 My name is Rick Howard and I am the eye defense general manager. Eye defense is a open source cybersecurity intelligence shop. It's a business unit of the Verisign. We're going to talk about insider's look at international cybersecurity threats and trends. Okay, but this is really what we're talking about. Open source hacking. We're not talking here about hacking code. We're really talking about finding information by just kind of perusing around and talking to people, finding out what's out there in the open and putting the stories together. All right? So these are the three things we're going to talk about. Two case studies, operation aurora and stuck to that story. And we're not talking about the hacks that went involved there, but really the impact of those stories. And finally we're going to talk about what we think is coming down in the future. This is something called a cybersecurity disruptor. And these are the three things I want you to get out of this talk when you come out of here. First that cyber espionage is a real world threat to the commercial industry. Now, most of the people in this room know that already. Okay, but, okay, most of the commercial industry didn't really know that until Google went public with their hack back in early 2010. The second one is that cyber warfare is not no longer a theory more, but a fact. Now we're talking about nation states declaring cyber war on each other. What we're talking about here is actually being able to do cyber warfare activities to critical infrastructure. We'll talk about that. And finally we'll say some new technologies, ideas, policies coming down the pipe that are going to make us change, fundamentally change, how we protect the enterprise going forward. Before I get into this, I know this is a fairly technical audience, but I also know there's a bunch of government folks in here and some lawyers, so I want to get a feel for how technical the crew is. So show of hands here. How many people have one of these phones on their pocket right now? Okay, how many have two? All right, how many have three? Okay, okay, okay, the real geeks of the crowd right over here. All right, how many have this phone? Raise your hand. Okay, some of the lawyers and a couple of government guys back there. All right, so I declare that you guys are technical enough to get this presentation. All right, let's start with Operation Aurora. Okay, the reason I like to talk about Aurora is because this attack fundamentally changed how we all think about the enterprise. It completely changed the entire thought process of the commercial industry. Okay, so it made it, there are actually five different things that made this attack unique. There's been a bunch of attacks after this that kind of go along with it, but this was the first one that caused everything to change. And the first one is that Google went public with the information. Can you imagine any other commercial organization doing that? All right, that has never, ever happened before. All right, and they went public who they thought it was. They said the Chinese government went after them. Okay, that's never happened before in a public forum. So that made it kind of scary. It made the whole operation a little bit different. Okay, and before Google went public with this, most commercial companies thought if they went public with this kind of information, their reputation would be damaged in some form. Okay, when Google went public and said, you know, about 20 companies were hit by this attack, defense contractors, information technology companies, banks, chemical companies, and then that's what they pretty much smashed the entire paradigm about how you report this kind of thing. In fact, Google's reputation went up if you remember. Everybody thought they were the bee's knees when they went public with that information. And they got support not only from the private sector, but from the government sector. Okay, so this has never, ever happened before and it caused us to change how we think about the business. All right, the second reason was the US government support. Secretary Clinton came out immediately after Google went public and gave them public support and said we think Google's right and we think China's behind the attacks. Okay, now the government's known about these kind of attacks for a decade, even over a decade at this point. They've had really cool code names like Moonlight Maze and Titan Rain to talk about cyber espionage attacks that basically the bad guys come in, collect all the information and bring them back to some nation state or further analysis. Okay, in fact, other countries besides the US have outed China before like Chancellor Merkel, but never for a specific attack. Just sort of a general, we know you're doing it and we want you to stop kind of a thing. Okay, but the secretary Clinton on this attack said we think China did and we want them to stop. All right, she actually in two public forums, okay, said we're coming, we think you guys did it and we want some answers for you in two different times. Okay, she's pretty much picking a fight with them. She's actually traveling through Asia, this whole thing was going down. All right, and she met with her counterpart for China and after a three hour long session, they came out and said this quote, and I like it, anytime two politicians come out and say they had a very open candid conversation about something, that means that conversation was tense. That's what I'm thinking. Okay, number three. Okay, the Google asked the NSA to come in and help them. Okay, think about that. All right, we got a couple of chuckles over here, right? Yes, Google asked the NSA to come in and help them. Now to be clear, the NSA came in and helped them with security expertise and how to defend the perimeter and best practices and those kind of thing. There was no intelligence gathering about that. All right, but the program was so successful that the NSA formalized it into something called perfect citizen. All right, that means that any U.S. company that has trouble trying to secure their perimeters, they can call the NSA and then they will send Raytheon contractors out to help them figure this out. So they do vulnerability assessments and capabilities research. All right, so that's something that's never ever happened before and something that makes it very unique to this kind of an attack. Number four, this is the wake up call for the commercial industry. Like I said, government knew about it for over a decade. Most commercial organizations didn't really want to talk about it. They would always say, what do I have to steal? Okay, but after the Google thing came out, they all realized they have all have intellectual property they need to worry about and protect. And we learned about this new phrase, the advanced persistent threat. Okay, everybody know the trivia why we call it the advanced persistent threat? Anybody know the story? Okay, like I said, the government has these really cool code names called moonlight maze and Titan rain. And in fact, Byzantine Hades came out in the WikiLeaks documents last year sometime. These are all code names that mean that refer to the same kind of attack process. But what happened was the government had no way to communicate this to the commercial sector. So they had to have another phrase they could use to do that. So some very smart Air Force major said, you know what, we're going to start calling it the advanced persistent threat. And that's why that term got coined. So that's why we all at this new buzz phrase, we're all our entire industry. I call it cyber espionage. Okay, that's what it is. All right, bad guys come into your network, stealing your secrets and trying to do something with them later on down the road. In fact, it's such a big deal that APT was unheard of before the Google attacks in 2010. But by the end of 2010, security leadership and big companies are saying, APT was their most worried about threat in their company. Which brings us to five. Maybe after attribution isn't as hard as we always have thought it was now it is hard to get to figure out who it is. And I do not know who did the attacks against Google. Okay, nobody knows that in the public forums. Okay, but maybe it's not impossible to figure this stuff out. You got to think that if someone as high as Secretary Clinton is outing China in public forums that she had her confidence was pretty high that she know who did it. Right now I'm not saying she didn't know how to do it. And she may have had some other political levers she wanted to pull. But I'm just saying confidence should have been must have been fairly high for her to make that come true. It's pretty much triple dog dare them to do something about it. Alright, so maybe actor attribution is hard, but maybe it's not impossible. Alright, so the five things that made the Google attacks really a game changer for our industry is that Google went public, no commercial organization would like to do that. The US government publicly backed Google in their affirmations. The NSA and the Google formed a partnership which became a formal program. Okay, and the commercial industry probably woke up and said, you know what this advanced persistent threat stuff is real and we need to do something about it. And finally, maybe actor attribution isn't as hard as we originally thought. Alright, so that's all about cyber espionage and how the commercial industry has really come come to terms with this new kind of threat. Let's move over to Stuxnet. Everybody knows about Stuxnet has been the in the news for the last year or so, but let's just kind of go through the timeline a little bit. Alright, so this is back in June of 2010, an anti virus company called Virus Blockada. Alright, now Virus Blockada is a Belarusian antivirus company, and that is the best name for an antivirus company ever. Come on, if you're going to name something something, I would call it Virus Blockada. Come on, that's funny. That's what I thought. Okay, so they come out in June of 2010, and they say there's a new piece of mail code out there called Stuxnet that targets Siemens industrial control systems. And these are the SCADA systems that we've been all been talking about for the past decade. We've all known in this room that SCADA systems were insecure or insecure. Alright, so finally someone did something in the world to prove it. This is supervisory control and data acquisition systems. Alright, and if time moves forward a little bit in the September of 2010, the security community, that's you people in here started to say, you know what, looks like this might have been a nation state attack. Okay, this wasn't a bunch of hackers in the basement doing this. This is somebody that had resources, and they were trying to have a they were trying to get something accomplished. Right, in fact, they were targeting the Natanz power plant inside Iran. Alright, and the reason is Natanz produces enriched uranium, and it looks like the people that launched the attacks are trying to decorate their ability to do that. And the reason is if you take a look at Semantic, Semantic did the bulk of the work on this on pulling the mouth of the part and they really hit the ball out of the park for this. So those guys that did that might have this off to them. This is a chart from their dossier on what happened with the with Stuxnet. And it's hard to read, but let me just tell you what it means. They show that Stuxnet kind of floated around the entire world, but the bulk of it ended up inside Iran, that pink circle there, and that darker red that is Iran 60% of Stuxnet infections were inside of that country. So maybe it was targeted attack inside of Iran. Now these two Semantic and partnering with Institute for Science and International Security said, this is how we think they got the Stuxnet into the power plant inside of Iran, because the power plant was not connected to the internet. Now there's been rumors on the internet that the some bad guys or the attackers dropped USB sticks all around and that's how they got floated in. That's probably true. Okay, but the attackers targeted the supply chain from the attached power plant. They went after four companies inside of Iran that supplied materials into the power plant and waited for it to percolate into the plant. And that's what they did. First strike for Stuxnet was somewhere June 2009, because when the first infection started to show up inside of the tans. Now the UN likes to watch in the tans because they're very worried that Iran is trying to produce an atomic bomb there. So they are watching very carefully how much uranium is produced in that facility. Okay, in their estimate between 2009 and 2010 about a thousand centrifuges were destroyed by the Stuxnet malcode. And that was just the beginning. In fact, if you listen to some of the stuff that Symantec has said in the Internet, the Institute for Science and International Security ISIS, okay, they think there are probably two attacks, two attacks to begin. There was one in 2009 that was the initial launch. And then in 2010, there was a second version of code inserted into the tans. And nobody's really sure what that second version did, but it was definitely an upgrade to the initial code. Now, this is what I'm talking about. This is where we have moved from cyber warfare going from speculation and theory to proof of concept, I mean to real being a fact out there. All right. Now, the reason I'm saying is now possible to use a cyber vector alone to destroy critical infrastructure. We have not seen that in the real world really until the Stuxnet attacks. We've had demonstrations of that capability. These are the ones everybody trots out, the Estonia attacks, the Georgia attacks. You can even look at the Department of Energy's Idaho lab. This is back in 2007 when they destroyed an industrial strength generator through some piece of mouth code. Everybody seen that video on YouTube? You can see it if you watch Pretty Impressive but watch that thing destroy itself. But that was in the lab, scary, but no one's really done it in the real world. With Stuxnet, it is now in the real world and we need to worry about it. And the code, as you all know, is extremely sophisticated. Now, this is one of my pet peeves. When someone like me stands in front of a crowd like this and says something was sophisticated, what's the first question you should ask? Compared to what? Because if nobody tells you what it's sophisticated to, then it really doesn't mean anything. Everything is sophisticated. Let me tell you why Stuxnet was sophisticated. There are three really big reasons, okay? There were four zero days inside that code. We're not talking about the code that did the damage to the centrifuges in the tanks. We're talking about the code that got them in. Four zero days. At iDefense, we track how much that kind of stuff cost on the underground. And it can go anywhere from the total cost of this package anywhere from $400,000 to almost $2 million just for the zero days. Okay, so somebody built that stuff themselves or paid to have that stuff built, or most likely it was a combination of the two, but they were well financed in order to get this organization, this malco, into the power plant. The second, they use new technology that we had never seen before. Windows Server 2008 and Windows Vista, Microsoft introduced the new idea of driver signing. The idea would be that if I have a third party writing for Microsoft, they would sign their code, and if a kernel would check it when it ran, if it had a valid certificate, then it wasn't malco. Okay, what these guys did was sign Stuxnet with two different certificates from two legitimate companies. Okay, and that got through the radar. All right, and if you want to get the conspiracy theorist out here a little bit, those two companies, RealTech and J Micron, they are within a block of each other inside of Taiwan on the technology corridor. Okay, a block from each other. Now that kind of points to the fact there may have been an insider person trying to grab those two certificates, right? We have people on the ground in those areas and we know that there are lots of intelligence ACs that like to hang out on that little corridor because there's all kinds of interesting things going on there. Okay, so put that in your conspiracy app. All right, when Microsoft and Verisign noticed that those certificates were bad, we revoked them. Now, I just want to point out as an aside, look at that Verisign logo. That is the old Verisign logo. You look at the bottom right of my slide, you see the new Verisign logo. Okay, we sold that part of the company to Symantec last summer. That's their fault. All right, in fact, this is such an interesting new trend. We've seen the bad guys on the cyber crime side start to use this technique to steal your credit card information too. So it's a new technique that we started to see with Stuxnet. All right, now number three, this is the first root kit we've seen in the real world, targeting SCADA systems. Okay, now think about what this thing had to do. Okay, what they were really trying to destroy was the centrifuges inside and the tans. Now, over on the left there you see the president of Iran walking through a bunch of cascades, those silver things. Inside those cascades are 164 centrifuges. And what they do is they spin around really fast between the frequencies of 807 Hertz and 1210 Hertz. And you put uranium gas inside the centrifuge, spin it around really fast. The heavy atoms collect to the outside and the technicians pull that out. That's enriched uranium. Okay, and you need to enrich uranium to build nuclear power and you need enriched uranium to build a nuclear bomb. In fact, 90% of the nuclear bomb has to be enriched uranium. So this Stuxnet code was looking for these specific centrifuges running at these frequencies. And in fact, if it didn't see it, it wouldn't do anything, it would just stay dormant. Okay, but if it did find it, it would do some damage to it. Okay, in fact, it was looking for two specific motors running these centrifuges. One built by an Iranian company called Ferrara Paya. I mean that's my best guess at that. And another Finnish company called Vekon. If those two motors weren't there, Stuxnet didn't do anything. It just sat idle. But if it did find it, okay, it went after the centrifuge itself. And what it did was it would spin the centrifuge up to at max speed as fast as it can go and let it run there for about an hour. Okay, and then it would drop it down to normal and let it sit for 30 days. Okay, and then it would drop it down to two hertz and run it at a very minimal speed for about 30 minutes. And then would pick it back up at normal speed and let it run for 30 days. And it would do that over and over and over again. Stuxnet would sit in the middle between what the controllers were telling the technicians. All right, and then when the controllers say, hey, this isn't working very well, it would intercept that message and tell the technicians that everything was a okay. All right, the centrifuges, okay, are very precise equipment and they started to fail immediately when these things started to happen. Okay, so that's why Stuxnet is sophisticated. All right, so well financed, new technology, and the first piece of Malco we've seen targeting SCADA systems and very specific SCADA systems are running inside of the Natanz power plant in Iran. All right, so let's go back to the timeline. Virus Blockida announces to the world that Stuxnet has been discovered in June of 2010. Okay, if you go down just a month now, the Microsoft and Verisign, they revoked their certificates from real tech. Now take pay attention to the timeline, this is where it gets very interesting. Okay, this is July 16th, I can't even read that, but somewhere in the second week of July. Okay, the very next day the attackers installed the second certificate. Okay, the very next day that implies there's a punch counter punch going here. The attackers were anticipating that someone's going to discover that they were ready to install a new one and did it immediately. Now that's not enough to convince you. Okay, on the same day, denial of service attacks were launched at two very prominent SCADA forums on the same day. It's as if the attackers were trying to prevent the community from talking about it. All right, so think about that. That is a battle plan going on here. That is a punch counter punch. The attackers were ready for that and they had something in their back pocket to counter it. All right, finally Microsoft and Verisign revoked the second certificate and make the mouth code not installing any new copies. So let's fast forward into September. This guy, Hamid Alipour, he's like the CTO or CIO or CSO of Iran and he reported in the public that almost 30,000 computers were infected with Stuxnet. And the UN watchdogs reported that at least half the centrifuges in the detached power plant were idle. That's half of 9,000 centrifuges. Okay, so Stuxnet was having its effect. All right, so fast forward into November and this is where it gets very interesting. The technicians inside the detached power plant, they shut the system down for over 10 days, presumably to get rid of Stuxnet off the network. So they go, they turn it back on after a week and then hold your hat. This is where the conspiracy nuts come out of the woodwork here, okay, because this is the next step in preventing Iran from producing enriched uranium. They assassinate or at least try to assassinate two scientists in Iran. These two scientists were coming to work in the morning. Okay, motorcycles pulled up alongside their car, attached bombs to their car and blew them up. Okay, the first guy, he's dead, okay. The second guy in critical convention, all right, and many survived and he eventually takes over the program later. So think about what this means though, all right. The attacker's goal was to stop uranium enrichment going on in the tanks. They threw a cyber vector in there with Stuxnet. We're able to damage it for a while, slow it down when the Iranians shut down the net and took it off the network. They went to the next step and started going out to their personnel. Okay, this is the first time we've seen a cyber record like that associated with that kind of violence, okay. So we are in a new world, ladies and gentlemen, okay. Something kind of scary. So take a look at the battle plan here. This is kind of the long range view of how the attack happened. Okay, you got to admit that there was some planning going on here. So there's the campaign planning sometime in 2008 probably. The first strike in 2009, second strike in the spring of 2010, and that's when right about a thousand centrifuges were first destroyed. Then comes the next skirmish in the battle, the battle for the certificates. The good guys find out where at least the victims or the professional security community said, oh, we know it's bad. Let's revoke the certificates. Bad guys put a new one in. We take that one back out. So that's a kind of a skirmish going on there and the denial service attacks. The fourth one and finally is the Natanz coming offline, going back online, and then the attackers going after the Iranian scientists. Okay, what I'm trying to show here is this was an adversary who had a battle plan. They knew what they wanted to do. Okay, and they had backup plans in case something went wrong. And I hope you can see that in that timeline. So the question is how effective were the attacks? According to the U.S. and Israel, the nuclear program in Iran was delayed until 2015. Okay, but according to ISIS, there was no effect even with all the damage and all the delays in the Tanz. The Iranians were still produced as much uranium, enriched uranium, as they were supposed to produce. The truth is it's probably somewhere in the middle. We probably won't know for a couple of years. All right, so what do we get about all this? First, that the Stuxnet attacks were sophisticated. Okay, a new technology, well-financed and targeting SCADA systems. At your dinner party tonight, one thing you could say that's interesting is we don't think it's China and we don't think it's Russia and that's kind of refreshing. It's usually those guys in the spotlight. Okay, so it's probably not those guys. But the real thing you want to get out of this is that cyber war has moved from theory to fact. It is now possible to destroy critical infrastructure with nothing but a cyber vector alone. So we are in a new ballgame. Okay, oh, dead silence. You guys okay out there? Okay, good. Let's move over to the cyber security disruptors. All right, so what is a cyber security disruptor? Well, this guy, Clayton Christensen, he wrote this book called The Innovator's Dilemma in 1997 and it's about business disruptors. His theory was that there were new things coming down the pipe that fundamentally changes the business and what that thing is is some new innovation that nobody anticipated. Okay, and what happens is it makes the entire community have to change how they run their business. Okay, and what happens during this process is some businesses that are not ready for the change, they fail because they aren't fast enough to pick up the pace. So they don't catch the wave and fast enough to make the change. All right, so these are new business catalysts and these aren't slight improvements to technology but radical new changes how we do it. Now any math geeks in the world, in the audience? Math geeks, come on. Okay, what is that symbol? That's a radical. Come on, that's my joke for the day. Radical and okay, forget them. All right, now these new technologies, they are really niche when they first come out. Okay, but over time they build momentum and the best practices that we've had in place wither and die as these new things take their place. Now the example that Christensen uses is the reduction of hard drive size from the 1960s to the 1990s. The one I'm going to talk about here is the battle for the five and a quarter inch disc and the eight inch disc. Anybody old enough in the room to remember the first IBM PC marketing campaign? Okay, they used a little tramp as their, as their, okay, got some old guys in here. I know but you're old enough to know that. Okay, all right. You guys are probably carrying these phones. Okay, that's older than that. That's right. All right, so the dominant floppy drive at the time was the eight inch floppy drive and that was used in many computers at the time. These things were high end and cost a lot of money. Okay, the, is that me? It's not me. I swear it's not me. All right, so when IBM built the first PC they decided to go with the five and a quarter inch floppy commercial off the shelf really cheap. Okay, and what happened is that the manufacturers of the eight inch floppy didn't really anticipate the demand and these are the four companies that were making floppy drives at the time. Only one of these guys survived in Micropolis and according to Christensen they only survived through Herculean efforts by the management team to turn their plans around to start producing five and a quarter inch floppies. So that's what a business disruptor is. New innovation that comes out that completely changes the business. Like again, not slight improvements but radical changes in innovation that make everybody change. All right, so that's what a business disruptor is. At iDefense we think there are cybersecurity disruptors. New ideas, policies, technology, events coming down the pipe they're going to fundamentally make us change how we protect our environments. These are cybersecurity catalysts and we're expecting five to ten years down the road for these kinds of things. Again, now this is the important part about a cybersecurity disruptor. Okay, these aren't just new ideas or things. These are things are going to make us change how we do our business. So unless they make us change they don't count as a cybersecurity disruptor. All right, so iDefense have identified up ten of these things and these are them we're going to talk about a couple of them in this pitch. All right, now I think you have to remember about cybersecurity disruptors. Think of them in terms of a triple. Okay, you've got to worry about what the concept is. So the concept might be the mobile platform. Okay, the impact is what does that do to your enterprise by instituting something like a mobile platform in your environment? And finally, the last part of the triple is how is it going to make you change your security posture? So that's what a triple is. Is that really me? Oh, they're doing VoIP. Okay, I was going to say I am an expert buttyler by the way. Sorry. I know I went too far on that. Okay. All right, so consider this timeline. Okay, at the far end is the event horizon 2020 10 years out is about as far as we want to go predicting these kinds of things. 2005 is really where our best practices are. Okay, these are the things we all have in place in our environments to protect our enterprises. These are things like firewalls, intrusion detection systems and antivirus stuff. Okay, in the middle here 2010 2011 is where leaders are making decisions about what technology to bring into their enterprise. Okay, and this is where we're trying to help out here. The thing to remember is that there are going to be early adopters of these cyber security disruptors. Okay, these are folks that have realized that this technology may not be ready for their environment. There's going to be lots of bumps and bruises as you install it but they feel there's a need and they need to have it already. So there's going to be early adopters. All right, I'm not going to talk about all 10 because that would take the next five hours. We're only going to talk about three of these things. Remember, we're going to talk about triples and I'm going to tell you about when we expect to see them and if there are any early adopters. The first one is the combination of top-level domain extensions and international domains. All right, so the concept is let's talk about top-level domain extensions first. Up to this point, we've had the traditional dot com dot net dot biz dot edu in about a year or so you're going to start to see a bunch more. Okay, if you have enough money, you can have your own top-level domain. It could be a dot Rick or it could be a dot Defcon or it can be a dot I don't care. It doesn't matter if you have enough money and they're going to be expensive. Okay, there's going to be these new names out there that we're going to have to contend with. And coupled with that is this idea of international domains. Up to this point that all the domain names that we've had have been in English. Okay, but from 2012, 2013, you're going to start seeing domain names in Chinese, in Farsi, and in any kind of other language that who wants to play with this kind of experiment. So those two things together is the concept here that is going to make it a cybersecurity disruptor. The impact here is this is just one of them probably for this combination is that Blacklist are going to be unmanageable at the enterprise because you're just not going to want to mess with this anymore. You're not going to have the wherewithal to deal with it. So the change in your environment, we're going to start to see companies outsource their Blacklist capability to cloud computing folks. Okay, so that's that's what we expect to see. All right, probably you're going to start to see these services merge inside the your enterprise by 2015. And this year and last year ICANN has authorized this. These two things from happening, the top level domain extensions and the international domains they keep pushing the line back a little bit but expect to see it in 2013 by the latest, I think. All right, let's talk about oh IPv6 and domain name the DNS sec extensions. That's what this is. All right. So that's the concept. DNS sec extension even to any of the Kaminsky talks, you know that that's coming down the pipe. The top level domains are ready for that kind of thing and the introduction of IPv6, the new IP protocol that's going to replace V4. What that means to the enterprise is that IP management has just become very complex. Okay, and the change is your this guy you have in the basement managing your DNS system is probably going to go away okay. And you're probably going to want to outsource that stuff to some cloud computing environment also. All right. So expect to see this kind of thing in 2013 in 2010. Okay. This is a Gartner chart. Let me just read. I know it's a hard thing to read. Let me tell you what that means. The green line is the size of the internet. The blue line is the size of the IPv4 pool and the v6. I mean the red line is the v6 deployment. Gartner predicted there'd be two to five years in this is in 2010 now. They predicted we had two to five years before we ran out of v4 space. That happened last year. There are no more v4 addresses. Okay. So for the next couple of years there's going to be sort of a black market as companies sell their v4 space that they're not using. But eventually we're going to run into v6 and we're going to have to manage it. Okay. All right. Next is APT. I talked about the APT with Google. That's the concept. Okay. The impact is and I think this is what the commercial industry has really figured out. Okay. That their intellectual property is seriously at risk and we need to do something about it. And the change for their environment is I think data loss prevention systems are going to start being installed by the number. Okay. Through the enterprises. We're going to start seeing that around 2013 this is going to be best practices. There are early adopters now. People are deploying this technology right now but they're they're getting scarred by it because it's very complicated and very expensive but they're learning the lessons for all of us as we start to do this ourselves. Okay. And we talked about Google in 2010 and why that was important. All right. So that's cyber security as rubbers. Let me just put all of them on the timeline here just so you guys can see them. This is where we think they're going to be in the next 10 years. And this is where the early adopters are. Real quick. All right. So let me just recap what a cyber security disruptor is. New ideas, technologies are going to make you fundamentally change your enterprise. And I talked about three of them here. All right. So I'm at the end. Let me recap a little bit. These are the three things I want you to get out of that. The commercial industry should have awoken by now that cyber rescue now is a real threat. That cyber warfare is real and not that nations have declared cyber war on each other, that it is possible to destroy physical stuff on the in the world with a cyber vector alone. And there are new things coming down the pipe. They're going to make you change how you do your business. Let me just finish up. But we've written a bunch of books at that defense. Please buy them. I have to put my daughters through college. And if you want any more detail information about some of the stuff I talked about here, that white paper down on the bottom right. I will gladly give it to you. Just email me or come see me afterwards and I will gladly get you a copy. So that's it. Thank you very much. And we're done here.