 00:02:45,240
Speaker 1: Talking to a doctor Marcus Rogers, Professor associated for Faculty

52
00:02:45,680 --> 00:02:49,720
Speaker 1: and director of the cyber Forensics Lab at Purdue Polytechnic

53
00:02:49,760 --> 00:02:53,880
Speaker 1: Institute at Purdue University, is this the same thing that

54
00:02:53,919 --> 00:02:55,919
Speaker 1: happened to I brought up Delta, which I think was

55
00:02:55,919 --> 00:02:57,840
Speaker 1: about a year ago. Is this the same group or

56
00:02:57,880 --> 00:02:59,840
Speaker 1: was that a different group and same concept?

57
00:03:00,360 --> 00:03:04,720
Speaker 2: Same group? Oh yeah, it's the same group. And again

58
00:03:04,760 --> 00:03:07,480
Speaker 2: because they are literally so big.

59
00:03:08,000 --> 00:03:12,239
Speaker 1: So what is it in this case today with the outage?

60
00:03:12,600 --> 00:03:14,440
Speaker 1: What is it that caused the outage?

61
00:03:14,600 --> 00:03:20,560
Speaker 2: Well, we'll never know for sure. According to coratorial sir, yeah,

62
00:03:20,600 --> 00:03:23,440
Speaker 2: it was it was a single it was They claim

63
00:03:23,480 --> 00:03:28,880
Speaker 2: it was a misconfiguration, which obviously that's the that's the

64
00:03:28,960 --> 00:03:32,200
Speaker 2: excuse that every company has when something happens. They're very

65
00:03:32,240 --> 00:03:34,040
Speaker 2: quick to say that it wasn't an attack from the

66
00:03:34,040 --> 00:03:37,160
Speaker 2: outside that it wasn't anything that was, you know, a

67
00:03:37,600 --> 00:03:40,560
Speaker 2: type of cyber terrorism. They claimed that it was a

68
00:03:40,600 --> 00:03:44,760
Speaker 2: misconfiguration internally, which is what every company says when this happens.

69
00:03:44,800 --> 00:03:46,680
Speaker 2: So this is part of the problem when you're looking

70
00:03:46,720 --> 00:03:49,640
Speaker 2: at it from the outside is we never really know

71
00:03:49,800 --> 00:03:52,520
Speaker 2: what really happened. We only know what the company wants

72
00:03:52,560 --> 00:03:53,360
Speaker 2: the world to hear.

73
00:03:54,040 --> 00:03:57,000
Speaker 1: Are any of these companies, sir? Are any of them

74
00:03:57,080 --> 00:03:59,640
Speaker 1: like subject to for example, when the NFL puts out

75
00:03:59,640 --> 00:04:02,240
Speaker 1: an injured report, right and this person's out and this

76
00:04:02,320 --> 00:04:06,040
Speaker 1: person's injured. If you lie about that stuff, the fines

77
00:04:06,080 --> 00:04:09,640
Speaker 1: are pretty dang severe. Are there Is there anything like

78
00:04:09,720 --> 00:04:12,120
Speaker 1: that that we have in terms of whether it's government

79
00:04:12,200 --> 00:04:14,080
Speaker 1: oversight or something else. I assume it would be government

80
00:04:14,080 --> 00:04:17,240
Speaker 1: oversite that checks in on Wait, did you really not

81
00:04:17,279 --> 00:04:18,000
Speaker 1: get attacked?

82
00:04:18,960 --> 00:04:22,880
Speaker 2: Well, no, especially not in in the US. In the

83
00:04:23,000 --> 00:04:26,160
Speaker 2: EU they have a little bit of a different structure

84
00:04:26,240 --> 00:04:31,520
Speaker 2: for for basically looking at oversight and what they do

85
00:04:31,600 --> 00:04:34,760
Speaker 2: with that. In the US, absolutely not. And I'm not

86
00:04:34,760 --> 00:04:37,039
Speaker 2: saying I wasn't a misconfiguration, but the point is there

87
00:04:37,040 --> 00:04:41,400
Speaker 2: really is no. They really do not have to be

88
00:04:41,520 --> 00:04:44,799
Speaker 2: transparent in what causes because they'll claim there's all kinds

89
00:04:44,800 --> 00:04:47,320
Speaker 2: of issues about intellectual property and things like that. What

90
00:04:47,680 --> 00:04:51,200
Speaker 2: I always find kind of very interesting when these companies

91
00:04:51,240 --> 00:04:55,240
Speaker 2: claim it was a misconfiguration. Well, you're such a large company.

92
00:04:55,240 --> 00:04:59,760
Speaker 2: How could one misconfiguration take everything down? Aren't you supposed

93
00:04:59,800 --> 00:05:02,600
Speaker 2: to have single you know, have redundancy, not have these

94
00:05:02,600 --> 00:05:05,760
Speaker 2: single points. So I'm always a little bit suspicious when oh,

95
00:05:05,839 --> 00:05:09,239
Speaker 2: it was just one line of code, that's like, wow,

96
00:05:09,360 --> 00:05:11,800
Speaker 2: that's not a very good coded program if that's one

97
00:05:11,800 --> 00:05:13,839
Speaker 2: line of code took down the entire Internet.

98
00:05:14,000 --> 00:05:17,400
Speaker 1: Talking to doctor Marcus Rogers, the director of the cyber

99
00:05:17,480 --> 00:05:21,440
Speaker 1: Forensics Lab at Purdue Polytechnic Institute Purdue University. I don't

100
00:05:21,440 --> 00:05:22,800
Speaker 1: know you, so this is the first time we've met,

101
00:05:22,839 --> 00:05:25,400
Speaker 1: first time we're speaking, But I think I'm a pretty

102
00:05:25,400 --> 00:05:31,240
Speaker 1: good read on people. You sound angry, frustrated. Let me

103
00:05:31,360 --> 00:05:33,920
Speaker 1: let me say it this way, like, dear lord, how

104
00:05:33,920 --> 00:05:35,760
Speaker 1: many more of these are we going to witness before

105
00:05:35,800 --> 00:05:39,160
Speaker 1: we do something? So what is your suggestion about what

106
00:05:39,200 --> 00:05:43,320
Speaker 1: it is we as the Internet surfing populace do.

107
00:05:44,200 --> 00:05:47,000
Speaker 2: And this is where we as And I'm not so

108
00:05:47,080 --> 00:05:50,800
Speaker 2: much angry as frustrated, because obviously, you know I'm trying

109
00:05:50,839 --> 00:05:53,080
Speaker 2: to get on board online to do stuff this morning.

110
00:05:53,120 --> 00:05:55,600
Speaker 2: We're trying to do things, and it just impacts everybody.

111
00:05:55,600 --> 00:05:58,880
Speaker 2: So it's more of a frustration. I understand. You know,

112
00:05:59,080 --> 00:06:01,280
Speaker 2: these companies have a business and it's not you know,

113
00:06:01,400 --> 00:06:03,160
Speaker 2: if they want to be monopoly and do that, we

114
00:06:03,320 --> 00:06:05,640
Speaker 2: let them do that. That's that's on us. So we

115
00:06:05,720 --> 00:06:07,919
Speaker 2: as the consumers really don't have a lot of power

116
00:06:07,920 --> 00:06:10,200
Speaker 2: with this. This is really something as much as I

117
00:06:10,279 --> 00:06:13,040
Speaker 2: hate to use the R word, there has to be

118
00:06:13,160 --> 00:06:16,400
Speaker 2: some regulations out there that basically say when this happens,

119
00:06:16,640 --> 00:06:20,320
Speaker 2: there has to be transparency. We cannot allow for one

120
00:06:20,360 --> 00:06:23,719
Speaker 2: company to basically be so large that it takes There's

121
00:06:23,760 --> 00:06:26,360
Speaker 2: got to be some competitional Their competition is healthy, and

122
00:06:26,480 --> 00:06:28,640
Speaker 2: we don't have that right now with the internet.

123
00:06:29,120 --> 00:06:32,040
Speaker 1: The idea of regulations where you step into my world

124
00:06:32,040 --> 00:06:36,480
Speaker 1: in a ways where I have a massive amount of recoil.

125
00:06:37,120 --> 00:06:41,520
Speaker 1: Do you see this as a national security issue or

126
00:06:42,040 --> 00:06:44,640
Speaker 1: I mean, can you see it as a national security issue?

127
00:06:44,880 --> 00:06:47,440
Speaker 1: Or is it much more of a this is just

128
00:06:47,560 --> 00:06:49,000
Speaker 1: bad for business issue.

129
00:06:49,360 --> 00:06:51,680
Speaker 2: It's actually both because I tear right now a lot

130
00:06:51,720 --> 00:06:53,440
Speaker 2: of what you're seeing out there, a lot of what

131
00:06:53,440 --> 00:06:56,839
Speaker 2: we're dealing with. As you know, the regular Joe public,

132
00:06:57,720 --> 00:07:00,000
Speaker 2: our government is in the same boat. It's the same Internet,

133
00:07:00,080 --> 00:07:04,040
Speaker 2: and quite often they are contracting with the exact same companies. Now, yes,

134
00:07:04,240 --> 00:07:07,280
Speaker 2: there are there are some secure networks that the Department

135
00:07:07,320 --> 00:07:09,320
Speaker 2: of Defense have, but for the most part, the government

136
00:07:09,440 --> 00:07:11,080
Speaker 2: is running on the same internet you and I are

137
00:07:11,120 --> 00:07:14,000
Speaker 2: running on. So a outage like this not just only

138
00:07:14,040 --> 00:07:16,840
Speaker 2: affects us to get on Zoom. It can affect basically

139
00:07:16,880 --> 00:07:19,960
Speaker 2: the lawmakers. It can affect the government agencies. It can

140
00:07:20,000 --> 00:07:22,720
Speaker 2: affect we saw that you know, affects the airlines. It

141
00:07:22,720 --> 00:07:25,920
Speaker 2: can affect a lot of our critical infrastructure, and that

142
00:07:26,000 --> 00:07:28,120
Speaker 2: makes it a national security issue.

143
00:07:28,880 --> 00:07:33,560
Speaker 1: Before I let you go, doctor Marcus Rogers, director of

144
00:07:33,560 --> 00:07:38,160
Speaker 1: the cyber Forensics Lab at Purdue Bali Technique Institute there

145
00:07:38,240 --> 00:07:43,120
Speaker 1: at Purdue University. For any smaller groups using cloud fair,

146
00:07:43,120 --> 00:07:46,480
Speaker 1: what's your immediate suggestion cloud Flair? Sorry, what's your immediate suggestion?

147
00:07:47,760 --> 00:07:50,840
Speaker 2: Have some patience because quite often if you're using these

148
00:07:51,040 --> 00:07:53,320
Speaker 2: and to be quote, ninety nine point nine percent of

149
00:07:53,360 --> 00:07:56,440
Speaker 2: the time it is they're not having a problem. It's

150
00:07:56,520 --> 00:07:59,840
Speaker 2: that one percent that causes us all the you know,

151
00:08:00,080 --> 00:08:02,840
Speaker 2: all the anks. So right, now because you really don't

152
00:08:02,880 --> 00:08:05,040
Speaker 2: have a choice. It's not the consumer can go and

153
00:08:05,080 --> 00:08:07,960
Speaker 2: say I don't want to use If whoever your backbone

154
00:08:08,000 --> 00:08:11,080
Speaker 2: is attached to is using cloud Flare, you're using cloud Flare.

155
00:08:11,440 --> 00:08:13,560
Speaker 2: So we really don't have a choice. But like I said,

156
00:08:13,600 --> 00:08:16,760
Speaker 2: it's just a matter of I think, being informed consumers

157
00:08:16,760 --> 00:08:20,960
Speaker 2: and maybe kind of letting our frustration be a little

158
00:08:20,960 --> 00:08:23,960
Speaker 2: bit more evident to the lawmakers that hey, this really

159
00:08:24,000 --> 00:08:26,400
Speaker 2: can't keep going on like this because tear right now,

160
00:08:26,440 --> 00:08:28,520
Speaker 2: this isn't the end of it. We are going to

161
00:08:28,560 --> 00:08:31,040
Speaker 2: see more and more of these single points of failures

162
00:08:31,320 --> 00:08:34,720
Speaker 2: and in the coming years, because we're hitting a almost

163
00:08:34,760 --> 00:08:38,720
Speaker 2: a threshold or a turning point where we have so

164
00:08:38,840 --> 00:08:41,680
Speaker 2: much traffic, we have so much going on, and it's

165
00:08:41,720 --> 00:08:44,800
Speaker 2: so complicated. These things are going to continue to happen

166
00:08:44,880 --> 00:08:46,200
Speaker 2: unless we do something about it.

167
00:08:46,280 --> 00:08:48,360
Speaker 1: Yeah, tipping points, I believe is the word. We're looking

168
00:08:48,400 --> 00:08:51,560
Speaker 1: for it point that is it, Doctor Marcus Rogers. I

169
00:08:51,600 --> 00:08:55,400
Speaker 1: just wanted to be as smart as a professor Line Rogers.

170
00:08:55,440 --> 00:08:57,240
Speaker 1: I appreciate you taking the time to be with us

171
00:08:57,520 --> 00:09:00,040
Speaker 1: more to get to I'm Tony Katz, and this is

172
00:09:00,080 --> 00:09:00,959
Speaker 1: Tony Katz today