 We're back. This is Dave Vellante and this is the Cube. I'm here with Charlie Senate. We're at MIT We're talking about cyber politics cyberspace and the governance cap. Al Berkeley is here He's the chairman of Princeton Capital Management. I'll welcome to the Cube. Thank you. I'm glad to be here So you want a panel earlier? We're just talking about Some of the perspectives that you guys brought to the table the dimensions of cyber security But I want to start with Princeton Capital Management. How is it that you're here in this forum at MIT? How did you how did that all come about? Well, I think there are a couple of reasons I'm here one of them is I'm on the board of business executives for national security, which is one of the sponsors and We have an interest in dealing with the cyber problem that fits pretty well with the interests of the MIT and Harvard. So what is that interest? Well, specifically Business executives for national security is an unusual nonprofit and that it has individual members no corporate members We pay our own way. We don't go. We don't ask for grants We give policy advice specifically to the DOD and several other government agencies And we don't charge the government anything for it. So we're a bunch of business executives typically CEOs that a Responsible executive in the government will put a problem to us. We will assemble a group We will work on that for six months to a year and go back and give our best advice that we possibly can One of the issues that we were asked to deal with was the cyber problem and as we dug into it We found that the big companies have plenty of resources to deal with cyber that the real problem is the next teardown companies that have valuable intellectual property or valuable Valuable role in a supply chain, but don't have the staff and the scale to really deal with cyber in a sophisticated way So that's the group that we're trying to figure out how to create more awareness and to give some tools Where the CEO can begin to attack the cyber problem without being intimidated by and cyber Security is one of those areas where the little guy has all has has remained at a disadvantage I mean, that's not been the case with a lot of other infrastructure challenges Like to think about cloud computing out a little guy can you know start a business in his in his home office, right? No problem and build a something to scale But security has been been quite a challenge and the philosophy has generally been okay. Let's build a moat Right, you know and but sometimes the Queen wants to leave her castle and so it becomes a this very complicated Challenge for folks and most of the investment has been on digging that that moat and then the little guys are out of money by the time Yes, well, let me tell you you happen to be on one of the most interesting aspects of this Because the paradigm is just about to change. You are so right. It's been what we call network-centric Security it's just about to have added to it what's called data-centric security and you've seen some you know, I'm a financial guy and I run a chairman of a money management company and We look for investments that are in paradigm changing positions One of the new technologies that's come out that's cause for example old Unices the old, you know the old computer company that nobody thought much of his growth because they're stuck to double Is a new technology that hardens the data? It does not necessarily harden the network and what's happened is the market's begun to discover this Well, you see posters around here at MIT about defense in depth Where you've got the firewall and you've got passwords and you've got deep packet inspection and you've got All to keep people away from the data exactly And what the wrong guys the next the next layer of this is going to be really hardening the data by Encrypting it by dispersing it and unisys and IBM also came into the market with a product in July That I think is going to be game changing and people haven't really figured it out yet well And you look they look at the prism database that the NSA developed them is developed on a on a platform called a Cumulo that gives you you know sell level security at the data So it's a you're talking about a whole new mindset of how to protect I asked somebody earlier of the security a do-over and they said yeah, actually it is and this may be as part of that Well, I think it is and what will happen eventually? Data-centric security will replace a lot of the network century security elements But in the beginning people aren't going to be willing to give up the older stuff So you're just going to add another layer until people see what the new approach can really save So that adds complexity and yes it costs and it's all that it's that it's that trade-off that we were talking about in the session This morning between you know freedom agility and right and risk and protection Wanted to ask about about governance. There's been much discussion of a sense that the current governance In the cyber world is just not sustainable from a business perspective Do you agree with that take and what do you think of those who are saying that there's just not enough being done about this It's not being thought through in a coordinated way. Well from the one of the things that I did in a prior life Was to chair the president's infrastructure of Azure Council and one of our charters with cyber in fact our original charter was cyber only and what you find in the government is the The issue is authorities What the law permits what the law requires and there are some gaps in authority and let me give you a specific example There is a question a gray area in the law that if the government asked me to do something and I do it Does the government have any liability? If the government asked me to do something and I do it. Do I have liability? Do I have to do more than the government asked if the government's asked me for something that's been superseded by new technology? And the and a more interesting issue is if I communicate with you about cyber vulnerabilities Because the government wants me to communicate with you about cyber vulnerabilities, and you're not the government Do we create any new liabilities? So part of the legislative agenda is to clarify these emerging gray issues now that being said You're absolutely right that there are a lot of Hands in the soup here trying to figure out how to get this done, right in general I think there are some really hard-working smart people not only in the US government But in other governments that I've interacted with On a personal basis who are trying to figure out how to do this and are trying to figure out how to do it in a way That balances personal personal liberties and group Security just to sharpen the edge of this thumb and we have the president of ICANN here saying that the current system of governance Is not sustainable does does do business executives those and bends and others do they feel the same way? Do they feel the sense of urgency? Well, I think they feel the sense of urgency, but I'm not sure that they think that the current situation is unsustainable there's a sort of a An optimism on the part of the business executives that I deal with That these are solvable problems if men of goodwill will get together and and deal with them Now this is a very complex set of issues when when my goodwill is not your goodwill so Well, and that's been one of that so that puts a attention point or an intersection at least between Business executives who had large corporations and the desire for the internet to be free And this confluence of events and then people small businesses like like mine at Global Post and other people who are Entrepreneurs are right caught in the whipsaw of this But one question would be like where where do we begin? How do we really get the ball rolling in a productive way to think through governance that will work for all? Well, I think one thing that you need to do is start and we do this We think about this in tears by the way We think about the whole problem is what's called a complex adaptive system where you've got a whole ecology predator and prey and and solo operators and and Gangs and you know good gangs for good gangs for bad. So it's it's whatever we turn it into a video game But but I think the right place to do is to is to do the things that you can control Then you cooperate with someone else the things that you together can control For example, if I can if I can do my share to do the silly things like passwords and patches I'm probably taking care of 80% of the problem at my personal level if I as an executive can get everybody in my company to do that I've helped so I moved to the company level. Interesting. Then you probably move to this to the industry level And I'll give you an example. I'm from the financial services industry And I was one of the financial services industry representatives on the national infrastructure advisory council and The financial services industry shares information among its members before it takes a problem to the government Mm-hmm and the reason for that is is that? Well-intentioned but conflicted incentives cause different government agencies to do different things if you go to the government Some of them are law enforcement operations where they want to gather evidence and they will let a harm persist while they gather evidence Others are more preventive in nature like the Secret Service. They'll get in there and stop the problem and then The industry the industry doesn't know exactly what response the government's going to take So it's gotten it's developed a method among the largest companies of sharing this information Among themselves before going to the government. Well, that's a very difficult wrinkle for for Government employees to stomach. What do you mean? You'd go into each other before you come into us. We're here to help well the more sophisticated ones understand it and it has to do with this liability issue and it has to do with the it has to do with trust it has to do with predictability and It's we were sort of working it out. I think the right way to do this is industry by industry They're 18 defined industries that the NIAC is responsible for there's also the telecommunications industry Which something called the in-stack is responsible for and They're all struggling with how to get it right for their industry Why is it important for an industry by industry approach because the electric utility industry? Which is a national grid or the railroad industry? Which is a national grid is very different than commercial facilities operators of which they're two million three million property owners Each of whom run their own five so I can see that model It makes sense for things like you know the industry collaborating around best practices of fraud or risk or even even marketing to you know Rise all all boats But tie that in now if you could to cyber In terms of your your industry specifically are you now proactively getting together? I mean the financial services has always been a leading edge of security Well financial services has an advantage because we think about we have a long history of banning together in the face of bank robbers You know whether they were on right with a six gun or in the in the Al Capone era or whatever it was So we're very used to cooperating on the issues where money is flowing out of the system Nobody holds back from helping the other guy It's a little more difficult actually and other industries where for example in many companies in the tech industry See themselves competing with the other people in the tech industry well the banks compete, too But they'll give up that competition for this particular issue so I I think that you're gonna find that Cooperation is going to increase as people become intolerant of the damage that's being done in the target Credit card issue is a good example. It's just raising people's sense of all right We got to hike up our britches and deal with this problem. Let's figure it out It happened in the government. I'm told when a foreign powers software was found on the Secretary of Defense's desk in The government basically said okay enough is enough We're gonna figure this out and you see this move from network centric to data centric in government policy They were public announcements by defense and intelligence agencies about moving to data centric approaches where you keep the data encrypted and you keep it dispersed well And I think your your proposal the industry by industry model is the right one because the the data so different by by industry And even the data models when some is distributed some is centralized some is a hybrid So I have to ask you talking about Bitcoin all day today, but as a financial services executive What do you make of things like crypto? Currencies and and what's happening with Bitcoin and other alternative currencies that are getting funded by venture capitalists Is this something that your industry is I mean, I know it's looking at hard, but have you started to sort of You squint through the the maze and well There are actually all kinds of currencies and many electronic currencies including frequent flower miles Just another kind of currency. I think the issue is more sophisticated. I think that nation-state spend an awful lot of money Protecting their currency that the validity of their currency and I don't see any private Company coming up with the resources that the US Treasury has that the Secret Service has to deal with what will emerge as the criminal side Of a new currency so to me as an investor I have no interest in investing in what I view as a speculation. It's it's like any other Faith-based I'm using not not religious faith, but faith-based product where I'm depending on your Credibility to make it whole. I don't have confidence in that. I'd be much farther over towards a sovereign power backing it up Yeah, so you need a means of exchange, but you also need a stable Repository to store it in yeah, you did absolutely Okay, good. All right now. Well, listen, thanks very much for coming on the Cube and appreciate your support of this event and Thank you for your good efforts here. Thank you. All right pleasure meeting you. All right. Keep it right there Everybody's gonna be back with our next guest. This is the Cube we're live from MIT in Cambridge