1 00:00:05,860 --> 00:00:08,840 Speaker 1: Welcome to Copy Time, a podcast series on Markets and 2 00:00:08,850 --> 00:00:11,970 Speaker 1: Economies from D BS Group Research. I'm Timur, big chief economist, 3 00:00:11,978 --> 00:00:16,520 Speaker 1: welcoming you to our 142nd episode. We've had experts from 4 00:00:16,530 --> 00:00:19,558 Speaker 1: many walks of life on copy time, but a former 5 00:00:19,569 --> 00:00:22,520 Speaker 1: military officer, I'm quite sure if that's a first today. 6 00:00:22,649 --> 00:00:24,700 Speaker 1: I'm looking forward to having a chat with gov Ky, 7 00:00:25,309 --> 00:00:28,899 Speaker 1: head of Advisory and Emerging Business at Ensign Infosec Security. 8 00:00:28,909 --> 00:00:33,250 Speaker 1: His advisory firm helps organizations boards and leadership navigate cybersecurity 9 00:00:33,259 --> 00:00:35,019 Speaker 1: risks in their digital transformation. 10 00:00:35,360 --> 00:00:39,349 Speaker 1: Previously, Brigadier General Kirti was the Deputy chief executive of 11 00:00:39,360 --> 00:00:43,299 Speaker 1: the cybersecurity Agency of Singapore and the Deputy Commissioner for cybersecurity. 12 00:00:43,310 --> 00:00:45,500 Speaker 1: He was formerly a pilot in the Republic of Singapore 13 00:00:45,509 --> 00:00:47,659 Speaker 1: Air Force and rose to become the Commander of the 14 00:00:47,668 --> 00:00:51,459 Speaker 1: Air Defense and Operations Command K. Kirti. Welcome to Kobe Time. 15 00:00:51,470 --> 00:00:53,000 Speaker 2: Thank you so much for having me looking forward to 16 00:00:53,009 --> 00:00:53,659 Speaker 2: the conversation. 17 00:00:53,668 --> 00:00:54,159 Speaker 1: It's 18 00:00:54,169 --> 00:00:55,880 Speaker 1: great to, great to have you. I've been looking forward 19 00:00:55,889 --> 00:00:58,819 Speaker 1: to this chat gov, I'm going to try to get 20 00:00:58,830 --> 00:01:02,659 Speaker 1: our conversation going with the intersection of geopolitics and cyber security. 21 00:01:02,939 --> 00:01:06,230 Speaker 1: I remember a couple of years ago when Russia's invasion 22 00:01:06,239 --> 00:01:09,239 Speaker 1: of Ukraine began, there were all these fears, particularly in 23 00:01:09,250 --> 00:01:09,639 Speaker 1: Europe 24 00:01:10,639 --> 00:01:14,790 Speaker 1: grids will shut down and hacking will take place and 25 00:01:14,800 --> 00:01:16,709 Speaker 1: then with all the stuff that's going on in the 26 00:01:16,720 --> 00:01:19,800 Speaker 1: Middle East, we've seen Israel, you know, do cyber attacks 27 00:01:19,809 --> 00:01:23,440 Speaker 1: on Iran's nuclear facility. Iran has tried to match, I 28 00:01:23,449 --> 00:01:25,709 Speaker 1: think they have failed to match the Israelis, but they've tried. 29 00:01:26,000 --> 00:01:27,690 Speaker 1: So there are all sorts of things going on. So 30 00:01:27,699 --> 00:01:30,589 Speaker 1: tell us a little bit about that area where geopolitics 31 00:01:30,599 --> 00:01:32,069 Speaker 1: collides with cybersecurity. 32 00:01:32,110 --> 00:01:34,819 Speaker 2: Sure. So that's a fascinating question. It's a great place 33 00:01:34,830 --> 00:01:36,620 Speaker 2: to start because there's so much happening there. 34 00:01:36,830 --> 00:01:39,009 Speaker 2: And it's probably the place where most people read about 35 00:01:39,019 --> 00:01:41,139 Speaker 2: it in the news. That's the stuff that grabs the headlines. 36 00:01:41,339 --> 00:01:43,050 Speaker 2: But let me step back a little bit just to 37 00:01:43,059 --> 00:01:47,699 Speaker 2: help people understand why it's become such an intersection. Fundamentally, 38 00:01:47,709 --> 00:01:50,970 Speaker 2: the internet is insecure. It was not built securely. It 39 00:01:50,980 --> 00:01:53,290 Speaker 2: was built by a bunch of tech nerds and universities 40 00:01:53,300 --> 00:01:55,669 Speaker 2: to help them share information. So it's never built to 41 00:01:55,680 --> 00:01:58,529 Speaker 2: be that robust to withstand that kind of attacks, the 42 00:01:58,540 --> 00:02:00,129 Speaker 2: stuff that we built on top of it, all the 43 00:02:00,139 --> 00:02:01,650 Speaker 2: software or the content 44 00:02:01,889 --> 00:02:04,629 Speaker 2: also not built with security in mind. There's this whole 45 00:02:04,639 --> 00:02:08,110 Speaker 2: movement now to make things secure by design because surprise 46 00:02:08,119 --> 00:02:09,669 Speaker 2: they were not secure by design. 47 00:02:11,360 --> 00:02:13,000 Speaker 2: The second thing about the internet that we need to 48 00:02:13,008 --> 00:02:17,020 Speaker 2: understand is that there is an asymmetry, Attackers have the advantage. 49 00:02:17,029 --> 00:02:19,500 Speaker 2: It is the only place where you can get robbed 50 00:02:19,508 --> 00:02:22,410 Speaker 2: from 1000 miles away. And in the physical world, you 51 00:02:22,419 --> 00:02:24,179 Speaker 2: have your wallet, you have your phone in your pockets. 52 00:02:24,490 --> 00:02:26,339 Speaker 2: As long as you keep your hands nearby, you can 53 00:02:26,350 --> 00:02:28,639 Speaker 2: avoid being pickpocketed because somebody has to come up close 54 00:02:28,649 --> 00:02:31,300 Speaker 2: to you. There's a physical proximity to a real world robbery. 55 00:02:31,538 --> 00:02:34,520 Speaker 2: But in the digital world, firstly, it's built insecurely. And secondly, 56 00:02:34,529 --> 00:02:37,990 Speaker 2: there's this geographical depth that people can have, the Attackers 57 00:02:38,000 --> 00:02:39,139 Speaker 2: can rob anything anywhere 58 00:02:40,080 --> 00:02:42,690 Speaker 2: you put those two together and you have a toxic 59 00:02:42,699 --> 00:02:46,270 Speaker 2: and potent combination for Attackers running wild. So that's the 60 00:02:46,279 --> 00:02:47,009 Speaker 2: starting point. 61 00:02:48,258 --> 00:02:50,229 Speaker 2: There are three types of Attackers that we talk about 62 00:02:50,240 --> 00:02:53,649 Speaker 2: when we talk about geopolitics and generally cyber attacks. The 63 00:02:53,660 --> 00:02:56,000 Speaker 2: first are the ones that are state sponsored. There are 64 00:02:56,008 --> 00:02:59,038 Speaker 2: some bad guys out there who it's their day job. 65 00:02:59,229 --> 00:03:02,389 Speaker 2: They are funded by either the government or the military 66 00:03:02,399 --> 00:03:05,889 Speaker 2: of that country to specifically go after digital targets. And 67 00:03:05,899 --> 00:03:08,079 Speaker 2: that's that, that day job. Their mission, they work 9 68 00:03:08,089 --> 00:03:09,720 Speaker 2: to 5 hours and that's what they do. 69 00:03:10,419 --> 00:03:13,389 Speaker 2: There's another group which are ideologically motivated. 70 00:03:15,320 --> 00:03:18,889 Speaker 2: They can be sometimes state affiliated. They believe in the 71 00:03:18,899 --> 00:03:21,389 Speaker 2: vision of their country. You mentioned Russia, Ukraine. That was 72 00:03:21,399 --> 00:03:23,289 Speaker 2: a very good example. I'll talk about that later on 73 00:03:24,229 --> 00:03:27,240 Speaker 2: and they want to push a certain message out. Sometimes 74 00:03:27,250 --> 00:03:29,788 Speaker 2: it's cause based, sometimes it's country based, sometimes it's supporting 75 00:03:29,800 --> 00:03:30,570 Speaker 2: their country in war. 76 00:03:31,630 --> 00:03:34,619 Speaker 2: The third group are the straightforward ones, criminals. They just 77 00:03:34,630 --> 00:03:37,990 Speaker 2: want the money. But in geopolitical contest, sometimes they want 78 00:03:38,000 --> 00:03:40,550 Speaker 2: money to sponsor activities that their cause is doing or 79 00:03:40,559 --> 00:03:43,929 Speaker 2: sometimes they want the money to loot while there's a ramp, 80 00:03:43,979 --> 00:03:45,089 Speaker 2: while there's chaos going on. 81 00:03:45,800 --> 00:03:47,850 Speaker 2: So those are the Attackers. Now we come to the 82 00:03:47,860 --> 00:03:50,360 Speaker 2: geopolitics itself and the stuff that we're reading about. The 83 00:03:50,369 --> 00:03:52,190 Speaker 2: most exciting event in the last couple of weeks was 84 00:03:52,199 --> 00:03:52,929 Speaker 2: the US election. 85 00:03:54,179 --> 00:03:57,380 Speaker 2: Elections are a great time for Attackers to go to 86 00:03:57,389 --> 00:03:59,990 Speaker 2: work for a number of reasons. Those who are state 87 00:04:00,000 --> 00:04:01,160 Speaker 2: sponsored Attackers, 88 00:04:01,779 --> 00:04:04,839 Speaker 2: they want to influence the outcome. Some countries want their 89 00:04:04,850 --> 00:04:08,550 Speaker 2: preferred candidate to win. Some countries want just so instability 90 00:04:08,559 --> 00:04:11,199 Speaker 2: and discord within a country to make them less effective 91 00:04:11,210 --> 00:04:13,089 Speaker 2: as a competitor. And there are all sorts of narratives 92 00:04:13,100 --> 00:04:15,820 Speaker 2: that go on at play in an election anyways, 93 00:04:16,700 --> 00:04:19,049 Speaker 2: a lot of the attacks that you usually read about 94 00:04:19,059 --> 00:04:21,769 Speaker 2: are information attacks, fake news about this candidate, fake news 95 00:04:21,779 --> 00:04:24,299 Speaker 2: about that party, fake news about this incident. That's the 96 00:04:24,309 --> 00:04:25,299 Speaker 2: information space, 97 00:04:25,950 --> 00:04:28,059 Speaker 2: but there's a lot of attacks that happened on not 98 00:04:28,070 --> 00:04:30,869 Speaker 2: just election infrastructure but technical infrastructure in the run up 99 00:04:30,880 --> 00:04:33,950 Speaker 2: to an election to cause people to lose a little 100 00:04:33,959 --> 00:04:36,970 Speaker 2: bit of faith in the prevailing party or system. 101 00:04:37,869 --> 00:04:40,659 Speaker 2: One of the most compelling hacks that we saw in 102 00:04:40,670 --> 00:04:43,839 Speaker 2: recent years was the Democratic National Congress hack where a 103 00:04:43,850 --> 00:04:46,600 Speaker 2: whole bunch of emails were leaked out. Was there anything 104 00:04:46,869 --> 00:04:50,140 Speaker 2: terribly damaging in the emails? Not really, but it cast 105 00:04:50,149 --> 00:04:53,010 Speaker 2: shadow over the particular candidate that was hacked and in 106 00:04:53,019 --> 00:04:55,510 Speaker 2: the end, that can be lost because of the hack, 107 00:04:55,519 --> 00:04:59,070 Speaker 2: maybe not but became enough of a trending conversation. Obviously, 108 00:04:59,079 --> 00:05:01,690 Speaker 2: since then, all of the candidates have learned how to 109 00:05:01,700 --> 00:05:04,349 Speaker 2: protect themselves and to protect themselves a bit better in 110 00:05:04,359 --> 00:05:04,928 Speaker 2: an election. 111 00:05:05,320 --> 00:05:09,079 Speaker 2: But geopolitics and cyber interface most sharply when it comes 112 00:05:09,089 --> 00:05:09,649 Speaker 2: to elections. 113 00:05:09,660 --> 00:05:10,290 Speaker 1: Can I ask you one 114 00:05:10,299 --> 00:05:12,000 Speaker 1: question, elections, electronic voting 115 00:05:12,010 --> 00:05:12,640 Speaker 1: machines? 116 00:05:13,850 --> 00:05:17,489 Speaker 2: That's a great question. So look, there is this conference 117 00:05:17,500 --> 00:05:19,540 Speaker 2: in the US called De Corner Love it. It's a 118 00:05:19,549 --> 00:05:20,779 Speaker 2: conference where 119 00:05:21,738 --> 00:05:24,760 Speaker 2: many industries have conferences. This is an industry conference among 120 00:05:24,769 --> 00:05:27,320 Speaker 2: the bad guys. So they come together and they're not 121 00:05:27,329 --> 00:05:29,670 Speaker 2: really bad people. They just people who are interested in 122 00:05:29,678 --> 00:05:31,738 Speaker 2: how things work and how to break things. So they 123 00:05:31,750 --> 00:05:33,529 Speaker 2: get together, we call them white hats. Some of them 124 00:05:33,540 --> 00:05:35,380 Speaker 2: are gray hats, some of them are black hats, which 125 00:05:35,390 --> 00:05:38,920 Speaker 2: means they operate in the not so legal realm of work. 126 00:05:39,410 --> 00:05:40,959 Speaker 2: But one of the things that they do is they 127 00:05:40,970 --> 00:05:44,790 Speaker 2: look at election voting machines, electronic voting machines and they 128 00:05:44,799 --> 00:05:45,920 Speaker 2: try to see if they can break it. 129 00:05:47,059 --> 00:05:50,350 Speaker 2: Surprise, surprise, all of the voting machines can be broken, 130 00:05:50,450 --> 00:05:52,738 Speaker 2: they can all be interfered with. And the challenge is 131 00:05:52,750 --> 00:05:58,170 Speaker 2: that actually building an an election system at scale in 132 00:05:58,178 --> 00:06:02,820 Speaker 2: a large country which is completely immune to disruption or 133 00:06:02,829 --> 00:06:05,799 Speaker 2: interference is incredibly expensive and difficult 134 00:06:06,720 --> 00:06:09,339 Speaker 2: as a result. Most countries still use paper ballot, 135 00:06:10,910 --> 00:06:13,229 Speaker 2: much harder to interfere with that. But even then, even 136 00:06:13,238 --> 00:06:15,799 Speaker 2: if you're voting on paper at some point, you have 137 00:06:15,809 --> 00:06:18,440 Speaker 2: to count the number of slips and send that electronically 138 00:06:18,450 --> 00:06:21,160 Speaker 2: to somebody else. Those systems are also part of the 139 00:06:21,170 --> 00:06:24,269 Speaker 2: whole machinery that people try to interrupt. And even if 140 00:06:24,279 --> 00:06:27,269 Speaker 2: you can change the result, just disrupting the sending of 141 00:06:27,279 --> 00:06:29,540 Speaker 2: data from one state back to central 142 00:06:30,209 --> 00:06:33,269 Speaker 2: has significant implications. There's timelines they need to meet if 143 00:06:33,279 --> 00:06:35,279 Speaker 2: your system goes down and you can't meet that count 144 00:06:35,290 --> 00:06:36,589 Speaker 2: before the clock ends. 145 00:06:37,619 --> 00:06:39,730 Speaker 2: What does that mean? Is it an invalid election? Do 146 00:06:39,738 --> 00:06:41,238 Speaker 2: you need to do it again? Is there doubt over 147 00:06:41,250 --> 00:06:44,299 Speaker 2: the quality of the results? Just showing that kind of 148 00:06:44,309 --> 00:06:47,459 Speaker 2: doubt is enough. So electronic voting machines, people have been 149 00:06:47,470 --> 00:06:50,079 Speaker 2: studying them for a while but the cost of implementing 150 00:06:50,089 --> 00:06:52,079 Speaker 2: them at scale, I mean for a small country like Singapore, 151 00:06:52,089 --> 00:06:54,118 Speaker 2: maybe you can get away with it. But for a 152 00:06:54,130 --> 00:06:57,920 Speaker 2: much larger country which is geographically spread out, it's expensive. 153 00:06:58,170 --> 00:07:01,640 Speaker 1: We've had some really large elections this year. Indonesia, India, 154 00:07:01,649 --> 00:07:04,959 Speaker 1: United States. So literally billions of people have voted this year. 155 00:07:05,190 --> 00:07:07,329 Speaker 1: So shall we take some comfort in that this year 156 00:07:07,339 --> 00:07:10,609 Speaker 1: was not characterized by hiking related risks on elections? 157 00:07:10,799 --> 00:07:10,809 Speaker 2: I 158 00:07:10,820 --> 00:07:11,540 Speaker 1: think. 159 00:07:11,670 --> 00:07:13,540 Speaker 2: So we can take some comfort from it, but I 160 00:07:13,549 --> 00:07:14,209 Speaker 2: will 161 00:07:16,109 --> 00:07:17,670 Speaker 2: color it slightly differently. 162 00:07:19,059 --> 00:07:22,059 Speaker 2: There were enough other reasons for cyber Attackers to go 163 00:07:22,070 --> 00:07:25,260 Speaker 2: on war without having the elections as the primary target 164 00:07:25,540 --> 00:07:28,519 Speaker 2: this year. As you mentioned at the start was there's 165 00:07:28,529 --> 00:07:32,440 Speaker 2: conflict between Russia and Ukraine. Still the Middle East conflict 166 00:07:32,450 --> 00:07:36,149 Speaker 2: has really expanded. The East West tensions have also grown 167 00:07:36,160 --> 00:07:38,519 Speaker 2: quite significantly, particularly China and the West. In terms of 168 00:07:38,529 --> 00:07:42,000 Speaker 2: tech application, there are layers and layers than the South 169 00:07:42,010 --> 00:07:45,119 Speaker 2: China Sea in Taiwan. There's layers and layers of confrontations 170 00:07:45,130 --> 00:07:46,440 Speaker 2: happening around the world. 171 00:07:47,269 --> 00:07:50,929 Speaker 2: There's enough reasons for people to be involved in cyberattacks 172 00:07:50,940 --> 00:07:55,170 Speaker 2: already without having to target specifically elections. So that's the 173 00:07:55,179 --> 00:07:56,170 Speaker 2: not so good news of it 174 00:07:57,119 --> 00:08:01,809 Speaker 1: when we talk about ju political actors who are adversaries. 175 00:08:02,109 --> 00:08:04,929 Speaker 1: But are you telling me that sometimes they are also 176 00:08:04,940 --> 00:08:07,519 Speaker 1: going after a very mundane private sector stuff which we 177 00:08:07,529 --> 00:08:10,010 Speaker 1: might think that actually are targets of playing. They are 178 00:08:10,109 --> 00:08:12,200 Speaker 1: bad guys. But actually those 9 to 5 guys who 179 00:08:12,209 --> 00:08:14,420 Speaker 1: are getting paid to work for a country or a 180 00:08:14,429 --> 00:08:16,929 Speaker 1: cause are also doing what we think are just like 181 00:08:16,940 --> 00:08:19,859 Speaker 1: going after companies ransomware or companies. Yeah. 182 00:08:20,100 --> 00:08:24,309 Speaker 2: Yeah. So there's a really difficult line to draw between 183 00:08:25,000 --> 00:08:28,970 Speaker 2: pure espionage state actors and then the cyber criminal gangs. 184 00:08:28,980 --> 00:08:32,679 Speaker 2: I'll give you one specific example. So North Korea, there's 185 00:08:32,690 --> 00:08:35,390 Speaker 2: a group called Lazarus, the Lazarus group which is strongly 186 00:08:35,400 --> 00:08:37,679 Speaker 2: affiliated to them. They go after the financial sector targets 187 00:08:37,690 --> 00:08:41,919 Speaker 2: in ransomware. Usually if your browser slows down, they are 188 00:08:41,929 --> 00:08:44,809 Speaker 2: the culprits, they're crypto mining on your, on your systems 189 00:08:45,609 --> 00:08:48,419 Speaker 2: and they've done some really fascinating hacks including I think 190 00:08:48,429 --> 00:08:51,070 Speaker 2: a couple of years ago the Bangladesh Bank Heist, which 191 00:08:51,080 --> 00:08:52,640 Speaker 2: in and of itself should at some point be made 192 00:08:52,650 --> 00:08:54,799 Speaker 2: into a Hollywood movie. They are already podcasts and there's 193 00:08:54,809 --> 00:08:56,718 Speaker 2: a show about it which you should watch, but 194 00:08:57,799 --> 00:09:02,449 Speaker 2: they are both financially motivated and state motivated in the 195 00:09:02,460 --> 00:09:04,739 Speaker 2: sense that North Korea has a number of restrictions on 196 00:09:04,750 --> 00:09:05,989 Speaker 2: what they can do to earn money. 197 00:09:07,380 --> 00:09:09,969 Speaker 2: Cybercrime is a great way to augment that. And there 198 00:09:09,979 --> 00:09:13,409 Speaker 2: are some uh kind of uh studies floating around that 199 00:09:13,419 --> 00:09:16,809 Speaker 2: suggest that close to a third of North Korea's income 200 00:09:17,119 --> 00:09:18,329 Speaker 2: comes out of the Lazarus group. 201 00:09:19,500 --> 00:09:22,400 Speaker 2: It is. If you imagine what a third of your 202 00:09:22,409 --> 00:09:26,119 Speaker 2: GDP A contribute to that would be looking like that's 203 00:09:26,130 --> 00:09:28,960 Speaker 2: huge for a country. So that is the kind of 204 00:09:28,969 --> 00:09:32,380 Speaker 2: scale that they operate in now. Are they purely commercial? 205 00:09:32,390 --> 00:09:34,950 Speaker 2: Are they purely state sponsored? Nobody really knows, how much 206 00:09:34,960 --> 00:09:37,400 Speaker 2: do they get to keep themselves? We're also unclear. But 207 00:09:37,409 --> 00:09:39,039 Speaker 2: we do know that if you have access to high 208 00:09:39,049 --> 00:09:40,319 Speaker 2: speed internet in North Korea, 209 00:09:41,020 --> 00:09:43,728 Speaker 2: somebody gave you that access, you didn't just walk into 210 00:09:43,739 --> 00:09:45,840 Speaker 2: a store and buy a modem and like log in, 211 00:09:45,859 --> 00:09:48,260 Speaker 2: somebody gave you that access, somebody is allowing you to 212 00:09:48,270 --> 00:09:50,799 Speaker 2: have that kind of connectivity. If you're logging in through 213 00:09:50,809 --> 00:09:53,950 Speaker 2: VPN servers that connect through places, we think our embassies 214 00:09:53,960 --> 00:09:56,968 Speaker 2: in overseas countries, somebody is allowing you to route that traffic. 215 00:09:58,159 --> 00:10:00,780 Speaker 1: OK. I want to stay with your politics. But before that, 216 00:10:00,789 --> 00:10:05,179 Speaker 1: on that very specific question, North Koreans who have massive 217 00:10:05,190 --> 00:10:10,369 Speaker 1: sanctions and restrictions on receiving payments are still getting ransomware done. 218 00:10:10,380 --> 00:10:12,140 Speaker 1: So they are settling in Cryptocurrency. 219 00:10:13,460 --> 00:10:16,330 Speaker 2: There are. Yes. So they are settling in Cryptocurrency. And 220 00:10:16,340 --> 00:10:18,919 Speaker 2: in fact, if you look at the whole ecosystem of ransomware, 221 00:10:18,929 --> 00:10:21,400 Speaker 2: which is another fascinating topic, might as well get into it. 222 00:10:21,409 --> 00:10:24,950 Speaker 2: It's a fun area. Ransomware has evolved from being a 223 00:10:24,960 --> 00:10:29,380 Speaker 2: very niche, bespoke technical attack to being an ecosystem. It's 224 00:10:29,390 --> 00:10:32,960 Speaker 2: an entire economy out there. In fact, 225 00:10:33,700 --> 00:10:36,849 Speaker 2: there are estimates that if you add together the entire 226 00:10:36,859 --> 00:10:40,059 Speaker 2: cyber criminal ecosystem in the world, it is the third 227 00:10:40,070 --> 00:10:40,819 Speaker 2: largest economy, 228 00:10:41,700 --> 00:10:44,260 Speaker 2: it is the third largest economy in the world. That's 229 00:10:44,270 --> 00:10:46,609 Speaker 2: how much money is being floating around. Now. Obviously, it's 230 00:10:46,619 --> 00:10:48,299 Speaker 2: hard to estimate what it actually is because a lot 231 00:10:48,309 --> 00:10:51,069 Speaker 2: of it is in Cryptocurrency and Cryptocurrency today could be 232 00:10:51,080 --> 00:10:51,270 Speaker 2: the 233 00:10:52,080 --> 00:10:54,020 Speaker 2: could be 95,000, it could be 80,000, it could be 234 00:10:54,030 --> 00:10:56,079 Speaker 2: 10,000 depending on what happens. So it's really hard to 235 00:10:56,090 --> 00:10:59,239 Speaker 2: estimate the value, but it is huge. Cryptocurrency provides a 236 00:10:59,250 --> 00:11:03,799 Speaker 2: great way for people to obfuscate their intentions and their transactions. 237 00:11:04,090 --> 00:11:07,030 Speaker 2: Even though a lot of the legitimate cryptocurrencies, we talk 238 00:11:07,039 --> 00:11:11,440 Speaker 2: about Bitcoins advertise themselves as having the ledger that give 239 00:11:11,450 --> 00:11:13,439 Speaker 2: clarity and transparency of transactions. 240 00:11:13,900 --> 00:11:16,809 Speaker 2: There are alternative cryptocurrencies like Monro for example, and if 241 00:11:16,820 --> 00:11:19,099 Speaker 2: you go to, please don't. But if you ever visit 242 00:11:19,109 --> 00:11:22,130 Speaker 2: the Monro website, the logo is actually a policeman with 243 00:11:22,140 --> 00:11:24,409 Speaker 2: a cross through it. That's their logo you can only 244 00:11:24,419 --> 00:11:26,500 Speaker 2: imagine the kind of services that they offer and that 245 00:11:26,510 --> 00:11:27,199 Speaker 2: is their logo. 246 00:11:27,479 --> 00:11:29,609 Speaker 2: So they are deliberately trying to hide things. There are 247 00:11:29,619 --> 00:11:32,710 Speaker 2: systems in place in that ecosystem of ransomware that allow 248 00:11:32,719 --> 00:11:36,030 Speaker 2: you to money launder, they call them laundromats you put 249 00:11:36,039 --> 00:11:39,270 Speaker 2: in Bitcoin, it mashes it up with 3040 different other currencies, 250 00:11:39,280 --> 00:11:41,859 Speaker 2: sends it out to different accounts, sends it back, send 251 00:11:41,869 --> 00:11:43,539 Speaker 2: it out, sends it back and eventually when it reaches 252 00:11:43,549 --> 00:11:44,419 Speaker 2: the final destination, 253 00:11:45,229 --> 00:11:45,789 Speaker 2: it's untreatable. 254 00:11:46,869 --> 00:11:49,489 Speaker 2: And so that's why law enforcement has this huge challenge 255 00:11:49,500 --> 00:11:52,079 Speaker 2: figuring out how did the money get out and how 256 00:11:52,090 --> 00:11:53,919 Speaker 2: did money who's receiving it at the other end? 257 00:11:54,940 --> 00:12:00,059 Speaker 2: Um Cryptocurrency unfortunately means that these transactions can happen anywhere 258 00:12:00,070 --> 00:12:02,789 Speaker 2: and everywhere. And the fiat banking system doesn't have the 259 00:12:03,099 --> 00:12:07,530 Speaker 2: KC visibility into what happened. Um And again, there is 260 00:12:07,539 --> 00:12:10,679 Speaker 2: a difference between the more legitimate cryptocurrencies that are out 261 00:12:10,690 --> 00:12:12,719 Speaker 2: there and the ones that are illegitimate, but they all 262 00:12:12,729 --> 00:12:14,770 Speaker 2: have the same function getting money from one place to 263 00:12:14,780 --> 00:12:17,200 Speaker 2: the other. One of the more interesting functions that you 264 00:12:17,210 --> 00:12:19,549 Speaker 2: see on the ransomware ecosystem is customer service. 265 00:12:19,979 --> 00:12:21,719 Speaker 2: You probably have no idea how to get my narrow. 266 00:12:21,770 --> 00:12:24,280 Speaker 2: But if you get ransom, you can call somebody. And 267 00:12:24,289 --> 00:12:26,348 Speaker 2: in any language you choose, they will walk you step 268 00:12:26,359 --> 00:12:28,619 Speaker 2: by step how to set up a wallet, how to 269 00:12:28,630 --> 00:12:30,820 Speaker 2: get the Cryptocurrency and how to transfer to their preferred 270 00:12:30,830 --> 00:12:33,840 Speaker 2: account and their customer service. No offense is better than 271 00:12:33,849 --> 00:12:37,039 Speaker 2: most banks because 24 7, they have a huge financial 272 00:12:37,049 --> 00:12:39,309 Speaker 2: incentive to get you to pay them their $3 million. 273 00:12:39,809 --> 00:12:41,460 Speaker 2: And these are not small sums of money we're talking 274 00:12:41,469 --> 00:12:41,799 Speaker 2: about 275 00:12:42,450 --> 00:12:44,189 Speaker 1: just on that issue of 276 00:12:44,679 --> 00:12:47,109 Speaker 1: you, you share with us some estimates of how large 277 00:12:47,119 --> 00:12:52,030 Speaker 1: this cybercrime economy is. How do we differentiate between things 278 00:12:52,039 --> 00:12:54,488 Speaker 1: that we hear about? Gets reported to say Interpol or 279 00:12:54,500 --> 00:12:57,619 Speaker 1: Singapore's security services and stuff that people just don't report 280 00:12:57,630 --> 00:13:00,469 Speaker 1: because they're embarrassed or they feel that it will make 281 00:13:00,479 --> 00:13:02,979 Speaker 1: their company look weak if they were to report that. 282 00:13:03,590 --> 00:13:06,739 Speaker 2: That's a, that's a real challenge. So, within the law 283 00:13:06,750 --> 00:13:09,440 Speaker 2: enforcement system, we're quite aware that what we see in 284 00:13:09,450 --> 00:13:11,718 Speaker 2: terms of reporting is the tip of the iceberg. And 285 00:13:11,729 --> 00:13:13,830 Speaker 2: the vast majority of people who suffer some form of 286 00:13:13,840 --> 00:13:17,590 Speaker 2: cyber attack either don't see a need to report it 287 00:13:17,700 --> 00:13:21,210 Speaker 2: or like you said, have challenges in reporting it. Maybe 288 00:13:21,219 --> 00:13:23,689 Speaker 2: I'll give two quick anecdotes. One is fascinating. 289 00:13:24,000 --> 00:13:27,090 Speaker 2: There was an attack on a financial institution in the 290 00:13:27,099 --> 00:13:31,700 Speaker 2: US and the cyber Attackers came in, they attacked the 291 00:13:31,710 --> 00:13:34,799 Speaker 2: company and the company tried to keep it quiet. This 292 00:13:34,809 --> 00:13:37,728 Speaker 2: was a listed company. The cyber Attackers then filed an 293 00:13:37,739 --> 00:13:42,640 Speaker 2: sec report complaining that the victim did not file a 294 00:13:42,650 --> 00:13:45,900 Speaker 2: material breach notification in time with the sec. 295 00:13:46,859 --> 00:13:49,500 Speaker 2: The Attackers filed an S ECs EC reports are not 296 00:13:49,510 --> 00:13:51,719 Speaker 2: easy to file. So these guys went through the trouble 297 00:13:51,729 --> 00:13:54,780 Speaker 2: of filing that to basically punish this person punish the 298 00:13:54,789 --> 00:13:57,099 Speaker 2: company like, hey, you're not paying me ransom and you're 299 00:13:57,109 --> 00:13:59,479 Speaker 2: not revealing to the regulators. I got you. 300 00:14:00,210 --> 00:14:02,469 Speaker 2: So that's the level of kind of complexity that we 301 00:14:02,479 --> 00:14:04,988 Speaker 2: live in. Now, these guys are really sophisticated. 302 00:14:06,969 --> 00:14:10,130 Speaker 2: The whole ecosystem has just evolved to a point where 303 00:14:11,260 --> 00:14:13,830 Speaker 2: there's a, so there's the open internet that we talk 304 00:14:13,840 --> 00:14:16,080 Speaker 2: about your things that you can find with the Google search. 305 00:14:16,280 --> 00:14:18,840 Speaker 2: There's the deep web, your whatsapp chats and signal chats 306 00:14:18,849 --> 00:14:20,799 Speaker 2: and stuff that they're on the internet, but they're hard 307 00:14:20,809 --> 00:14:22,719 Speaker 2: to search. And then there's the dark web 308 00:14:23,630 --> 00:14:26,719 Speaker 2: when we talk about estimates on the financial transactions that 309 00:14:26,729 --> 00:14:29,070 Speaker 2: are happening out there, that's what people monitor. That's where 310 00:14:29,080 --> 00:14:31,830 Speaker 2: we get maybe not a source of truth, but a 311 00:14:31,840 --> 00:14:34,440 Speaker 2: second perspective on how much money is slushing around in 312 00:14:34,450 --> 00:14:37,239 Speaker 2: this ecosystem because that's where you see people making the transaction. 313 00:14:37,250 --> 00:14:39,380 Speaker 2: Like I will sell this data for this amount of money. 314 00:14:39,390 --> 00:14:40,950 Speaker 2: I will pay you for that amount of service. I'll 315 00:14:40,960 --> 00:14:43,359 Speaker 2: get this for you. So those transactions are where we 316 00:14:43,369 --> 00:14:45,659 Speaker 2: see the liquidity happening. So 317 00:14:45,669 --> 00:14:48,070 Speaker 1: even beyond the realm of the reporting to the former 318 00:14:48,080 --> 00:14:50,049 Speaker 1: law is absolutely fascinating. 319 00:14:50,570 --> 00:14:53,750 Speaker 1: Um I want to stay on the geopolitical side. Um 320 00:14:54,260 --> 00:14:58,770 Speaker 1: There's a lot of talk about countries, critical infrastructure, electricity 321 00:14:58,780 --> 00:15:04,080 Speaker 1: healthcare database or the way you know, systems run for 322 00:15:04,090 --> 00:15:06,950 Speaker 1: hospitals and airports and so on. Um 323 00:15:08,109 --> 00:15:10,770 Speaker 1: Looking at sort of the data on how many times 324 00:15:10,780 --> 00:15:15,169 Speaker 1: these things are getting compromised. How worried or how relieved 325 00:15:15,179 --> 00:15:16,940 Speaker 1: are you? I mean, are we on top of these things? 326 00:15:17,419 --> 00:15:22,080 Speaker 2: Ok. Um So I am relieved. I live in Singapore 327 00:15:22,869 --> 00:15:25,450 Speaker 2: and I'll say that because so a couple of years ago, 328 00:15:25,460 --> 00:15:28,190 Speaker 2: we pushed this thing called the cyber Security Act. When 329 00:15:28,200 --> 00:15:31,349 Speaker 2: we first pushed it out, it was seen globally as 330 00:15:32,099 --> 00:15:33,080 Speaker 2: a little bit extreme. 331 00:15:33,700 --> 00:15:36,770 Speaker 2: Um forcing private sector companies to meet some sort of 332 00:15:36,780 --> 00:15:41,239 Speaker 2: technical standard by law with the threat of jail. Wow, 333 00:15:41,320 --> 00:15:44,989 Speaker 2: that's an unusual requirement. And when we first push it out, 334 00:15:45,000 --> 00:15:46,789 Speaker 2: there was a lot of pushback from the companies as well. 335 00:15:46,799 --> 00:15:49,619 Speaker 2: I mean, people said, look, it's a, it's a free market. 336 00:15:49,739 --> 00:15:52,869 Speaker 2: If you don't like my hospital, my power service get 337 00:15:52,880 --> 00:15:54,739 Speaker 2: somebody else. Like why are you forcing me to comply 338 00:15:54,750 --> 00:15:55,479 Speaker 2: to these standards? 339 00:15:56,020 --> 00:15:58,119 Speaker 2: But you have to remember that tech is probably the 340 00:15:58,130 --> 00:16:00,880 Speaker 2: only industry that's been immune from regulatory standards for a 341 00:16:00,890 --> 00:16:03,219 Speaker 2: very long time. If you drive a car, you have 342 00:16:03,229 --> 00:16:04,789 Speaker 2: to meet all of these requirements, you fly a plane, 343 00:16:04,799 --> 00:16:07,000 Speaker 2: there are all these requirements, even if you buy a toaster, 344 00:16:07,010 --> 00:16:09,330 Speaker 2: there are requirements about what the toaster safety looks like. 345 00:16:09,340 --> 00:16:11,820 Speaker 2: Tech for some reason has gotten by without it. So 346 00:16:11,830 --> 00:16:14,909 Speaker 2: when we pushed it out, it was quite controversial today, 347 00:16:15,010 --> 00:16:18,309 Speaker 2: more and more countries have some form of technical standard 348 00:16:18,320 --> 00:16:20,989 Speaker 2: requirements in terms of the cyber security of critical infrastructure, 349 00:16:21,849 --> 00:16:24,650 Speaker 2: we've had a head start. So like I said, in Singapore, 350 00:16:24,659 --> 00:16:27,799 Speaker 2: I'm relatively comfortable that most of our critical systems are 351 00:16:27,809 --> 00:16:31,159 Speaker 2: well defended and if they're not well defended enough, they're 352 00:16:31,169 --> 00:16:33,929 Speaker 2: better defended than at least the other targets that might 353 00:16:33,940 --> 00:16:36,809 Speaker 2: be out there. So, I guess the game here is 354 00:16:36,820 --> 00:16:39,989 Speaker 2: just to be to run faster than your neighbor rather 355 00:16:40,000 --> 00:16:42,880 Speaker 2: than the lion. The Attackers are also after money. If 356 00:16:42,890 --> 00:16:44,669 Speaker 2: they can find an easier target, they'll go for that 357 00:16:45,270 --> 00:16:49,070 Speaker 2: globally. Everybody is ratcheting up. So companies, the big companies 358 00:16:49,080 --> 00:16:52,250 Speaker 2: are starting to ask their vendors like are you cyber secure? 359 00:16:52,260 --> 00:16:55,390 Speaker 2: Are you going to introduce risks for me? Uh Countries 360 00:16:55,400 --> 00:16:58,969 Speaker 2: are starting to ask their critical systems, you know, are, 361 00:16:58,979 --> 00:17:02,070 Speaker 2: are my power grids secure? Are my banking systems secure? 362 00:17:02,179 --> 00:17:05,880 Speaker 2: Is my country going to be held hostage or taken 363 00:17:05,890 --> 00:17:09,738 Speaker 2: to its knees by criminal actors? Those are the right 364 00:17:09,750 --> 00:17:10,699 Speaker 2: questions to ask 365 00:17:11,198 --> 00:17:15,098 Speaker 2: but the implementation of regulation to ensure that is incredibly 366 00:17:15,109 --> 00:17:17,879 Speaker 2: difficult and takes a lot of political. Will I go 367 00:17:17,888 --> 00:17:20,139 Speaker 2: back to the Singapore Cyber Security Act? And to some extent, 368 00:17:21,310 --> 00:17:24,550 Speaker 2: it takes almost a criminal negligence point of view. You 369 00:17:24,560 --> 00:17:27,780 Speaker 2: built a hospital and you didn't make it secure. That's 370 00:17:27,790 --> 00:17:30,688 Speaker 2: criminally negligent. People trusted you to build a hospital that 371 00:17:30,699 --> 00:17:33,228 Speaker 2: they can feel confident in. And if you told us 372 00:17:33,239 --> 00:17:35,619 Speaker 2: that you secured it and you didn't, that should actually 373 00:17:35,630 --> 00:17:38,819 Speaker 2: be a jailable offense. So it is extreme, but it 374 00:17:38,829 --> 00:17:41,969 Speaker 2: motivates behavior like more than fines do, at least from 375 00:17:41,979 --> 00:17:42,489 Speaker 2: what we've seen 376 00:17:43,020 --> 00:17:46,149 Speaker 1: when I walk on T road, I walk by the 377 00:17:46,160 --> 00:17:49,500 Speaker 1: international headquarters of Interpol and I think their cybersecurity wing 378 00:17:49,510 --> 00:17:53,250 Speaker 1: is here. Are they and other multilateral organizations trying to 379 00:17:53,260 --> 00:17:56,400 Speaker 1: come up with a set of codes that are universally implement? 380 00:17:56,489 --> 00:18:00,780 Speaker 2: Absolutely. So I spent the last five years prior to 381 00:18:00,790 --> 00:18:03,660 Speaker 2: joining Ensign in the government. And one of the things 382 00:18:03,670 --> 00:18:05,939 Speaker 2: that we did was engage a lot with Interpol and 383 00:18:05,949 --> 00:18:07,949 Speaker 2: also engage a lot with the United Nations. 384 00:18:08,430 --> 00:18:11,089 Speaker 2: To some extent, cyber security is in this odd space 385 00:18:11,099 --> 00:18:14,079 Speaker 2: where it is a problem at state level, but a 386 00:18:14,089 --> 00:18:18,129 Speaker 2: solution at the company level. And I'll explain that. So internationally, 387 00:18:18,140 --> 00:18:20,819 Speaker 2: we need some sort of rules of the road. What 388 00:18:20,829 --> 00:18:24,280 Speaker 2: are the norms and the expectations of countries in the 389 00:18:24,290 --> 00:18:27,130 Speaker 2: way that they use the internet. It took us quite 390 00:18:27,140 --> 00:18:29,300 Speaker 2: a bit of time, but the United Nations has come 391 00:18:29,310 --> 00:18:32,250 Speaker 2: out with what we call the norms of responsible behavior 392 00:18:33,020 --> 00:18:35,968 Speaker 2: and there are 11 norms. They basically state the usual 393 00:18:35,979 --> 00:18:37,810 Speaker 2: expectations of what you can and cannot do on the 394 00:18:37,819 --> 00:18:39,550 Speaker 2: internet and what states should and should not do. 395 00:18:40,849 --> 00:18:43,069 Speaker 2: The good news is that the UN has agreed to them. 396 00:18:43,079 --> 00:18:46,500 Speaker 2: There are some norms of what responsible behavior looks like. 397 00:18:46,930 --> 00:18:49,959 Speaker 2: The bad news is that as with all international agreements, 398 00:18:49,969 --> 00:18:51,179 Speaker 2: some countries are 399 00:18:52,569 --> 00:18:56,130 Speaker 2: more willing to abide by them and some countries blatantly 400 00:18:56,140 --> 00:18:57,109 Speaker 2: flagrantly ignore them. 401 00:18:58,780 --> 00:19:00,369 Speaker 2: We portioned it 402 00:19:01,109 --> 00:19:04,069 Speaker 2: the portion of the countries that have agreed to the 403 00:19:04,079 --> 00:19:06,800 Speaker 2: norms and are trying to implement it. That's, that's the 404 00:19:06,810 --> 00:19:09,449 Speaker 2: ray of hope. That's the part where as more countries 405 00:19:09,459 --> 00:19:11,260 Speaker 2: get on board, as more countries try to understand how 406 00:19:11,270 --> 00:19:13,920 Speaker 2: to secure their critical infrastructure and agree not to attack 407 00:19:13,930 --> 00:19:17,420 Speaker 2: critical infrastructure, we will start to see the seeds of 408 00:19:17,430 --> 00:19:20,010 Speaker 2: a slightly more responsible secure internet coming up. 409 00:19:20,780 --> 00:19:23,020 Speaker 2: But unfortunately, it just takes one bad egg. And if 410 00:19:23,030 --> 00:19:24,909 Speaker 2: they disrespect all of this, if they ignore all of 411 00:19:24,920 --> 00:19:27,229 Speaker 2: it becomes a challenge, Interpol has a huge part to 412 00:19:27,239 --> 00:19:30,199 Speaker 2: play as well because in addition to the states agreeing, 413 00:19:30,910 --> 00:19:33,709 Speaker 2: the police have to enforce the challenge. Now is that 414 00:19:33,719 --> 00:19:35,319 Speaker 2: like I said, it's a state problem and a corporate 415 00:19:35,329 --> 00:19:35,688 Speaker 2: problem 416 00:19:36,530 --> 00:19:40,300 Speaker 2: states on the outcome. So if your water supply is hacked, 417 00:19:40,510 --> 00:19:41,939 Speaker 2: states deal with the problem, 418 00:19:42,640 --> 00:19:45,979 Speaker 2: but water supply is often provided by private companies. Banking 419 00:19:45,989 --> 00:19:49,589 Speaker 2: is private companies. The cloud is private companies. Everything about 420 00:19:49,599 --> 00:19:53,260 Speaker 2: the internet is owned by a private company, the government 421 00:19:53,270 --> 00:19:56,698 Speaker 2: owns nothing of the internet. Even the Telco that provides 422 00:19:56,709 --> 00:19:58,500 Speaker 2: data is a private company. 423 00:19:59,280 --> 00:20:01,119 Speaker 2: So the challenge here is that how do you get 424 00:20:01,130 --> 00:20:04,540 Speaker 2: the private companies to internalize this externality? It is a 425 00:20:04,550 --> 00:20:09,010 Speaker 2: classic economic problem. The cost is significant security is a cost. 426 00:20:09,689 --> 00:20:13,020 Speaker 2: The implications and the outcome of a negative incident is 427 00:20:13,030 --> 00:20:16,139 Speaker 2: some on the company but significantly on the externality of 428 00:20:16,150 --> 00:20:19,489 Speaker 2: the public. How do you internalize this cost? Singapore chose 429 00:20:19,500 --> 00:20:21,359 Speaker 2: regulations to do it. Other countries are trying to find 430 00:20:21,369 --> 00:20:24,188 Speaker 2: other incentives to do it. But no matter what happens, 431 00:20:24,410 --> 00:20:27,530 Speaker 2: the private sector needs to be part of that wider solution. 432 00:20:27,670 --> 00:20:29,409 Speaker 2: And today, not quite 433 00:20:30,619 --> 00:20:33,819 Speaker 1: is it really just a matter of managing the risk? 434 00:20:33,829 --> 00:20:36,599 Speaker 1: Because it doesn't seem to me, you are giving me 435 00:20:36,609 --> 00:20:38,169 Speaker 1: the sense of comfort to think that we can win 436 00:20:38,180 --> 00:20:38,698 Speaker 1: this battle. 437 00:20:40,140 --> 00:20:43,149 Speaker 2: I know. So I'm, I hope I'm not giving you 438 00:20:43,160 --> 00:20:45,739 Speaker 2: the confidence because I don't have that confidence. I, I'm 439 00:20:45,750 --> 00:20:47,520 Speaker 2: a little bit of what we call an octo pass. 440 00:20:47,650 --> 00:20:50,750 Speaker 2: A realist. I hope for the best plan for the worst, 441 00:20:50,760 --> 00:20:52,670 Speaker 2: but I expect reality to come and kick me in 442 00:20:52,680 --> 00:20:55,709 Speaker 2: the stomach. It's, it's a rough world out there. And again, 443 00:20:55,719 --> 00:20:58,989 Speaker 2: cyber security is pretty much the only industry in the 444 00:20:59,000 --> 00:21:03,170 Speaker 2: world which has this dynamic of bad guys. I mean, 445 00:21:03,369 --> 00:21:05,569 Speaker 2: you as a bank, have other competitors. Me as a 446 00:21:05,579 --> 00:21:08,579 Speaker 2: cyber security company, I have other competitors but these competitors 447 00:21:08,589 --> 00:21:09,689 Speaker 2: operate within rules. 448 00:21:11,069 --> 00:21:13,510 Speaker 2: Cyber security and tech is the only space where you 449 00:21:13,520 --> 00:21:15,780 Speaker 2: have an aggressor that doesn't operate within rules and is 450 00:21:15,790 --> 00:21:18,449 Speaker 2: deliberately trying to break you down. We invest in fire 451 00:21:18,459 --> 00:21:20,979 Speaker 2: alarms and buildings but you don't have ar is running 452 00:21:20,989 --> 00:21:22,849 Speaker 2: around trying to set fire to every building to test 453 00:21:22,859 --> 00:21:25,189 Speaker 2: whether your fire alarms work or not. But it cyber security. 454 00:21:25,199 --> 00:21:27,448 Speaker 2: You do and on a daily basis, I'm willing to 455 00:21:27,459 --> 00:21:29,829 Speaker 2: bet that a bank like yours at the scale that 456 00:21:29,839 --> 00:21:33,739 Speaker 2: you operate thousands, hundreds of thousands of probing attacks every 457 00:21:33,750 --> 00:21:36,609 Speaker 2: single day. If not every single minute, the biggest banks 458 00:21:36,619 --> 00:21:39,069 Speaker 2: in the world experience a million attacks an hour, 459 00:21:39,530 --> 00:21:42,739 Speaker 2: a million attacks an hour. So if that scale of 460 00:21:42,750 --> 00:21:43,630 Speaker 2: attacks are happening, 461 00:21:44,400 --> 00:21:46,339 Speaker 2: you just need one to leak through. So I am 462 00:21:46,349 --> 00:21:49,810 Speaker 2: not optimistic that we will solve the problem, but in 463 00:21:49,819 --> 00:21:52,750 Speaker 2: a sense, it's similar to disease control and I'm glad 464 00:21:52,760 --> 00:21:54,989 Speaker 2: that they chose the term viruses for the cyber for 465 00:21:55,000 --> 00:21:57,209 Speaker 2: technical work as well because it is like that 466 00:21:57,650 --> 00:22:00,800 Speaker 2: COVID is now endemic. Will it ever go away? No. 467 00:22:00,810 --> 00:22:03,579 Speaker 2: Will it kill a few people? Unfortunately? Yes. But we 468 00:22:03,589 --> 00:22:06,290 Speaker 2: have ways and strategies to manage the risk of its 469 00:22:06,300 --> 00:22:09,719 Speaker 2: becoming a pandemic. Again, we have ways and risks of 470 00:22:09,729 --> 00:22:13,660 Speaker 2: managing the overall population and its immunity and its ability 471 00:22:13,670 --> 00:22:17,579 Speaker 2: to be resilient. So I guess part of the thinking 472 00:22:17,589 --> 00:22:21,550 Speaker 2: is rather than thinking about how to defeat this whole problem, 473 00:22:21,699 --> 00:22:24,680 Speaker 2: how do we become resilient? How do we as a society, 474 00:22:24,689 --> 00:22:27,260 Speaker 2: as a company, as a, as an organization 475 00:22:27,739 --> 00:22:30,400 Speaker 2: build up resilience? So that even if it does come, 476 00:22:30,410 --> 00:22:33,199 Speaker 2: we've got enough immunity. Yes, you took out database A 477 00:22:33,829 --> 00:22:36,199 Speaker 2: but it was all encrypted and I've got database B 478 00:22:36,209 --> 00:22:38,849 Speaker 2: so I'm still working fine. There's a little bit of impact. 479 00:22:38,859 --> 00:22:40,250 Speaker 2: We're down for 1520 minutes. 480 00:22:40,930 --> 00:22:42,949 Speaker 2: Sometimes we had to go back to manual processes like 481 00:22:42,959 --> 00:22:46,569 Speaker 2: the incident at the airport with crowd strike. Unfortunate, but 482 00:22:46,579 --> 00:22:49,510 Speaker 2: the airport went to manual processes and people even mocked 483 00:22:49,520 --> 00:22:51,849 Speaker 2: that they were writing boarding passes. But that's actually a 484 00:22:51,859 --> 00:22:54,839 Speaker 2: great answer. Look, if you have no it systems have 485 00:22:54,849 --> 00:22:56,649 Speaker 2: a drawer full of boarding passes you can take out 486 00:22:56,660 --> 00:22:59,949 Speaker 2: and write and every single organization needs to think about. 487 00:22:59,959 --> 00:23:02,709 Speaker 2: How do you deal with the implications of the impact 488 00:23:02,719 --> 00:23:04,069 Speaker 2: of a cyber incident in a way that 489 00:23:04,760 --> 00:23:08,520 Speaker 2: degrades gracefully that the customer still has some level of service, 490 00:23:08,530 --> 00:23:10,380 Speaker 2: even if it's not the quality and the black level 491 00:23:10,390 --> 00:23:11,859 Speaker 2: that they're normally used to experiencing. 492 00:23:12,160 --> 00:23:14,380 Speaker 1: So backups redundancies. 493 00:23:14,589 --> 00:23:15,500 Speaker 2: Absolutely. 494 00:23:15,520 --> 00:23:15,739 Speaker 1: This is 495 00:23:15,750 --> 00:23:16,619 Speaker 1: a paper. 496 00:23:16,630 --> 00:23:19,139 Speaker 2: Yeah, I know whatever works for your organization at the 497 00:23:19,150 --> 00:23:22,040 Speaker 2: scale that you operated. So if you're a really sophisticated 498 00:23:22,050 --> 00:23:24,819 Speaker 2: organization having a completely what we call a second chain, 499 00:23:24,869 --> 00:23:29,369 Speaker 2: a completely backup system that fails over immediately and data 500 00:23:29,380 --> 00:23:31,140 Speaker 2: centers have this all the time, they're supposed to be 501 00:23:31,150 --> 00:23:34,619 Speaker 2: able to fail over instantly. But if you're a small shop, 502 00:23:34,910 --> 00:23:36,688 Speaker 2: maybe just have a print out at the end of 503 00:23:36,699 --> 00:23:38,449 Speaker 2: the day, print out all of your customer records. And 504 00:23:38,459 --> 00:23:40,439 Speaker 2: if really your systems get wiped out, you have a 505 00:23:40,449 --> 00:23:42,228 Speaker 2: whole bunch of print outs in a drawer somewhere, you 506 00:23:42,239 --> 00:23:44,959 Speaker 2: can take it back and reconstruct the systems. Is it tough? 507 00:23:44,969 --> 00:23:49,188 Speaker 2: Is it painful? Yes, but it builds resilience. And so 508 00:23:49,359 --> 00:23:51,800 Speaker 2: we've gone away from, and even though I'm a cyber 509 00:23:51,810 --> 00:23:56,250 Speaker 2: security company and we provide advice, our solution is never 510 00:23:56,260 --> 00:23:57,969 Speaker 2: to invest infinitely in protection. 511 00:23:58,410 --> 00:24:00,290 Speaker 2: It's great money for me, but it's not a wise 512 00:24:00,300 --> 00:24:03,459 Speaker 2: strategy for companies. You need to think about investing in 513 00:24:03,469 --> 00:24:07,458 Speaker 2: resilience and that's a balance between protection and bouncing back. 514 00:24:07,810 --> 00:24:11,270 Speaker 2: And if you don't bounce back, that's a business closure event. 515 00:24:12,050 --> 00:24:17,040 Speaker 1: This is Danny K and I think President Turner's trampoline analogy. Yes, absolutely. 516 00:24:17,420 --> 00:24:19,609 Speaker 2: Absolutely. You will fall and you will hit. And we've 517 00:24:19,619 --> 00:24:22,119 Speaker 2: seen when companies get a cyber attack of a ransomware 518 00:24:22,130 --> 00:24:25,920 Speaker 2: or data breach, stock prices get impacted customer trust gets impacted. 519 00:24:26,030 --> 00:24:29,369 Speaker 2: But we've also seen companies bounce back after that. And 520 00:24:29,380 --> 00:24:31,569 Speaker 2: quite often, what we see is that in about 40 521 00:24:31,579 --> 00:24:34,030 Speaker 2: plus days, stock prices return to normal. 522 00:24:34,459 --> 00:24:37,790 Speaker 2: And if the incident is particularly well handled stock prices 523 00:24:37,800 --> 00:24:40,719 Speaker 2: even improve because the company now takes the security much 524 00:24:40,729 --> 00:24:43,669 Speaker 2: more seriously. They are proactive in managing customers expectations and 525 00:24:43,680 --> 00:24:46,859 Speaker 2: trust and they build up better systems and governance around 526 00:24:46,869 --> 00:24:49,959 Speaker 2: their technologies to be more resilient. And so after that, 527 00:24:50,170 --> 00:24:51,760 Speaker 2: the customers and investors like 528 00:24:52,520 --> 00:24:54,579 Speaker 2: they will not get hit by the same thing. Again, 529 00:24:54,719 --> 00:24:55,889 Speaker 2: it's actually a good strategy. 530 00:24:55,900 --> 00:24:56,140 Speaker 1: Right? 531 00:24:56,739 --> 00:24:59,510 Speaker 1: At the beginning of the conversation, we are talking about 532 00:24:59,520 --> 00:25:02,250 Speaker 1: multiple actors and you said that there are state level actors, 533 00:25:02,260 --> 00:25:06,390 Speaker 1: but then you alluded to this non stake idealistic. I 534 00:25:06,400 --> 00:25:10,770 Speaker 1: don't know this crypto anarchists out there who do also, 535 00:25:10,780 --> 00:25:13,510 Speaker 1: you know damage at the geopolitical level. So give us 536 00:25:13,520 --> 00:25:17,199 Speaker 1: some examples and how do we sort of contextualize this entity? 537 00:25:17,209 --> 00:25:17,599 Speaker 2: There 538 00:25:17,609 --> 00:25:19,839 Speaker 2: are all sorts of fascinating examples. So I'll give one 539 00:25:19,849 --> 00:25:21,650 Speaker 2: that's ideological and not 540 00:25:23,329 --> 00:25:27,239 Speaker 2: not state affiliated. So there's this group that operates in Indonesia, 541 00:25:27,250 --> 00:25:28,959 Speaker 2: we think it's a group, it might be an individual 542 00:25:28,969 --> 00:25:30,040 Speaker 2: called Burka. 543 00:25:31,000 --> 00:25:33,810 Speaker 2: And despite the European sounding name, it's actually we think 544 00:25:33,819 --> 00:25:38,180 Speaker 2: it's an Indonesian person, he attacks Indonesian government systems, he 545 00:25:38,189 --> 00:25:42,030 Speaker 2: or she or they attack Indonesian government systems purely to 546 00:25:42,040 --> 00:25:44,569 Speaker 2: send the message that Indonesia needs to invest more in 547 00:25:44,579 --> 00:25:45,349 Speaker 2: cyber security. 548 00:25:46,579 --> 00:25:48,959 Speaker 2: And after every attack, they will send out a message 549 00:25:48,969 --> 00:25:50,938 Speaker 2: saying this system was not well encrypted. This thing was 550 00:25:50,949 --> 00:25:51,579 Speaker 2: not patched. 551 00:25:52,819 --> 00:25:54,890 Speaker 2: It is fascinating to observe. This person is still a 552 00:25:54,900 --> 00:25:58,479 Speaker 2: bad person is still taking down systems, but the ideology 553 00:25:58,489 --> 00:26:01,129 Speaker 2: behind it is to improve cyber security. That's one kind 554 00:26:01,160 --> 00:26:01,800 Speaker 2: of example, 555 00:26:02,959 --> 00:26:07,290 Speaker 2: I'll use Russia and Ukraine as one a separate example 556 00:26:07,300 --> 00:26:09,770 Speaker 2: and probably the start of this whole HIV 557 00:26:11,099 --> 00:26:13,929 Speaker 2: at the initiation of the conflict. When Russia first came in, 558 00:26:13,939 --> 00:26:17,560 Speaker 2: Ukraine was obviously the underdog and Ukraine needed help. What 559 00:26:17,569 --> 00:26:19,959 Speaker 2: they did was they called for assistance from all of 560 00:26:19,969 --> 00:26:22,060 Speaker 2: the Ukrainians living all around the world and all of 561 00:26:22,069 --> 00:26:24,709 Speaker 2: the Ukrainian supporters around the world. They actually created a 562 00:26:24,719 --> 00:26:27,169 Speaker 2: telegram group. I think it was called the Ukrainian Cyber 563 00:26:27,180 --> 00:26:29,819 Speaker 2: army or something along those lines. And they asked people 564 00:26:29,829 --> 00:26:31,800 Speaker 2: for help. It's like, please, you know, we're under attack, 565 00:26:31,810 --> 00:26:32,359 Speaker 2: help us 566 00:26:33,290 --> 00:26:36,109 Speaker 2: at the start. It sounded like a great idea. Rally 567 00:26:36,119 --> 00:26:38,209 Speaker 2: your friends, rally your troops, rally the people out there 568 00:26:38,219 --> 00:26:41,270 Speaker 2: who could support you in this big conflict with an aggressor, 569 00:26:41,280 --> 00:26:43,219 Speaker 1: both for defense and offense. Like 570 00:26:43,280 --> 00:26:45,089 Speaker 2: so it got complicated 571 00:26:45,780 --> 00:26:48,708 Speaker 2: during that conversation. They were like, hey, there are all 572 00:26:48,719 --> 00:26:51,489 Speaker 2: these Russian systems. If you could disable any of them, 573 00:26:51,800 --> 00:26:53,839 Speaker 2: it would make them less effective. And it would help 574 00:26:53,849 --> 00:26:54,290 Speaker 2: us 575 00:26:55,369 --> 00:26:57,909 Speaker 2: essentially what they were doing was they were motivating 576 00:26:58,829 --> 00:27:02,880 Speaker 2: cyber professionals, technical professionals who worked in companies that had 577 00:27:02,890 --> 00:27:06,829 Speaker 2: access to Russian systems to use that privileged access to 578 00:27:06,839 --> 00:27:11,250 Speaker 2: do bad things. Once you turn white hats, ethical hackers 579 00:27:11,260 --> 00:27:14,410 Speaker 2: into unethical hackers by asking them to go after targets, 580 00:27:15,069 --> 00:27:19,510 Speaker 2: you would breach a very fundamental ethical boundary. And that's 581 00:27:19,520 --> 00:27:22,869 Speaker 2: where things started to go a bit wrong once. And we, we, 582 00:27:22,880 --> 00:27:25,198 Speaker 2: we accepted it because we thought Ukraine was the underdog 583 00:27:25,209 --> 00:27:26,569 Speaker 2: and they need all the help that they could get. 584 00:27:26,579 --> 00:27:28,750 Speaker 2: In fact, we even celebrated articles talking about how they 585 00:27:28,760 --> 00:27:31,560 Speaker 2: were so innovative in getting people to support them. Now 586 00:27:31,569 --> 00:27:34,310 Speaker 2: we realize what they've done is they've unleashed. I mean, 587 00:27:34,319 --> 00:27:37,669 Speaker 2: they've opened Pandora's box, they've created a situation where legitimate 588 00:27:37,680 --> 00:27:42,458 Speaker 2: technical professionals are now distrusted. If you are a Ukrainian 589 00:27:42,469 --> 00:27:44,530 Speaker 2: or Russian working in a big tech company, 590 00:27:44,810 --> 00:27:46,229 Speaker 2: your boss is going to look at you and be like, 591 00:27:47,030 --> 00:27:48,869 Speaker 2: are you using your access to do bad things to 592 00:27:48,880 --> 00:27:51,969 Speaker 2: the other guys? Are you an activist? So it's not 593 00:27:51,979 --> 00:27:54,920 Speaker 2: just the traditional kind of criminal groups that are ideologically 594 00:27:54,930 --> 00:27:58,438 Speaker 2: motivated that are going after things. Now it's professionals, once 595 00:27:58,449 --> 00:28:00,188 Speaker 2: you open that space and you look at Now what's 596 00:28:00,199 --> 00:28:01,410 Speaker 2: happening with Israel and Hamas, 597 00:28:02,560 --> 00:28:06,089 Speaker 2: the spectrum of types of Attackers that come out, some 598 00:28:06,099 --> 00:28:11,209 Speaker 2: are directly enabled by States. Ukraine gave a target list 599 00:28:11,219 --> 00:28:14,579 Speaker 2: in a telegram chat group. Israel and Hamas are giving 600 00:28:14,589 --> 00:28:16,979 Speaker 2: motivation to people to support them, 601 00:28:17,900 --> 00:28:20,520 Speaker 2: what we see in particular in this region. So Southeast 602 00:28:20,530 --> 00:28:23,150 Speaker 2: Asia is that there are a lot of ideologically aligned 603 00:28:23,160 --> 00:28:26,119 Speaker 2: groups that are targeting companies that either for or against 604 00:28:26,130 --> 00:28:28,930 Speaker 2: Israel or Hamas. And unfortunately, it's one of those situations 605 00:28:28,939 --> 00:28:30,479 Speaker 2: where damned if you do, damned if you don't. 606 00:28:30,770 --> 00:28:33,640 Speaker 2: If you support Israel. There are groups who support Hamas 607 00:28:33,650 --> 00:28:35,609 Speaker 2: who will attack you. If you support Hamas, there are 608 00:28:35,619 --> 00:28:37,669 Speaker 2: groups that support Israel, they will attack you. If you 609 00:28:37,680 --> 00:28:39,729 Speaker 2: support neither, both will feel that you need to take 610 00:28:39,739 --> 00:28:41,709 Speaker 2: a stand and will attack you as well. So it's 611 00:28:41,719 --> 00:28:44,849 Speaker 2: really a difficult situation with companies and we are seeing 612 00:28:44,859 --> 00:28:48,939 Speaker 2: groups in particular in Malaysia and Indonesia going after targets 613 00:28:48,949 --> 00:28:50,780 Speaker 2: purely on an ideological basis. 614 00:28:52,420 --> 00:28:54,800 Speaker 2: And it's a difficult situation. We're really far away from 615 00:28:54,810 --> 00:28:57,060 Speaker 2: the conflict. It has very little to do with us 616 00:28:57,069 --> 00:28:59,420 Speaker 2: on a day to day basis. But because again, the 617 00:28:59,430 --> 00:29:01,099 Speaker 2: geography of the internet has collapsed, 618 00:29:02,430 --> 00:29:05,780 Speaker 1: I, I was only aware of the product boycott and 619 00:29:05,790 --> 00:29:07,579 Speaker 1: things like that. I wasn't aware that even in this 620 00:29:07,589 --> 00:29:10,140 Speaker 1: part of the world, we have seen cyber related incidents 621 00:29:10,150 --> 00:29:11,650 Speaker 1: based on the Middle East conflict. 622 00:29:11,660 --> 00:29:13,619 Speaker 2: Yeah. So the most visible ones that we see are 623 00:29:13,630 --> 00:29:16,380 Speaker 2: website defacements. So if you have a company website and 624 00:29:16,390 --> 00:29:18,859 Speaker 2: it's poorly secure, some bad guy will take over it 625 00:29:19,109 --> 00:29:21,939 Speaker 2: and put a message saying, you know, you supported either 626 00:29:21,949 --> 00:29:24,540 Speaker 2: Israel or Hamas and you are therefore a bad company, 627 00:29:24,550 --> 00:29:24,859 Speaker 2: you know, 628 00:29:25,199 --> 00:29:27,930 Speaker 2: so those are the most visible ones, but under the surface, 629 00:29:27,939 --> 00:29:30,390 Speaker 2: we see a ton of attacks and sometimes those attacks 630 00:29:30,400 --> 00:29:33,729 Speaker 2: are on systems that are either built by Israeli companies 631 00:29:33,739 --> 00:29:36,579 Speaker 2: or that supporters or vice versa. So there is a 632 00:29:36,589 --> 00:29:39,319 Speaker 2: ton of stuff happening below the sea level that you 633 00:29:39,329 --> 00:29:40,900 Speaker 2: can't really see, but it is happening 634 00:29:41,430 --> 00:29:42,420 Speaker 1: China us. 635 00:29:44,180 --> 00:29:46,760 Speaker 2: That's going to be a fascinating thing to watch, especially 636 00:29:46,770 --> 00:29:49,400 Speaker 2: in the next four years. Um I think one of 637 00:29:49,410 --> 00:29:53,400 Speaker 2: the biggest challenges that we saw was at the start 638 00:29:53,410 --> 00:29:58,729 Speaker 2: of China's kind of technical rise. People didn't quite take 639 00:29:58,739 --> 00:30:02,780 Speaker 2: it as seriously and to some extent, the US industrial 640 00:30:02,790 --> 00:30:05,650 Speaker 2: base had hollowed out already when we had the five 641 00:30:05,660 --> 00:30:08,280 Speaker 2: G debates. A while back, it was not a choice 642 00:30:08,290 --> 00:30:10,790 Speaker 2: between the American five G and the Chinese five G 643 00:30:10,800 --> 00:30:12,239 Speaker 2: because there was no American five G, 644 00:30:12,579 --> 00:30:14,949 Speaker 2: it was all European and they had no alternative to 645 00:30:14,959 --> 00:30:15,359 Speaker 2: offer 646 00:30:17,150 --> 00:30:20,160 Speaker 2: the rise of China's technical innovations in the last few 647 00:30:20,170 --> 00:30:24,030 Speaker 2: years has been tremendous. And I think partly fueled by 648 00:30:24,040 --> 00:30:27,760 Speaker 2: the lessons that they're learning from Russia, Ukraine, what happened 649 00:30:27,770 --> 00:30:29,469 Speaker 2: and I'll kind of jump around a little bit. But 650 00:30:29,479 --> 00:30:32,589 Speaker 2: what happened during Russia, Ukraine was the West decided that 651 00:30:32,599 --> 00:30:35,369 Speaker 2: the best strategy to contain Russia was to isolate them 652 00:30:35,380 --> 00:30:37,560 Speaker 2: on a technical level. So they took them off some 653 00:30:37,569 --> 00:30:39,760 Speaker 2: backing systems, they took them off some international kind of 654 00:30:39,770 --> 00:30:43,329 Speaker 2: technical situations systems and tried to isolate them as much 655 00:30:43,339 --> 00:30:43,890 Speaker 2: as possible. 656 00:30:45,900 --> 00:30:51,209 Speaker 2: China watched and realized that having dependencies on Western technology 657 00:30:51,219 --> 00:30:54,510 Speaker 2: and Western infrastructure was a risk. They already have their 658 00:30:54,520 --> 00:30:57,880 Speaker 2: great firewall, but now they started building their own operating systems, 659 00:30:57,890 --> 00:31:01,160 Speaker 2: their own cloud system, their whole infrastructure, the whole tech stack, 660 00:31:01,180 --> 00:31:03,660 Speaker 2: they're looking at every layer and see which part of 661 00:31:03,670 --> 00:31:05,880 Speaker 2: this do I have a dependency on something that if 662 00:31:05,890 --> 00:31:09,260 Speaker 2: it's taken out, I crumble and they're replacing it. So 663 00:31:09,270 --> 00:31:12,540 Speaker 2: instead of trying to encourage a situation where 664 00:31:12,920 --> 00:31:17,229 Speaker 2: they become more interdependent, they become more independent, I'll explain 665 00:31:17,239 --> 00:31:19,380 Speaker 2: what the problem with that is now. So 666 00:31:20,180 --> 00:31:20,479 Speaker 2: that 667 00:31:21,099 --> 00:31:23,760 Speaker 2: maybe as an analogy that I think it's an African proverb, 668 00:31:23,849 --> 00:31:27,000 Speaker 2: if you live in a village with one shared, well, 669 00:31:27,290 --> 00:31:29,430 Speaker 2: no matter how much my family hates your family and 670 00:31:29,439 --> 00:31:32,119 Speaker 2: your family hates my family, we will never poison that well, 671 00:31:32,319 --> 00:31:34,550 Speaker 2: because there is absolutely no incentive for us to do so. 672 00:31:34,760 --> 00:31:37,400 Speaker 2: The minute I have my well, and you have your, well, 673 00:31:37,560 --> 00:31:39,880 Speaker 2: the incentives flip and the game theory outcome is I 674 00:31:39,890 --> 00:31:41,619 Speaker 2: will try my best to poison your well and you 675 00:31:41,630 --> 00:31:43,280 Speaker 2: will try your best to poison my well, 676 00:31:44,020 --> 00:31:46,510 Speaker 2: in an era where we had one banking system globally 677 00:31:46,869 --> 00:31:49,020 Speaker 2: in an era where we had one technical infrastructure for 678 00:31:49,030 --> 00:31:50,800 Speaker 2: the whole cloud, for the whole internet. 679 00:31:51,430 --> 00:31:54,680 Speaker 2: I had no incentive to poison your. Well, our well, 680 00:31:54,689 --> 00:31:58,349 Speaker 2: our shared well, but when you have a western technical 681 00:31:58,359 --> 00:32:01,160 Speaker 2: ecosystem and an Eastern technical ecosystem and that tech by 682 00:32:01,280 --> 00:32:05,089 Speaker 2: location is completely segregated, the incentives flip and we will 683 00:32:05,099 --> 00:32:07,579 Speaker 2: spend all day trying to poison each other's wells. At 684 00:32:07,829 --> 00:32:10,189 Speaker 2: the point where all of our companies rely on Microsoft 685 00:32:10,199 --> 00:32:12,479 Speaker 2: Windows to power up our systems. 686 00:32:13,300 --> 00:32:14,900 Speaker 2: I'm not going to poison it. I need it as 687 00:32:14,910 --> 00:32:17,479 Speaker 2: much as you do. But if I have my country's 688 00:32:17,489 --> 00:32:20,369 Speaker 2: operating system and you have your country's operating system, it's 689 00:32:20,380 --> 00:32:22,400 Speaker 2: going to be a much more fragile world. So this 690 00:32:22,410 --> 00:32:24,829 Speaker 2: whole idea of de risking, which came about with this 691 00:32:24,839 --> 00:32:27,380 Speaker 2: whole East West conversation came about at the start of 692 00:32:27,390 --> 00:32:30,609 Speaker 2: this whole five G conversation while it addresses the tactical 693 00:32:30,619 --> 00:32:34,579 Speaker 2: risk creates a strategic risk. The tactical risk is yes, 694 00:32:34,589 --> 00:32:36,969 Speaker 2: I no longer depend on Chinese tech or Western tech, 695 00:32:36,979 --> 00:32:37,880 Speaker 2: whichever side you're from. 696 00:32:38,630 --> 00:32:41,109 Speaker 2: But the strategic risk is now, I am going to 697 00:32:41,119 --> 00:32:43,770 Speaker 2: be constantly under a barrage of attacks from the other 698 00:32:43,780 --> 00:32:46,989 Speaker 2: side that will not lead to any sort of stability. 699 00:32:47,000 --> 00:32:51,890 Speaker 2: There is no stable dynamic between this situation. So it's 700 00:32:51,900 --> 00:32:52,670 Speaker 2: going to be very tough. 701 00:32:53,199 --> 00:32:56,439 Speaker 1: This is a fascinating insight. Why aren't people listening to you? 702 00:32:56,449 --> 00:32:59,459 Speaker 1: Because this is, yeah, I I totally relate to this 703 00:32:59,469 --> 00:33:01,619 Speaker 1: point and the fact that in the name of the scheme, 704 00:33:01,630 --> 00:33:03,089 Speaker 1: we're actually increasing vulnerabilities 705 00:33:03,800 --> 00:33:06,040 Speaker 2: because on a very tactical, very short term level, it 706 00:33:06,050 --> 00:33:08,219 Speaker 2: seems to make sense, right? It seems to make sense 707 00:33:08,229 --> 00:33:11,339 Speaker 2: that hey, I I have concerns with the supplier ABC. 708 00:33:11,760 --> 00:33:14,599 Speaker 2: I'm just going to remove supplier ABC. And if supplier 709 00:33:14,609 --> 00:33:17,550 Speaker 2: abcs are from a country that I have general geopolitical 710 00:33:17,560 --> 00:33:20,739 Speaker 2: concerns with, then yes, I'll remove all of those companies 711 00:33:20,989 --> 00:33:25,229 Speaker 2: but that in the longer term and unfortunately most Corporates 712 00:33:25,239 --> 00:33:28,550 Speaker 2: in most countries don't plan and act in very long 713 00:33:28,560 --> 00:33:32,219 Speaker 2: term interests, creates a very unstable equilibrium. 714 00:33:33,530 --> 00:33:35,849 Speaker 2: I have made this point and I'm not alone. There 715 00:33:35,859 --> 00:33:38,130 Speaker 2: are many others who are making similar points. But you 716 00:33:38,140 --> 00:33:40,859 Speaker 2: look at like the Chips Act, you look at de risking, 717 00:33:40,869 --> 00:33:43,170 Speaker 2: you look at all the conversations that are happening on Telco. 718 00:33:43,510 --> 00:33:46,949 Speaker 2: It is a very similar line of logic. The other 719 00:33:46,959 --> 00:33:48,989 Speaker 2: implication for all of this is in terms of great 720 00:33:49,000 --> 00:33:51,849 Speaker 2: power competition. So part of the reason why the US 721 00:33:51,859 --> 00:33:54,670 Speaker 2: started the Chips Act was because firstly, the risking they 722 00:33:54,680 --> 00:33:57,699 Speaker 2: wanted to have onshore chip production capabilities. But secondly, they 723 00:33:57,709 --> 00:34:01,630 Speaker 2: wanted to reignite the industrial base, get tech back up. 724 00:34:02,500 --> 00:34:06,089 Speaker 2: But by doing so, they've also incentivized China to double 725 00:34:06,099 --> 00:34:09,609 Speaker 2: down on. It's their splitting moment. It is there, it 726 00:34:09,620 --> 00:34:12,989 Speaker 2: is their moment to now suddenly spark off. And previously, 727 00:34:13,000 --> 00:34:15,770 Speaker 2: when they would have been in a more interdependent economic system, 728 00:34:15,780 --> 00:34:17,729 Speaker 2: they like, you know, it's OK. I'll get some stuff 729 00:34:17,739 --> 00:34:20,419 Speaker 2: from them, I'll sell some stuff from them there, there's 730 00:34:20,429 --> 00:34:23,859 Speaker 2: an ecosystem of buying and selling and we don't have 731 00:34:23,870 --> 00:34:24,800 Speaker 2: to have all of it on our own. 732 00:34:25,520 --> 00:34:28,699 Speaker 2: But once you make it such an obvious strategy that 733 00:34:28,709 --> 00:34:32,510 Speaker 2: you want to have your own capacity and capabilities, the 734 00:34:32,520 --> 00:34:34,279 Speaker 2: other guy is going to do the same thing. And 735 00:34:34,290 --> 00:34:37,310 Speaker 2: at this point in the technological evolution, China does have 736 00:34:37,320 --> 00:34:39,409 Speaker 2: a little bit of a head start. They have the 737 00:34:39,419 --> 00:34:41,489 Speaker 2: capabilities and the capacity to do a lot of things. 738 00:34:41,510 --> 00:34:43,919 Speaker 1: Actually, I've been thinking about this issue myself, which is 739 00:34:44,050 --> 00:34:46,719 Speaker 1: I think the view in the West, particularly the US 740 00:34:46,729 --> 00:34:49,040 Speaker 1: has been that if you sort of stop the Chinese 741 00:34:49,050 --> 00:34:52,379 Speaker 1: from accessing the latest in tech technology or rather chip technology, 742 00:34:52,688 --> 00:34:55,089 Speaker 1: that there will be a widening gap. I think the 743 00:34:55,099 --> 00:34:57,529 Speaker 1: lesson from the last eight years is that there is 744 00:34:57,539 --> 00:35:02,628 Speaker 1: a whole range of stack on non chip specific technology 745 00:35:02,638 --> 00:35:05,857 Speaker 1: from like building green transition related things to large tractors 746 00:35:05,868 --> 00:35:09,509 Speaker 1: to protein folding. You don't need the two nanometers, what 747 00:35:09,518 --> 00:35:12,049 Speaker 1: the Chinese have, they can get by and do very well. 748 00:35:12,118 --> 00:35:15,519 Speaker 1: And even the journey from say 7 to 5. Now 749 00:35:15,529 --> 00:35:17,627 Speaker 1: when I talk to chips especially, they don't say it's impossible. 750 00:35:17,638 --> 00:35:19,308 Speaker 1: Four or five years ago, people told me it was 751 00:35:19,319 --> 00:35:21,549 Speaker 1: impossible for the Chinese to ever come up with smaller 752 00:35:21,559 --> 00:35:22,349 Speaker 1: chips on their own. 753 00:35:22,560 --> 00:35:24,810 Speaker 1: But even like lithography and stuff, nobody thinks that it 754 00:35:24,820 --> 00:35:27,459 Speaker 1: is only a Sm L's game. Forever. Forever is a 755 00:35:27,469 --> 00:35:28,569 Speaker 1: very long time. So 756 00:35:29,159 --> 00:35:32,350 Speaker 2: no I, so without getting to the technicalities of it, 757 00:35:32,510 --> 00:35:35,830 Speaker 2: I also don't think it's impossible. But I will say 758 00:35:35,840 --> 00:35:38,729 Speaker 2: that even if, even if it takes them a really 759 00:35:38,739 --> 00:35:41,409 Speaker 2: long time, there's a lot of stuff you can do, 760 00:35:41,419 --> 00:35:44,479 Speaker 2: which is more compute. I said it is more condensed, correct. 761 00:35:44,909 --> 00:35:48,540 Speaker 2: And they have scale, right? They have production capacity at 762 00:35:48,709 --> 00:35:52,250 Speaker 2: enormous scale which does not require them to force that 763 00:35:52,260 --> 00:35:55,189 Speaker 2: miniaturization that the West is looking at and it is 764 00:35:55,199 --> 00:35:58,090 Speaker 2: more efficient, it is more effective, etcetera, etcetera. But they 765 00:35:58,100 --> 00:36:01,409 Speaker 2: have scale and they have data, right? Put those two together, 766 00:36:01,540 --> 00:36:03,120 Speaker 2: you look at what A I is happening in China 767 00:36:03,129 --> 00:36:05,469 Speaker 2: and it's tremendous, the scale and the speed that they're 768 00:36:05,479 --> 00:36:05,819 Speaker 2: moving 769 00:36:05,830 --> 00:36:06,100 Speaker 2: at. 770 00:36:06,260 --> 00:36:08,030 Speaker 1: OK. I was waiting for you to mention the word 771 00:36:08,040 --> 00:36:10,689 Speaker 1: A I, all right. So cyber security and A I, 772 00:36:11,820 --> 00:36:15,000 Speaker 2: oh that I think is the game changer on both sides. 773 00:36:15,010 --> 00:36:18,270 Speaker 2: Um I was just involved in conversations again at the 774 00:36:18,280 --> 00:36:21,198 Speaker 2: United Nations looking at how A I is impacted cyber 775 00:36:21,209 --> 00:36:23,280 Speaker 2: from the offensive and the defensive side. 776 00:36:24,149 --> 00:36:26,270 Speaker 2: It is a productivity tool for the Attackers just as 777 00:36:26,280 --> 00:36:28,589 Speaker 2: it is for the defenders. And we're seeing it, we're 778 00:36:28,600 --> 00:36:29,459 Speaker 2: seeing 779 00:36:30,790 --> 00:36:35,689 Speaker 2: amateur maybe beginner Attackers used their version of Chad GPT 780 00:36:35,889 --> 00:36:39,050 Speaker 2: to build out and understand technical vulnerabilities and exploits. 781 00:36:40,800 --> 00:36:43,859 Speaker 2: One of the most apparent examples that ordinary people feel 782 00:36:43,870 --> 00:36:46,290 Speaker 2: is that the quality of phishing emails has gotten better. 783 00:36:46,669 --> 00:36:48,500 Speaker 2: There was an era where we used to all joke 784 00:36:48,510 --> 00:36:50,870 Speaker 2: about the Nigerian Princes and how badly written those emails 785 00:36:50,879 --> 00:36:51,139 Speaker 2: were 786 00:36:52,199 --> 00:36:55,409 Speaker 2: today, you cannot tell the difference between a human and 787 00:36:55,419 --> 00:36:58,340 Speaker 2: a bot. And in fact, there was a period where 788 00:36:58,350 --> 00:37:00,090 Speaker 2: we used to tell people spot the signs of fishing, 789 00:37:00,100 --> 00:37:02,149 Speaker 2: look out for the spelling errors and the grammatical errors 790 00:37:02,159 --> 00:37:05,560 Speaker 2: and the punctuation errors today. If there are no spelling 791 00:37:05,570 --> 00:37:08,520 Speaker 2: errors and no grammatical errors, that's the, that's the phishing 792 00:37:08,530 --> 00:37:11,800 Speaker 2: email because the humans still make typos. I still have 793 00:37:11,810 --> 00:37:13,340 Speaker 2: punctuation errors in my emails. 794 00:37:14,159 --> 00:37:16,859 Speaker 2: We are now in a situation where telling fiction from 795 00:37:16,870 --> 00:37:20,138 Speaker 2: reality is incredibly difficult because of generative A I and 796 00:37:20,149 --> 00:37:22,010 Speaker 2: the Attackers are using it not just for the deep 797 00:37:22,020 --> 00:37:24,429 Speaker 2: fake images and the fake news and all of that, 798 00:37:24,560 --> 00:37:27,198 Speaker 2: but also just to lure people into clicking a link 799 00:37:27,209 --> 00:37:32,300 Speaker 2: to create websites that look incredibly realistic on the fly. 800 00:37:32,560 --> 00:37:35,780 Speaker 2: And that generative A I capability is tremendously powerful in 801 00:37:35,790 --> 00:37:36,449 Speaker 2: their hands. 802 00:37:38,000 --> 00:37:40,300 Speaker 2: The challenges that we are going to see with A 803 00:37:40,310 --> 00:37:42,709 Speaker 2: I being both a productivity tool as well as a 804 00:37:42,719 --> 00:37:45,540 Speaker 2: tool for greater sophistication means that the quality and the 805 00:37:45,550 --> 00:37:47,010 Speaker 2: volume of attacks are going to go up 806 00:37:48,050 --> 00:37:52,250 Speaker 2: on the defender side. It is incredibly useful. And I 807 00:37:52,260 --> 00:37:54,610 Speaker 2: would say that A I in my view does two 808 00:37:54,620 --> 00:37:59,570 Speaker 2: things very well. It finds needles and organizes haystacks, it 809 00:37:59,580 --> 00:38:01,850 Speaker 2: finds needles in the sense that it finds unusual spiky 810 00:38:01,860 --> 00:38:02,399 Speaker 2: behavior 811 00:38:03,459 --> 00:38:05,860 Speaker 2: on a daily basis. Go checks his email from 9 812 00:38:05,870 --> 00:38:08,419 Speaker 2: to 5 suddenly on a Thursday at 3 a.m. he 813 00:38:08,429 --> 00:38:10,929 Speaker 2: sends out a one gigabyte file. That's a needle, that's 814 00:38:10,939 --> 00:38:14,360 Speaker 2: a spiky behavior. That's unusual. Something was wrong, either legitimate 815 00:38:14,620 --> 00:38:18,000 Speaker 2: but unusual or illegitimate. And so it will flag that 816 00:38:18,010 --> 00:38:21,280 Speaker 2: up and say, look, sending out an email of three 817 00:38:21,290 --> 00:38:24,020 Speaker 2: gigabytes is allowed by our system. But this guy, it's 818 00:38:24,060 --> 00:38:26,719 Speaker 2: unusual based on our behavioral analysis and A I is 819 00:38:26,729 --> 00:38:27,419 Speaker 2: great at that. 820 00:38:27,840 --> 00:38:31,459 Speaker 2: The other thing it's great at is organizing haystacks, small 821 00:38:31,469 --> 00:38:34,060 Speaker 2: data points that on their own don't really mean much. 822 00:38:34,250 --> 00:38:36,530 Speaker 2: But if you put them together in an interesting way, 823 00:38:36,540 --> 00:38:40,320 Speaker 2: you get an insight. Like over time, your computer has 824 00:38:40,330 --> 00:38:44,069 Speaker 2: been performing slower and slower over time, the data that 825 00:38:44,080 --> 00:38:46,500 Speaker 2: is sending up to this particular address is increasing a 826 00:38:46,510 --> 00:38:49,739 Speaker 2: little bit by little bit each day. Why would that be, 827 00:38:49,899 --> 00:38:52,729 Speaker 2: what's an insight we can gain from that? So it's 828 00:38:52,739 --> 00:38:54,899 Speaker 2: great at organizing these kind of haystacks. 829 00:38:55,300 --> 00:38:57,729 Speaker 2: You put those two needles and haystacks together and that's 830 00:38:57,739 --> 00:39:00,949 Speaker 2: cyber security. It's trying to understand when there is malicious 831 00:39:00,959 --> 00:39:05,090 Speaker 2: activity inside your corporate network and usually manifest in either 832 00:39:05,100 --> 00:39:08,479 Speaker 2: spiky unusual behavior or a trend of unusual things. And 833 00:39:08,489 --> 00:39:10,729 Speaker 2: if you can catch that early enough, you can stop 834 00:39:10,739 --> 00:39:13,659 Speaker 2: it from becoming an impact. So the whole game now 835 00:39:13,669 --> 00:39:15,899 Speaker 2: is for A I for defenders is to use A 836 00:39:15,909 --> 00:39:18,860 Speaker 2: I in detecting malicious activity inside the networks. 837 00:39:19,290 --> 00:39:22,729 Speaker 2: Attackers still cannot use A I. Once they get it, 838 00:39:22,979 --> 00:39:25,370 Speaker 2: they use it to knock on the door to break in. 839 00:39:25,590 --> 00:39:27,580 Speaker 2: But once they get in, they're on their own, you 840 00:39:27,590 --> 00:39:30,500 Speaker 2: can't bring it with you. It's a huge payload to 841 00:39:30,510 --> 00:39:33,709 Speaker 2: bring into an attack. But defenders have the entire perimeter 842 00:39:33,719 --> 00:39:36,260 Speaker 2: on their own so they can put A I to work. 843 00:39:36,479 --> 00:39:38,158 Speaker 2: And I think at the scale of data that most 844 00:39:38,169 --> 00:39:40,280 Speaker 2: companies are operating at now, you can get a lot 845 00:39:40,290 --> 00:39:43,149 Speaker 2: of fascinating insights. And more importantly, humans can't do it. 846 00:39:43,439 --> 00:39:45,370 Speaker 2: The amount of data that a bank like yours would 847 00:39:45,379 --> 00:39:49,199 Speaker 2: process on a daily basis internally would overwhelm your human operator. 848 00:39:49,209 --> 00:39:51,290 Speaker 2: So you have to use some sort of algorithms or 849 00:39:51,379 --> 00:39:53,760 Speaker 2: A I for it. The challenge we have is that 850 00:39:53,770 --> 00:39:57,129 Speaker 2: A I is a little bit unpredictable by design. It 851 00:39:57,139 --> 00:40:01,020 Speaker 2: is a statistical system and statistical systems inherently work on probabilities, 852 00:40:01,389 --> 00:40:03,870 Speaker 2: which means that there is a 90% chance it's correct. 853 00:40:03,879 --> 00:40:05,949 Speaker 2: There's a 10% chance it hallucinated and give you a 854 00:40:05,959 --> 00:40:07,419 Speaker 2: completely bad answer. 855 00:40:08,350 --> 00:40:09,888 Speaker 2: And that will always be the case. So we need 856 00:40:09,899 --> 00:40:12,800 Speaker 2: to figure out a way to design around that. There's 857 00:40:12,810 --> 00:40:15,469 Speaker 2: a whole other interesting conversation about securing A I itself, 858 00:40:15,479 --> 00:40:18,959 Speaker 2: which today is a very nascent area. We don't quite 859 00:40:18,969 --> 00:40:21,090 Speaker 2: understand how to secure A I because it doesn't work 860 00:40:21,100 --> 00:40:25,000 Speaker 2: like traditional software, traditional software is if this, then that, 861 00:40:25,219 --> 00:40:27,300 Speaker 2: which means if I program a software to say what 862 00:40:27,310 --> 00:40:29,779 Speaker 2: color is the sky, the answer is blue. And if 863 00:40:29,790 --> 00:40:31,530 Speaker 2: it doesn't give me the answer of blue. I'll flag 864 00:40:31,540 --> 00:40:33,229 Speaker 2: up an error and I know somebody hacked my system 865 00:40:33,239 --> 00:40:35,209 Speaker 2: because the answer is not blue. But if you ask 866 00:40:35,219 --> 00:40:36,620 Speaker 2: A I, what color is the sky? Where? Well, it's 867 00:40:36,629 --> 00:40:37,330 Speaker 2: black at night. 868 00:40:38,090 --> 00:40:41,010 Speaker 2: That's true. It's red in the morning. That's true. It's 869 00:40:41,020 --> 00:40:44,279 Speaker 2: gray in London also. True. So it may not ever 870 00:40:44,290 --> 00:40:46,629 Speaker 2: give you blue. But is that an error, is that 871 00:40:46,639 --> 00:40:47,709 Speaker 2: performing correctly? 872 00:40:48,429 --> 00:40:51,429 Speaker 2: You can't build those same security rules to determine if 873 00:40:51,439 --> 00:40:52,810 Speaker 2: the A I is failed because it might just be 874 00:40:52,820 --> 00:40:55,879 Speaker 2: performing as expected. And so securing A I is another 875 00:40:55,889 --> 00:40:58,320 Speaker 2: huge challenge that we're going to see as more companies 876 00:40:58,330 --> 00:41:00,110 Speaker 2: incorporate A I into the infrastructure. 877 00:41:00,989 --> 00:41:06,449 Speaker 1: Our cyber practices are largely driven by infrastructure created by 878 00:41:06,459 --> 00:41:10,040 Speaker 1: very large companies from Aws to Google and then on 879 00:41:10,050 --> 00:41:11,330 Speaker 1: the social media world, all the 880 00:41:11,770 --> 00:41:14,979 Speaker 1: Facebook of the world. So in this new A I 881 00:41:15,000 --> 00:41:18,050 Speaker 1: wave that is now just about two years old. Are 882 00:41:18,060 --> 00:41:20,929 Speaker 1: we seeing large companies play as dominant a role or 883 00:41:20,939 --> 00:41:22,790 Speaker 1: is it becoming a more of a decentralized world? 884 00:41:23,560 --> 00:41:24,179 Speaker 2: But 885 00:41:25,010 --> 00:41:27,709 Speaker 2: you have, so I'll talk about the decentralized portion. First, 886 00:41:27,719 --> 00:41:31,979 Speaker 2: you have a tremendous amount of tools available in the 887 00:41:31,989 --> 00:41:35,080 Speaker 2: open source area in the open source domain that already 888 00:41:35,090 --> 00:41:37,000 Speaker 2: empower a vast number of people to use A I 889 00:41:37,010 --> 00:41:40,080 Speaker 2: at home. You can go to this place called Hugging Face, 890 00:41:40,090 --> 00:41:43,330 Speaker 2: download a model, run it on your Macbook super easy 891 00:41:43,340 --> 00:41:45,629 Speaker 2: and you can do everything from generating poetry to generating 892 00:41:45,639 --> 00:41:50,110 Speaker 2: photographs by yourself. Without the internet, after you've downloaded the models, 893 00:41:50,239 --> 00:41:51,989 Speaker 2: that's a few gigabytes. It's not difficult to do 894 00:41:53,469 --> 00:41:56,689 Speaker 2: at the same time. While it's decentralized to the extent 895 00:41:56,699 --> 00:41:59,310 Speaker 2: that individuals can run their own and build their own models, 896 00:41:59,320 --> 00:42:02,759 Speaker 2: it's also become a game of very high performance compute. 897 00:42:03,209 --> 00:42:05,139 Speaker 2: So part of the reason why NVIDIA is kind of 898 00:42:05,149 --> 00:42:07,780 Speaker 2: surged ahead is because they offer the kind of high 899 00:42:07,790 --> 00:42:09,469 Speaker 2: powered computer that's optimized for A I. 900 00:42:10,610 --> 00:42:15,550 Speaker 2: These cloud service providers and chip manufacturers and the providers 901 00:42:15,560 --> 00:42:20,050 Speaker 2: of high performance compute will run far ahead. The type 902 00:42:20,060 --> 00:42:22,320 Speaker 2: of complex work that they can do. And I'm, you know, 903 00:42:22,330 --> 00:42:24,669 Speaker 2: my company is building many of these tools with them. 904 00:42:25,899 --> 00:42:28,379 Speaker 2: The type of high performance A I things that you 905 00:42:28,389 --> 00:42:32,520 Speaker 2: can do will be fascinating. We are already seeing the 906 00:42:32,530 --> 00:42:35,239 Speaker 2: surge of activity in terms of use cases for A 907 00:42:35,250 --> 00:42:38,080 Speaker 2: I and to some extent, I am far more bullish 908 00:42:38,090 --> 00:42:40,149 Speaker 2: on A I than I ever was on crypto. But 909 00:42:40,159 --> 00:42:43,120 Speaker 2: I do think that this whole space will continue to 910 00:42:43,129 --> 00:42:45,850 Speaker 2: create a lot of productivity and a lot of interesting 911 00:42:45,860 --> 00:42:48,639 Speaker 2: use cases and value for ordinary people and for companies 912 00:42:49,600 --> 00:42:52,520 Speaker 1: and the large companies that we're talking about which have 913 00:42:52,530 --> 00:42:56,250 Speaker 1: all those great M one and M 100 chips. Are 914 00:42:56,260 --> 00:42:59,060 Speaker 1: they being cognizant of the cybersecurity aspect? 915 00:43:01,409 --> 00:43:04,638 Speaker 2: We still operate in a world where the fundamental mantra 916 00:43:04,649 --> 00:43:08,100 Speaker 2: for tech is move fast and break. That's right. And 917 00:43:08,110 --> 00:43:11,080 Speaker 2: there is no better example of what move fast and 918 00:43:11,090 --> 00:43:14,020 Speaker 2: break things looks like than what we saw in terms 919 00:43:14,030 --> 00:43:17,110 Speaker 2: of the governance of open A I very few companies 920 00:43:17,120 --> 00:43:19,360 Speaker 2: have the ability to fire their own board. 921 00:43:20,750 --> 00:43:23,070 Speaker 2: Yeah, very few companies have the ability to fire their 922 00:43:23,080 --> 00:43:25,569 Speaker 2: own board. And at the point where you can fire 923 00:43:25,580 --> 00:43:27,830 Speaker 2: the governance layer for your own company because you want 924 00:43:27,840 --> 00:43:30,959 Speaker 2: to move faster, you have to ask real questions about 925 00:43:30,969 --> 00:43:32,510 Speaker 2: what is the actual 926 00:43:33,770 --> 00:43:38,830 Speaker 2: risk management culture in that organization? How fast are they 927 00:43:38,840 --> 00:43:42,069 Speaker 2: prepared to move and how slow are they prepared to 928 00:43:42,080 --> 00:43:46,030 Speaker 2: take the risks? I offer an analogy with another domain 929 00:43:46,040 --> 00:43:49,929 Speaker 2: of technology where we deliberately slow down cloning, we have 930 00:43:49,939 --> 00:43:52,090 Speaker 2: the ability to do cloning. In the late nineties. I 931 00:43:52,100 --> 00:43:54,989 Speaker 2: think we all read about Dolly. The shape and human 932 00:43:55,000 --> 00:43:58,909 Speaker 2: cloning is eminently possible. Today, bioengineering is also very possible, 933 00:43:59,219 --> 00:44:03,429 Speaker 2: but we as a human society decided, let's slow down. 934 00:44:03,959 --> 00:44:06,219 Speaker 2: This doesn't feel like a good idea. At this point, 935 00:44:06,600 --> 00:44:08,889 Speaker 2: I don't think we should do this. So we slow 936 00:44:08,899 --> 00:44:10,250 Speaker 2: that entire trajectory down. 937 00:44:11,659 --> 00:44:15,040 Speaker 2: That industry is heavily regulated, medical testing, medical experimentation is 938 00:44:15,050 --> 00:44:18,790 Speaker 2: a heavily regulated industry. You cannot try cloning without getting 939 00:44:18,800 --> 00:44:20,600 Speaker 2: into a whole bunch of problems in most countries. 940 00:44:21,500 --> 00:44:24,550 Speaker 2: But tech again is an unregulated space. So A I 941 00:44:24,560 --> 00:44:27,399 Speaker 2: is doing a lot of things and it's adding value, 942 00:44:27,889 --> 00:44:31,239 Speaker 2: but it's not managing the risks very well. And you'll 943 00:44:31,250 --> 00:44:34,040 Speaker 2: see this in every single A I solution out there. 944 00:44:34,050 --> 00:44:36,540 Speaker 2: It's trying its best to prevent it from being used 945 00:44:36,550 --> 00:44:38,760 Speaker 2: to generate deep fake nudes, for example. 946 00:44:39,469 --> 00:44:43,010 Speaker 2: But we have an epidemic right now rampant deep fake news, 947 00:44:43,020 --> 00:44:45,330 Speaker 2: South Korea. It's happening in Singapore. It's happening everywhere in 948 00:44:45,340 --> 00:44:48,620 Speaker 2: the world. How do you stop that? Fake news is 949 00:44:48,629 --> 00:44:49,689 Speaker 2: a general concept. 950 00:44:50,429 --> 00:44:53,159 Speaker 2: It's impossible at this point to stop because everybody has 951 00:44:53,169 --> 00:44:56,010 Speaker 2: access to a simple tool that can create a photograph 952 00:44:56,100 --> 00:44:58,750 Speaker 2: of me doing a bad thing and me and a 953 00:44:58,760 --> 00:45:01,750 Speaker 2: story being written about that bad thing, I can't stop it. 954 00:45:01,889 --> 00:45:04,520 Speaker 2: And you put companies on the defensive all the time. 955 00:45:04,909 --> 00:45:07,080 Speaker 2: The challenge with the big companies is that they are 956 00:45:07,090 --> 00:45:10,419 Speaker 2: going to keep pushing really far and really fast. They 957 00:45:10,429 --> 00:45:12,360 Speaker 2: do say all the right things. So most of the 958 00:45:12,370 --> 00:45:15,969 Speaker 2: big tech companies have great frameworks around ethical A I 959 00:45:16,050 --> 00:45:18,819 Speaker 2: have great frameworks about responsible and secure A I. 960 00:45:19,300 --> 00:45:22,879 Speaker 2: But the actual implementation lacks many of those safeguards because 961 00:45:23,000 --> 00:45:27,629 Speaker 2: it's hard and because it's hard, they may not prioritize 962 00:45:27,639 --> 00:45:31,280 Speaker 2: them all the time. I'm not optimistic that companies will 963 00:45:31,729 --> 00:45:34,909 Speaker 2: take the cloning path for example and slow down deliberately 964 00:45:34,919 --> 00:45:36,250 Speaker 2: so that they're comfortable with 965 00:45:36,260 --> 00:45:36,469 Speaker 2: it. 966 00:45:36,739 --> 00:45:41,879 Speaker 1: The money talks girl, you said that you're very constructive 967 00:45:41,889 --> 00:45:44,719 Speaker 1: on the productivity gains from A I, not as much 968 00:45:44,729 --> 00:45:46,120 Speaker 1: as you have been on crypto, 969 00:45:46,580 --> 00:45:47,919 Speaker 1: but there seems to be a lot of people who 970 00:45:47,929 --> 00:45:49,679 Speaker 1: are really bullish crypto these days as you and I 971 00:45:49,689 --> 00:45:53,590 Speaker 1: speak it's hitting 95,000 Bitcoin. Um One of the appeals 972 00:45:53,600 --> 00:45:56,989 Speaker 1: of crypto is that, you know, it's compute heavy to, 973 00:45:57,000 --> 00:45:59,860 Speaker 1: you know, counterfeit and therefore there's a fixed number of 974 00:45:59,870 --> 00:46:03,649 Speaker 1: bitcoins and the mining gets progressively increased, expensive because of 975 00:46:03,659 --> 00:46:07,250 Speaker 1: all the cryptography element of boundary. And leading us into 976 00:46:07,260 --> 00:46:11,469 Speaker 1: the question of quantum, will that entire infrastructure 977 00:46:11,870 --> 00:46:18,439 Speaker 1: become sort of completely undermined if quantum computing becomes ubiquitous? 978 00:46:18,909 --> 00:46:22,929 Speaker 2: So it will be uh there's a transition, there's a journey. 979 00:46:22,939 --> 00:46:24,909 Speaker 2: And I I do think that there are risk. I 980 00:46:24,919 --> 00:46:28,169 Speaker 2: sit in both conversations. So I'm in conversations with folks 981 00:46:28,179 --> 00:46:30,540 Speaker 2: who are very optimistic on cryptography. I'm also in conversation 982 00:46:30,550 --> 00:46:32,049 Speaker 2: with folks who are very optimistic on quantum. 983 00:46:33,129 --> 00:46:36,689 Speaker 2: Those two conversations rarely intersect because it's it's it's a 984 00:46:36,699 --> 00:46:37,790 Speaker 2: bit of oil and water. 985 00:46:39,659 --> 00:46:43,399 Speaker 2: The whole Blockchain and kind of Cryptocurrency world exists on 986 00:46:43,409 --> 00:46:46,320 Speaker 2: the basis of cryptographic fundamentals. And as you mentioned, the 987 00:46:46,330 --> 00:46:48,669 Speaker 2: cryptographic fundamentals are robust enough such that you need a 988 00:46:48,679 --> 00:46:50,229 Speaker 2: lot of compute in order to break it. 989 00:46:51,300 --> 00:46:52,520 Speaker 2: But if you could break it, 990 00:46:53,169 --> 00:46:57,409 Speaker 2: if you can break the cryptographic fundamentals behind Bitcoin or 991 00:46:57,419 --> 00:46:58,189 Speaker 2: whatever it is, 992 00:46:59,199 --> 00:47:03,280 Speaker 2: you undermine the entire value proposition that that thing offered. 993 00:47:04,510 --> 00:47:07,889 Speaker 2: The argument is that quantum will come out in stages. 994 00:47:08,149 --> 00:47:11,090 Speaker 2: The first stage is the ability to decrypt things 995 00:47:11,729 --> 00:47:15,810 Speaker 2: and the ability to decrypt things will be destructive. It 996 00:47:15,820 --> 00:47:17,790 Speaker 2: will undermine for example, Bitcoin 997 00:47:18,550 --> 00:47:21,260 Speaker 2: more so than some of the other ones because the 998 00:47:21,270 --> 00:47:23,009 Speaker 2: crypto referendums are rather old. 999 00:47:24,370 --> 00:47:26,790 Speaker 2: The challenge with cryptocurrencies is that if you try to 1000 00:47:26,969 --> 00:47:32,000 Speaker 2: change the cryptographic fundamentals halfway through, it's really hard. Once 1001 00:47:32,010 --> 00:47:34,250 Speaker 2: you end up doing a hard fork, you actually lose 1002 00:47:34,260 --> 00:47:36,489 Speaker 2: the previously, you actually lose all of the previous value. 1003 00:47:36,949 --> 00:47:39,270 Speaker 2: And it's very difficult to transition that value into the 1004 00:47:39,280 --> 00:47:42,139 Speaker 2: new fork. And you've seen this with other cryptocurrencies that 1005 00:47:42,149 --> 00:47:44,540 Speaker 2: they have done a hard fork and have lost previous value. 1006 00:47:45,310 --> 00:47:47,419 Speaker 2: There are some cryptocurrencies that will come out that are newer, 1007 00:47:47,429 --> 00:47:52,060 Speaker 2: that will use more modern cryptographic standards, perhaps even quantum 1008 00:47:52,070 --> 00:47:56,429 Speaker 2: resistant post quantum cryptography, but they will be new and 1009 00:47:56,439 --> 00:47:59,520 Speaker 2: they won't be the $95,000 guy. So there will be 1010 00:47:59,530 --> 00:48:03,810 Speaker 2: this era of transition and difficulty because the first use 1011 00:48:03,820 --> 00:48:05,770 Speaker 2: case of quantum computing will be to decrypt. 1012 00:48:07,459 --> 00:48:11,659 Speaker 2: Once enough people have access to a quantum computer, then 1013 00:48:11,669 --> 00:48:13,060 Speaker 2: you can use it to encrypt, 1014 00:48:13,850 --> 00:48:17,709 Speaker 2: then you can have a Blockchain that uses quantum as 1015 00:48:17,719 --> 00:48:21,509 Speaker 2: the cryptographic fundamental generator. But we're very far away from 1016 00:48:21,520 --> 00:48:25,040 Speaker 2: that at the point where quantum cryptography becomes something that's 1017 00:48:25,050 --> 00:48:29,370 Speaker 2: accessible to the ordinary person. We're a decade at least away. 1018 00:48:29,489 --> 00:48:31,510 Speaker 2: And the reason why it's different from cloud is because 1019 00:48:31,520 --> 00:48:34,089 Speaker 2: quantum is a physics problem. It's not just a scaling 1020 00:48:34,100 --> 00:48:37,129 Speaker 2: problem cloud is a scaling problem. If you know Zimbabwe 1021 00:48:37,139 --> 00:48:39,260 Speaker 2: wants it. If Brunei wants it, if Singapore wants it, 1022 00:48:39,270 --> 00:48:41,229 Speaker 2: it's a scaling problem. And in fact, you don't even 1023 00:48:41,239 --> 00:48:42,489 Speaker 2: need to have your own cloud, you just need to 1024 00:48:42,500 --> 00:48:43,589 Speaker 2: have access to the internet 1025 00:48:44,149 --> 00:48:46,709 Speaker 2: quantum will be different. You will need to have a 1026 00:48:46,719 --> 00:48:51,090 Speaker 2: physical environment that's stable enough to actually build a quantum 1027 00:48:51,100 --> 00:48:53,620 Speaker 2: computer and very few countries will have access to that. 1028 00:48:53,729 --> 00:48:55,409 Speaker 2: And if you look at the programs around the world, 1029 00:48:55,419 --> 00:48:58,739 Speaker 2: most of the quantum programs are being sponsored by militaries, 1030 00:48:59,229 --> 00:49:01,820 Speaker 2: which indicates, I mean, I'm sure many militaries are interested 1031 00:49:01,830 --> 00:49:02,580 Speaker 2: in curing cancer, 1032 00:49:03,750 --> 00:49:06,000 Speaker 2: but there will also be other use cases that they 1033 00:49:06,010 --> 00:49:09,379 Speaker 2: have for it in terms of espionage. And once you 1034 00:49:09,389 --> 00:49:15,870 Speaker 2: start to decrypt internet protocols, decrypt transaction protocols, decrypt cryptographic fundamentals, 1035 00:49:16,129 --> 00:49:21,419 Speaker 2: you create that instability. That makes me wonder whether today's 1036 00:49:21,429 --> 00:49:25,709 Speaker 2: cryptography based tokens products tools will survive, 1037 00:49:25,840 --> 00:49:28,580 Speaker 1: right? So let me broaden that specific discussion in the 1038 00:49:28,590 --> 00:49:30,138 Speaker 1: context of geopolitics. 1039 00:49:30,409 --> 00:49:33,389 Speaker 1: Um who has the lead in quantum is the us 1040 00:49:33,399 --> 00:49:35,409 Speaker 1: way ahead of the Russians and the Chinese and the 1041 00:49:35,419 --> 00:49:36,189 Speaker 1: North Koreans. 1042 00:49:36,219 --> 00:49:36,239 Speaker 2: It 1043 00:49:36,570 --> 00:49:40,750 Speaker 2: is really hard to tell. Um So the Europeans, so 1044 00:49:40,760 --> 00:49:43,979 Speaker 2: what we know about is what the West openly declares 1045 00:49:43,989 --> 00:49:46,120 Speaker 2: and I think they are quite transparent in terms of 1046 00:49:46,129 --> 00:49:48,330 Speaker 2: what they are building and what they're doing. There are 1047 00:49:48,340 --> 00:49:52,360 Speaker 2: many open quantum initiatives I was talking to leads at 1048 00:49:52,370 --> 00:49:56,030 Speaker 2: some in Geneva and they're pushing this idea of openness 1049 00:49:56,040 --> 00:49:58,100 Speaker 2: because they want quantum to be something that people talk 1050 00:49:58,110 --> 00:49:59,110 Speaker 2: about and understand 1051 00:49:59,899 --> 00:50:01,250 Speaker 2: and used responsibly. 1052 00:50:02,429 --> 00:50:04,169 Speaker 2: But there are many other countries who invest in quantum 1053 00:50:04,179 --> 00:50:05,330 Speaker 2: that don't tell people what they're doing. 1054 00:50:06,129 --> 00:50:07,819 Speaker 2: And so I have no idea whether they are ahead 1055 00:50:07,830 --> 00:50:12,129 Speaker 2: or not. My assumption is that the West is currently 1056 00:50:12,139 --> 00:50:13,340 Speaker 2: likely to be ahead. 1057 00:50:14,080 --> 00:50:17,129 Speaker 2: But we have another trajectory that's come in, that's kind 1058 00:50:17,139 --> 00:50:17,290 Speaker 2: of 1059 00:50:18,020 --> 00:50:20,639 Speaker 2: made things a bit harder to assess. And I'll explain 1060 00:50:20,649 --> 00:50:24,489 Speaker 2: why we assume that research in quantum was a straight line. 1061 00:50:24,500 --> 00:50:27,979 Speaker 2: More phd students studying quantum, it will move a little 1062 00:50:27,989 --> 00:50:30,080 Speaker 2: bit faster. But now I've got a I 1063 00:50:31,229 --> 00:50:34,649 Speaker 2: that a conversation has become a productivity tool for phd 1064 00:50:34,659 --> 00:50:37,669 Speaker 2: S as well for the researchers, the types of work 1065 00:50:37,679 --> 00:50:40,750 Speaker 2: that they are asking their models to do overnight before 1066 00:50:40,760 --> 00:50:43,729 Speaker 2: they come back previously, took a year of phd research 1067 00:50:43,739 --> 00:50:47,239 Speaker 2: systems to produce. So we are now seeing a sudden 1068 00:50:47,250 --> 00:50:49,739 Speaker 2: change in the trajectory of research in quantum. 1069 00:50:50,459 --> 00:50:52,550 Speaker 2: Does that mean it move faster? Does that mean countries 1070 00:50:52,560 --> 00:50:54,800 Speaker 2: will suddenly be able to accelerate countries that have A 1071 00:50:54,810 --> 00:50:59,169 Speaker 2: I at scale in their domestic environment? Can they do 1072 00:50:59,179 --> 00:51:01,889 Speaker 2: more with it? I don't know. So that's the disruptive 1073 00:51:01,899 --> 00:51:04,360 Speaker 2: power which I'm not quite sure how the trajectory plays out. 1074 00:51:04,479 --> 00:51:07,319 Speaker 2: All I do know is comment everybody A I is 1075 00:51:07,330 --> 00:51:09,959 Speaker 2: making a difference in their research and we're seeing things 1076 00:51:09,969 --> 00:51:10,638 Speaker 2: move faster. 1077 00:51:11,340 --> 00:51:14,489 Speaker 1: This is just so cool. I was going to end 1078 00:51:14,500 --> 00:51:17,520 Speaker 1: our conversation with your advice for corporate leaders. I think 1079 00:51:17,530 --> 00:51:19,459 Speaker 1: we have talked about it already. We should really stop 1080 00:51:19,469 --> 00:51:22,840 Speaker 1: in that really fascinating, brave new world phase go Kirsty. 1081 00:51:23,000 --> 00:51:24,790 Speaker 1: Thank you so much for your insights. 1082 00:51:25,000 --> 00:51:25,330 Speaker 2: Thank 1083 00:51:25,340 --> 00:51:26,610 Speaker 2: you so much. For having me and I hope I 1084 00:51:26,620 --> 00:51:29,179 Speaker 2: didn't scare you too much. I am still an optimist 1085 00:51:29,189 --> 00:51:31,449 Speaker 2: at heart. I just plan for the worst and we 1086 00:51:31,459 --> 00:51:33,080 Speaker 2: figure out how to deal with reality a lot. What 1087 00:51:33,090 --> 00:51:34,870 Speaker 2: was the phrase octo realist, realist? 1088 00:51:35,689 --> 00:51:37,070 Speaker 1: You heard it for the first time here? 1089 00:51:37,360 --> 00:51:40,860 Speaker 1: Uh Thanks to our listeners as well. All 142 episodes 1090 00:51:40,870 --> 00:51:43,750 Speaker 1: of copy time are available on youtube and on all 1091 00:51:43,760 --> 00:51:47,570 Speaker 1: major podcast platforms including Apple Google and Spotify. Uh The 1092 00:51:47,580 --> 00:51:50,840 Speaker 1: podcast was produced by Ken Delbridge from spy studios, Violet 1093 00:51:50,850 --> 00:51:54,409 Speaker 1: Lee and Daisy Sherman provided additional assistance. Uh As for 1094 00:51:54,419 --> 00:51:56,870 Speaker 1: our research publications, webinars, you can find them all by 1095 00:51:56,879 --> 00:51:59,500 Speaker 1: Googling devious research library. Have a great day.