WEBVTT - 10-13-25 Sloan with Chris Nyhuis

0:00:00.040 --> 0:00:02.240
<v Speaker 1>Do you want to be an American idiot?

0:00:02.520 --> 0:00:06.240
<v Speaker 2>Go building one to night? Do you see lost on

0:00:06.320 --> 0:00:09.360
<v Speaker 2>Saturday or won on Saturday? The loss today on the Loss,

0:00:09.400 --> 0:00:12.799
<v Speaker 2>of course, is Jim Kelly Junior passing away at seventy two.

0:00:13.280 --> 0:00:14.760
<v Speaker 1>I've been fighting cancer a long time.

0:00:14.800 --> 0:00:17.880
<v Speaker 2>I was enjoyed listening to Jim along with Dan Horde

0:00:17.880 --> 0:00:21.320
<v Speaker 2>for what the last twenty years as the color analyst

0:00:21.600 --> 0:00:25.040
<v Speaker 2>for the UC Bearcats, and just so sad to hear

0:00:25.079 --> 0:00:26.759
<v Speaker 2>because he's such a good guy. But our thoughts in

0:00:26.840 --> 0:00:28.600
<v Speaker 2>pairs with that Jim and his family, everyone in the

0:00:28.880 --> 0:00:31.640
<v Speaker 2>in the Bearcat family as well. Sloane here on seven

0:00:31.760 --> 0:00:35.240
<v Speaker 2>hundred WLW. If you watch the Bengals last night, lose

0:00:35.280 --> 0:00:36.360
<v Speaker 2>but lose in a better way?

0:00:36.840 --> 0:00:37.599
<v Speaker 1>Typic whatt you dose?

0:00:37.600 --> 0:00:39.520
<v Speaker 2>You hang on for a minute before you cut over

0:00:39.600 --> 0:00:46.360
<v Speaker 2>to NBC and watch our boy talk about well last

0:00:46.440 --> 0:00:48.479
<v Speaker 2>night's gale. I didn't say I've watched the whole thing

0:00:48.520 --> 0:00:53.640
<v Speaker 2>in Kansas City wind up winning last night, But you

0:00:53.680 --> 0:00:57.000
<v Speaker 2>watch sixty minutes on CBS and you always catch like

0:00:57.040 --> 0:00:58.840
<v Speaker 2>the first couple of minutes. I thought last night they

0:00:58.840 --> 0:01:02.040
<v Speaker 2>had a fascinating story on about China Our front of me.

0:01:02.160 --> 0:01:07.120
<v Speaker 2>China has infiltrated some two hundred critical infrastructure operations in

0:01:07.120 --> 0:01:11.560
<v Speaker 2>the US water treatment plants, electrical grids, transportation, hospitals, telecommunications.

0:01:12.120 --> 0:01:15.560
<v Speaker 2>Pretty scary stuff that the incursions, these intrusions have been

0:01:15.600 --> 0:01:18.040
<v Speaker 2>going on for a while now and we haven't done

0:01:18.080 --> 0:01:20.720
<v Speaker 2>anything about it. Why because we're getting intel on what

0:01:20.760 --> 0:01:24.000
<v Speaker 2>the Chinese may or may not do as they can

0:01:24.160 --> 0:01:27.759
<v Speaker 2>control some of our critical infrastructure. We've talked about this before,

0:01:27.800 --> 0:01:29.600
<v Speaker 2>but I think when you start to hear two hundred

0:01:29.680 --> 0:01:35.680
<v Speaker 2>or more facilities in America could be under Chinese control

0:01:35.880 --> 0:01:38.680
<v Speaker 2>in a couple of keystrokes, that is a huge wake

0:01:38.760 --> 0:01:41.560
<v Speaker 2>up call, going, what if they're doing this on sixty minutes?

0:01:41.760 --> 0:01:43.479
<v Speaker 2>We know the government's known about it for a while,

0:01:43.560 --> 0:01:46.840
<v Speaker 2>and we're allowing this to continue. And what happens in

0:01:46.880 --> 0:01:49.560
<v Speaker 2>the future on that is that Chris niheis. Chris is

0:01:49.560 --> 0:01:53.160
<v Speaker 2>the CEO of Vigilant Cybersecurity here in Cincinnati. Chris, welcome back,

0:01:53.160 --> 0:01:54.880
<v Speaker 2>are you Hanks?

0:01:54.880 --> 0:01:56.280
<v Speaker 1>Scott? I'm doing great one.

0:01:57.080 --> 0:01:59.240
<v Speaker 2>I'm well till I saw this thing last night after

0:01:59.240 --> 0:02:01.920
<v Speaker 2>football lost. I'm like, well, wait, what's going on here?

0:02:01.960 --> 0:02:06.000
<v Speaker 2>So the idea here is that China is lying dormant

0:02:06.040 --> 0:02:08.280
<v Speaker 2>in two hundred these things, and I think it was

0:02:08.320 --> 0:02:10.840
<v Speaker 2>like a small some small town in Massachusetts.

0:02:10.880 --> 0:02:12.920
<v Speaker 1>I forget where that it turned out.

0:02:12.960 --> 0:02:15.800
<v Speaker 2>The FBI shows up and tells the operator, the guy

0:02:15.800 --> 0:02:17.560
<v Speaker 2>who's in charge of it, Hey, listen, the Chinese have

0:02:17.600 --> 0:02:19.760
<v Speaker 2>taken control of your facility. You don't know that, but

0:02:19.800 --> 0:02:23.839
<v Speaker 2>the Chinese have digital control of your facility. So we

0:02:23.880 --> 0:02:26.480
<v Speaker 2>know that everything now is plug and play, and it's

0:02:26.520 --> 0:02:29.880
<v Speaker 2>the Internet of things, and everything is controlled remotely and electronics.

0:02:29.880 --> 0:02:32.040
<v Speaker 2>And so before we branch off into what they're doing

0:02:32.080 --> 0:02:34.160
<v Speaker 2>and how they're doing it, a water treatment plant, what

0:02:34.400 --> 0:02:37.560
<v Speaker 2>could go wrong if the computers are under control of

0:02:37.560 --> 0:02:39.040
<v Speaker 2>the Chinese and a water treatment.

0:02:38.760 --> 0:02:44.640
<v Speaker 3>Plant rights the Littleton, Massachusetts, and a lot can go wrong. Actually,

0:02:44.720 --> 0:02:48.200
<v Speaker 3>I mean inside these water treatment plants, you have different

0:02:48.320 --> 0:02:51.480
<v Speaker 3>vats of chemicals. Those chemicals are mixed together in different

0:02:51.560 --> 0:02:53.919
<v Speaker 3>varying levels. You have fluoride, you have all coins of

0:02:53.960 --> 0:02:57.520
<v Speaker 3>different things in there, chlorine, Those are mixed together very

0:02:57.560 --> 0:02:59.880
<v Speaker 3>precisely to make sure that the water that we drain

0:03:00.160 --> 0:03:03.519
<v Speaker 3>is clean, purified, it's refreshed when it gets to us.

0:03:04.560 --> 0:03:08.800
<v Speaker 3>If those systems, or the chemical interactions or even just

0:03:08.880 --> 0:03:11.840
<v Speaker 3>the mounts, the measurements are put into water differently.

0:03:12.639 --> 0:03:13.560
<v Speaker 1>It could be catastrophic.

0:03:14.080 --> 0:03:17.440
<v Speaker 3>It can make our water undrinkable, untenable, it could be

0:03:17.600 --> 0:03:20.000
<v Speaker 3>it could make poisonous.

0:03:19.800 --> 0:03:20.799
<v Speaker 1>There's there's a lot.

0:03:20.680 --> 0:03:24.320
<v Speaker 3>Of different things that can happen inside a water treatment plant.

0:03:24.400 --> 0:03:26.440
<v Speaker 2>And that's just a small time. But imagine the masses

0:03:26.440 --> 0:03:27.840
<v Speaker 2>steria of a town of I don't know if that

0:03:27.960 --> 0:03:31.160
<v Speaker 2>ten twenty thousand people, if all of a sudden, your

0:03:31.160 --> 0:03:33.640
<v Speaker 2>water's poisonous, and we would know it because they program

0:03:33.680 --> 0:03:35.880
<v Speaker 2>everything to make it look like the tests are fine.

0:03:36.320 --> 0:03:38.400
<v Speaker 2>I don't know if they do physical manual tests and

0:03:38.400 --> 0:03:40.040
<v Speaker 2>how often they do that. I don't know the workings

0:03:40.080 --> 0:03:42.760
<v Speaker 2>of water treatment BLA. I would think so that somebody's going, hey,

0:03:42.800 --> 0:03:44.480
<v Speaker 2>there's something with the right but it'd be too late

0:03:44.520 --> 0:03:46.200
<v Speaker 2>for some people who are drinking poison water.

0:03:47.480 --> 0:03:48.400
<v Speaker 1>That would be way too late.

0:03:48.440 --> 0:03:51.200
<v Speaker 3>And then the problem with the two is, I mean,

0:03:51.240 --> 0:03:52.720
<v Speaker 3>if you look at the way water works. We pump

0:03:52.800 --> 0:03:55.640
<v Speaker 3>water into our water towers, that creates water pressure into

0:03:55.720 --> 0:03:59.839
<v Speaker 3>our cities, but you'd have the entire system would be contaminated.

0:04:00.080 --> 0:04:02.480
<v Speaker 3>And you know, it just makes even if even if

0:04:02.480 --> 0:04:05.160
<v Speaker 3>no one drank it, even if the system was contaminated,

0:04:05.160 --> 0:04:07.400
<v Speaker 3>you have you have a major problem. And to your point,

0:04:07.440 --> 0:04:10.000
<v Speaker 3>you know they're doing so much automation now, Uh, you

0:04:10.040 --> 0:04:13.560
<v Speaker 3>know all all of the chemical you know, the chemical measurements,

0:04:13.560 --> 0:04:15.040
<v Speaker 3>the purification, it's.

0:04:14.880 --> 0:04:16.800
<v Speaker 1>All, it's all automated. Uh.

0:04:16.920 --> 0:04:19.760
<v Speaker 3>The testing is mostly automated. They do spot checks and

0:04:19.800 --> 0:04:22.160
<v Speaker 3>things like that. But there's sensors throughout the entire line

0:04:22.640 --> 0:04:26.960
<v Speaker 3>that determine tempature. It determines, uh, if there's different chemicals.

0:04:26.960 --> 0:04:30.479
<v Speaker 3>I mean, you've even seen recently where they can see

0:04:30.480 --> 0:04:34.240
<v Speaker 3>if COVID is spiking up inside Uh, you know, different

0:04:34.279 --> 0:04:37.359
<v Speaker 3>cities because of what's coming in to the waste treatment plants.

0:04:37.440 --> 0:04:39.880
<v Speaker 3>So there's there's a lot of different sensors there. But

0:04:39.880 --> 0:04:44.360
<v Speaker 3>but like you said, those sensors can be modified so

0:04:44.440 --> 0:04:47.640
<v Speaker 3>that that way it gives incorrect information and then people

0:04:47.680 --> 0:04:48.160
<v Speaker 3>don't know.

0:04:48.400 --> 0:04:50.840
<v Speaker 1>You know, the monitors aren't going to trigger off that something.

0:04:51.400 --> 0:04:53.560
<v Speaker 2>You can make boiling water look like it's freezing water

0:04:53.880 --> 0:04:55.760
<v Speaker 2>based on what the what the what the sensors on

0:04:55.839 --> 0:04:57.680
<v Speaker 2>and reprogram all that stuff, and no one or know

0:04:57.760 --> 0:04:59.680
<v Speaker 2>until that's all sadly too late and you gotta shut

0:04:59.680 --> 0:05:01.640
<v Speaker 2>them and I don't figure out what's happening. And that's

0:05:01.680 --> 0:05:05.400
<v Speaker 2>just in one small town in Massachusetts, and then there's

0:05:05.400 --> 0:05:07.880
<v Speaker 2>at least one hundred ninety nine others and other water

0:05:07.920 --> 0:05:11.080
<v Speaker 2>treatment plants, but electrical goods, transportation, hospitals, all these things

0:05:11.120 --> 0:05:14.159
<v Speaker 2>I mentioned. And what's interesting about it is there they

0:05:14.200 --> 0:05:16.760
<v Speaker 2>said there's about two hundred that they've identified since twenty

0:05:16.800 --> 0:05:19.560
<v Speaker 2>twenty three. I suspect, like anything, the two hundred the

0:05:19.600 --> 0:05:21.160
<v Speaker 2>most obvious ones. How many more do you think I

0:05:21.160 --> 0:05:21.680
<v Speaker 2>are out there?

0:05:22.839 --> 0:05:23.000
<v Speaker 1>Oh?

0:05:23.240 --> 0:05:27.200
<v Speaker 3>I would say in every critical city, we work a

0:05:27.240 --> 0:05:30.720
<v Speaker 3>lot in critical infrastructure. A lot of my background is

0:05:30.760 --> 0:05:35.000
<v Speaker 3>in critical infrastructure. And you know, even back in the

0:05:35.080 --> 0:05:39.720
<v Speaker 3>early two thousands, I was working with COMMONI control systems

0:05:39.880 --> 0:05:43.280
<v Speaker 3>and you could see that those systems were trying to

0:05:43.320 --> 0:05:43.799
<v Speaker 3>be attacked.

0:05:43.800 --> 0:05:45.120
<v Speaker 1>And I would say.

0:05:45.040 --> 0:05:46.960
<v Speaker 3>That was my wake up call, that you know, that

0:05:47.040 --> 0:05:49.279
<v Speaker 3>wake up call. But at the moment I realized how

0:05:49.839 --> 0:05:54.520
<v Speaker 3>evil this could be because in those situations, what we

0:05:54.520 --> 0:05:57.840
<v Speaker 3>were seeing is someone attacking back then our Windows ninety

0:05:57.839 --> 0:06:00.960
<v Speaker 3>five systems, and they were back in these really old

0:06:01.000 --> 0:06:03.160
<v Speaker 3>operating system it was, you know, not old at the time,

0:06:03.480 --> 0:06:06.919
<v Speaker 3>but these systems were connected to these valves that could

0:06:07.160 --> 0:06:09.400
<v Speaker 3>you know, from the system, you could open a valve

0:06:09.560 --> 0:06:10.880
<v Speaker 3>and it would be a release valve. And you could

0:06:10.880 --> 0:06:14.000
<v Speaker 3>release ammonia or an ammonia actually can melt people's lungs.

0:06:14.000 --> 0:06:16.720
<v Speaker 3>So you know, when I saw that happen, like whoa

0:06:16.800 --> 0:06:18.640
<v Speaker 3>wait a second. And that's what really made me get

0:06:18.640 --> 0:06:23.000
<v Speaker 3>into this industry because for me, it's about making sure

0:06:23.040 --> 0:06:25.720
<v Speaker 3>that we protect the United States right, and one of

0:06:25.760 --> 0:06:27.440
<v Speaker 3>the things we have to be really aware of is

0:06:27.480 --> 0:06:29.080
<v Speaker 3>that we're not doing a great job of it because

0:06:29.120 --> 0:06:30.760
<v Speaker 3>they're everywhere so well.

0:06:30.800 --> 0:06:33.680
<v Speaker 2>The problem is this, right, we have decentralaw Unlike China,

0:06:33.760 --> 0:06:37.240
<v Speaker 2>everything's centralized in China. Here it's decentralized. So you've got

0:06:37.240 --> 0:06:39.760
<v Speaker 2>small municipalities, and I'm guessing that a lot of these

0:06:39.760 --> 0:06:42.640
<v Speaker 2>two hundred chris are small municipalities that don't have the budget.

0:06:43.800 --> 0:06:45.719
<v Speaker 2>And you know, fifty grand to them may not be

0:06:45.760 --> 0:06:47.640
<v Speaker 2>a lot to the state of Ohio or the United

0:06:47.640 --> 0:06:50.720
<v Speaker 2>States of America, but fifty grand to a small community

0:06:50.800 --> 0:06:52.560
<v Speaker 2>is a lot of money. That's what it costs us

0:06:52.600 --> 0:06:56.799
<v Speaker 2>one small town to redo all their infrastructure to essentially

0:06:57.839 --> 0:07:01.960
<v Speaker 2>make what the Chinese did moot. And on top of that,

0:07:02.040 --> 0:07:05.240
<v Speaker 2>you know, paying for new equipment and getting taxpayers to

0:07:05.240 --> 0:07:07.880
<v Speaker 2>put the money for the latest and greatest servers and

0:07:07.960 --> 0:07:10.560
<v Speaker 2>technology isn't always an easy sell. People don't make that

0:07:10.600 --> 0:07:12.720
<v Speaker 2>connection until while it's too late. We don't want to

0:07:12.760 --> 0:07:14.480
<v Speaker 2>spend that time. Why are we spending more money? We

0:07:14.560 --> 0:07:17.600
<v Speaker 2>just updated these computers and our systems have been updated,

0:07:17.600 --> 0:07:19.160
<v Speaker 2>and we don't need to do that anyway. Why are

0:07:19.160 --> 0:07:22.000
<v Speaker 2>we spending so much on people, like, for example, the

0:07:22.120 --> 0:07:25.520
<v Speaker 2>contract with Vigilant Cybersecurity. I mean, that's a huge cost

0:07:25.560 --> 0:07:28.559
<v Speaker 2>item right there, and so we tend to cut away

0:07:28.640 --> 0:07:30.800
<v Speaker 2>all of that help and all those people in safety

0:07:30.800 --> 0:07:33.200
<v Speaker 2>Net and then something like this happens and we want

0:07:33.200 --> 0:07:33.560
<v Speaker 2>more of it.

0:07:33.640 --> 0:07:33.840
<v Speaker 1>Right.

0:07:35.280 --> 0:07:38.440
<v Speaker 3>Well, see, here's the problem is that I'll make some

0:07:38.480 --> 0:07:42.120
<v Speaker 3>bold statements here. You know, we talked about before you

0:07:42.200 --> 0:07:45.880
<v Speaker 3>got to wonder you know why. You know, like the

0:07:45.960 --> 0:07:48.680
<v Speaker 3>average time it takes to detect the threat U Riising

0:07:48.720 --> 0:07:50.480
<v Speaker 3>comes out with report every year. It's a great report.

0:07:50.880 --> 0:07:53.880
<v Speaker 3>But the average time it takes the detective threat today

0:07:54.000 --> 0:07:56.800
<v Speaker 3>someone comes into your environment. The average time it takes

0:07:56.800 --> 0:08:00.800
<v Speaker 3>for most cybersecurity technologies, right, this is the average, right,

0:08:01.480 --> 0:08:03.400
<v Speaker 3>two and eighty seven days.

0:08:03.600 --> 0:08:03.720
<v Speaker 1>Right.

0:08:04.160 --> 0:08:07.040
<v Speaker 3>And so the biggest problem is that a lot of

0:08:07.080 --> 0:08:11.040
<v Speaker 3>companies are buying technology that seems to work because it's

0:08:11.040 --> 0:08:13.520
<v Speaker 3>a brand name we're a big no name, but it

0:08:13.560 --> 0:08:16.920
<v Speaker 3>doesn't actually do what it's supposed to, and so you

0:08:17.040 --> 0:08:20.160
<v Speaker 3>end up with the attackers and these environments that are

0:08:20.160 --> 0:08:22.920
<v Speaker 3>there forever, and what they really want to do in

0:08:22.960 --> 0:08:26.760
<v Speaker 3>any warfare scenario is they want persistence. So what happens

0:08:26.840 --> 0:08:30.520
<v Speaker 3>is these attackers come in, they trigger an event so

0:08:30.560 --> 0:08:33.200
<v Speaker 3>that your security systems see it, you go do an

0:08:33.200 --> 0:08:36.560
<v Speaker 3>instant response. But what they're really doing is they're embedding

0:08:36.559 --> 0:08:41.840
<v Speaker 3>themselves for persistence for later while they're triggering a fake incident,

0:08:41.920 --> 0:08:44.720
<v Speaker 3>right or a real incident that you go work. The

0:08:44.800 --> 0:08:51.280
<v Speaker 3>second problem is that companies, you know, use their security technologies.

0:08:50.679 --> 0:08:53.160
<v Speaker 1>That they use as badges, and the security companies that

0:08:53.240 --> 0:08:55.400
<v Speaker 1>work with them also use them as badges.

0:08:55.880 --> 0:08:58.679
<v Speaker 3>So what I mean by that is, you know, they'll

0:08:58.679 --> 0:09:02.000
<v Speaker 3>put their logos up on their Webb site, they'll you know,

0:09:02.080 --> 0:09:02.959
<v Speaker 3>the security.

0:09:02.559 --> 0:09:04.960
<v Speaker 1>Providers will do that. So that tells you the hacker.

0:09:04.880 --> 0:09:08.360
<v Speaker 3>Exactly what technology is used. And then the third thing

0:09:09.240 --> 0:09:13.679
<v Speaker 3>that happens, especially in these municipalities, is when they're buying things,

0:09:14.200 --> 0:09:19.520
<v Speaker 3>they're buying things under committee or approval with their cities municipalities,

0:09:20.200 --> 0:09:22.920
<v Speaker 3>and so those are all open meetings. And so if

0:09:22.960 --> 0:09:25.960
<v Speaker 3>I'm a Chinese threat actor, I can come in, I

0:09:26.000 --> 0:09:28.400
<v Speaker 3>can know exactly. I mean, in the state of California, you.

0:09:28.360 --> 0:09:30.240
<v Speaker 1>Can go out. There's a law that requires them to

0:09:30.240 --> 0:09:30.480
<v Speaker 1>do this.

0:09:31.280 --> 0:09:34.960
<v Speaker 3>It lists everything any city, every single technology they buy

0:09:35.040 --> 0:09:37.600
<v Speaker 3>was from a cyber standpoint, is on a list, so

0:09:37.640 --> 0:09:40.520
<v Speaker 3>they can an attacker can easily go to water treatment

0:09:40.559 --> 0:09:43.360
<v Speaker 3>plant see exactly what they use, and they just they.

0:09:43.360 --> 0:09:46.360
<v Speaker 1>Just know how tottack them. So you wrap all that up.

0:09:46.400 --> 0:09:49.960
<v Speaker 3>And I think here in the United States we don't

0:09:50.040 --> 0:09:55.040
<v Speaker 3>understand warfare in the private sector very well. And in

0:09:55.120 --> 0:09:59.520
<v Speaker 3>China they do, and in Russia they do. Outside US

0:09:59.640 --> 0:10:03.560
<v Speaker 3>they do. We just don't understand it here because we

0:10:03.960 --> 0:10:09.240
<v Speaker 3>you as citizens, are so comfortable with not interfacing with evil, right, well.

0:10:09.120 --> 0:10:12.040
<v Speaker 2>Because we are commerce right and some small businesses. We're

0:10:12.080 --> 0:10:14.320
<v Speaker 2>business people, so we understand that. We don't see that.

0:10:14.360 --> 0:10:17.200
<v Speaker 2>As you know, there's competition, but not in the arena

0:10:17.240 --> 0:10:19.760
<v Speaker 2>that the Chinese do because of that centralization element too.

0:10:19.840 --> 0:10:23.079
<v Speaker 2>And so Chris ninehis is here CEO of vigil and Cybersecurity,

0:10:23.120 --> 0:10:25.160
<v Speaker 2>in the sixty minutes thing last night, that there's some

0:10:25.200 --> 0:10:29.079
<v Speaker 2>two hundred plus critical infrastructure operations. We're talking electrical, we're

0:10:29.080 --> 0:10:32.400
<v Speaker 2>talking water, treatment plants and the like that essentially are

0:10:32.480 --> 0:10:34.640
<v Speaker 2>under Chinese control. And so what they did is they've

0:10:34.679 --> 0:10:38.960
<v Speaker 2>infiltrated that infrastructure and now they're just laying dormant. They're

0:10:39.000 --> 0:10:41.080
<v Speaker 2>not shutting it down like some I don't know if

0:10:41.080 --> 0:10:43.160
<v Speaker 2>you're if you have malware, which we've talked about before

0:10:43.160 --> 0:10:45.160
<v Speaker 2>in the past, right, you shut them down Cattering Health

0:10:45.200 --> 0:10:47.920
<v Speaker 2>for example, pay me my money and I'll open everything

0:10:47.960 --> 0:10:51.480
<v Speaker 2>back up. Or maybe not, some other actor gets in

0:10:51.520 --> 0:10:53.679
<v Speaker 2>there and just wants to be disruptive and destroy things

0:10:53.760 --> 0:10:56.319
<v Speaker 2>and shut it down and put some sort of political

0:10:56.760 --> 0:10:59.319
<v Speaker 2>or anti state message on whatever it might be. We've

0:10:59.320 --> 0:11:02.160
<v Speaker 2>seen that this is different. They're actually lying in wait.

0:11:02.240 --> 0:11:05.560
<v Speaker 2>It's like a trojan horse. They're watching what you're doing online.

0:11:05.559 --> 0:11:07.840
<v Speaker 2>They're watching the systems that you have in place, and

0:11:08.120 --> 0:11:10.280
<v Speaker 2>in the future if they need to, when they need to,

0:11:10.320 --> 0:11:12.559
<v Speaker 2>when they will, they will strike by doing all the

0:11:12.559 --> 0:11:15.439
<v Speaker 2>stuff we talked about and multiply that by hundreds more.

0:11:15.760 --> 0:11:17.760
<v Speaker 2>And you've got real problems here in America that they're

0:11:17.800 --> 0:11:20.599
<v Speaker 2>sitting there just watching and wait and lying dormant and

0:11:20.640 --> 0:11:23.240
<v Speaker 2>our own infrastructure and most of us have no idea

0:11:23.280 --> 0:11:23.760
<v Speaker 2>they're there.

0:11:24.880 --> 0:11:27.320
<v Speaker 3>Yeah, right, And the reason you know you and you know,

0:11:27.360 --> 0:11:29.760
<v Speaker 3>we don't know all the details of Littleton, but you know,

0:11:29.800 --> 0:11:31.920
<v Speaker 3>we spent fifty thousand dollars to rebuild his network. I

0:11:31.960 --> 0:11:34.520
<v Speaker 3>would say he didn't really He may not have actually

0:11:34.520 --> 0:11:37.359
<v Speaker 3>even had to do that if he had.

0:11:37.200 --> 0:11:39.520
<v Speaker 1>The ability to see what was what.

0:11:39.400 --> 0:11:41.520
<v Speaker 3>Was embedded as in this environment, you don't have to

0:11:41.520 --> 0:11:43.320
<v Speaker 3>swap out all of your systems, but if you don't

0:11:43.320 --> 0:11:46.440
<v Speaker 3>have the ability to see what's there, then you do.

0:11:46.520 --> 0:11:47.480
<v Speaker 1>You have to start all over.

0:11:47.760 --> 0:11:50.440
<v Speaker 3>But the big problem there is he may not know

0:11:50.800 --> 0:11:52.400
<v Speaker 3>how they actually got in, so he may have just

0:11:52.440 --> 0:11:54.559
<v Speaker 3>rebuilt his entire environment. And this happens with a lot

0:11:54.559 --> 0:11:56.520
<v Speaker 3>of companies. I'm not saying that Littleton did this, but

0:11:56.880 --> 0:11:59.440
<v Speaker 3>they'll rebuild their whole environment. They don't know exactly how

0:11:59.480 --> 0:12:01.280
<v Speaker 3>they actor got in, and then they get in again,

0:12:01.280 --> 0:12:02.559
<v Speaker 3>and they just wasted all that money.

0:12:03.160 --> 0:12:04.880
<v Speaker 1>Yeah, you know. And yeah, right.

0:12:05.040 --> 0:12:08.160
<v Speaker 3>The other thing too, Scott, that happens and this is

0:12:08.880 --> 0:12:11.320
<v Speaker 3>this happens with a lot of our power generators. A

0:12:11.360 --> 0:12:14.600
<v Speaker 3>lot of those does come from China. Right, They have

0:12:14.640 --> 0:12:17.240
<v Speaker 3>about you know, the transformers, things like that. They have

0:12:17.240 --> 0:12:19.800
<v Speaker 3>a year and a half way time to get those.

0:12:20.640 --> 0:12:23.800
<v Speaker 3>We've already found you know, when they when those things

0:12:23.800 --> 0:12:27.200
<v Speaker 3>have come in. Not we vigilant, but you know particularly

0:12:27.360 --> 0:12:30.280
<v Speaker 3>but you do. It's government has found that there's malware

0:12:30.360 --> 0:12:34.679
<v Speaker 3>inside the systems already, right, Uh, just straight out, straight

0:12:34.760 --> 0:12:35.600
<v Speaker 3>straight coming over.

0:12:35.800 --> 0:12:37.120
<v Speaker 1>So the thing that.

0:12:37.040 --> 0:12:39.680
<v Speaker 3>We we just have to be a lot more aware

0:12:39.720 --> 0:12:44.000
<v Speaker 3>of is that, uh, you know, we're going down a

0:12:44.000 --> 0:12:45.600
<v Speaker 3>path that we have.

0:12:45.520 --> 0:12:48.120
<v Speaker 1>All these back doors in a critical coming instruction.

0:12:48.200 --> 0:12:50.800
<v Speaker 3>Now I'll say this, now we have that as well, right,

0:12:50.920 --> 0:12:53.400
<v Speaker 3>so you know, we do the same thing around the world,

0:12:53.600 --> 0:12:53.760
<v Speaker 3>you know.

0:12:53.840 --> 0:12:57.720
<v Speaker 1>And that's why I went here, is like, well we're

0:12:57.760 --> 0:13:00.520
<v Speaker 1>doing it too, but it doesn't make it better, no, no,

0:13:00.840 --> 0:13:03.320
<v Speaker 1>because I get it. On our side. Yeah, I think

0:13:03.400 --> 0:13:05.240
<v Speaker 1>for us to be embedded over there, totally get it.

0:13:05.440 --> 0:13:05.839
<v Speaker 1>We want to.

0:13:06.120 --> 0:13:08.480
<v Speaker 3>It's like an arms race, right who could be embedded

0:13:08.480 --> 0:13:11.040
<v Speaker 3>the most because in any case, it's whoever can hit

0:13:11.080 --> 0:13:14.680
<v Speaker 3>the button first, right, and and and there's a couple

0:13:14.679 --> 0:13:16.319
<v Speaker 3>of different things that can take place in that. But

0:13:17.320 --> 0:13:20.640
<v Speaker 3>the big thing is to realize is that you know, this,

0:13:21.000 --> 0:13:23.760
<v Speaker 3>this is a this is the hidden war, and cyber

0:13:23.840 --> 0:13:27.679
<v Speaker 3>warfare has already happened. We're already in that, but you know,

0:13:27.760 --> 0:13:29.720
<v Speaker 3>most of us don't realize it. And in the critical

0:13:29.800 --> 0:13:32.960
<v Speaker 3>infrastructure world or even the you know, the small business

0:13:33.080 --> 0:13:35.600
<v Speaker 3>meetium sized business world. In the United States, it makes

0:13:35.679 --> 0:13:37.880
<v Speaker 3>up like eighty percent of our financial postability here in

0:13:37.920 --> 0:13:40.319
<v Speaker 3>the US. And so you know, if you want to

0:13:40.360 --> 0:13:43.439
<v Speaker 3>take out hospitals, go and bed yourself in hospitals. You

0:13:43.480 --> 0:13:45.440
<v Speaker 3>want to take out water, go and bed yourself in water,

0:13:45.800 --> 0:13:47.319
<v Speaker 3>You want to take out the financial sex to the

0:13:47.400 --> 0:13:50.640
<v Speaker 3>United States, go after small medium sized businesses that normally

0:13:50.760 --> 0:13:53.080
<v Speaker 3>don't have the protection they need, right right, And then

0:13:53.120 --> 0:13:55.680
<v Speaker 3>you just took down the entire country.

0:13:56.120 --> 0:13:58.080
<v Speaker 1>And you do it with some keystrokes. You don't fire

0:13:58.160 --> 0:14:01.400
<v Speaker 1>one shot, but you do it via computer.

0:14:01.640 --> 0:14:04.880
<v Speaker 2>So we had two hundred of these infrastructure operations that

0:14:04.960 --> 0:14:07.719
<v Speaker 2>were compromised, right, and now it's on sixty minutes. And

0:14:07.760 --> 0:14:09.719
<v Speaker 2>I'm guessing that the Chinese have known that, We've known

0:14:09.720 --> 0:14:11.720
<v Speaker 2>about this for a while before it gets on sixty

0:14:11.800 --> 0:14:15.040
<v Speaker 2>minutes for sure, right. So, yeah, in the month, in

0:14:15.160 --> 0:14:17.719
<v Speaker 2>the months that that's happened, where our years even where

0:14:17.720 --> 0:14:20.040
<v Speaker 2>they're exposed that and moved, what's that? What's happening right

0:14:20.040 --> 0:14:23.600
<v Speaker 2>now as we speak? Then more of the same, less

0:14:23.600 --> 0:14:25.400
<v Speaker 2>of the same or a different same.

0:14:27.800 --> 0:14:29.960
<v Speaker 3>Oh, it's more the same, Yeah, I mean it's you know,

0:14:30.120 --> 0:14:33.320
<v Speaker 3>the yeah, it just it just continues on and inside

0:14:33.520 --> 0:14:37.640
<v Speaker 3>these environments, that's where work happens. We found this was

0:14:37.680 --> 0:14:41.120
<v Speaker 3>a couple of years back, we found a Chinese threacture

0:14:41.160 --> 0:14:46.280
<v Speaker 3>group that bounced through United States entity out to another country, right,

0:14:46.800 --> 0:14:48.480
<v Speaker 3>And what they're trying to make it look like is

0:14:48.600 --> 0:14:50.840
<v Speaker 3>that the attack was coming from the United States.

0:14:51.040 --> 0:14:52.040
<v Speaker 1>To that other country.

0:14:52.240 --> 0:14:55.720
<v Speaker 3>So the you know, you have that issue as well

0:14:55.840 --> 0:14:58.480
<v Speaker 3>is where you know, China will act like Russia, russiall

0:14:58.520 --> 0:15:00.880
<v Speaker 3>act like China ran axt right like Russia. You know,

0:15:00.960 --> 0:15:03.360
<v Speaker 3>you're trying to really tie it back to whoever is

0:15:03.440 --> 0:15:07.240
<v Speaker 3>actually really attacking. But the big key here and you

0:15:07.560 --> 0:15:10.880
<v Speaker 3>mentioned as well, you mentioned kettering health. Right, We've seen

0:15:10.960 --> 0:15:16.720
<v Speaker 3>significant aspects where malware is you know, in ransomware is

0:15:16.920 --> 0:15:21.880
<v Speaker 3>used to come into an environment, create a distraction, and

0:15:21.960 --> 0:15:25.880
<v Speaker 3>then allow people to be embedded. And most, like I

0:15:26.000 --> 0:15:29.480
<v Speaker 3>was saying, most security technology out there is built to

0:15:29.680 --> 0:15:33.160
<v Speaker 3>detect things that it knows about, not to always detect

0:15:33.240 --> 0:15:36.120
<v Speaker 3>things that are unknown. So if you can attack someone

0:15:36.840 --> 0:15:40.360
<v Speaker 3>embed yourself in a way that isn't known yet or

0:15:40.440 --> 0:15:44.320
<v Speaker 3>isn't detectable yet, you can hide and wait and especially

0:15:44.360 --> 0:15:48.600
<v Speaker 3>if it's like a you know, in a triggered thing

0:15:48.680 --> 0:15:51.720
<v Speaker 3>that's based on a timer, like maybe that connection reaches

0:15:51.800 --> 0:15:54.200
<v Speaker 3>back out every month or every two months.

0:15:54.560 --> 0:15:55.720
<v Speaker 1>You know, it's a.

0:15:55.800 --> 0:15:59.240
<v Speaker 3>Single ping in the midst of millions of connections. It's

0:15:59.280 --> 0:16:02.600
<v Speaker 3>really hard to find. So, you know, a lot of

0:16:02.640 --> 0:16:05.360
<v Speaker 3>the ransomware or malware, those are the things like if

0:16:05.360 --> 0:16:09.440
<v Speaker 3>you're in an organization you've had ransomware or malware, just

0:16:09.920 --> 0:16:12.240
<v Speaker 3>fighting that is not the end of your battle. You

0:16:12.480 --> 0:16:15.040
<v Speaker 3>now have to comb through your infrastructure and find out

0:16:15.280 --> 0:16:18.040
<v Speaker 3>is there a back door that was put in during

0:16:18.120 --> 0:16:21.720
<v Speaker 3>that attack, because you know, ransomware, like I said, is

0:16:21.760 --> 0:16:24.640
<v Speaker 3>being used a lot. Is just that distraction now and

0:16:25.160 --> 0:16:27.400
<v Speaker 3>you know and also too it's funding terrorism. You know,

0:16:27.520 --> 0:16:29.080
<v Speaker 3>they just put these groups do they come in, they

0:16:29.120 --> 0:16:31.760
<v Speaker 3>do ransomware, they fund terrorism, they create a backdoor and

0:16:31.800 --> 0:16:32.800
<v Speaker 3>now they're embedded.

0:16:34.480 --> 0:16:36.520
<v Speaker 2>And they'll be to continue can and mouse game like this.

0:16:36.640 --> 0:16:39.000
<v Speaker 2>And in the fear of course, is one day if

0:16:39.400 --> 0:16:41.560
<v Speaker 2>we are at odds and a war with the Chinese

0:16:41.640 --> 0:16:44.840
<v Speaker 2>or whatever transpire, they can shut down a significant portion

0:16:45.000 --> 0:16:48.680
<v Speaker 2>of what it is we have our infrastructure and if

0:16:48.720 --> 0:16:50.720
<v Speaker 2>you tease will they be able to execute that plan?

0:16:53.160 --> 0:16:54.720
<v Speaker 3>I mean I think we're already seeing some of that.

0:16:54.840 --> 0:16:56.920
<v Speaker 3>I think Colonial Pipeline was a good example of that.

0:16:57.080 --> 0:16:58.680
<v Speaker 3>You know a few years ago, and I talked about that,

0:16:59.320 --> 0:17:03.600
<v Speaker 3>you know, or you know, there's there's inside of these pipelines,

0:17:04.040 --> 0:17:06.560
<v Speaker 3>there's sensors. You can take over the sensors, you can

0:17:06.600 --> 0:17:09.399
<v Speaker 3>heat them up and explode the pipeline. Uh, you know,

0:17:09.840 --> 0:17:13.399
<v Speaker 3>like I said earlier, among control systems, water water treatment plants.

0:17:13.680 --> 0:17:15.840
<v Speaker 1>I think when we when we see these.

0:17:15.760 --> 0:17:20.000
<v Speaker 3>Isolated attacks, you know, quote unquote isolated attacks, I think

0:17:20.080 --> 0:17:21.720
<v Speaker 3>that those are just tests, right.

0:17:21.920 --> 0:17:24.560
<v Speaker 1>I think they're hey, how far can we go? Right?

0:17:24.600 --> 0:17:28.080
<v Speaker 3>I mean we and again you see those things happening

0:17:28.080 --> 0:17:30.040
<v Speaker 3>around the world. I think we do our own tests also,

0:17:30.440 --> 0:17:33.640
<v Speaker 3>you know, uh, you know, but you know, and it's

0:17:33.760 --> 0:17:36.359
<v Speaker 3>just to show each other, Hey, I'm here and I

0:17:36.400 --> 0:17:40.600
<v Speaker 3>can do that. But I think in the United States

0:17:41.720 --> 0:17:46.159
<v Speaker 3>we have to be much more careful and aware that

0:17:47.040 --> 0:17:50.680
<v Speaker 3>just putting the security technology in doesn't mean that it's

0:17:50.720 --> 0:17:54.119
<v Speaker 3>going to find what we're actually looking for. And we

0:17:54.240 --> 0:17:58.399
<v Speaker 3>have to be much more educated as business owners into

0:17:58.640 --> 0:18:02.680
<v Speaker 3>what is really coming in our environments, especially if we

0:18:02.800 --> 0:18:05.359
<v Speaker 3>support companies like a General Electric you know, if you're

0:18:05.359 --> 0:18:07.280
<v Speaker 3>a city if you're a community a business here in

0:18:07.359 --> 0:18:12.720
<v Speaker 3>Cincinnati that supports general electric, highly likely you're going to

0:18:12.760 --> 0:18:14.959
<v Speaker 3>get attacked before they will, because they'll try to come

0:18:15.000 --> 0:18:17.359
<v Speaker 3>through you to get to them, right. Uh you know,

0:18:17.480 --> 0:18:20.280
<v Speaker 3>especially if you're an HVAC company or you're a you know,

0:18:20.440 --> 0:18:23.879
<v Speaker 3>you're you're you're, you're, you're building plans for them, you know,

0:18:24.000 --> 0:18:27.520
<v Speaker 3>to build out a facility or whatever. Highly likely you're

0:18:27.640 --> 0:18:31.320
<v Speaker 3>you're going to get attacked. If you are a business

0:18:31.359 --> 0:18:34.760
<v Speaker 3>that creates a part for you know, a defense industry

0:18:35.040 --> 0:18:39.000
<v Speaker 3>or for uh parttery gamble, right, that's really critical to

0:18:39.080 --> 0:18:40.600
<v Speaker 3>their system, chances are you're.

0:18:40.480 --> 0:18:43.399
<v Speaker 1>Going to be attacked and and so got it. You

0:18:43.480 --> 0:18:45.320
<v Speaker 1>have to be a lot more hyper aware. You know

0:18:45.440 --> 0:18:46.320
<v Speaker 1>that that what?

0:18:47.119 --> 0:18:50.600
<v Speaker 2>Yeah, So he's Chris n Ihi, CEO of since Today

0:18:50.640 --> 0:18:54.520
<v Speaker 2>Based Vigilant Cybersecurity. Go to the CBS or sixty minutes

0:18:54.520 --> 0:18:56.600
<v Speaker 2>so you can watch this whole piece. It really is fascinated,

0:18:57.080 --> 0:18:59.679
<v Speaker 2>uh in how embedded the Chinese air system? Chris, all

0:18:59.680 --> 0:19:02.960
<v Speaker 2>the best, thanks again, thank you, Scott. All right, being well,

0:19:03.080 --> 0:19:05.080
<v Speaker 2>got to get the news running late. Just a few

0:19:05.080 --> 0:19:07.520
<v Speaker 2>minutes away. We got Julie Age mental health Monday here next.

0:19:07.560 --> 0:19:10.600
<v Speaker 2>If you're a procrastinator. She's going to be talking about

0:19:10.640 --> 0:19:13.000
<v Speaker 2>you and to you. Just ahead on seven hundred WLW