 Hi, everybody. Welcome to DEF CON 21. Woo! Yeah. Yay! I've already lost my voice. Who else? Anybody? Um, so we wanted to have an opening speaker this morning that feel like could handle the heat of the moment out there going on right now and invited a former Fed up here. He's used to dealing with North Korea as a special envoy for the United States. I think he can handle the heat we can give him here. Also, Joseph Detrani, Ambassador Joseph Detrani was recently director of nuclear non-proliferation for the United States, and he's now president of INSA. So I think it's really interesting to hear him talk today about the convergence we're seeing between cyber and nuclear. So with that, everyone give Joseph Ambassador warm welcome. Thank you. Thank you, Diego. It's an honor being here. I have to be very honest. It's a bit intimidating to be here. I'm impressed with all the work you do. I met some of your colleagues yesterday. Nico was nice enough to take me around and the work you do is very, very impressive. I've spent 10 years, as Nico mentioned, working weapons of mass destruction issues with North Korea, but a number of other countries as we look at weapons of mass destruction, nuclear... Nuclear, bio, and chemical. I thought today maybe I could talk a little about that and then sort of weave that into some of the work you're doing where you have the expertise and that's the cyber domain. So please bear with me and then maybe we could open up for discussion or some questions and I'll be telling you a lot what you know, but let me start off talking a little about weapons of mass destruction. I'll sort of prelude that by giving you my sense of what, again, you know better than I, that cyber is a major national security threat to this country, to our citizens, to our companies, a threat that's growing in scope with direct impact to the economic, domestic, and defense interests of this nation. From hacktivists with a politically or socially motivated agenda, to criminals, to state and non-state actors who view cyber intrusions and attacks as a means of economic advancement, and we see a lot of that through theft of intellectual property and we've been reading a lot about that, or espionage, or in the most extreme case, as a potential weapon of mass destruction. The cyber domain now shares some of the same issues I've addressed in my many years working weapons of mass destruction issues. Let me talk a little about weapons of mass destruction. The Non-Proliferation Treaty, NPT, and the International Atomic Energy Agency were established to address nuclear issues with significant international membership. That interestingly, and unfortunately, doesn't include four of the nine nuclear weapons states as members of the NPT. The reality is that the number of nuclear weapons states could increase significantly if North Korea retains and enhances its nuclear weapons capabilities. And Iran pulls the trigger and manufactures nuclear weapons, which they could do in a few months once the supreme leader, Hameini, makes this decision, which some say is inevitable, despite the election of Rouhani as the new president. These two events, in my view, will incite an international nuclear arms race with countries like Japan and South Korea and East Asia and Saudi Arabia, Turkey and Egypt and the Middle East, each seeking to obtain their own nuclear weapons capability. This is the nuclear threat the international community confronts today in addition to the real threat, and I emphasize this, to the real threat of nuclear terrorism. Non-state actors getting their hands on nuclear devices which we know they want. That's why these organizations, the NPT, the Non-Proliferation Treaty, IAEA, International Atomic Energy Agency, the monitors of these agencies and the inspectors at Iran's nuclear sites at Natanz, Qom, Fodor, do such outstanding work. Unfortunately, North Korea pulled out of the NPT. The only country I might add that pulled out of the NPT. And they did that in 2003. Thus, there are no IAEA monitors and inspectors in North Korea looking at their facility at Yongbyon and any other undeclared facilities in North Korea. Indeed, membership in the NPT and compliance with the IAEA safeguards helps to ensure that a nuclear arms race does not, I emphasize that, does not materialize, and that countries like North Korea dismantles its nuclear weapons. In exchange for promised security assurances and international legitimacy and the Iran renounces, I emphasize, renounces the pursuit of nuclear weapons and overtly pursues the peaceful use of nuclear energy while also ensuring that those other nuclear weapons states work hard to ensure the security of their nuclear weapons, the security of their nuclear weapons, because I mentioned nuclear terrorism, and eventually join the U.S. in its goal of a world with no nuclear weapons. And the President has made that very clear, the objective. And he said, most likely not in his lifetime, but an objective, a goal. Unfortunately, there are no international organizations with the stature and effectiveness of the NPT and IAEA to oversee this cyber security. Additionally, the IAEA promotes the peaceful use of nuclear energy while also trying to inhibit the use of nuclear for military purposes. A few United Nations organizations, some regional and national forums, have discussed the future of internet governance, but there has been minimal progress. Indeed, the very definition of the cyber domain remains blurred, but is certainly not confined to the borders of any particular country. As the Council of Foreign Relations' recent report from the Independent Task Force on Cyber Security noted, addressing the challenge of cyber space is a global matter. And, quote, the effects of domestic decisions spread far beyond national borders and will affect not only users, companies, non-governmental organizations, and policy makers in other countries, but also the health, stability, resilience, and integrity of the global internet. International approaches to cyber security are critical, yet fraught with challenges of balancing free trade with a global regulatory framework and protection of intellectual property, promoting national security, including the security of critical infrastructure, and protecting privacy when national standards on this issue differ across the globe. Let me talk a little about the U.S. executive order on improving critical infrastructure cyber security. It's very explicit, and I think you're all familiar with the executive order, explicit in stating that, quote, the cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we now confront. The national and economic security of the United States depends on the reliable functioning of the nation's critical infrastructure in the face of such threats. It is a policy of the United States to enhance the security and resilience of the nation's critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties. We can achieve these goals through a partnership with the owners and operators of critical infrastructure to improve cyber security information sharing and collaboratively develop and implement risk-based standards. That's a quote from the executive order. In the global... You'll have a chance to ask some questions and we can have a conversation. In the global information age, computers and the internet are integral to every aspect of society, education, healthcare, economic growth, no areas untouched. I've been here many times writing for the council of foreign affairs states and I quote, the tremendous gains in economic productivity over the past two decades are in the direct results of the expanded use of the internet, the communications, collaboration, outsourcing, just-in-time inventory management, and the control of industrial processes. Internationally, the surge in global trade in both goods and services that has taken place could not have happened, emphasized could not have happened without internet as an enabling technology. As with many peaceful and beneficial uses of nuclear power, there are obviously many peaceful socio-economic uses of information technology. I believe it would be a mistake, however, to think that cyber presently can be used as a tool to counterreal a potential nuclear threat as some have argued. They cite Stuxnet and its reported effectiveness in disabling a nuclear threat. And I think many of you are familiar with that, disabling a certain number of centrifuges in Iran. If true, Iran probably absolved the laws to move forward with the fabrication of even more sophisticated centrifuges beyond the reach of any so-called cyber capability. As stated in the aforementioned U.S. executive order, cyber's true harmful capacity in addition to stealing intellectual property and its potential to attack a country's critical infrastructure, i.e. its grid, water supply, aviation safety systems, communications, financial systems, things you're all very familiar with. It's a tax of this nature that makes cyber as potentially harmful as those of biological and nuclear attacks, and therefore must be approached with equal seriousness and focus on prevention. Theoretically, any country or person or organization can conduct such attacks, assuming knowledge that's not the case with nuclear. Given the finite number of nuclear weapons states and the likelihood that if they use and I emphasize this, if they use nuclear weapons against another country, they in turn would be attacks, MAD, mutual assured destruction. Having nuclear weapons is a real deterrent to a nuclear attack. This isn't necessarily the case with cyber. If an event occurred, one can assume who the cyber perpetrator was, but the forensic fingerprints is less apparent. Thus making such an attack potentially more attractive to an aggressor. I cite the recent cyber attacks against South Korea, Saudi Arabia, Georgia, and the United States. Their impact was devastating. This is not the case with nuclear, as we mentioned. And for that very reason, for that very reason, more must be done to ensure that cyber technology is not used for harmful purposes. The challenges for the international community and its respective governments, in addition to more effectively for peaceful socio-economic purposes, is to help create the firewalls necessary to prevent hostile cyber attacks from stealing a country's intellectual property or for attacking a country's critical infrastructure, as we mentioned. While also addressing the international challenge of agreements on policies that protect free trade and international governance of the internet, this is the challenge and responsibility confronting the international community. Moreover, cyber technology historically can be used to prevent countries, can it be used to countries and non-state actors from establishing and sustaining illicit programs while each nation state doctrically is studying the role of cyber from military conflict. In my view, the cyber issue requires NPT and IAE type international organizations that oversee, manage and help to control the use of cyber. Organizations that not only monitor the use of cyber, but encourage the peaceful use of cyber and permit and aid other countries, as we do in the nuclear field, other countries to benefit from these technological advances. Indeed, the need for an international cyberware treaty similar to the banning of chemical and biological warfare agents post World War I after we realized the terrible damage that it caused in World War I. I believe the nuclear issue requires enhanced focus. I'll go back to the nuclear issue. This is my area of focus, ensuring that North Korea gives up its nuclear weapons. And Iran unequivocally renounces the pursuit of nuclear weapons. These developed in the progress the U.S. and Russia are making with new start, as we know, bringing the number down to 1,550. The president just spoke about bringing it down to 1,000. We'll put the international community on a road towards a world with no nuclear weapons. Robert Oppenheimer Oppenheimer, the father of the atomic bomb, understood the need to move in this direction. When he observed that the first detonation of a nuclear device on July 16, 1945 citing Hindu scripture that quote, I am become death destroyer of the world. We have the opportunity and the obligation to move in a different direction. Not to destroy the world, but to enhance it. Most of you are experts in the field of information technology. You understand the cyber domain. You understand its beneficial impact on all our lives. You also understand the harm it can cause if used improperly. Indeed, we look to you to develop better tools and to help establish policies and I emphasize this, policies to fortify and protect our networks. We look to you to develop more secure systems to help discover terrorist plots to uncover human trafficking, narco-criminals, criminals, corruption and WMD programs. We look to you to inspire others to organize and enlist good hackers to help combat the sinister hackers who steal intellectual property, disrupt networks, interfere with communications, banking and critical infrastructure. Our private and public sectors need your help. Need your expertise to serve society. Using technology wisely has always been the measure of an enlightened society. The security of our nation needs you the good hackers of DEF CON. I'll end on that and maybe we can open it up to discussions or some questions or wherever you want to go. Thanks. I'm sorry, we have a question here. Please go ahead. Do we want to take this or do you want to ask... Do we want to take this question first? Repeat the question. Repeat the question. All right, well I'm going to repeat the question. Monitoring by the government can be a tool of repression and the assurance is necessary to ensure that the government is not doing, I assume that's the question, is not doing that. Well let me tell you, I've been working WMD for 10 years. 10 years. In North Korea I've been working a lot of other issues. I've been working a lot of other issues if it relates to weapons of mass destruction. I can tell you this, if you want to get to what we've been talking about, the snow and disclosures and so forth, my exposure to that is what you've been exposed to, is that those programs, those programs were authorized by the three branches of government. Those programs, those programs, the three branches of government provide an oversight of those programs. And those programs were established post 9-11 when we saw the devastation of 9-11. And when we saw what the terrorists were coming and what their intent was. So you have the three branches of government authorizing it, you have the three branches of government overseeing it. That's what it was. And they've been effective according to the record. The fact of the matter is a decision has been made to make this more overt and more of a discussion. I don't pretend to be an expert, I have the knowledge you have. But I think you have to have an open mind if there is a discussion, participate in that discussion in a meaningful way. Listen to the, let me finish my statement. Do it in a meaningful way. Listen to the both sides of it. Listen to what the threat is. Listen to what they're doing. Because everything I've heard, they're not getting into anyone's mail, they're not reading anything, they're not touching any U.S. person. Terrorist threats to the country. So look at the facts and enjoy your own conclusions, but there will be a discussion on that. Well, I guess that's why I read the same media. You have access to the media. The media said that's going to be more of a discussion. No, what I'm talking about, being there, there are no, the question is putting up firewalls. When I say putting up firewalls, how do we protect, because the internet has no borders, it's global. How do companies protect their intellectual property? How do governments protect their critical infrastructure? Putting up firewalls, looking at securing networks, doing what's necessary to ensure that we are protecting our intellectual property. We are protecting our critical infrastructure. No, no, no, no, it's not. You misunderstood. I was talking about, no, I'm not talking about nation-state. I'm talking about international organizations. I mentioned the IAEA. NPT, that's an international organization. That's what I'm talking about. Creating organizations that oversee this, because this is a global issue. It's not a nation issue. It's not a country-specific issue. This is a global and international issue. Creating these international organizations that will do exactly that. Because of the concerns you have, and you have, there's a valid concern. Both of your questions are very valid. Sir. Thanks. The question from the gentleman is the policy that's being made by individuals don't really understand the impact and the consequences of making that policy. And indeed, inhibiting and possibly persecuting individuals who want to move forward on that. Let me just say that's why you all can make a difference. You have the expertise and you're not all old white men. I look around. You can make the difference. You can get involved. You've got to. You can have that impact. No, you can have that impact also with your representatives. Of course, this is a representative government, right? It's a republic. Make your impact with your representatives and also get involved in the issues. I can't emphasize that enough. Okay. Guys, we have, if you could form a line over here. Okay, can I ask a favor of you? If you would be kind enough, sir, I think the lady is absolutely right so everybody can hear it. Sorry, I was just going to say that I appreciate your response. The only thing I was going to say was that in the security research division that we have right now, the way things are right now, if someone uncovers a security flaw, they have to watch for government prosecution for being sued by Cisco or some other company because they're uncovering a flaw and making public knowledge of a security issue. And it's not really in their best interest to, like you said, to participate in that theater because they're basically opening themselves up to attack. Yeah, look, the only thing I can say in that, and I don't pretend to be an expert, this is really, you know, cyber domain is not my area. But my sense of working issues that somewhat are related to this being potentially a weapon of mass destruction when you look at the consequences and the need to sort of get hold in a global sense. That's why I cite the IEA, I cite the NPT. This is something that we have to come together on and we have to do it quickly. Further to your question, that's exactly it. I mean, so that when we find individuals find fault, they look at networks and they look at them and they shouldn't be intimidated by that, they should be rewarded for doing that, to protect intellectual properties, to protect infrastructure and so forth. That's all positive. So I think what you say makes sense and I think working as a, you know, not as a, necessarily as a team, but certainly as a team, but I've been galvanizing that and look at what you have here at DEFCOM, yesterday you had Black Hat. You've got cyber, that whole cyber issue has a lot of traction. It's getting involved, getting involved with, you know, let me just say, and I know this sounds trite, but getting jobs with the private sector, many of you are doing, getting jobs with the government, many of you are doing, getting very much involved, so you become the new culture. And it's not just as you describe those old white men that are making these decisions and so forth, you become and you move us in this new domain, which has significant consequences. So I think your question is very good. Because you don't, and you said you're not an expert on anything you used for. I'm not really sure why you're here, but since you are here and talking about weapons of mass destruction. I'm here because I'm invited. That's the main thing, don't you understand that? Sure. Well, the point being, we just spent 10 years killing 100,000 people in Iraq for weapons of mass destruction, which appears to be your expertise. And I'd like your comments on the lies that got us into that where people like you came out with the propaganda that there were weapons of mass destruction everywhere that they were imminent to be used that they weren't there. And that all of that government propaganda was lies. And why shouldn't we consider that what you're saying now is lies? You know, let me answer your question. Because I don't think the feds tell the truth. Let me ask you a question. You could assume whatever you want. If you want to be blunt, you could assume whatever you want. If you want to let me finish. You could assume whatever you want. But if you want to be blinded to what's happening, you want to be blinded to the terrorism threat. If you want to be blinded to while you laugh, you're not concerned about terrorism. 9-11 was not a reality. Was 9-11 caused by weapons of mass destruction? No. Why did they go to Iraq and kill all those people? The government told us it was because they had weapons of mass destruction. We used depleted uranium shells on the city of Fallujah. And have a 50% death rate of the burst. And a 30% Let me just say something. In my presentation this morning, I was not talking about Iraq. We want to talk about it. That's fine, you want to talk about it. The fact of the matter is and I'm not going back to history on this because I think the record is very clear that Saddam did not have weapons at that time and I think the government has said that very clearly the fact is when you go back to the first Gulf War, when you go back to what Saddam was doing, when you go back to his plans, when you go back to some of the scientists who were working on it, Saddam was pursuing it years before that. At the moment, at that time, no. And I think the record is clear on that. The fact of the matter is, that should not blur to the fact of what's going on in Syria with chemical weapons. That should not blur to the fact that if Iran goes forward with nuclear weapons and North Korea retains nuclear weapons, it shouldn't blind to the fact that terrorist organizations are trying to get their hands on this material. That's a reality. And the reality that the government is lying about those things. Well, if you want to believe the government is lying, covering it up. You could believe what you want. You could believe what Americans are working these issues, who care about the safety of American people, who care about the safety of you and all of us in this room here, and spend time doing that. Because we know what the threat is, and we're trying to communicate that. Now, if you don't want to hear that, if you don't want to be oblivious to it, that's your business. But there are a lot of people putting their lives on the line to protect all of us in this room. No, that's not what you're doing. This is a question you don't need to answer, but who participated in creating the speech? I'm sorry? Who participated in creating the speech? What speech? Like the one you just gave. Only you? Only me. Okay, thank you. You mentioned Iran at the beginning of your speech. You said that they were months away from creating a nuclear weapon. Considering that we've been hearing that for the last 30 years, most particularly in Iran. Why should we believe you now when you've been so wrong in the past? Sir, let me ask all of you to do something. And I know you're all very smart people and you really have cyber. Search the Internet. Go on to the Board of Governors report, the Director General of the IAEA, Amano. Every three months he does a report to the Board of Directors. Go to the May 22nd, report and see what the IAEA independent organization says about Iran's program. About the 17,000 centrifuges. About the sophistication up to the IRFR centrifuges. About 180, now it's 190 kilograms of uranium enriched to 20% purity. And we know the red line being 250 and we know to go from 190 to 250 of the 6 tons, 6 tons of uranium enriched to 5% purity. We're talking about 5 to 6 weapons. Talk about what the IAEA it's not what I'm saying. It's not what the U.S. government is saying. It's what the IAEA is saying. Read that report and the ones that preceded it and the new one is coming out in a few weeks and then draw your own conclusions. We have all these reports going back years and years and years. Every year it's a scary report about Iran. I'm sorry I didn't hear you. Every year there's a scary report about Iran developing nuclear weapons and they've never developed nuclear weapons. We're saying they have the capability and they're at a tipping point and if they make a decision, how many makes a decision, they could do that within months. Hopefully they don't make that decision. Hopefully that isn't because it will open up some suspect, ISS as a person, that that would open up an arms race in the Middle East. Because I don't think countries are going to sit there when you look at the Sunni Shia aspect to it there. When you look at Iran's support to Hezbollah, when you look at what's going on in Syria that would be a concern and I know you put it very bluntly. If you're sitting in Israel Iran with nuclear weapons is indeed an existential threat. So you've got a lot of factors there that you're considering. I'm sure for the Iranians, Israel in possession of nuclear weapons is a far, far greater nuclear, far greater existential threat than the threat that Iran might develop nuclear weapons sometime in some undefined future. Especially, you know, Iran is a signature to see the world. You draw your own conclusions. I'm making my own assessment. Have you read the Board of Directors report? I have not. Have you read any of their reports? Even if he accepts it though, he's saying that he trusts other states less. So even if he accepts that they're doing accepts they're doing what? Accepts that Iran is making those. I'm sorry. I'm not following your larger. I'm sorry. I give up. Okay, I'm sorry. The way that you're approaching the cyber issue is wrong-headed and misses the point. So we don't need an international government? No, but I think I can tell you you talk about protecting our nation's grid and so on. If our nation had a power grid that was robust you wouldn't need firewalls protecting other people or protecting us from other people. We need to make what we have talk about monitoring the world's cyber, which is pretty ridiculous because it can't be seen. I mean, the things that you're talking about might work when people have to haul weapons around the world. Might work when there are actual problems like you could drop a bomb on this. But if the grid is robust, the grid will be robust even if people are poking at it. What we need to do to be secure is to be secure in and of ourselves and stop playing this game like we can control the world like we can see cyber and some sort of weapon we can stop. It will never work. I would... Well, let me just say if we could make our systems robust as you just described whether it's our corporations that are losing intellectual property and we just saw that in South Korea we saw it in the United States if these companies can their systems are secure so that these bad hackers can't get into them or individuals or governments can't do that. That is fine. If we could come up with the grids that are impenetrable that would be great. That's your challenge. That's our challenge here to do that. The fact of the matter is we see vulnerability. We, internationally I'm not talking about any particular country I'm saying, you know, Saudi Arabia is not the United States. South Korea is not the United States. These countries are being affected by this. So if we can collaborate that's what I'm talking about. That's what the UN is about, isn't it? You can collaborate on offering people technologies that they can use to secure their own systems but there's no possible way... Then we need to move forward on that. This is what I'm trying to say to you though. The words that you're using to us we recognize to be counterproductive. You want to put a firewall around this to keep these people safe but there are things that we could do to help these companies to be secure. Well then that's your challenge. Well now you're interrupting me. I'm trying to say to you that the words you're using to us are ones that are guaranteed to pretty much make this conversation less effective and we would be willing probably in a lot of ways to help but the old world terms of firewalls and monitoring, they just don't apply. If you want to know what would work then ask us how you should be set up. Don't talk to us about working like the IAEA. Ask us how... Well then let me posit this to you. Let me posit this to you. I'm giving you my experience working weapons of mass destruction. You're the expert on... Obviously you're the expert on cyber technology, information technology. Move forward with what you just proposed. Move, no, no, let me finish now. Move forward with what you just proposed so that the South Korea the Georgia's, the Saudi Arabia's, the United States, our companies are not. Go out and work with these companies and do it. I know many of you are doing it. That's the challenge. And that's the challenge I mentioned to you and all of us in this room a few minutes ago. You're the experts go out and do what you're talking about. Well, I hope I didn't want to offend you with the things but I don't use the same terminology because you're the expert in the area of cyber information technology I don't pretend to be. I'm using terminology I'm comfortable with weapons of mass, if it's not applicable in your area I think it's the intent, it's not the words. No, the intent... Well, I say it yes, you say no, we disagree. Maybe I could help because I see that your intent I get that you want to do these things but the things that you're saying are sort of incorrect for the area and if you just want to say my intents are good, I mean it from this I've got this experience then okay but when you put it that way it's not going to work as well. So you mentioned that we should use our skills to participate more and use our knowledge to help educate our representatives etc I know I've done a lot of lobbying on things like SOPA and stuff like that and it seems like the corporate interests largely have captured our representatives what do you feel about the role of hacktivism and using our skills directly in modern democracy? In a modern democracy like we have here in the United States I'm not hearing the end of your sentence So how do you feel about the role of hacktivism or using our skills directly to influence behavior corporations, protest etc as opposed to working through the traditional channels of government? Well yeah, I mean many of you I'm sure are working with the private sector I think this is a cyber is one of the major issues affecting our private because we're talking about the intellectual property and the billions of dollars the billions of dollars that are being stolen from the corporate sector knowing the United States obviously but globally, internationally so getting involved with these companies to do that, to protect that, yes I don't feel like you really answered the question but okay, so are you familiar with a group called Anonymous? Sorry Okay Basically my question comes down to it seems like working through the corporate structure we're only reinforcing a structure that is working against us largely in terms of trying to keep information secret Let me say I heard you said Anonymous and I got your question I'm talking about intellectual property I'm talking about the many companies I think some of you are probably involved with that are losing intellectual property in the United States globally and we're talking about billions and billions of dollars we're talking about that so that's one aspect to it and there are other aspects to you mentioned Anonymous and we mentioned Anonymous there go forward, do what you have to do I'm talking about intellectual property I'm talking about critical infrastructure that's my focus your focus is a little different, that's fine In your opinion how has the NPT non-proliferation regime been impacted negatively, I guess how much has civil nuclear relations with India? Well the NPT we would like countries to be members of the NPT and if you've heard my comments there are four countries that are not members of the NPT and that's unfortunate we would like to see all countries become members because of safeguards and additional protocols that's exactly right so non-membership in the NPT because it affects the IEA and the monitoring aspects is a negative development we would like countries to be part of the NPT so my question is is the act of the United States regularizing our relationship with India's civil nuclear regime actually working against the NPT? Well that's a bifurcated issue because the US has decided there is a civilian program and there is a military program in India and a decision was made by the previous administration to deal with India in a bifurcated way It seems like it's giving up one of the big carrots that the NPT has Well I mean countries like North Korea site would you just cite it and that's a reality there but we see India is a democracy a country that is using civil nuclear programs in a meaningful way and that's the bifurcation Okay, thank you Hi there, two things the first one, a shout out to DEF CON for closed captioning there I think that's fucking cool so yay DEF CON and then the second thing is I guess I'm a little perplexed because oh wow I'm shaking because it seems that in terms of resources that the government spends in in terms of dealing with cyber warfare it's always through the lens of state agents that's the threat and it seems to me that there's billions lost every day by people who are victims of cyber crime and that the NSA's mandate for instance doesn't at all deal with that and that the government resources don't at all seem to address this yet to me, and maybe I'm wrong but it seems to me that that is proportionally in terms of its economic impact on the US and other western nations the much bigger threat Thanks Well, those are fair comments and we need to, you need to get involved and all of us need to get involved it's a multidimensional threat I think you just cited that Ambassador, I'm wondering what you think the prospects are for restarting the six-party talks around North Korea, especially given it seems that most of the major players continue to fail to recognize the importance of signing a permanent peace treaty I think it's a good question I think it's important to get back to negotiations with North Korea now has indicated with the new government Kim Jong-un that they're prepared to address the denuclearization issue it's not a question of nonproliferation, it's a question of denuclearization they're prepared to look at and consider the 19 September 2005 joint statement that spoke to comprehensive denuclearization in exchange for security assistance and security assurance as an economic assistance, so I think those are positive I think the concern of immediately coming back to the six-party talks is how sincere is North Korea with this approach and I think if North Korea continues to be sincere as they say they are and they're saying this to China, certainly and publicly now and cease and assist with more threats and attempts to intimidate and nuclear tests and missile launches I think the sense is that the negotiations will resume and because we need to be successful at North Korea we need to be very successful and I think that's a we can accomplish that. I absolutely agree with that that's why I asked about the peace treaty in particular maybe it's time for a fresh approach or a different set of eyes because it seems like whatever's been tried before just hasn't worked yeah well this is that's a very fair point that's a fair point and this is exactly being no one wants to go back to talks for the sake of talks because as we've been talking North Korea has gone from six to twelve nuclear weapons we believe they have a uranium enrichment program that's also fabricating weapons we see nuclear tests missile launches now they put a satellite in orbit the trajectory has gone the other way so what we want is talks not for the sake of talks but an implementation of a program that would lead to success and my personal view is I think with the assistance certainly the six parties coming together the five countries with North Korea and certainly China being very very much involved with North Korea an ally I think we would we will see progress thank you hi you compared cyber to chemical weapons in World War one what do you see as the parallels there no I wasn't comparing what I'm saying is when we saw the devastation of biological weapons chemical weapons the international community rose up and said my god we have to sort of understand this and work together as a community not countries but as an international community globally working together and that's why we have these international protocols on the biological weapons convention the chemical and the same thing with the nuclear where the international this is not a country specific issue it's a global international issue and I think we all admit you're the experts again cyber is not a country specific issue it's a global issue um I don't want to speak for people here but I suspect their response would be that there's simply too many non-state actors for a massive that's a fair point that's why it's a difficult issue that's a difficult issue it's a challenge okay peace okay any other positive comments any other good questions actually no no we need to get the next okay we've got a nice speaker so good luck and use that energy use that expertise and help this government work with the international community so that we do counter the potential threat and use it in a peaceful meaningful way which it is so you are the experts so good luck to all of you so we don't want to do that