 Good morning! How's everybody this morning? Pretty good. I love when the weather turns positive here in the Washington area. I remember many a snowstorm here so it's glad to see summer here already. So welcome and thank you for having me. What a great honor it is to be here. Very humbled and just a huge appreciation for from CSIS for hosting us and having us have an opportunity to talk today. So I want to I want to spend a few moments and maybe talk about the state of cybersecurity and maybe a couple of ideas on how we can improve things in the world. I get a pretty unique perspective. As Jim said, I was CEO of McAfee for quite a few years. Monde Delta Airlines is board and do safety and security for the airline. Chairman and CEO of FireEye. I'm also chairman of Mandiant as well. So kind of a number of different viewpoints in the world and it's been interesting to say the least and I probably use a quote to probably summarize it best and many of you probably know this quote. It was made famous in 1966 by Robert Kennedy during the Bay of Pig crisis. The Cuban Russian Bay of Pig crisis and the words are may you live in interesting times and some of you may know it and actually have his origins all the way back to China and while sounding like a positive statement it is got an undertone to it too which is a bit of a curse and may you live in interesting times is kind of what we see in the world today from a cyber cyber point of view what a what a world we live in and watching it over the last decade has been fascinating to me to see sort of what's been going on and the severity levels that are that are happening and I call it a perfect storm for for a number of reasons and if you think about it we have almost the perfect confluence of conditions happening in the world today that has created an atmosphere for crime and and theft in the world of cyber and cyberspace and probably the first is one of the most positive things hence the hence the words may live in interesting times is innovation we have some of the greatest cycles of innovation the world has ever seen and that is amazing we literally are reimagining everything we've been doing the internet has created an atmosphere that allows us to to do so many things different how we read how we learn how we share how we listen just about everything we do has changed for the better probably and differently and this innovation is is creating an unbelievable unbelievable cycle of architectural changes in companies and entities and governments around the world just think about what's happened in the world of mobile it consumerization how many of you have more than one cell phone how many of you more than two cell phones how many of more than one device the world we live in has changed dramatically and corporations are having a hard time adopting to those types of changes but again we're changing everything we do think about SAS based architectures and clouds software as a service the acceleration of innovation in enterprises is dramatic we're seeing software as a service having you know some of the greatest momentum probably ever and having the biggest architectural changes and ever we have private clouds we have public clouds we have hybrid clouds we have companies going public almost every day now that our software as a service type architectures some of you probably saw Tableau and Marketo go public just on Friday salesforrest.com oracles of the world jives of the world it's amazing to watch how much infrastructure today is a radically new architecture compound that with social everybody's probably here on a social network or two or three or five and we are living in a whole new world with social networks basically exposing every friend you have every professional you've been associated with anybody you've ever met in your entire lifetime is there for for the for the watching and for the for the observation and what's that created it's created an unbelievable scenario of vulnerabilities and that's pretty much what sort of the next variable is is the the greed variable and it's amazing to me to watch this because in all my time I've never seen the state of things be as as aggressive they are in the areas of greed so innovation has driven the opposite effect or the curse effect which is everybody seeks that innovation that intellectual property that's being created at unbelievable rates is creating the theft of that intellectual property at unbelievable rates and you watch both sides that coin the same way and we're seeing unparalleled absolutely unparalleled theft in the world today and it's amazing to watch happen compound that with privacy and anonymity on the internet and the ability to protect your information the ability to stay anonymous with who you are has created a perfect storm again to steal that innovation because I can basically hide behind that privacy hide behind that anonymity and I can create an atmosphere where I can steal almost almost that will put on top of that a lack of governance on the internet again we've seen just an amazing environment where there's literally almost zero governance on the internet today globally and I'll give you a few statistics in just a minute but they're actually stunning to see and the governance model around the world every domain is is fair game from a country point of view and of course with all the ubiquity of access that we have today you can access any website in the world with a click of a button and we have a lack of governance model around the world with the internet you have all this privacy and anonymity and you have all this innovation it continues to just create the storm effect that we're seeing today and one of the other variables that's amazing is naivete as I call it or lack of awareness to the problems that are happening how many people read the Washington Post this morning on the Google hack anybody read that it's like right up there with homicides and hurricanes and twisters unfortunately and what we're seeing is you know an insensitivity to this problem at times and it's amazing to watch almost every day the headlines have some sort of attack that's occurring on some side of corporation or government agency and most of the Americans most of the Western world most of the Eastern world is not aware of the level of threats that we're visiting today or having in the world today so pretty interesting problem when you have a lack of knowledge coupled with all the other variables then on top of all that we have a significant deficit in defense models probably the most interesting place right now is the dislocation that we're seeing between offense and defense I've never seen the gap be wider than we are seeing it today and what I mean by that is if you think back over the last 25 years or so when we first saw viruses in the wild some of you might remember Melissa viruses or I love you viruses or Code Red viruses hopefully I'm not dating myself too much here but you know they were distributed on floppies and what happened out of that we created a business called antivirus and the business of antivirus was all about looking for patterns creating a signature looking for attacks like the Melissa virus and scanning for files that could be bad and over the years we created more and more signatures and more and more files to scan more and more viruses came out but what was interesting over the last 20 years or so the offense and defense were pretty closely correlated usually measured in you know a few days few weeks but a signature could be generated because there wasn't that many of them and it could be generated pretty quickly so you were just slightly behind the curve if you look at the last two three years the defense and the offense have been the greatest in dislocation probably the history of internet history of technology today we're seeing unprecedented amounts of attacks we're seeing unprecedented amounts of of information being stolen as I mentioned and the defense model today is completely broken in my opinion and I liken it to the analogy some of you probably know the story between World War one and World War two of the Maginot line everybody familiar with the Maginot line so here the defense architecture it was built between World War one and World War two and the Ardenne forest was all around this deep defense and depth architecture and the ability to create hundreds of miles of defense architecture to protect the the French and German borders and of course it took billions of dollars especially in those days to build many layers deep chambers built to siphon out gas launch airplanes be able to launch tanks be able to launch artillery and it was probably one of the greatest defense models ever built history of mankind you all know the story what happened in days weeks the Germans were able to leverage air supremacy and blitzkrieg supremacy to get around that and almost instantaneously so when you look at the defense models today and cyber you have almost the same thing defense in depth at every level of the architecture is built with the exact same engine antivirus that's been built around for 25 years all leveraging blacklisting and signature models and now we have in essence over 60 million signatures in every single antivirus engine and that engine sits on hosts like endpoints it sits on network devices like firewalls and IPS solutions on email and web sits on just about every area and what's easy for the attackers to do is that they can get past the blacklist if they can get past the file scan they've gotten past the entire defense architecture just like that so what are we seeing amazing statistics absolutely stunning and today you know you can see this a 250 billion dollar problem a year in theft of intellectual property and quite frankly in my opinion that's a very low number because of your reported companies who have breaches for intellectual property are pretty minute in the grand scale of the theft that's occurring we have more than a hundred and fourteen billion dollars a year of crime of fraud identity of theft and other types of of crime activities and this is also probably fractional of the real problem because when you actually look at what the attackers are doing in the world today they're actually going after very specifically information from public companies so they can trade and hedge stock prices using inside information very hard to track that as a theft area so what do we find CFOs controllers finance managers as a number one target particularly in Eastern Europe where we're finding lots of attacks going after inside information and then trading on the capital markets on that information so when you look in totality of the problem it's probably measured in a trillion plus dollar a year problem a year pretty amazing situation we see 60,000 pieces of malware every day 60,000 pieces of malware every day the average company has infected a hundred times a day a hundred times a day infected actually successful infections on average every couple of seconds there's an attack pretty interesting world we see 9,000 new websites every day created that are malicious because of the lack of governance model pretty interesting we have hundreds of thousands of command and control servers set up around the world 94% of the countries in the world today are active with hosting command and control servers so command and control servers are actually the ability to money launder intellectual property or information and data these servers are set up in nearly every country in the world over 180 of them so our problem has gone global the problem is unbelievable in size and scope today and it seems like it's only getting worse by the moment when you look at the types of attacks that are happening today these types of attacks are very ingenious these aren't attacks where I simply send you an email with a file attachment like it once was these attacks come down in stages I'll send you one piece of information I'll send you another one a month later maybe even a year later and over time I'll download capabilities to your computing device that allow me to exploit the information on that computing device what we call multi-stage what else happens they come down in multi-vectors what does that mean it comes through a number of different protocol points I might send you an email with an executable but it also has a web link in it if I clip click on the web link I exercise a brand new protocol or brand new vector so the exploits are coming down in multiple ways today and what happens is the lines of defense that have been architected in the world are lined up very deeply one protocol at a time very deep defense around email very deep defense around web very deep defense around file but none of them correlate amongst each other so the attackers use multiple vectors to attack the networks so the architectures are completely flawed that we have today from a security point of view and what's happening is the attacks become very very present we estimate more than 95% of all companies in America in the western world are compromised as we speak here today that's just the state of things somewhat ominous here this morning to say all that but that's the truth and that's the reality of what we see and quite frankly 89% of those attacks are coming from China amazing statistic 89% Chinese lead and we see that almost every day in our business whether it's Mandion or FireEye or other security companies we have some significant issues around the world in terms of the types of attacks that we're seeing and the types of threats that we're seeing and the victims are everywhere almost in every vertical so it once was that the victims were focused in on particular high intellectual property verticals what's changed pretty dramatically it's nearly every vertical in every size company today if you have intellectual property you're a target we see it in hospitals and health care organizations we obviously see it in banking we see it in think tank organizations we see it in manufacturing we see it in energy almost every vertical and almost every country we're seeing major exploits of information intellectual property and money around these industries so it's gone global it's gone vertical and it's gone from small companies to very large companies so an interesting problem to to solve and a difficult one to do and many of you probably know some of the attacks many of you might not but when you look back on some of these major attacks they're directly at the heart of the infrastructure stacks that are out there some of you might have heard of an operation called Aurora this was made famous in 2010 by Google and this was a specific target using spear fishing that allowed a web exploit to download an MPEG that unpacked and then ultimately created a keylogger so you could steal valid credentials you could log back into the network using valid credentials and you could insert an advanced persistent threat and APT that advanced persistent threat could sit there for up to years and it could safe and out information the Aurora attack was specifically after source code assets a source code control system called Perforce and it reached over 150 companies especially high-tech companies so what do we see today from the threats they're now zero days everywhere zero day attacks or attacks that are unknown to the vendor where the software company that actually has the product so we're seeing zero days in Microsoft Adobe Java just about every software stack that's out there on a regular basis so interesting world going back to the types of attacks that are occurring and the types of attacks that are happening today and the list goes on night drag and shady rat B bus ghost rat I mean I can name them all almost every time we see major campaigns major attacks on hundreds of companies at a time so what are we gonna do about all this right it's a pretty big problem to solve and kind of a scary one at least from my perspective we we have a history where we've got a lot of challenges whenever a new domain is discovered there's conflicts around that whether it's land or air or seas or space and now cyberspace we've had conflicts we need to resolve that we need to figure out ways to address this as a global community and I think about these and kind of four letters they're all start with the letter T I call them the four T's but little tongue-in-cheek but the idea here is we've got a number of fronts that we've got to improve upon in order to change the situation that we're in in my opinion the first T just would be called teamwork and it's it's often used word but in very important word for us today and the teamwork is needed across countries public to public within public sector itself government's been working together with governments we need treaties around governments to create an atmosphere and cyberspace that allows us to behave properly in the world today the teamwork not doesn't just need to exist between public and public government and government but it needs to exist government to private so we need better interlocks between private sector and companies and security firms with the government and we're making great progress in that area that's encouraging to have but we need a lot more of that and we need capabilities to share information create safe harbors protect public companies from liability around sharing that information but the teamwork is critical absolutely critical in my opinion and we even look on private on private companies working together the security industry itself doesn't work effectively together and we need to drive the security industry to work better together I don't know how many of you been to an RSA event they're kind of fun to go to RSA as one of the largest security shows in the world thirteen hundred and seventy two security companies showed up this year at the Moscone Center in February and if you ask the thirteen hundred and seventy two companies how many of them partner with each other you might find it about zero or very small especially when it's interoperability amongst sharing compromised data sharing of intelligence using formats and we need to create some formats that allow us to share better amongst the security industry and there's some positive momentum that's happening there like open IOC from Mandiant or sticks that DHS is leading but boy do we have to take it to another level that teamwork and that T is critical for us moving forward the second T is around testing and standards and making sure that we test our architecture is much better today it's amazing to me to see all the vulnerabilities that are brought in in both imports and exports of technology the lack of testing of these types of technologies if you study the supply chain of technology today and that's being put into our critical infrastructure and you look at the testing that's done around it you'd be appalled most of the the world's development for technology is done globally and of course the exploits can occur almost at any point in that supply chain of technology yet we have very little standard for testing to implement critical infrastructure types of technologies and we've done this in other areas we have the ability to do testing we have the ability to test these stocks to create standards around the infrastructure that we use there's so many examples of this everything from lighting that we see here today like underwriters lab and UL to power supplies to just about anything else that you see today for seat belts to texting and driving we have standards and testing that's done in every area that's dangerous in the world yet we don't have them in the cyber world we need them the other areas are training another T education I mentioned the naivete that we see in the world today with consumers and corporations many of which don't even know they're breached or if they are breached they don't know what to do about it the training is critical the education is critical to help elevate the problem to help them understand what to do how to interact with law enforcement how to interact with vendors and suppliers to solve these problems easier and of course when you look at it less than 10% of the company is actually report that they've been breached and if you look almost 100% nearly 100% of all companies that have been breached were notified by a third party that they were breached they didn't know it themselves so the education and training is critical to helping to solve this problem the awareness level is critical and the last T is technology we have to advance the technology architectures that are out there today there is some great technologies that are out there I spent the last 10 years in security industry and you can see some of the momentum that's being made architecturally but when you start to look at the standards that have been in place or the lack of standards that are in place we have no impetus to try to put forth new technology that actually can stop some of the advanced threats that are out there today there's some real promise of capabilities that we have in the architectures models out there the use of virtual machines or sandboxes or detonation chambers enable us to test web pages and applications prior to them being viewed on host computing so instead of scanning and looking for bad files or patterns like signature antiviruses done virtual machines can be used and leveraged in brand new ways at higher speeds and greater efficacy than we've ever seen today but yet we're at our infancy of these types of technologies and the ability to leverage them into all the egress points that we have in our architectures could advance these technology models infinitely better than we have today white listing capabilities gray listing capabilities abilities equate create interoperability amongst technology vendors could advance the tea of technology in ways that we probably have never seen before the technology exists today we have to use it and leverage it so hopefully I'll be standing here in another year or two and we'll be talking about how we've solved some of the problems that are out there I think it's paramount that we do I'm sorry if it came across the little ominous I don't mean to I'm a very very optimistic person by nature but it's really interesting to watch what's happening out there in the world today and nearly every day at my company as I see major exploits occurring major countries attacking our infrastructure and watching it happen at the at the record paces is a little appalling to see but again there's always a silver lining there's always an optimistic view and I think if we can all move forward as a community together across public sector and private sector we can solve these problems today thank you