 We're back, this is Dave Vellante and I'm here with my hosts, co-hosts, Stu Miniman and Jeff Kelly. We've been going all day today at the ECIR, Explorations in Cyber International Relations. This is an event, it's a workshop put on by MIT, sponsored by the Minerva Initiative, which is funded by the DOD. The topic today is Cybersecurity in the Governance Gap, Complexity, Contention and Cooperation. And really, I mean the questions that came up today, guys, were quite interesting. Is the internet, and security in the internet this big monolithic thing? We'll know, what's the future of the internet? We had the president of ICANN tell us that the current model of governance oversight, whatever you want to call it, by the US government with ICANN is not sustainable. We heard that the pace of cyber development, cyberspace development, is going faster than international relations are able to keep up. International relations are essentially, were configured around the industrial revolution and now we've got the internet revolution and a lot of things have to change. I have a feeling that, first of all, I think we're in the very early innings. One of our guests said we're on the 10 yard line, our own 10 yard line, so long, long way to go. We heard parallels drawn between cyberspace and cybersecurity and nuclear proliferation, which, first when you first hear that you say, well wait a minute, nuclear bomb blowing up versus cyber, but actually there are similar dynamics, there's mutual destruction or mutual damage that can be done, there are technological barriers, but the big difference being there's much more of the ubiquity and distribution of resource that expands the space of the threat matrix and we really heard that we don't know what the future holds for the internet, but we do know that it's gonna be a multi-stakeholder type of environment where the role of the US government is somewhat moderated and that's gonna be a big, hard, chewy transition because you can't just pull the plug overnight. There are legal issues, there are security issues, there are certain extent governance issues that all need to be resolved, and we also heard that a middle ground is potentially emerging. The CEO of ICANN put forth the notion that countries like Brazil will actually help us to get out of this problem of the perception of the US government's heavy hand and Brazil because it's got strong technological infrastructure, it's got a large population, it's generally in a place in the world that's not necessarily seen as adversarial to a lot of countries, so could be a good mediator and the president of Brazil suggesting, hey, let's make this a multinational type of initiative. So all kinds of interesting concepts put forth, I love coming to these events because it's not a lot of vendor marketing and we tend to get that in a lot of the CUBE events. These are some of the events that we do for you, our audience, that we just bring our team here, it's great content and we want to share that with you, so really appreciate you guys watching and the tweets and the texts that we've been getting all day, so Jeff Kelly, I want to start with you. You were in the morning session, sat in with a number of the CUBE guests along with Charlie Senate of the Global Post. What's your take on the day today? Well I think it's remarkable and I didn't quite realize how early in the game we are and the complete lack of any kind of coherent overarching approach to governance when it comes to security of cyberspace and the internet and the World Wide Web. The fact that there are just a handful of governing bodies that don't necessarily always see eye to eye on how to best govern things like security, access to the internet, hardware, infrastructure, standards and things like that. I think the biggest challenge is going to be this transition as you said to a multi-stakeholder approach because the current governance structure is really reflects the priorities of US based corporations, government entities and other US based actors. And it's very difficult it seems to me to incent those actors to give up this control for the betterment of essentially the world of cyberspace. The way you're gonna do that to some degree is going to be by focusing one on the potential commerce that can be done throughout the world by US based companies if they really buy into this multi-lateral approach. But the other is, well if we don't do it, what's the alternative and one of the alternatives potentially is a fractured internet which really stifles innovation, stifles commerce that can go on around the world and potentially impacts the bottom line of the Googles of the world. That should get their attention I would think, but it's going to take a long time, we're very early and to me it doesn't seem like there's any coherent strategy among the different players about how to do this. Well Stu, one of the other things we heard and we've talked about this a lot in theCUBE is this whole notion of security being network centric, shifting to a data centric or even an application centric model. We've heard that for a number of years. We also, big highlight of the day, David Clark, one of the inventors of TCPIP, right up your alley, Stu, it's an area that you cover very extensively, but this notion of the shift in network security, what's your take on all this? Yeah, so first I actually want to respond to what Jeff was saying. It's really interesting because if you heard the CEO of ICANN talked about Brazil's helping with some of this multilateral discussions, but it took a while. First, Brazil didn't actually even want to meet with him and he had to go through a lot of steps to get there. I've been involved in standards and it's tough to get people involved. The people that are involved tend to be pretty passionate and very engaged and that's the type of people that we saw here at this conference. But we need more of those people that are dedicated to do that activity because for the most part, too many people and too many companies and too many countries are just willing to just put their head in the sand and hope that somebody else will take care of this issue and these are some big gnarly issues that they're tackling with here. So, and Dave, if we pivot then to your question, security has been one of those really high priority issues. We understand that people need to worry about security, but once again, they tend to just do the minimum to get by and they say, okay, I buy a product, I put something in place or if I have an attack, I respond to it, but too many companies haven't really gone out, done the assessment and really understood what they need to fix their security environment and this whole mindset of starting with the data, I think is a good trend and it has a completely different group of actors and budgets involved, so maybe that can start to really attack and address some of the security issues at a fundamental level. Well, the other thing too that strikes you in an event like this is that the ramifications, the geopolitical ramifications are enormous, so we like to think sometimes in our little technology sandbox and the reality is that cyberspace is just so permeated every part of our lives, whether it's commerce, national security, defense, et cetera, that the decisions that are going to be made about who runs the internet, how it's structured, not only will impact our industry and impact companies, but they'll impact things of national importance and so this is a big, big issue. The other observation I make is technology in a way got us into this problem, but it's in and of itself is not going to get us out of this problem. I think we talk a lot, Jeff, especially at big data conferences about analytics as potentially helping with the security problem. We talked even today about open source models all of these are wonderful. You know, we do Amazon re-invent, all they do is talk about security, EMC's talking about security, HP's talking about security, IBM, et cetera, all this money's being thrown at the security problem, but at the end of the day, it's organizational, it's user behavior, it's governance, it's policy, it's part technology, maybe it's 10 or 20% technology. I wonder what your take is on that, Jeff and Stu and where you guys see this whole thing going and when we get to midfield, what's it kind of look like? Well, I think you hit on an important challenge here and that is, and we talked about this today, that policymakers don't necessarily understand some of the technology involved and don't always understand the implications of some of the decisions they might be making around security and governance. So that's step one. I mean, when you've got a set of policymakers that don't quite get it, there's a couple of things that could happen. One, they can make some rules and regulations and some governance decisions that adversely impact a number of areas, or they could seek some control to the corporate world where they're gonna make decisions based on their best interest. So I think the real challenge here is at a very fundamental level, versus just kind of education. We talked about how we just have to learn to speak the language. Policymakers need to learn to speak the language and vice versa of technologists. That's a big gap just that in and of itself. Forget about actually making the decisions about governance models. So that's step one. We clearly have a long way to go. I'm not 100% sure how we're gonna get there. I'm not alone in that. There's some really smart people at this conference who don't know either. But that's why we're here trying to figure it out. But I think it's a good first step to actually try to bridge that gap among the language barrier and try to educate policymakers as to what are some of the implications of these technologies and how they impact people's everyday real lives. Once we do that, then you can maybe take some next steps to organizing some governance principles. But until you kind of get on the same page, it's very difficult to do that. And then of course we talked a little bit today, Stu, about the industrial internet, internet of things, internet of everything as Cisco calls it. This again, it's gonna bring an order of magnitude and more complexity into the equation here. What are you hearing in the base? What are your thoughts on that? And I just wanna go to you because I love the background of this credential. Yeah, I got the pretty shot with the crew behind me and everything, Dave. I think, and the internet of things, it's too early for most of the base. GE obviously is doing some great things, pushing forth the vision of what's happening there. And we've done a lot of research on it. But you talk about if we say we're on the 10 yard line here, I don't think we've even kicked off almost on the industrial internet. A lot of discussions about where mobile is taking things and obviously mobile's a little bit further than some of the smart devices that are out here overall. But we've got a long way to go. We think there is a large opportunity to kind of build security in from not only a technology standpoint, from a policy standpoint. You talked many times today, Dave, about how WikiLeaks and the Snowden impact is making everybody really pay attention to it. So maybe there's the opportunity for us to this spotlight on security to allow it to move forward and actually make some progress because it seems we haven't made enough progress over the last few years. Well, I think that there are certainly a lot of historical parallels that you can draw on. We heard this morning about parallels with post Pearl Harbor, the pendulum swung, more toward security, certainly post 9-11. So there are some constant frameworks that we can use for mental models. What has changed and what's unpredictable is the impact of some of these developments. And even though, again, technology's not going to get out of this problem. Technology tends to get us into a lot of problems. Data growth causes problems. The whole security issue the distributed computing cost problems. You look at cloud creating bigger threat makers. Come on, Dave, from a technology standpoint, we said we can solve all those issues. The technology is just the organization and the politics can solve all those issues. Right, Jeff? It's all you policy people. Well, policy people are part of it. But any new technology often brings unintended consequences that you can't foresee. We talked to one of the, essentially, founders of the internet today. He didn't envision at all what the internet was going to become based on things like the number of devices that are going to be connected. So technology does get us into problems, but it's also a way to get us out of problems. But it has to be applied in a smart way. And that's the challenge. Well, so a lot of times we talk about the organizational implications. You know, at the MIT Chief Data Officer, Information Quality Conference, we talked about the role of the Chief Data Officer. Do you need a Chief Data Officer? Should that individual report to the CIO? Should it be part of the CIO's function? Is it independent of the CIO? You know, et cetera, et cetera, et cetera. Those are firm level decisions that have to be made. Now we're talking about the global implications. And the big concern is that organizations can set, if they're well run, they'll have objectives and they'll align people to those objectives. And you know, we all go through this. We've worked at big companies. We've worked at small companies. We all know it works better when everybody's aligned. The hard part in this equation is getting everybody aligned. I mean, we heard today that you've got a situation where Deutsche Telecom is proposing, you know, the German Internet and the Prime Minister or President of Germany is actually listening to Deutsche Telecom saying, hey, that makes sense. We can. Well, if you're hacking into her devices, of course she's gonna want security. We can create our own little world of commerce. You can see China wanting its own, you know, root servers. You can see, you know, other countries trying to do the same thing. And so that essentially forks the Internet, which maybe creates some short-term opportunities and even some long-term opportunities for those countries. But those closed systems tend not to grow as fast. Innovation tends not to be as robust. And those types of structures tend not to be as agile. But the big question is, what's that gonna look like? Is the U.S. gonna seed control? Will things like root servers be more distributed, even though, you know, we heard the CEO of ICANN tell us, well, that's really not the key issue, but it's certainly a perceived issue. What issues does that cause if people start, you know, wrestling away those servers? So these are things that need to be sorted out. And I guess events like this provide frameworks for forward progress. Well, and you gotta keep in mind, everyone, all these different players of the government agencies, corporations, they've got competing interests. And even, and we've seen clearly with some of the revelation about the NSA, you know, the U.S. government and other actors in this play can be making certain statements on the surface, but are gonna be also covering their back sides with other things they're doing under the covers, if you will. So nothing is quite as it seems when you start talking about international relations and cyber politics. It's really gonna be, I think, a messy, messy experience over the next, you know, decades really. It's gonna take a long time before we get to a point where we can say, oh yes, okay, we've got a fairly secure, comprehensive governance regime overseeing the, overseeing cyberspace. You know, that said, the real challenge I think is, or one of the real challenges, or maybe even paradox, is that the very power that the internet and cyberspace provides to innovators, to start new companies, to find ways to solve society's problems. That same power is what enables all these new types of threats. People, you know, one person can now really, you know, potentially take down a network, or really wreak havoc, all due to the same power and capabilities of the internet that allows the innovator to do some really great things for society. So the question, as you provide or implement governance, is how do you encourage one while reducing the threat from the other? And where do you find that balance? And again, that's a question that can only be answered once we're all speaking in the same language on the same page, and we're not there yet either, so. Okay, so this pretty much ends our cover statement. Next week, we're going to be at Gillette Stadium. Stu, why don't you talk a little bit about that event? We're excited to be covering some emerging virtualization trends beyond just VMware, including, but beyond VMware. Yeah, sure Dave. So, you know, we're expecting to have, you know, an increased coverage in cloud. We obviously covered a lot of cloud shows last year, but the first one for us is the VTUG, which is the Virtualization Technology Users Group. It was one of the early VMUGs, and after VMUG became a corporation, they actually decided the VTUG here in New England is that they wanted to cover more than just VMware, so it's multi-hypervisor environments, so they have Citrix there, they've got Microsoft there, obviously VMware's still there, and we're also going to talk about Cloud a bunch, so Brad Anderson from Microsoft is one of the keynotes. We're going to have him on. We're going to have, you know, hopefully some OpenStack coverage there. We're going to have, you know, some of the traditional virtualization players, including storage and networking there, and it's a great event. One of the, it was one of the largest VMUGs, usually in the world, and as a standalone event for VTUG, it really is looking to take it to be more of an industry event covering, you know, cloud and virtualization, and excited to bring theCUBE there next Thursday. How big is that event going to be? Do we know yet? I mean, it's usually been, you know, 1,000, 2,000 people, so it is big. Now, they're going to let the cameras and Gillette Stadium paths to be practicing for the game, hopefully. So, Dave, Dave, you know Bill Belichick. Are you kidding? If we try to take a camera and show anything going on in the field, they will come and drag us out of there, so. They have their own cameras, too. Churnabout is not fair play, evidently. Yeah, yeah, exactly. All right, good. Well, listen, Jeff Kelly, Stu Miniman, thanks very much for co-hosting with me today. Thanks to Charlie Sennett. Alex Vachera and Andrew Lowe, great job, and obviously the whole crew, we really appreciate, you know, Kristen Nicole, Mark Hopkins, awesome questions today. Check out his coverage on Bitcoin. We brought Bitcoin up several times today. It was interesting. Everybody knew what Bitcoin was. Some people had, you know, soft opinions. Other people just sort of stayed away from the topic, but it's clearly something that is relevant, I think, to this whole discussion. And one that, again, tips the balance of power. It's another dynamic in this very hard to solve equation. So thanks for watching, everybody. We'll see you next week. Look for, actually, replays of this event. We'll be running them on siliconangle.com and siliconangle.tv. Check out wikibond.org for all the research, and we'll see you next time. Thanks for watching.