WEBVTT - Kopi Time E142 - Tech and security with Gaurav Keerthi 0:00:05.860 --> 0:00:08.840 Welcome to Copy Time, a podcast series on Markets and 0:00:08.850 --> 0:00:11.970 Economies from D BS Group Research. I'm Timur, big chief economist, 0:00:11.978 --> 0:00:16.520 welcoming you to our 142nd episode. We've had experts from 0:00:16.530 --> 0:00:19.558 many walks of life on copy time, but a former 0:00:19.569 --> 0:00:22.520 military officer, I'm quite sure if that's a first today. 0:00:22.649 --> 0:00:24.700 I'm looking forward to having a chat with gov Ky, 0:00:25.309 --> 0:00:28.899 head of Advisory and Emerging Business at Ensign Infosec Security. 0:00:28.909 --> 0:00:33.250 His advisory firm helps organizations boards and leadership navigate cybersecurity 0:00:33.259 --> 0:00:35.019 risks in their digital transformation. 0:00:35.360 --> 0:00:39.349 Previously, Brigadier General Kirti was the Deputy chief executive of 0:00:39.360 --> 0:00:43.299 the cybersecurity Agency of Singapore and the Deputy Commissioner for cybersecurity. 0:00:43.310 --> 0:00:45.500 He was formerly a pilot in the Republic of Singapore 0:00:45.509 --> 0:00:47.659 Air Force and rose to become the Commander of the 0:00:47.668 --> 0:00:51.459 Air Defense and Operations Command K. Kirti. Welcome to Kobe Time. 0:00:51.470 --> 0:00:53.000 Thank you so much for having me looking forward to 0:00:53.009 --> 0:00:53.659 the conversation. 0:00:53.668 --> 0:00:54.159 It's 0:00:54.169 --> 0:00:55.880 great to, great to have you. I've been looking forward 0:00:55.889 --> 0:00:58.819 to this chat gov, I'm going to try to get 0:00:58.830 --> 0:01:02.659 our conversation going with the intersection of geopolitics and cyber security. 0:01:02.939 --> 0:01:06.230 I remember a couple of years ago when Russia's invasion 0:01:06.239 --> 0:01:09.239 of Ukraine began, there were all these fears, particularly in 0:01:09.250 --> 0:01:09.639 Europe 0:01:10.639 --> 0:01:14.790 grids will shut down and hacking will take place and 0:01:14.800 --> 0:01:16.709 then with all the stuff that's going on in the 0:01:16.720 --> 0:01:19.800 Middle East, we've seen Israel, you know, do cyber attacks 0:01:19.809 --> 0:01:23.440 on Iran's nuclear facility. Iran has tried to match, I 0:01:23.449 --> 0:01:25.709 think they have failed to match the Israelis, but they've tried. 0:01:26.000 --> 0:01:27.690 So there are all sorts of things going on. So 0:01:27.699 --> 0:01:30.589 tell us a little bit about that area where geopolitics 0:01:30.599 --> 0:01:32.069 collides with cybersecurity. 0:01:32.110 --> 0:01:34.819 Sure. So that's a fascinating question. It's a great place 0:01:34.830 --> 0:01:36.620 to start because there's so much happening there. 0:01:36.830 --> 0:01:39.009 And it's probably the place where most people read about 0:01:39.019 --> 0:01:41.139 it in the news. That's the stuff that grabs the headlines. 0:01:41.339 --> 0:01:43.050 But let me step back a little bit just to 0:01:43.059 --> 0:01:47.699 help people understand why it's become such an intersection. Fundamentally, 0:01:47.709 --> 0:01:50.970 the internet is insecure. It was not built securely. It 0:01:50.980 --> 0:01:53.290 was built by a bunch of tech nerds and universities 0:01:53.300 --> 0:01:55.669 to help them share information. So it's never built to 0:01:55.680 --> 0:01:58.529 be that robust to withstand that kind of attacks, the 0:01:58.540 --> 0:02:00.129 stuff that we built on top of it, all the 0:02:00.139 --> 0:02:01.650 software or the content 0:02:01.889 --> 0:02:04.629 also not built with security in mind. There's this whole 0:02:04.639 --> 0:02:08.110 movement now to make things secure by design because surprise 0:02:08.119 --> 0:02:09.669 they were not secure by design. 0:02:11.360 --> 0:02:13.000 The second thing about the internet that we need to 0:02:13.008 --> 0:02:17.020 understand is that there is an asymmetry, Attackers have the advantage. 0:02:17.029 --> 0:02:19.500 It is the only place where you can get robbed 0:02:19.508 --> 0:02:22.410 from 1000 miles away. And in the physical world, you 0:02:22.419 --> 0:02:24.179 have your wallet, you have your phone in your pockets. 0:02:24.490 --> 0:02:26.339 As long as you keep your hands nearby, you can 0:02:26.350 --> 0:02:28.639 avoid being pickpocketed because somebody has to come up close 0:02:28.649 --> 0:02:31.300 to you. There's a physical proximity to a real world robbery. 0:02:31.538 --> 0:02:34.520 But in the digital world, firstly, it's built insecurely. And secondly, 0:02:34.529 --> 0:02:37.990 there's this geographical depth that people can have, the Attackers 0:02:38.000 --> 0:02:39.139 can rob anything anywhere 0:02:40.080 --> 0:02:42.690 you put those two together and you have a toxic 0:02:42.699 --> 0:02:46.270 and potent combination for Attackers running wild. So that's the 0:02:46.279 --> 0:02:47.009 starting point. 0:02:48.258 --> 0:02:50.229 There are three types of Attackers that we talk about 0:02:50.240 --> 0:02:53.649 when we talk about geopolitics and generally cyber attacks. The 0:02:53.660 --> 0:02:56.000 first are the ones that are state sponsored. There are 0:02:56.008 --> 0:02:59.038 some bad guys out there who it's their day job. 0:02:59.229 --> 0:03:02.389 They are funded by either the government or the military 0:03:02.399 --> 0:03:05.889 of that country to specifically go after digital targets. And 0:03:05.899 --> 0:03:08.079 that's that, that day job. Their mission, they work 9 0:03:08.089 --> 0:03:09.720 to 5 hours and that's what they do. 0:03:10.419 --> 0:03:13.389 There's another group which are ideologically motivated. 0:03:15.320 --> 0:03:18.889 They can be sometimes state affiliated. They believe in the 0:03:18.899 --> 0:03:21.389 vision of their country. You mentioned Russia, Ukraine. That was 0:03:21.399 --> 0:03:23.289 a very good example. I'll talk about that later on 0:03:24.229 --> 0:03:27.240 and they want to push a certain message out. Sometimes 0:03:27.250 --> 0:03:29.788 it's cause based, sometimes it's country based, sometimes it's supporting 0:03:29.800 --> 0:03:30.570 their country in war. 0:03:31.630 --> 0:03:34.619 The third group are the straightforward ones, criminals. They just 0:03:34.630 --> 0:03:37.990 want the money. But in geopolitical contest, sometimes they want 0:03:38.000 --> 0:03:40.550 money to sponsor activities that their cause is doing or 0:03:40.559 --> 0:03:43.929 sometimes they want the money to loot while there's a ramp, 0:03:43.979 --> 0:03:45.089 while there's chaos going on. 0:03:45.800 --> 0:03:47.850 So those are the Attackers. Now we come to the 0:03:47.860 --> 0:03:50.360 geopolitics itself and the stuff that we're reading about. The 0:03:50.369 --> 0:03:52.190 most exciting event in the last couple of weeks was 0:03:52.199 --> 0:03:52.929 the US election. 0:03:54.179 --> 0:03:57.380 Elections are a great time for Attackers to go to 0:03:57.389 --> 0:03:59.990 work for a number of reasons. Those who are state 0:04:00.000 --> 0:04:01.160 sponsored Attackers, 0:04:01.779 --> 0:04:04.839 they want to influence the outcome. Some countries want their 0:04:04.850 --> 0:04:08.550 preferred candidate to win. Some countries want just so instability 0:04:08.559 --> 0:04:11.199 and discord within a country to make them less effective 0:04:11.210 --> 0:04:13.089 as a competitor. And there are all sorts of narratives 0:04:13.100 --> 0:04:15.820 that go on at play in an election anyways, 0:04:16.700 --> 0:04:19.049 a lot of the attacks that you usually read about 0:04:19.059 --> 0:04:21.769 are information attacks, fake news about this candidate, fake news 0:04:21.779 --> 0:04:24.299 about that party, fake news about this incident. That's the 0:04:24.309 --> 0:04:25.299 information space, 0:04:25.950 --> 0:04:28.059 but there's a lot of attacks that happened on not 0:04:28.070 --> 0:04:30.869 just election infrastructure but technical infrastructure in the run up 0:04:30.880 --> 0:04:33.950 to an election to cause people to lose a little 0:04:33.959 --> 0:04:36.970 bit of faith in the prevailing party or system. 0:04:37.869 --> 0:04:40.659 One of the most compelling hacks that we saw in 0:04:40.670 --> 0:04:43.839 recent years was the Democratic National Congress hack where a 0:04:43.850 --> 0:04:46.600 whole bunch of emails were leaked out. Was there anything 0:04:46.869 --> 0:04:50.140 terribly damaging in the emails? Not really, but it cast 0:04:50.149 --> 0:04:53.010 shadow over the particular candidate that was hacked and in 0:04:53.019 --> 0:04:55.510 the end, that can be lost because of the hack, 0:04:55.519 --> 0:04:59.070 maybe not but became enough of a trending conversation. Obviously, 0:04:59.079 --> 0:05:01.690 since then, all of the candidates have learned how to 0:05:01.700 --> 0:05:04.349 protect themselves and to protect themselves a bit better in 0:05:04.359 --> 0:05:04.928 an election. 0:05:05.320 --> 0:05:09.079 But geopolitics and cyber interface most sharply when it comes 0:05:09.089 --> 0:05:09.649 to elections. 0:05:09.660 --> 0:05:10.290 Can I ask you one 0:05:10.299 --> 0:05:12.000 question, elections, electronic voting 0:05:12.010 --> 0:05:12.640 machines? 0:05:13.850 --> 0:05:17.489 That's a great question. So look, there is this conference 0:05:17.500 --> 0:05:19.540 in the US called De Corner Love it. It's a 0:05:19.549 --> 0:05:20.779 conference where 0:05:21.738 --> 0:05:24.760 many industries have conferences. This is an industry conference among 0:05:24.769 --> 0:05:27.320 the bad guys. So they come together and they're not 0:05:27.329 --> 0:05:29.670 really bad people. They just people who are interested in 0:05:29.678 --> 0:05:31.738 how things work and how to break things. So they 0:05:31.750 --> 0:05:33.529 get together, we call them white hats. Some of them 0:05:33.540 --> 0:05:35.380 are gray hats, some of them are black hats, which 0:05:35.390 --> 0:05:38.920 means they operate in the not so legal realm of work. 0:05:39.410 --> 0:05:40.959 But one of the things that they do is they 0:05:40.970 --> 0:05:44.790 look at election voting machines, electronic voting machines and they 0:05:44.799 --> 0:05:45.920 try to see if they can break it. 0:05:47.059 --> 0:05:50.350 Surprise, surprise, all of the voting machines can be broken, 0:05:50.450 --> 0:05:52.738 they can all be interfered with. And the challenge is 0:05:52.750 --> 0:05:58.170 that actually building an an election system at scale in 0:05:58.178 --> 0:06:02.820 a large country which is completely immune to disruption or 0:06:02.829 --> 0:06:05.799 interference is incredibly expensive and difficult 0:06:06.720 --> 0:06:09.339 as a result. Most countries still use paper ballot, 0:06:10.910 --> 0:06:13.229 much harder to interfere with that. But even then, even 0:06:13.238 --> 0:06:15.799 if you're voting on paper at some point, you have 0:06:15.809 --> 0:06:18.440 to count the number of slips and send that electronically 0:06:18.450 --> 0:06:21.160 to somebody else. Those systems are also part of the 0:06:21.170 --> 0:06:24.269 whole machinery that people try to interrupt. And even if 0:06:24.279 --> 0:06:27.269 you can change the result, just disrupting the sending of 0:06:27.279 --> 0:06:29.540 data from one state back to central 0:06:30.209 --> 0:06:33.269 has significant implications. There's timelines they need to meet if 0:06:33.279 --> 0:06:35.279 your system goes down and you can't meet that count 0:06:35.290 --> 0:06:36.589 before the clock ends. 0:06:37.619 --> 0:06:39.730 What does that mean? Is it an invalid election? Do 0:06:39.738 --> 0:06:41.238 you need to do it again? Is there doubt over 0:06:41.250 --> 0:06:44.299 the quality of the results? Just showing that kind of 0:06:44.309 --> 0:06:47.459 doubt is enough. So electronic voting machines, people have been 0:06:47.470 --> 0:06:50.079 studying them for a while but the cost of implementing 0:06:50.089 --> 0:06:52.079 them at scale, I mean for a small country like Singapore, 0:06:52.089 --> 0:06:54.118 maybe you can get away with it. But for a 0:06:54.130 --> 0:06:57.920 much larger country which is geographically spread out, it's expensive. 0:06:58.170 --> 0:07:01.640 We've had some really large elections this year. Indonesia, India, 0:07:01.649 --> 0:07:04.959 United States. So literally billions of people have voted this year. 0:07:05.190 --> 0:07:07.329 So shall we take some comfort in that this year 0:07:07.339 --> 0:07:10.609 was not characterized by hiking related risks on elections? 0:07:10.799 --> 0:07:10.809 I 0:07:10.820 --> 0:07:11.540 think. 0:07:11.670 --> 0:07:13.540 So we can take some comfort from it, but I 0:07:13.549 --> 0:07:14.209 will 0:07:16.109 --> 0:07:17.670 color it slightly differently. 0:07:19.059 --> 0:07:22.059 There were enough other reasons for cyber Attackers to go 0:07:22.070 --> 0:07:25.260 on war without having the elections as the primary target 0:07:25.540 --> 0:07:28.519 this year. As you mentioned at the start was there's 0:07:28.529 --> 0:07:32.440 conflict between Russia and Ukraine. Still the Middle East conflict 0:07:32.450 --> 0:07:36.149 has really expanded. The East West tensions have also grown 0:07:36.160 --> 0:07:38.519 quite significantly, particularly China and the West. In terms of 0:07:38.529 --> 0:07:42.000 tech application, there are layers and layers than the South 0:07:42.010 --> 0:07:45.119 China Sea in Taiwan. There's layers and layers of confrontations 0:07:45.130 --> 0:07:46.440 happening around the world. 0:07:47.269 --> 0:07:50.929 There's enough reasons for people to be involved in cyberattacks 0:07:50.940 --> 0:07:55.170 already without having to target specifically elections. So that's the 0:07:55.179 --> 0:07:56.170 not so good news of it 0:07:57.119 --> 0:08:01.809 when we talk about ju political actors who are adversaries. 0:08:02.109 --> 0:08:04.929 But are you telling me that sometimes they are also 0:08:04.940 --> 0:08:07.519 going after a very mundane private sector stuff which we 0:08:07.529 --> 0:08:10.010 might think that actually are targets of playing. They are 0:08:10.109 --> 0:08:12.200 bad guys. But actually those 9 to 5 guys who 0:08:12.209 --> 0:08:14.420 are getting paid to work for a country or a 0:08:14.429 --> 0:08:16.929 cause are also doing what we think are just like 0:08:16.940 --> 0:08:19.859 going after companies ransomware or companies. Yeah. 0:08:20.100 --> 0:08:24.309 Yeah. So there's a really difficult line to draw between 0:08:25.000 --> 0:08:28.970 pure espionage state actors and then the cyber criminal gangs. 0:08:28.980 --> 0:08:32.679 I'll give you one specific example. So North Korea, there's 0:08:32.690 --> 0:08:35.390 a group called Lazarus, the Lazarus group which is strongly 0:08:35.400 --> 0:08:37.679 affiliated to them. They go after the financial sector targets 0:08:37.690 --> 0:08:41.919 in ransomware. Usually if your browser slows down, they are 0:08:41.929 --> 0:08:44.809 the culprits, they're crypto mining on your, on your systems 0:08:45.609 --> 0:08:48.419 and they've done some really fascinating hacks including I think 0:08:48.429 --> 0:08:51.070 a couple of years ago the Bangladesh Bank Heist, which 0:08:51.080 --> 0:08:52.640 in and of itself should at some point be made 0:08:52.650 --> 0:08:54.799 into a Hollywood movie. They are already podcasts and there's 0:08:54.809 --> 0:08:56.718 a show about it which you should watch, but 0:08:57.799 --> 0:09:02.449 they are both financially motivated and state motivated in the 0:09:02.460 --> 0:09:04.739 sense that North Korea has a number of restrictions on 0:09:04.750 --> 0:09:05.989 what they can do to earn money. 0:09:07.380 --> 0:09:09.969 Cybercrime is a great way to augment that. And there 0:09:09.979 --> 0:09:13.409 are some uh kind of uh studies floating around that 0:09:13.419 --> 0:09:16.809 suggest that close to a third of North Korea's income 0:09:17.119 --> 0:09:18.329 comes out of the Lazarus group. 0:09:19.500 --> 0:09:22.400 It is. If you imagine what a third of your 0:09:22.409 --> 0:09:26.119 GDP A contribute to that would be looking like that's 0:09:26.130 --> 0:09:28.960 huge for a country. So that is the kind of 0:09:28.969 --> 0:09:32.380 scale that they operate in now. Are they purely commercial? 0:09:32.390 --> 0:09:34.950 Are they purely state sponsored? Nobody really knows, how much 0:09:34.960 --> 0:09:37.400 do they get to keep themselves? We're also unclear. But 0:09:37.409 --> 0:09:39.039 we do know that if you have access to high 0:09:39.049 --> 0:09:40.319 speed internet in North Korea, 0:09:41.020 --> 0:09:43.728 somebody gave you that access, you didn't just walk into 0:09:43.739 --> 0:09:45.840 a store and buy a modem and like log in, 0:09:45.859 --> 0:09:48.260 somebody gave you that access, somebody is allowing you to 0:09:48.270 --> 0:09:50.799 have that kind of connectivity. If you're logging in through 0:09:50.809 --> 0:09:53.950 VPN servers that connect through places, we think our embassies 0:09:53.960 --> 0:09:56.968 in overseas countries, somebody is allowing you to route that traffic. 0:09:58.159 --> 0:10:00.780 OK. I want to stay with your politics. But before that, 0:10:00.789 --> 0:10:05.179 on that very specific question, North Koreans who have massive 0:10:05.190 --> 0:10:10.369 sanctions and restrictions on receiving payments are still getting ransomware done. 0:10:10.380 --> 0:10:12.140 So they are settling in Cryptocurrency. 0:10:13.460 --> 0:10:16.330 There are. Yes. So they are settling in Cryptocurrency. And 0:10:16.340 --> 0:10:18.919 in fact, if you look at the whole ecosystem of ransomware, 0:10:18.929 --> 0:10:21.400 which is another fascinating topic, might as well get into it. 0:10:21.409 --> 0:10:24.950 It's a fun area. Ransomware has evolved from being a 0:10:24.960 --> 0:10:29.380 very niche, bespoke technical attack to being an ecosystem. It's 0:10:29.390 --> 0:10:32.960 an entire economy out there. In fact, 0:10:33.700 --> 0:10:36.849 there are estimates that if you add together the entire 0:10:36.859 --> 0:10:40.059 cyber criminal ecosystem in the world, it is the third 0:10:40.070 --> 0:10:40.819 largest economy, 0:10:41.700 --> 0:10:44.260 it is the third largest economy in the world. That's 0:10:44.270 --> 0:10:46.609 how much money is being floating around. Now. Obviously, it's 0:10:46.619 --> 0:10:48.299 hard to estimate what it actually is because a lot 0:10:48.309 --> 0:10:51.069 of it is in Cryptocurrency and Cryptocurrency today could be 0:10:51.080 --> 0:10:51.270 the 0:10:52.080 --> 0:10:54.020 could be 95,000, it could be 80,000, it could be 0:10:54.030 --> 0:10:56.079 10,000 depending on what happens. So it's really hard to 0:10:56.090 --> 0:10:59.239 estimate the value, but it is huge. Cryptocurrency provides a 0:10:59.250 --> 0:11:03.799 great way for people to obfuscate their intentions and their transactions. 0:11:04.090 --> 0:11:07.030 Even though a lot of the legitimate cryptocurrencies, we talk 0:11:07.039 --> 0:11:11.440 about Bitcoins advertise themselves as having the ledger that give 0:11:11.450 --> 0:11:13.439 clarity and transparency of transactions. 0:11:13.900 --> 0:11:16.809 There are alternative cryptocurrencies like Monro for example, and if 0:11:16.820 --> 0:11:19.099 you go to, please don't. But if you ever visit 0:11:19.109 --> 0:11:22.130 the Monro website, the logo is actually a policeman with 0:11:22.140 --> 0:11:24.409 a cross through it. That's their logo you can only 0:11:24.419 --> 0:11:26.500 imagine the kind of services that they offer and that 0:11:26.510 --> 0:11:27.199 is their logo. 0:11:27.479 --> 0:11:29.609 So they are deliberately trying to hide things. There are 0:11:29.619 --> 0:11:32.710 systems in place in that ecosystem of ransomware that allow 0:11:32.719 --> 0:11:36.030 you to money launder, they call them laundromats you put 0:11:36.039 --> 0:11:39.270 in Bitcoin, it mashes it up with 3040 different other currencies, 0:11:39.280 --> 0:11:41.859 sends it out to different accounts, sends it back, send 0:11:41.869 --> 0:11:43.539 it out, sends it back and eventually when it reaches 0:11:43.549 --> 0:11:44.419 the final destination, 0:11:45.229 --> 0:11:45.789 it's untreatable. 0:11:46.869 --> 0:11:49.489 And so that's why law enforcement has this huge challenge 0:11:49.500 --> 0:11:52.079 figuring out how did the money get out and how 0:11:52.090 --> 0:11:53.919 did money who's receiving it at the other end? 0:11:54.940 --> 0:12:00.059 Um Cryptocurrency unfortunately means that these transactions can happen anywhere 0:12:00.070 --> 0:12:02.789 and everywhere. And the fiat banking system doesn't have the 0:12:03.099 --> 0:12:07.530 KC visibility into what happened. Um And again, there is 0:12:07.539 --> 0:12:10.679 a difference between the more legitimate cryptocurrencies that are out 0:12:10.690 --> 0:12:12.719 there and the ones that are illegitimate, but they all 0:12:12.729 --> 0:12:14.770 have the same function getting money from one place to 0:12:14.780 --> 0:12:17.200 the other. One of the more interesting functions that you 0:12:17.210 --> 0:12:19.549 see on the ransomware ecosystem is customer service. 0:12:19.979 --> 0:12:21.719 You probably have no idea how to get my narrow. 0:12:21.770 --> 0:12:24.280 But if you get ransom, you can call somebody. And 0:12:24.289 --> 0:12:26.348 in any language you choose, they will walk you step 0:12:26.359 --> 0:12:28.619 by step how to set up a wallet, how to 0:12:28.630 --> 0:12:30.820 get the Cryptocurrency and how to transfer to their preferred 0:12:30.830 --> 0:12:33.840 account and their customer service. No offense is better than 0:12:33.849 --> 0:12:37.039 most banks because 24 7, they have a huge financial 0:12:37.049 --> 0:12:39.309 incentive to get you to pay them their $3 million. 0:12:39.809 --> 0:12:41.460 And these are not small sums of money we're talking 0:12:41.469 --> 0:12:41.799 about 0:12:42.450 --> 0:12:44.189 just on that issue of 0:12:44.679 --> 0:12:47.109 you, you share with us some estimates of how large 0:12:47.119 --> 0:12:52.030 this cybercrime economy is. How do we differentiate between things 0:12:52.039 --> 0:12:54.488 that we hear about? Gets reported to say Interpol or 0:12:54.500 --> 0:12:57.619 Singapore's security services and stuff that people just don't report 0:12:57.630 --> 0:13:00.469 because they're embarrassed or they feel that it will make 0:13:00.479 --> 0:13:02.979 their company look weak if they were to report that. 0:13:03.590 --> 0:13:06.739 That's a, that's a real challenge. So, within the law 0:13:06.750 --> 0:13:09.440 enforcement system, we're quite aware that what we see in 0:13:09.450 --> 0:13:11.718 terms of reporting is the tip of the iceberg. And 0:13:11.729 --> 0:13:13.830 the vast majority of people who suffer some form of 0:13:13.840 --> 0:13:17.590 cyber attack either don't see a need to report it 0:13:17.700 --> 0:13:21.210 or like you said, have challenges in reporting it. Maybe 0:13:21.219 --> 0:13:23.689 I'll give two quick anecdotes. One is fascinating. 0:13:24.000 --> 0:13:27.090 There was an attack on a financial institution in the 0:13:27.099 --> 0:13:31.700 US and the cyber Attackers came in, they attacked the 0:13:31.710 --> 0:13:34.799 company and the company tried to keep it quiet. This 0:13:34.809 --> 0:13:37.728 was a listed company. The cyber Attackers then filed an 0:13:37.739 --> 0:13:42.640 sec report complaining that the victim did not file a 0:13:42.650 --> 0:13:45.900 material breach notification in time with the sec. 0:13:46.859 --> 0:13:49.500 The Attackers filed an S ECs EC reports are not 0:13:49.510 --> 0:13:51.719 easy to file. So these guys went through the trouble 0:13:51.729 --> 0:13:54.780 of filing that to basically punish this person punish the 0:13:54.789 --> 0:13:57.099 company like, hey, you're not paying me ransom and you're 0:13:57.109 --> 0:13:59.479 not revealing to the regulators. I got you. 0:14:00.210 --> 0:14:02.469 So that's the level of kind of complexity that we 0:14:02.479 --> 0:14:04.988 live in. Now, these guys are really sophisticated. 0:14:06.969 --> 0:14:10.130 The whole ecosystem has just evolved to a point where 0:14:11.260 --> 0:14:13.830 there's a, so there's the open internet that we talk 0:14:13.840 --> 0:14:16.080 about your things that you can find with the Google search. 0:14:16.280 --> 0:14:18.840 There's the deep web, your whatsapp chats and signal chats 0:14:18.849 --> 0:14:20.799 and stuff that they're on the internet, but they're hard 0:14:20.809 --> 0:14:22.719 to search. And then there's the dark web 0:14:23.630 --> 0:14:26.719 when we talk about estimates on the financial transactions that 0:14:26.729 --> 0:14:29.070 are happening out there, that's what people monitor. That's where 0:14:29.080 --> 0:14:31.830 we get maybe not a source of truth, but a 0:14:31.840 --> 0:14:34.440 second perspective on how much money is slushing around in 0:14:34.450 --> 0:14:37.239 this ecosystem because that's where you see people making the transaction. 0:14:37.250 --> 0:14:39.380 Like I will sell this data for this amount of money. 0:14:39.390 --> 0:14:40.950 I will pay you for that amount of service. I'll 0:14:40.960 --> 0:14:43.359 get this for you. So those transactions are where we 0:14:43.369 --> 0:14:45.659 see the liquidity happening. So 0:14:45.669 --> 0:14:48.070 even beyond the realm of the reporting to the former 0:14:48.080 --> 0:14:50.049 law is absolutely fascinating. 0:14:50.570 --> 0:14:53.750 Um I want to stay on the geopolitical side. Um 0:14:54.260 --> 0:14:58.770 There's a lot of talk about countries, critical infrastructure, electricity 0:14:58.780 --> 0:15:04.080 healthcare database or the way you know, systems run for 0:15:04.090 --> 0:15:06.950 hospitals and airports and so on. Um 0:15:08.109 --> 0:15:10.770 Looking at sort of the data on how many times 0:15:10.780 --> 0:15:15.169 these things are getting compromised. How worried or how relieved 0:15:15.179 --> 0:15:16.940 are you? I mean, are we on top of these things? 0:15:17.419 --> 0:15:22.080 Ok. Um So I am relieved. I live in Singapore 0:15:22.869 --> 0:15:25.450 and I'll say that because so a couple of years ago, 0:15:25.460 --> 0:15:28.190 we pushed this thing called the cyber Security Act. When 0:15:28.200 --> 0:15:31.349 we first pushed it out, it was seen globally as 0:15:32.099 --> 0:15:33.080 a little bit extreme. 0:15:33.700 --> 0:15:36.770 Um forcing private sector companies to meet some sort of 0:15:36.780 --> 0:15:41.239 technical standard by law with the threat of jail. Wow, 0:15:41.320 --> 0:15:44.989 that's an unusual requirement. And when we first push it out, 0:15:45.000 --> 0:15:46.789 there was a lot of pushback from the companies as well. 0:15:46.799 --> 0:15:49.619 I mean, people said, look, it's a, it's a free market. 0:15:49.739 --> 0:15:52.869 If you don't like my hospital, my power service get 0:15:52.880 --> 0:15:54.739 somebody else. Like why are you forcing me to comply 0:15:54.750 --> 0:15:55.479 to these standards? 0:15:56.020 --> 0:15:58.119 But you have to remember that tech is probably the 0:15:58.130 --> 0:16:00.880 only industry that's been immune from regulatory standards for a 0:16:00.890 --> 0:16:03.219 very long time. If you drive a car, you have 0:16:03.229 --> 0:16:04.789 to meet all of these requirements, you fly a plane, 0:16:04.799 --> 0:16:07.000 there are all these requirements, even if you buy a toaster, 0:16:07.010 --> 0:16:09.330 there are requirements about what the toaster safety looks like. 0:16:09.340 --> 0:16:11.820 Tech for some reason has gotten by without it. So 0:16:11.830 --> 0:16:14.909 when we pushed it out, it was quite controversial today, 0:16:15.010 --> 0:16:18.309 more and more countries have some form of technical standard 0:16:18.320 --> 0:16:20.989 requirements in terms of the cyber security of critical infrastructure, 0:16:21.849 --> 0:16:24.650 we've had a head start. So like I said, in Singapore, 0:16:24.659 --> 0:16:27.799 I'm relatively comfortable that most of our critical systems are 0:16:27.809 --> 0:16:31.159 well defended and if they're not well defended enough, they're 0:16:31.169 --> 0:16:33.929 better defended than at least the other targets that might 0:16:33.940 --> 0:16:36.809 be out there. So, I guess the game here is 0:16:36.820 --> 0:16:39.989 just to be to run faster than your neighbor rather 0:16:40.000 --> 0:16:42.880 than the lion. The Attackers are also after money. If 0:16:42.890 --> 0:16:44.669 they can find an easier target, they'll go for that 0:16:45.270 --> 0:16:49.070 globally. Everybody is ratcheting up. So companies, the big companies 0:16:49.080 --> 0:16:52.250 are starting to ask their vendors like are you cyber secure? 0:16:52.260 --> 0:16:55.390 Are you going to introduce risks for me? Uh Countries 0:16:55.400 --> 0:16:58.969 are starting to ask their critical systems, you know, are, 0:16:58.979 --> 0:17:02.070 are my power grids secure? Are my banking systems secure? 0:17:02.179 --> 0:17:05.880 Is my country going to be held hostage or taken 0:17:05.890 --> 0:17:09.738 to its knees by criminal actors? Those are the right 0:17:09.750 --> 0:17:10.699 questions to ask 0:17:11.198 --> 0:17:15.098 but the implementation of regulation to ensure that is incredibly 0:17:15.109 --> 0:17:17.879 difficult and takes a lot of political. Will I go 0:17:17.888 --> 0:17:20.139 back to the Singapore Cyber Security Act? And to some extent, 0:17:21.310 --> 0:17:24.550 it takes almost a criminal negligence point of view. You 0:17:24.560 --> 0:17:27.780 built a hospital and you didn't make it secure. That's 0:17:27.790 --> 0:17:30.688 criminally negligent. People trusted you to build a hospital that 0:17:30.699 --> 0:17:33.228 they can feel confident in. And if you told us 0:17:33.239 --> 0:17:35.619 that you secured it and you didn't, that should actually 0:17:35.630 --> 0:17:38.819 be a jailable offense. So it is extreme, but it 0:17:38.829 --> 0:17:41.969 motivates behavior like more than fines do, at least from 0:17:41.979 --> 0:17:42.489 what we've seen 0:17:43.020 --> 0:17:46.149 when I walk on T road, I walk by the 0:17:46.160 --> 0:17:49.500 international headquarters of Interpol and I think their cybersecurity wing 0:17:49.510 --> 0:17:53.250 is here. Are they and other multilateral organizations trying to 0:17:53.260 --> 0:17:56.400 come up with a set of codes that are universally implement? 0:17:56.489 --> 0:18:00.780 Absolutely. So I spent the last five years prior to 0:18:00.790 --> 0:18:03.660 joining Ensign in the government. And one of the things 0:18:03.670 --> 0:18:05.939 that we did was engage a lot with Interpol and 0:18:05.949 --> 0:18:07.949 also engage a lot with the United Nations. 0:18:08.430 --> 0:18:11.089 To some extent, cyber security is in this odd space 0:18:11.099 --> 0:18:14.079 where it is a problem at state level, but a 0:18:14.089 --> 0:18:18.129 solution at the company level. And I'll explain that. So internationally, 0:18:18.140 --> 0:18:20.819 we need some sort of rules of the road. What 0:18:20.829 --> 0:18:24.280 are the norms and the expectations of countries in the 0:18:24.290 --> 0:18:27.130 way that they use the internet. It took us quite 0:18:27.140 --> 0:18:29.300 a bit of time, but the United Nations has come 0:18:29.310 --> 0:18:32.250 out with what we call the norms of responsible behavior 0:18:33.020 --> 0:18:35.968 and there are 11 norms. They basically state the usual 0:18:35.979 --> 0:18:37.810 expectations of what you can and cannot do on the 0:18:37.819 --> 0:18:39.550 internet and what states should and should not do. 0:18:40.849 --> 0:18:43.069 The good news is that the UN has agreed to them. 0:18:43.079 --> 0:18:46.500 There are some norms of what responsible behavior looks like. 0:18:46.930 --> 0:18:49.959 The bad news is that as with all international agreements, 0:18:49.969 --> 0:18:51.179 some countries are 0:18:52.569 --> 0:18:56.130 more willing to abide by them and some countries blatantly 0:18:56.140 --> 0:18:57.109 flagrantly ignore them. 0:18:58.780 --> 0:19:00.369