1
00:00:00,040 --> 00:00:02,240
Speaker 1: Do you want to be an American idiot?

2
00:00:02,520 --> 00:00:06,240
Speaker 2: Go building one to night? Do you see lost on

3
00:00:06,320 --> 00:00:09,360
Speaker 2: Saturday or won on Saturday? The loss today on the Loss,

4
00:00:09,400 --> 00:00:12,799
Speaker 2: of course, is Jim Kelly Junior passing away at seventy two.

5
00:00:13,280 --> 00:00:14,760
Speaker 1: I've been fighting cancer a long time.

6
00:00:14,800 --> 00:00:17,880
Speaker 2: I was enjoyed listening to Jim along with Dan Horde

7
00:00:17,880 --> 00:00:21,320
Speaker 2: for what the last twenty years as the color analyst

8
00:00:21,600 --> 00:00:25,040
Speaker 2: for the UC Bearcats, and just so sad to hear

9
00:00:25,079 --> 00:00:26,759
Speaker 2: because he's such a good guy. But our thoughts in

10
00:00:26,840 --> 00:00:28,600
Speaker 2: pairs with that Jim and his family, everyone in the

11
00:00:28,880 --> 00:00:31,640
Speaker 2: in the Bearcat family as well. Sloane here on seven

12
00:00:31,760 --> 00:00:35,240
Speaker 2: hundred WLW. If you watch the Bengals last night, lose

13
00:00:35,280 --> 00:00:36,360
Speaker 2: but lose in a better way?

14
00:00:36,840 --> 00:00:37,599
Speaker 1: Typic whatt you dose?

15
00:00:37,600 --> 00:00:39,520
Speaker 2: You hang on for a minute before you cut over

16
00:00:39,600 --> 00:00:46,360
Speaker 2: to NBC and watch our boy talk about well last

17
00:00:46,440 --> 00:00:48,479
Speaker 2: night's gale. I didn't say I've watched the whole thing

18
00:00:48,520 --> 00:00:53,640
Speaker 2: in Kansas City wind up winning last night, But you

19
00:00:53,680 --> 00:00:57,000
Speaker 2: watch sixty minutes on CBS and you always catch like

20
00:00:57,040 --> 00:00:58,840
Speaker 2: the first couple of minutes. I thought last night they

21
00:00:58,840 --> 00:01:02,040
Speaker 2: had a fascinating story on about China Our front of me.

22
00:01:02,160 --> 00:01:07,120
Speaker 2: China has infiltrated some two hundred critical infrastructure operations in

23
00:01:07,120 --> 00:01:11,560
Speaker 2: the US water treatment plants, electrical grids, transportation, hospitals, telecommunications.

24
00:01:12,120 --> 00:01:15,560
Speaker 2: Pretty scary stuff that the incursions, these intrusions have been

25
00:01:15,600 --> 00:01:18,040
Speaker 2: going on for a while now and we haven't done

26
00:01:18,080 --> 00:01:20,720
Speaker 2: anything about it. Why because we're getting intel on what

27
00:01:20,760 --> 00:01:24,000
Speaker 2: the Chinese may or may not do as they can

28
00:01:24,160 --> 00:01:27,759
Speaker 2: control some of our critical infrastructure. We've talked about this before,

29
00:01:27,800 --> 00:01:29,600
Speaker 2: but I think when you start to hear two hundred

30
00:01:29,680 --> 00:01:35,680
Speaker 2: or more facilities in America could be under Chinese control

31
00:01:35,880 --> 00:01:38,680
Speaker 2: in a couple of keystrokes, that is a huge wake

32
00:01:38,760 --> 00:01:41,560
Speaker 2: up call, going, what if they're doing this on sixty minutes?

33
00:01:41,760 --> 00:01:43,479
Speaker 2: We know the government's known about it for a while,

34
00:01:43,560 --> 00:01:46,840
Speaker 2: and we're allowing this to continue. And what happens in

35
00:01:46,880 --> 00:01:49,560
Speaker 2: the future on that is that Chris niheis. Chris is

36
00:01:49,560 --> 00:01:53,160
Speaker 2: the CEO of Vigilant Cybersecurity here in Cincinnati. Chris, welcome back,

37
00:01:53,160 --> 00:01:54,880
Speaker 2: are you Hanks?

38
00:01:54,880 --> 00:01:56,280
Speaker 1: Scott? I'm doing great one.

39
00:01:57,080 --> 00:01:59,240
Speaker 2: I'm well till I saw this thing last night after

40
00:01:59,240 --> 00:02:01,920
Speaker 2: football lost. I'm like, well, wait, what's going on here?

41
00:02:01,960 --> 00:02:06,000
Speaker 2: So the idea here is that China is lying dormant

42
00:02:06,040 --> 00:02:08,280
Speaker 2: in two hundred these things, and I think it was

43
00:02:08,320 --> 00:02:10,840
Speaker 2: like a small some small town in Massachusetts.

44
00:02:10,880 --> 00:02:12,920
Speaker 1: I forget where that it turned out.

45
00:02:12,960 --> 00:02:15,800
Speaker 2: The FBI shows up and tells the operator, the guy

46
00:02:15,800 --> 00:02:17,560
Speaker 2: who's in charge of it, Hey, listen, the Chinese have

47
00:02:17,600 --> 00:02:19,760
Speaker 2: taken control of your facility. You don't know that, but

48
00:02:19,800 --> 00:02:23,839
Speaker 2: the Chinese have digital control of your facility. So we

49
00:02:23,880 --> 00:02:26,480
Speaker 2: know that everything now is plug and play, and it's

50
00:02:26,520 --> 00:02:29,880
Speaker 2: the Internet of things, and everything is controlled remotely and electronics.

51
00:02:29,880 --> 00:02:32,040
Speaker 2: And so before we branch off into what they're doing

52
00:02:32,080 --> 00:02:34,160
Speaker 2: and how they're doing it, a water treatment plant, what

53
00:02:34,400 --> 00:02:37,560
Speaker 2: could go wrong if the computers are under control of

54
00:02:37,560 --> 00:02:39,040
Speaker 2: the Chinese and a water treatment.

55
00:02:38,760 --> 00:02:44,640
Speaker 3: Plant rights the Littleton, Massachusetts, and a lot can go wrong. Actually,

56
00:02:44,720 --> 00:02:48,200
Speaker 3: I mean inside these water treatment plants, you have different

57
00:02:48,320 --> 00:02:51,480
Speaker 3: vats of chemicals. Those chemicals are mixed together in different

58
00:02:51,560 --> 00:02:53,919
Speaker 3: varying levels. You have fluoride, you have all coins of

59
00:02:53,960 --> 00:02:57,520
Speaker 3: different things in there, chlorine, Those are mixed together very

60
00:02:57,560 --> 00:02:59,880
Speaker 3: precisely to make sure that the water that we drain

61
00:03:00,160 --> 00:03:03,519
Speaker 3: is clean, purified, it's refreshed when it gets to us.

62
00:03:04,560 --> 00:03:08,800
Speaker 3: If those systems, or the chemical interactions or even just

63
00:03:08,880 --> 00:03:11,840
Speaker 3: the mounts, the measurements are put into water differently.

64
00:03:12,639 --> 00:03:13,560
Speaker 1: It could be catastrophic.

65
00:03:14,080 --> 00:03:17,440
Speaker 3: It can make our water undrinkable, untenable, it could be

66
00:03:17,600 --> 00:03:20,000
Speaker 3: it could make poisonous.

67
00:03:19,800 --> 00:03:20,799
Speaker 1: There's there's a lot.

68
00:03:20,680 --> 00:03:24,320
Speaker 3: Of different things that can happen inside a water treatment plant.

69
00:03:24,400 --> 00:03:26,440
Speaker 2: And that's just a small time. But imagine the masses

70
00:03:26,440 --> 00:03:27,840
Speaker 2: steria of a town of I don't know if that

71
00:03:27,960 --> 00:03:31,160
Speaker 2: ten twenty thousand people, if all of a sudden, your

72
00:03:31,160 --> 00:03:33,640
Speaker 2: water's poisonous, and we would know it because they program

73
00:03:33,680 --> 00:03:35,880
Speaker 2: everything to make it look like the tests are fine.

74
00:03:36,320 --> 00:03:38,400
Speaker 2: I don't know if they do physical manual tests and

75
00:03:38,400 --> 00:03:40,040
Speaker 2: how often they do that. I don't know the workings

76
00:03:40,080 --> 00:03:42,760
Speaker 2: of water treatment BLA. I would think so that somebody's going, hey,

77
00:03:42,800 --> 00:03:44,480
Speaker 2: there's something with the right but it'd be too late

78
00:03:44,520 --> 00:03:46,200
Speaker 2: for some people who are drinking poison water.

79
00:03:47,480 --> 00:03:48,400
Speaker 1: That would be way too late.

80
00:03:48,440 --> 00:03:51,200
Speaker 3: And then the problem with the two is, I mean,

81
00:03:51,240 --> 00:03:52,720
Speaker 3: if you look at the way water works. We pump

82
00:03:52,800 --> 00:03:55,640
Speaker 3: water into our water towers, that creates water pressure into

83
00:03:55,720 --> 00:03:59,839
Speaker 3: our cities, but you'd have the entire system would be contaminated.

84
00:04:00,080 --> 00:04:02,480
Speaker 3: And you know, it just makes even if even if

85
00:04:02,480 --> 00:04:05,160
Speaker 3: no one drank it, even if the system was contaminated,

86
00:04:05,160 --> 00:04:07,400
Speaker 3: you have you have a major problem. And to your point,

87
00:04:07,440 --> 00:04:10,000
Speaker 3: you know they're doing so much automation now, Uh, you

88
00:04:10,040 --> 00:04:13,560
Speaker 3: know all all of the chemical you know, the chemical measurements,

89
00:04:13,560 --> 00:04:15,040
Speaker 3: the purification, it's.

90
00:04:14,880 --> 00:04:16,800
Speaker 1: All, it's all automated. Uh.

91
00:04:16,920 --> 00:04:19,760
Speaker 3: The testing is mostly automated. They do spot checks and

92
00:04:19,800 --> 00:04:22,160
Speaker 3: things like that. But there's sensors throughout the entire line

93
00:04:22,640 --> 00:04:26,960
Speaker 3: that determine tempature. It determines, uh, if there's different chemicals.

94
00:04:26,960 --> 00:04:30,479
Speaker 3: I mean, you've even seen recently where they can see

95
00:04:30,480 --> 00:04:34,240
Speaker 3: if COVID is spiking up inside Uh, you know, different

96
00:04:34,279 --> 00:04:37,359
Speaker 3: cities because of what's coming in to the waste treatment plants.

97
00:04:37,440 --> 00:04:39,880
Speaker 3: So there's there's a lot of different sensors there. But

98
00:04:39,880 --> 00:04:44,360
Speaker 3: but like you said, those sensors can be modified so

99
00:04:44,440 --> 00:04:47,640
Speaker 3: that that way it gives incorrect information and then people

100
00:04:47,680 --> 00:04:48,160
Speaker 3: don't know.

101
00:04:48,400 --> 00:04:50,840
Speaker 1: You know, the monitors aren't going to trigger off that something.

102
00:04:51,400 --> 00:04:53,560
Speaker 2: You can make boiling water look like it's freezing water

103
00:04:53,880 --> 00:04:55,760
Speaker 2: based on what the what the what the sensors on

104
00:04:55,839 --> 00:04:57,680
Speaker 2: and reprogram all that stuff, and no one or know

105
00:04:57,760 --> 00:04:59,680
Speaker 2: until that's all sadly too late and you gotta shut

106
00:04:59,680 --> 00:05:01,640
Speaker 2: them and I don't figure out what's happening. And that's

107
00:05:01,680 --> 00:05:05,400
Speaker 2: just in one small town in Massachusetts, and then there's

108
00:05:05,400 --> 00:05:07,880
Speaker 2: at least one hundred ninety nine others and other water

109
00:05:07,920 --> 00:05:11,080
Speaker 2: treatment plants, but electrical goods, transportation, hospitals, all these things

110
00:05:11,120 --> 00:05:14,159
Speaker 2: I mentioned. And what's interesting about it is there they

111
00:05:14,200 --> 00:05:16,760
Speaker 2: said there's about two hundred that they've identified since twenty

112
00:05:16,800 --> 00:05:19,560
Speaker 2: twenty three. I suspect, like anything, the two hundred the

113
00:05:19,600 --> 00:05:21,160
Speaker 2: most obvious ones. How many more do you think I

114
00:05:21,160 --> 00:05:21,680
Speaker 2: are out there?

115
00:05:22,839 --> 00:05:23,000
Speaker 1: Oh?

116
00:05:23,240 --> 00:05:27,200
Speaker 3: I would say in every critical city, we work a

117
00:05:27,240 --> 00:05:30,720
Speaker 3: lot in critical infrastructure. A lot of my background is

118
00:05:30,760 --> 00:05:35,000
Speaker 3: in critical infrastructure. And you know, even back in the

119
00:05:35,080 --> 00:05:39,720
Speaker 3: early two thousands, I was working with COMMONI control systems

120
00:05:39,880 --> 00:05:43,280
Speaker 3: and you could see that those systems were trying to

121
00:05:43,320 --> 00:05:43,799
Speaker 3: be attacked.

122
00:05:43,800 --> 00:05:45,120
Speaker 1: And I would say.

123
00:05:45,040 --> 00:05:46,960
Speaker 3: That was my wake up call, that you know, that

124
00:05:47,040 --> 00:05:49,279
Speaker 3: wake up call. But at the moment I realized how

125
00:05:49,839 --> 00:05:54,520
Speaker 3: evil this could be because in those situations, what we

126
00:05:54,520 --> 00:05:57,840
Speaker 3: were seeing is someone attacking back then our Windows ninety

127
00:05:57,839 --> 00:06:00,960
Speaker 3: five systems, and they were back in these really old

128
00:06:01,000 --> 00:06:03,160
Speaker 3: operating system it was, you know, not old at the time,

129
00:06:03,480 --> 00:06:06,919
Speaker 3: but these systems were connected to these valves that could

130
00:06:07,160 --> 00:06:09,400
Speaker 3: you know, from the system, you could open a valve

131
00:06:09,560 --> 00:06:10,880
Speaker 3: and it would be a release valve. And you could

132
00:06:10,880 --> 00:06:14,000
Speaker 3: release ammonia or an ammonia actually can melt people's lungs.

133
00:06:14,000 --> 00:06:16,720
Speaker 3: So you know, when I saw that happen, like whoa

134
00:06:16,800 --> 00:06:18,640
Speaker 3: wait a second. And that's what really made me get

135
00:06:18,640 --> 00:06:23,000
Speaker 3: into this industry because for me, it's about making sure

136
00:06:23,040 --> 00:06:25,720
Speaker 3: that we protect the United States right, and one of

137
00:06:25,760 --> 00:06:27,440
Speaker 3: the things we have to be really aware of is

138
00:06:27,480 --> 00:06:29,080
Speaker 3: that we're not doing a great job of it because

139
00:06:29,120 --> 00:06:30,760
Speaker 3: they're everywhere so well.

140
00:06:30,800 --> 00:06:33,680
Speaker 2: The problem is this, right, we have decentralaw Unlike China,

141
00:06:33,760 --> 00:06:37,240
Speaker 2: everything's centralized in China. Here it's decentralized. So you've got

142
00:06:37,240 --> 00:06:39,760
Speaker 2: small municipalities, and I'm guessing that a lot of these

143
00:06:39,760 --> 00:06:42,640
Speaker 2: two hundred chris are small municipalities that don't have the budget.

144
00:06:43,800 --> 00:06:45,719
Speaker 2: And you know, fifty grand to them may not be

145
00:06:45,760 --> 00:06:47,640
Speaker 2: a lot to the state of Ohio or the United

146
00:06:47,640 --> 00:06:50,720
Speaker 2: States of America, but fifty grand to a small community

147
00:06:50,800 --> 00:06:52,560
Speaker 2: is a lot of money. That's what it costs us

148
00:06:52,600 --> 00:06:56,799
Speaker 2: one small town to redo all their infrastructure to essentially

149
00:06:57,839 --> 00:07:01,960
Speaker 2: make what the Chinese did moot. And on top of that,

150
00:07:02,040 --> 00:07:05,240
Speaker 2: you know, paying for new equipment and getting taxpayers to

151
00:07:05,240 --> 00:07:07,880
Speaker 2: put the money for the latest and greatest servers and

152
00:07:07,960 --> 00:07:10,560
Speaker 2: technology isn't always an easy sell. People don't make that

153
00:07:10,600 --> 00:07:12,720
Speaker 2: connection until while it's too late. We don't want to

154
00:07:12,760 --> 00:07:14,480
Speaker 2: spend that time. Why are we spending more money? We

155
00:07:14,560 --> 00:07:17,600
Speaker 2: just updated these computers and our systems have been updated,

156
00:07:17,600 --> 00:07:19,160
Speaker 2: and we don't need to do that anyway. Why are

157
00:07:19,160 --> 00:07:22,000
Speaker 2: we spending so much on people, like, for example, the

158
00:07:22,120 --> 00:07:25,520
Speaker 2: contract with Vigilant Cybersecurity. I mean, that's a huge cost

159
00:07:25,560 --> 00:07:28,559
Speaker 2: item right there, and so we tend to cut away

160
00:07:28,640 --> 00:07:30,800
Speaker 2: all of that help and all those people in safety

161
00:07:30,800 --> 00:07:33,200
Speaker 2: Net and then something like this happens and we want

162
00:07:33,200 --> 00:07:33,560
Speaker 2: more of it.

163
00:07:33,640 --> 00:07:33,840
Speaker 1: Right.

164
00:07:35,280 --> 00:07:38,440
Speaker 3: Well, see, here's the problem is that I'll make some

165
00:07:38,480 --> 00:07:42,120
Speaker 3: bold statements here. You know, we talked about before you

166
00:07:42,200 --> 00:07:45,880
Speaker 3: got to wonder you know why. You know, like the

167
00:07:45,960 --> 00:07:48,680
Speaker 3: average time it takes to detect the threat U Riising

168
00:07:48,720 --> 00:07:50,480
Speaker 3: comes out with report every year. It's a great report.

169
00:07:50,880 --> 00:07:53,880
Speaker 3: But the average time it takes the detective threat today

170
00:07:54,000 --> 00:07:56,800
Speaker 3: someone comes into your environment. The average time it takes

171
00:07:56,800 --> 00:08:00,800
Speaker 3: for most cybersecurity technologies, right, this is the average, right,

172
00:08:01,480 --> 00:08:03,400
Speaker 3: two and eighty seven days.

173
00:08:03,600 --> 00:08:03,720
Speaker 1: Right.

174
00:08:04,160 --> 00:08:07,040
Speaker 3: And so the biggest problem is that a lot of

175
00:08:07,080 --> 00:08:11,040
Speaker 3: companies are buying technology that seems to work because it's

176
00:08:11,040 --> 00:08:13,520
Speaker 3: a brand name we're a big no name, but it

177
00:08:13,560 --> 00:08:16,920
Speaker 3: doesn't actually do what it's supposed to, and so you

178
00:08:17,040 --> 00:08:20,160
Speaker 3: end up with the attackers and these environments that are

179
00:08:20,160 --> 00:08:22,920
Speaker 3: there forever, and what they really want to do in

180
00:08:22,960 --> 00:08:26,760
Speaker 3: any warfare scenario is they want persistence. So what happens

181
00:08:26,840 --> 00:08:30,520
Speaker 3: is these attackers come in, they trigger an event so

182
00:08:30,560 --> 00:08:33,200
Speaker 3: that your security systems see it, you go do an

183
00:08:33,200 --> 00:08:36,560
Speaker 3: instant response. But what they're really doing is they're embedding

184
00:08:36,559 --> 00:08:41,840
Speaker 3: themselves for persistence for later while they're triggering a fake incident,

185
00:08:41,920 --> 00:08:44,720
Speaker 3: right or a real incident that you go work. The

186
00:08:44,800 --> 00:08:51,280
Speaker 3: second problem is that companies, you know, use their security technologies.

187
00:08:50,679 --> 00:08:53,160
Speaker 1: That they use as badges, and the security companies that

188
00:08:53,240 --> 00:08:55,400
Speaker 1: work with them also use them as badges.

189
00:08:55,880 --> 00:08:58,679
Speaker 3: So what I mean by that is, you know, they'll

190
00:08:58,679 --> 00:09:02,000
Speaker 3: put their logos up on their Webb site, they'll you know,

191
00:09:02,080 --> 00:09:02,959
Speaker 3: the security.

192
00:09:02,559 --> 00:09:04,960
Speaker 1: Providers will do that. So that tells you the hacker.

193
00:09:04,880 --> 00:09:08,360
Speaker 3: Exactly what technology is used. And then the third thing

194
00:09:09,240 --> 00:09:13,679
Speaker 3: that happens, especially in these municipalities, is when they're buying things,

195
00:09:14,200 --> 00:09:19,520
Speaker 3: they're buying things under committee or approval with their cities municipalities,

196
00:09:20,200 --> 00:09:22,920
Speaker 3: and so those are all open meetings. And so if

197
00:09:22,960 --> 00:09:25,960
Speaker 3: I'm a Chinese threat actor, I can come in, I

198
00:09:26,000 --> 00:09:28,400
Speaker 3: can know exactly. I mean, in the state of California, you.

199
00:09:28,360 --> 00:09:30,240
Speaker 1: Can go out. There's a law that requires them to

200
00:09:30,240 --> 00:09:30,480
Speaker 1: do this.

201
00:09:31,280 --> 00:09:34,960
Speaker 3: It lists everything any city, every single technology they buy

202
00:09:35,040 --> 00:09:37,600
Speaker 3: was from a cyber standpoint, is on a list, so

203
00:09:37,640 --> 00:09:40,520
Speaker 3: they can an attacker can easily go to water treatment

204
00:09:40,559 --> 00:09:43,360
Speaker 3: plant see exactly what they use, and they just they.

205
00:09:43,360 --> 00:09:46,360
Speaker 1: Just know how tottack them. So you wrap all that up.

206
00:09:46,400 --> 00:09:49,960
Speaker 3: And I think here in the United States we don't

207
00:09:50,040 --> 00:09:55,040
Speaker 3: understand warfare in the private sector very well. And in

208
00:09:55,120 --> 00:09:59,520
Speaker 3: China they do, and in Russia they do. Outside US

209
00:09:59,640 --> 00:10:03,560
Speaker 3: they do. We just don't understand it here because we

210
00:10:03,960 --> 00:10:09,240
Speaker 3: you as citizens, are so comfortable with not interfacing with evil, right, well.

211
00:10:09,120 --> 00:10:12,040
Speaker 2: Because we are commerce right and some small businesses. We're

212
00:10:12,080 --> 00:10:14,320
Speaker 2: business people, so we understand that. We don't see that.

213
00:10:14,360 --> 00:10:17,200
Speaker 2: As you know, there's competition, but not in the arena

214
00:10:17,240 --> 00:10:19,760
Speaker 2: that the Chinese do because of that centralization element too.

215
00:10:19,840 --> 00:10:23,079
Speaker 2: And so Chris ninehis is here CEO of vigil and Cybersecurity,

216
00:10:23,120 --> 00:10:25,160
Speaker 2: in the sixty minutes thing last night, that there's some

217
00:10:25,200 --> 00:10:29,079
Speaker 2: two hundred plus critical infrastructure operations. We're talking electrical, we're

218
00:10:29,080 --> 00:10:32,400
Speaker 2: talking water, treatment plants and the like that essentially are

219
00:10:32,480 --> 00:10:34,640
Speaker 2: under Chinese control. And so what they did is they've

220
00:10:34,679 --> 00:10:38,960
Speaker 2: infiltrated that infrastructure and now they're just laying dormant. They're

221
00:10:39,000 --> 00:10:41,080
Speaker 2: not shutting it down like some I don't know if

222
00:10:41,080 --> 00:10:43,160
Speaker 2: you're if you have malware, which we've talked about before

223
00:10:43,160 --> 00:10:45,160
Speaker 2: in the past, right, you shut them down Cattering Health

224
00:10:45,200 --> 00:10:47,920
Speaker 2: for example, pay me my money and I'll open everything

225
00:10:47,960 --> 00:10:51,480
Speaker 2: back up. Or maybe not, some other actor gets in

226
00:10:51,520 --> 00:10:53,679
Speaker 2: there and just wants to be disruptive and destroy things

227
00:10:53,760 --> 00:10:56,319
Speaker 2: and shut it down and put some sort of political

228
00:10:56,760 --> 00:10:59,319
Speaker 2: or anti state message on whatever it might be. We've

229
00:10:59,320 --> 00:11:02,160
Speaker 2: seen that this is different. They're actually lying in wait.

230
00:11:02,240 --> 00:11:05,560
Speaker 2: It's like a trojan horse. They're watching what you're doing online.

231
00:11:05,559 --> 00:11:07,840
Speaker 2: They're watching the systems that you have in place, and

232
00:11:08,120 --> 00:11:10,280
Speaker 2: in the future if they need to, when they need to,

233
00:11:10,320 --> 00:11:12,559
Speaker 2: when they will, they will strike by doing all the

234
00:11:12,559 --> 00:11:15,439
Speaker 2: stuff we talked about and multiply that by hundreds more.

235
00:11:15,760 --> 00:11:17,760
Speaker 2: And you've got real problems here in America that they're

236
00:11:17,800 --> 00:11:20,599
Speaker 2: sitting there just watching and wait and lying dormant and

237
00:11:20,640 --> 00:11:23,240
Speaker 2: our own infrastructure and most of us have no idea

238
00:11:23,280 --> 00:11:23,760
Speaker 2: they're there.

239
00:11:24,880 --> 00:11:27,320
Speaker 3: Yeah, right, And the reason you know you and you know,

240
00:11:27,360 --> 00:11:29,760
Speaker 3: we don't know all the details of Littleton, but you know,

241
00:11:29,800 --> 00:11:31,920
Speaker 3: we spent fifty thousand dollars to rebuild his network. I

242
00:11:31,960 --> 00:11:34,520
Speaker 3: would say he didn't really He may not have actually

243
00:11:34,520 --> 00:11:37,359
Speaker 3: even had to do that if he had.

244
00:11:37,200 --> 00:11:39,520
Speaker 1: The ability to see what was what.

245
00:11:39,400 --> 00:11:41,520
Speaker 3: Was embedded as in this environment, you don't have to

246
00:11:41,520 --> 00:11:43,320
Speaker 3: swap out all of your systems, but if you don't

247
00:11:43,320 --> 00:11:46,440
Speaker 3: have the ability to see what's there, then you do.

248
00:11:46,520 --> 00:11:47,480
Speaker 1: You have to start all over.

249
00:11:47,760 --> 00:11:50,440
Speaker 3: But the big problem there is he may not know

250
00:11:50,800 --> 00:11:52,400
Speaker 3: how they actually got in, so he may have just

251
00:11:52,440 --> 00:11:54,559
Speaker 3: rebuilt his entire environment. And this happens with a lot

252
00:11:54,559 --> 00:11:56,520
Speaker 3: of companies. I'm not saying that Littleton did this, but

253
00:11:56,880 --> 00:11:59,440
Speaker 3: they'll rebuild their whole environment. They don't know exactly how

254
00:11:59,480 --> 00:12:01,280
Speaker 3: they actor got in, and then they get in again,

255
00:12:01,280 --> 00:12:02,559
Speaker 3: and they just wasted all that money.

256
00:12:03,160 --> 00:12:04,880
Speaker 1: Yeah, you know. And yeah, right.

257
00:12:05,040 --> 00:12:08,160
Speaker 3: The other thing too, Scott, that happens and this is

258
00:12:08,880 --> 00:12:11,320
Speaker 3: this happens with a lot of our power generators. A

259
00:12:11,360 --> 00:12:14,600
Speaker 3: lot of those does come from China. Right, They have

260
00:12:14,640 --> 00:12:17,240
Speaker 3: about you know, the transformers, things like that. They have

261
00:12:17,240 --> 00:12:19,800
Speaker 3: a year and a half way time to get those.

262
00:12:20,640 --> 00:12:23,800
Speaker 3: We've already found you know, when they when those things

263
00:12:23,800 --> 00:12:27,200
Speaker 3: have come in. Not we vigilant, but you know particularly

264
00:12:27,360 --> 00:12:30,280
Speaker 3: but you do. It's government has found that there's malware

265
00:12:30,360 --> 00:12:34,679
Speaker 3: inside the systems already, right, Uh, just straight out, straight

266
00:12:34,760 --> 00:12:35,600
Speaker 3: straight coming over.

267
00:12:35,800 --> 00:12:37,120
Speaker 1: So the thing that.

268
00:12:37,040 --> 00:12:39,680
Speaker 3: We we just have to be a lot more aware

269
00:12:39,720 --> 00:12:44,000
Speaker 3: of is that, uh, you know, we're going down a

270
00:12:44,000 --> 00:12:45,600
Speaker 3: path that we have.

271
00:12:45,520 --> 00:12:48,120
Speaker 1: All these back doors in a critical coming instruction.

272
00:12:48,200 --> 00:12:50,800
Speaker 3: Now I'll say this, now we have that as well, right,

273
00:12:50,920 --> 00:12:53,400
Speaker 3: so you know, we do the same thing around the world,

274
00:12:53,600 --> 00:12:53,760
Speaker 3: you know.

275
00:12:53,840 --> 00:12:57,720
Speaker 1: And that's why I went here, is like, well we're

276
00:12:57,760 --> 00:13:00,520
Speaker 1: doing it too, but it doesn't make it better, no, no,

277
00:13:00,840 --> 00:13:03,320
Speaker 1: because I get it. On our side. Yeah, I think

278
00:13:03,400 --> 00:13:05,240
Speaker 1: for us to be embedded over there, totally get it.

279
00:13:05,440 --> 00:13:05,839
Speaker 1: We want to.

280
00:13:06,120 --> 00:13:08,480
Speaker 3: It's like an arms race, right who could be embedded

281
00:13:08,480 --> 00:13:11,040
Speaker 3: the most because in any case, it's whoever can hit

282
00:13:11,080 --> 00:13:14,680
Speaker 3: the button first, right, and and and there's a couple

283
00:13:14,679 --> 00:13:16,319
Speaker 3: of different things that can take place in that. But

284
00:13:17,320 --> 00:13:20,640
Speaker 3: the big thing is to realize is that you know, this,

285
00:13:21,000 --> 00:13:23,760
Speaker 3: this is a this is the hidden war, and cyber

286
00:13:23,840 --> 00:13:27,679
Speaker 3: warfare has already happened. We're already in that, but you know,

287
00:13:27,760 --> 00:13:29,720
Speaker 3: most of us don't realize it. And in the critical

288
00:13:29,800 --> 00:13:32,960
Speaker 3: infrastructure world or even the you know, the small business

289
00:13:33,080 --> 00:13:35,600
Speaker 3: meetium sized business world. In the United States, it makes

290
00:13:35,679 --> 00:13:37,880
Speaker 3: up like eighty percent of our financial postability here in

291
00:13:37,920 --> 00:13:40,319
Speaker 3: the US. And so you know, if you want to

292
00:13:40,360 --> 00:13:43,439
Speaker 3: take out hospitals, go and bed yourself in hospitals. You

293
00:13:43,480 --> 00:13:45,440
Speaker 3: want to take out water, go and bed yourself in water,

294
00:13:45,800 --> 00:13:47,319
Speaker 3: You want to take out the financial sex to the

295
00:13:47,400 --> 00:13:50,640
Speaker 3: United States, go after small medium sized businesses that normally

296
00:13:50,760 --> 00:13:53,080
Speaker 3: don't have the protection they need, right right, And then

297
00:13:53,120 --> 00:13:55,680
Speaker 3: you just took down the entire country.

298
00:13:56,120 --> 00:13:58,080
Speaker 1: And you do it with some keystrokes. You don't fire

299
00:13:58,160 --> 00:14:01,400
Speaker 1: one shot, but you do it via computer.

300
00:14:01,640 --> 00:14:04,880
Speaker 2: So we had two hundred of these infrastructure operations that

301
00:14:04,960 --> 00:14:07,719
Speaker 2: were compromised, right, and now it's on sixty minutes. And

302
00:14:07,760 --> 00:14:09,719
Speaker 2: I'm guessing that the Chinese have known that, We've known

303
00:14:09,720 --> 00:14:11,720
Speaker 2: about this for a while before it gets on sixty

304
00:14:11,800 --> 00:14:15,040
Speaker 2: minutes for sure, right. So, yeah, in the month, in

305
00:14:15,160 --> 00:14:17,719
Speaker 2: the months that that's happened, where our years even where

306
00:14:17,720 --> 00:14:20,040
Speaker 2: they're exposed that and moved, what's that? What's happening right

307
00:14:20,040 --> 00:14:23,600
Speaker 2: now as we speak? Then more of the same, less

308
00:14:23,600 --> 00:14:25,400
Speaker 2: of the same or a different same.

309
00:14:27,800 --> 00:14:29,960
Speaker 3: Oh, it's more the same, Yeah, I mean it's you know,

310
00:14:30,120 --> 00:14:33,320
Speaker 3: the yeah, it just it just continues on and inside

311
00:14:33,520 --> 00:14:37,640
Speaker 3: these environments, that's where work happens. We found this was

312
00:14:37,680 --> 00:14:41,120
Speaker 3: a couple of years back, we found a Chinese threacture

313
00:14:41,160 --> 00:14:46,280
Speaker 3: group that bounced through United States entity out to another country, right,

314
00:14:46,800 --> 00:14:48,480
Speaker 3: And what they're trying to make it look like is

315
00:14:48,600 --> 00:14:50,840
Speaker 3: that the attack was coming from the United States.

316
00:14:51,040 --> 00:14:52,040
Speaker 1: To that other country.

317
00:14:52,240 --> 00:14:55,720
Speaker 3: So the you know, you have that issue as well

318
00:14:55,840 --> 00:14:58,480
Speaker 3: is where you know, China will act like Russia, russiall

319
00:14:58,520 --> 00:15:00,880
Speaker 3: act like China ran axt right like Russia. You know,

320
00:15:00,960 --> 00:15:03,360
Speaker 3: you're trying to really tie it back to whoever is

321
00:15:03,440 --> 00:15:07,240
Speaker 3: actually really attacking. But the big key here and you

322
00:15:07,560 --> 00:15:10,880
Speaker 3: mentioned as well, you mentioned kettering health. Right, We've seen

323
00:15:10,960 --> 00:15:16,720
Speaker 3: significant aspects where malware is you know, in ransomware is

324
00:15:16,920 --> 00:15:21,880
Speaker 3: used to come into an environment, create a distraction, and

325
00:15:21,960 --> 00:15:25,880
Speaker 3: then allow people to be embedded. And most, like I

326
00:15:26,000 --> 00:15:29,480
Speaker 3: was saying, most security technology out there is built to

327
00:15:29,680 --> 00:15:33,160
Speaker 3: detect things that it knows about, not to always detect

328
00:15:33,240 --> 00:15:36,120
Speaker 3: things that are unknown. So if you can attack someone

329
00:15:36,840 --> 00:15:40,360
Speaker 3: embed yourself in a way that isn't known yet or

330
00:15:40,440 --> 00:15:44,320
Speaker 3: isn't detectable yet, you can hide and wait and especially

331
00:15:44,360 --> 00:15:48,600
Speaker 3: if it's like a you know, in a triggered thing

332
00:15:48,680 --> 00:15:51,720
Speaker 3: that's based on a timer, like maybe that connection reaches

333
00:15:51,800 --> 00:15:54,200
Speaker 3: back out every month or every two months.

334
00:15:54,560 --> 00:15:55,720
Speaker 1: You know, it's a.

335
00:15:55,800 --> 00:15:59,240
Speaker 3: Single ping in the midst of millions of connections. It's

336
00:15:59,280 --> 00:16:02,600
Speaker 3: really hard to find. So, you know, a lot of

337
00:16:02,640 --> 00:16:05,360
Speaker 3: the ransomware or malware, those are the things like if

338
00:16:05,360 --> 00:16:09,440
Speaker 3: you're in an organization you've had ransomware or malware, just

339
00:16:09,920 --> 00:16:12,240
Speaker 3: fighting that is not the end of your battle. You

340
00:16:12,480 --> 00:16:15,040
Speaker 3: now have to comb through your infrastructure and find out

341
00:16:15,280 --> 00:16:18,040
Speaker 3: is there a back door that was put in during

342
00:16:18,120 --> 00:16:21,720
Speaker 3: that attack, because you know, ransomware, like I said, is

343
00:16:21,760 --> 00:16:24,640
Speaker 3: being used a lot. Is just that distraction now and

344
00:16:25,160 --> 00:16:27,400
Speaker 3: you know and also too it's funding terrorism. You know,

345
00:16:27,520 --> 00:16:29,080
Speaker 3: they just put these groups do they come in, they

346
00:16:29,120 --> 00:16:31,760
Speaker 3: do ransomware, they fund terrorism, they create a backdoor and

347
00:16:31,800 --> 00:16:32,800
Speaker 3: now they're embedded.

348
00:16:34,480 --> 00:16:36,520
Speaker 2: And they'll be to continue can and mouse game like this.

349
00:16:36,640 --> 00:16:39,000
Speaker 2: And in the fear of course, is one day if

350
00:16:39,400 --> 00:16:41,560
Speaker 2: we are at odds and a war with the Chinese

351
00:16:41,640 --> 00:16:44,840
Speaker 2: or whatever transpire, they can shut down a significant portion

352
00:16:45,000 --> 00:16:48,680
Speaker 2: of what it is we have our infrastructure and if

353
00:16:48,720 --> 00:16:50,720
Speaker 2: you tease will they be able to execute that plan?

354
00:16:53,160 --> 00:16:54,720
Speaker 3: I mean I think we're already seeing some of that.

355
00:16:54,840 --> 00:16:56,920
Speaker 3: I think Colonial Pipeline was a good example of that.

356
00:16:57,080 --> 00:16:58,680
Speaker 3: You know a few years ago, and I talked about that,

357
00:16:59,320 --> 00:17:03,600
Speaker 3: you know, or you know, there's there's inside of these pipelines,

358
00:17:04,040 --> 00:17:06,560
Speaker 3: there's sensors. You can take over the sensors, you can

359
00:17:06,600 --> 00:17:09,399
Speaker 3: heat them up and explode the pipeline. Uh, you know,

360
00:17:09,840 --> 00:17:13,399
Speaker 3: like I said earlier, among control systems, water water treatment plants.

361
00:17:13,680 --> 00:17:15,840
Speaker 1: I think when we when we see these.

362
00:17:15,760 --> 00:17:20,000
Speaker 3: Isolated attacks, you know, quote unquote isolated attacks, I think

363
00:17:20,080 --> 00:17:21,720
Speaker 3: that those are just tests, right.

364
00:17:21,920 --> 00:17:24,560
Speaker 1: I think they're hey, how far can we go? Right?

365
00:17:24,600 --> 00:17:28,080
Speaker 3: I mean we and again you see those things happening

366
00:17:28,080 --> 00:17:30,040
Speaker 3: around the world. I think we do our own tests also,

367
00:17:30,440 --> 00:17:33,640
Speaker 3: you know, uh, you know, but you know, and it's

368
00:17:33,760 --> 00:17:36,359
Speaker 3: just to show each other, Hey, I'm here and I

369
00:17:36,400 --> 00:17:40,600
Speaker 3: can do that. But I think in the United States

370
00:17:41,720 --> 00:17:46,159
Speaker 3: we have to be much more careful and aware that

371
00:17:47,040 --> 00:17:50,680
Speaker 3: just putting the security technology in doesn't mean that it's

372
00:17:50,720 --> 00:17:54,119
Speaker 3: going to find what we're actually looking for. And we

373
00:17:54,240 --> 00:17:58,399
Speaker 3: have to be much more educated as business owners into

374
00:17:58,640 --> 00:18:02,680
Speaker 3: what is really coming in our environments, especially if we

375
00:18:02,800 --> 00:18:05,359
Speaker 3: support companies like a General Electric you know, if you're

376
00:18:05,359 --> 00:18:07,280
Speaker 3: a city if you're a community a business here in

377
00:18:07,359 --> 00:18:12,720
Speaker 3: Cincinnati that supports general electric, highly likely you're going to

378
00:18:12,760 --> 00:18:14,959
Speaker 3: get attacked before they will, because they'll try to come

379
00:18:15,000 --> 00:18:17,359
Speaker 3: through you to get to them, right. Uh you know,

380
00:18:17,480 --> 00:18:20,280
Speaker 3: especially if you're an HVAC company or you're a you know,

381
00:18:20,440 --> 00:18:23,879
Speaker 3: you're you're you're, you're, you're building plans for them, you know,

382
00:18:24,000 --> 00:18:27,520
Speaker 3: to build out a facility or whatever. Highly likely you're

383
00:18:27,640 --> 00:18:31,320
Speaker 3: you're going to get attacked. If you are a business

384
00:18:31,359 --> 00:18:34,760
Speaker 3: that creates a part for you know, a defense industry

385
00:18:35,040 --> 00:18:39,000
Speaker 3: or for uh parttery gamble, right, that's really critical to

386
00:18:39,080 --> 00:18:40,600
Speaker 3: their system, chances are you're.

387
00:18:40,480 --> 00:18:43,399
Speaker 1: Going to be attacked and and so got it. You

388
00:18:43,480 --> 00:18:45,320
Speaker 1: have to be a lot more hyper aware. You know

389
00:18:45,440 --> 00:18:46,320
Speaker 1: that that what?

390
00:18:47,119 --> 00:18:50,600
Speaker 2: Yeah, So he's Chris n Ihi, CEO of since Today

391
00:18:50,640 --> 00:18:54,520
Speaker 2: Based Vigilant Cybersecurity. Go to the CBS or sixty minutes

392
00:18:54,520 --> 00:18:56,600
Speaker 2: so you can watch this whole piece. It really is fascinated,

393
00:18:57,080 --> 00:18:59,679
Speaker 2: uh in how embedded the Chinese air system? Chris, all

394
00:18:59,680 --> 00:19:02,960
Speaker 2: the best, thanks again, thank you, Scott. All right, being well,

395
00:19:03,080 --> 00:19:05,080
Speaker 2: got to get the news running late. Just a few

396
00:19:05,080 --> 00:19:07,520
Speaker 2: minutes away. We got Julie Age mental health Monday here next.

397
00:19:07,560 --> 00:19:10,600
Speaker 2: If you're a procrastinator. She's going to be talking about

398
00:19:10,640 --> 00:19:13,000
Speaker 2: you and to you. Just ahead on seven hundred WLW