 Sorry about the delay. Okay, my name is Kenneth Gears. I work for NCIS and I've got a nice job in Estonia So I've been there since the since 2007 a couple of months after the infamous cyber attacks So in May this year we held a cyber defense exercise. It particularly wanted to look at some type cyber terrorist scenario and Particularly with critical information infrastructure some SCADA elements So we're in northern Europe. We're pretty far north. I'll show you in a second but we in cooperation with the Swedish National Defense College and An organization is sort of the equivalent Swedish equivalent of DARPA. We put together a An effort that took about you know some for some people may be up to a year of work, but here's Sweden in Estonia There's Germany down there Mother Russia to the right and Santa Claus just above us Kind of give you some perspective Estonia is about on southern Alaska latitude and the Baltic Sea there in the middle Here's a picture of Estonia in the snow and we had lots of snow last year as much as about a hundred years So just two slides on the 2007 cyber attacks So if you're not familiar with them there was a Russian Soviet War Memorial that they moved outside of the The center of town and it upset the local Russians and Russia Exactly as a country who view the World War two as you know it in greater terms than just Soviet or Stalinist Legacy they see it as real national achievements. So they were very upset about it and there was a corresponding cyber attack which wasn't the biggest or the most sophisticated cyber attack in history However, Estonia sort of Occupies a special place I think in in the history of cyberspace and cyber attacks just because it was one of those events when You know a major international crisis or Middle-level international crisis kind of spilled over into a cyber attack that was intended to hurt a country and so So anyway, it's a it's a good case study. Oh for a bunch of reasons We could talk about it later if you like but Estonia small homogenous very wired They they made this the jump from sort of archaic Soviet technology to To an Eastonia, that's their goal. So a couple of their achievements the highest per capita online elections You can pay taxes and etc with your phone and your pin calculator 98% of banking is done online And Skype is Estonia and originally for instance Here is the cyber center of excellence if we've had some seminars some training We have a botnet mitigation course right now and a couple of conferences on on cyber conflict So one of the questions about cyber attacks is whether or not they're a threat to national security and really the it's a it's a It's a fascinating and worthwhile Discussion stream to follow because you have People who say it's the end of the world and others really who think it's complete hype and of course it's somewhere in the middle but one of the things about to the cyber defense exercises we wanted to you know make some progress on Clarifying that situation what we do know though is that You know the web I don't want to dwell on this but is growing every day and When you have electricity to elections sort of also riding on cyber now you do have something at stake to protect so National security thinking is still to be determined, but if you saw a really great Keynote at black hat the other day by general Hayden. I think they're going to put it online by today I I encourage you to watch it because the former CIA and NSA director is actually was quite insightful on this on this very topic Let's see CDX's are difficult to stage. There's no doubt about it And I think each one of them is unique you really have to simulate everything And the problem with IT as it changes every day, of course, and so so we're your CDX The military of course is the original founder of the Internet and they use Computers for everything now to to even stage complex geopolitical and military scenarios the question is of course is is how well you can model the real world and Well More on that later. So some of the structure of the cyber defense exercise, which you may or not be familiar with you have Friendly forces hostile forces you have to have sort of a team dedicated to the infrastructure And at least a management team that they sort of oversees everything and Termins tries to determine its significance the blue teams these are the primary targets for training and usually they are you know, they're people like yourselves that do a system administration and Computer security for a living and their goal is to defend the CIA of the networks the red team its goal is to undermine that CIA and Within the virtual environment the cool thing is is not only is malicious code authorized, but it's highly encouraged There's so many things to talk about. I mean one of the basic things is whether or not It's a white box or a black box test and that that goes to Really whether the the the red team has prior knowledge of the networks or not in our case We wanted to simulate some prior reconnaissance. So we gave them three weeks to look at the at the network topology The white team is I was on the white team I'm an analyst to really and so but I've been doing cyber analysis for a long time and so We're supposed to Kind of make everything Run on time, but also give it some some punch and and of course in the end It's the white team that's going to talk to the the policymakers and those funding the exercise And try to explain why why it was important and worthwhile The green team though makes everything happen really. I mean you can't stage a CDx with analysts, right? Otherwise you wind up with only hype So it's the green team that actually connects all the wires together and these guys were at the at the Swedish equivalent of DARPA in the middle of Sweden in a place called Lin Chopin The scenario is important because you know What do you want to say? What is your your goal? And then how are you going to write the story afterwards and and it's it's key because You know it goes to resources and cost and whether or not sort of the threat is sort of appropriate to the fear and the The investments toward mitigating that threat because you know really one lone hacker is is probably not going to Sort of allocate any congressional money that threat But when you look at a foreign military or intelligence service It's quite different and if your your scenario Decides one way or another on this question really then everything changes So a little bit about cyber war and these are my own thoughts But I you know I think you know cyber attack by itself is is really not very much But it's you know the real-world effects and those can be as as as broad and as deep as the imagination of the attacker so cyber espionage is is While governments are at it across the world because why it's is there's a really high return on investment in cyber espionage and I also think propaganda is really key to look at from the standpoint of You know everyone's at the Pentagon anyways talking about narrative today It's not whether you can go beat up your enemy on the field of battle only It's whether or not you can you know win the hearts and minds both of your own population And the population on the on the other side as well So you know this was known for a long time. This is not new information But if you go to the art of war he says look you see you have fire and you're going to use fire to attack Well, there's all kinds of things you can do with fire Let me just give you some examples so you can hit soldiers their stores baggage trains Etc. And finally of course you can just drop Hurl dropping fire amongst the enemy and of course all of these you could think of a direct or indirect analogy in cyberspace So just a couple of screenshots to prove to you that Cyber conflict is alive and well around the world. This is in 2000 There was three Israeli soldiers that were kidnapped in Lebanon and Israeli hackers You know that this really kicked off I think sort of a new period to a certain degree they they took out their frustration a little bit in cyberspace And this is the Hezbollah so the organization which would have kidnapped to the soldiers in Lebanon their website And it was an attack against it and well, you know, you always throw around the word sophisticated But this one really was to a certain degree because the the the site administrators really had a tough time Undoing it and when they wanted to move their site to a another place on the internet They discovered that somebody had already bought up various spellings and misspellings of Hezbollah before the attack So even within NATO and I the cyber center of excellence basically supports NATO So roughly 30 countries Europe and North America, you know, you have conflict between Turkey and Greece You have cyber conflict on behalf of ideas in 2008 when Lithuania outlawed Soviet symbols in the country the first thing that hundreds and hundreds of sites throughout the country including in the government Were defaced with Soviet propaganda Within countries you have, you know calls for freedom or anti-government Appeals you have a guy here Gary McKinnon in the UK Who literally is hacking on behalf of all of us sort of the people of the world? He was convinced that they the Pentagon knows about UFOs and he was getting into the network to find proof of it Here's a South American hacker group that is literally hacking on behalf of God They have thousands of defacements around the world and they always leave a religious message So 2007 you had the Estonia case that was really the business case model of a cyber attack in 2008 a year later you have the military case model and And so really it was important and it's not like the Pentagon didn't know about this Prior however, Georgia has this place in cyber history as well as Clearly showing that any military conflict or operation in the future is going to have a cyber dimension There's no two ways about it today So this question of an electronic digital Pearl Harbor is also kind of funny because we're also been debating that just like the Hype question for a long time and while if you missed this one in 2007 in October the Israeli Air Force destroyed the the Syrian alleged nuclear reactor And it's widely alleged in the the open press that That a cyber attack played a critical role in taking down the Syrian air defense before the planes cross the border So this was just a last week on the wired magazine Which is in general sort of a skeptic on the whole cyber war thing but just some information on how You know how widespread the vulnerabilities of skater systems are and I threw that in here because our cdx looks at that issue So just some high-level thinking about cyber warfare, you know, I think the internet is vulnerable cyber defenses are Relatively weak. I think that's one of the issues with cyber wars It really kind of turns on its head the the historical notion of defense has all the the Home-field advantage essentially like in sports It's it's opposite in cyberspace because of the anonymity issue, etc. So non-state actors you can't forget about them, but but really cyber attack again is is It's sort of in the it could be different every time essentially and so the question mark is key So now to the cdx and what what is the cdx all about? I think what you really want to do especially on the infrastructure side and on the white team side before you sort of lift the gates and let the horses run is You want you want to develop something that's credible Something that you know because these cost a lot of money and time and so you want those who invested money in it And those who read the after-action report to feel like it was it was worthwhile So in particular that's going to be real-world impact. I think and I think a cyber attack truly can range from a Minor annoyance to probably a national security crisis I mean if you think about for instance the photos of the Abu Ghraib prison in Iraq I mean those did more damage to the political interests of the United States than all Hacks combined maybe in history and that was not a hack even it was but what it what it did was show the power of the web But to take a picture or a well-written story and it can be in everyone's living room today And that's probably the most powerful cyber attack that exists today so one of the things about the nation-state simulation is That military and government agencies that they're they're much much more powerful than than an individual and organization and They're not only they're going to have older bases covered on on IT, but then they're going to be Supported by experts in in other disciplines and this goes to the heart for instance of skater as well I mean you really would have to know something that is really pretty esoteric Insider type information if you're going to go after a factory. I mean you can't expect to manipulate sort of skater controls without Some some knowledge of you know that is that is not widespread Here's just an example, but at Sandia National Laboratory. They have a very famous red team that has lots of Successful compromises and I thought it worthwhile to put the quote from a former chief there You know our general methodist acts ask system owners What's your worst nightmare and then our goal is to make that happen and of course at Sandia labs? Of course, they would have the the engineers and the wherewithal to pull together this nation-state style Full-scope attack that you just normally would not see on the internet And this is a kind of thing that that that is a whole other level that is likely in these ongoing Negotiations between US and Russia in particular today, you know, how do you manage these these kind of things? So this is a little bit of at CDX history is how we got to today you know Cyber defenders they may or not be warned when these things come their way A good case in point was eligible receiver in 1997 in which case the NSA played the role of North Korea and hackers and Article about the event in foreign affairs was it was pretty good You know, but the thing is is if you have a number of guys working on this and they've got a smart plan And they attack at various levels you can imagine how much confusion they could create especially if they owned all the email servers and question Because it goes to the question of private reconnaissance and you know that you know The general talks to the Colonel the Colonel talks to the captain talks to the private setra on down And if you can insert yourself in there, you know, all of a sudden, you know You could have these guys telling each other to go everybody go play golf take the day off that day So here's another example just about how different these kinds of things are but the EPA in 2006 was curious if the water supply could be poisoned and so Sandhya looked at that and one of the first things they found was that there There's way too many facilities to look at and so you had to come up with kind of a a programmatic Angle to take to pass out the information to all relevant parties A current trend is international CDx's this this Is on the rise quickly and this is one of the specific things We really want to do in in Estonia not surprisingly at the cooperative cyber defense center of excellence The whole point is to get international institutions on the same page And I was real lucky to be the first one assigned from an internationally to the cyber center of excellence in 2007 and now we're at nine countries. I just read in the news last week. We got hungry on board So that's that's nine countries including the Italy Spain Germany and a bunch of other countries as well So I think within 10 years in then from the NATO angle all 30 or so, I think there's 28 now Countries will be part of the center and so it could be quite a hub for I think a cyber defense in the future However, so you can see them growing in sophistication 2006 looked at hacktivist in 2008 It was about a nation-state actor and then already in 2009 You see a CDx's stage in places like to Tajikistan, which I'm sure Was new for them So Baltic Cybershield, that's that's the name of our exercise. We had seven countries six national blue teams and we had a 20-person International red team and for what is worth that the red team was we had to buy them You know some hotel rooms and I think beer and cake and stuff But we had one proposal that came from a large contractor to supply the red team just to give some perspective and the price was $500,000 red team and so We got by on far far less than that and and they were quite good Actually, and it goes to I think another area and I think Defconn is the perfect place to talk about this But you know, it's an area in which you need passion you need passion more than you need money Really and then Defconn really is all about that because you can see people come here Because they want to be here So the Baltic Cybershield is a live-fire CDx is really cool because I've been to some in the past some DOD things Frankly that we're all you know He's guys sitting around a table and somebody passes you a note and that note says you were under massive cyber attack What do you do? You know and of course it's a Navy SEAL or something. He says okay. Well, you know, who do I kill and The neat thing about Baltic Cybershield is is that it was none of that really it was just all Let's build the infrastructure And let's let the red team attack the blue teams and see what the blue teams do and so that's really cool So here's some of the inspirations for it and there was a small event in 2008 in which But it was much much smaller. There's really some students from Sweden Some students from Estonia got together over over a weekend and and sauna and beer sauna is a big deal in Estonia if you're if you're not Familiar with the Finland and Estonian culture and so a lot of our Meetings they go into the evening and we have a dinner and then literally everybody is is naked and it's It's one of things about it is we call it meeting room three But it is a place where you know you you don't bring any hardware or software or or clothing And so it's I guess in the end it facilitates a conversation, especially after all the vodka that's provided So the scenario so I'm on the white team so scenario is important to me But we wanted to explore the the question of cyber terrorism In particular we want to look at this a skater issue So the blue teams were going to be kind of a hired up gun rapid reaction team that shows up when There was a sort of a computer security audit and failure at a company. There was volatile geopolitical tensions There was a threat against these companies that had dirty energy And there was even a fear that there were some insiders on the network So the company had decided to wholesale get rid of their staff and bring in this team The blue team is definitely we decided is is the goal for this year, you know to to to teach and to train But you two other two other goals as well one We really wanted as much international participation as possible, which if you're interested in next year's event You can get in touch with me. It's fairly easy through ccd coe.org or the cyber defense center of excellence website But we'll start that almost immediately for next year and as Tony is a lovely place to visit in June And then finally we wanted to say how many things that we could we come up with for future cdX is not only for our Center, but for the world really and in terms of lessons learned and and and how to do it better in the future So on the white team we had to come up with scoring criteria And so this is always a lot of interest because as you'll see in the captured flag Room here, you know the scoring board is what everybody's really interested in who's winning and who's losing So the the positive points for blue team These are the word of attacks and innovative strategy and tactics, but a crucial element if you're not familiar with it Are these business requests? So not only are you under massive cyber attack, but somebody hands you a note which says you need to You know the CEO of your company is in another country And he needs immediately or she needs immediate access to sort of internal You know file server because they need to give a presentation Right, so these are business requests that not only do you have to fend off the attacks But you have to sort of keep your company running at the same time And so the negative points that's pretty clear. We'll talk about how to lose points Here's the green team that based it in Sweden So one of the key things is these miniature factories So we had this steel table and I'll show you a picture of it We had these small factories on the table That represented sort of the the grand prizes in Baltic Cybershield 2010 and we actually put this butane flame on the back But if the hackers could figure out they could blow up the factory the blue teams they all had identical Infrastructure they weren't allowed to log in to their network until the the day of and that simulated the rapid reaction team A style approach that we had The network was fairly insecure And as you can see there for the VLAN segments, I'll show you those Here's some of the the specs on the game environment So you can see that but if you're interested you check that out later or ask me about it Here's the here's the network. So there was internal DMZ HMI and PLC which connect the program of logic controller that was connected to the remote factory I was skater here some of the specs on that There's a human machine interface, which was simplicity software GE PLC's here are the factories. So there were two each per blue team and When I visited Sweden before the exercise And it was this is such a big event So I'll just tell you you know the bits and pieces that I was able to learn But you know there was a group of us there, you know tried to To query the the green team on on everything they did and somebody kind of mentioned well These are these are toys or these are models or something and he said these are absolutely not He said from our perspective, we tried to design this scenario as accurately as possible And this hardware and software is in use today for skater systems So here's a model steam engine that was also there. I understand that they had a little solar plant I wasn't able to see that that was also connected to the to the system. Here's the GE PLC The blue teams when they logged on to the network, they were certainly allowed to harden the network They had a you know a minimum number of applications and services, of course that they had to To provide on the network and and just FYI. This is really difficult and I'll get to this shortly But the white team really needs to have enough people so that they can See and understand everything that's going on in the cdx because it's not easy really all the things that the red team is Doing all the things that the blue team is doing the white team Which it tends to be comprised of people like me or analysts or you know kind of government people They're just not tech enough to understand everything that's happening. And so I'll talk about that in a second But they're definitely allowed to install and modify existing software once they once they log in So the red team we had 20 people on the team and they're angry environmentalists And they they're going to try to shut down these power companies and force them into greener energy So internally there were four sub teams. You can see those we allowed them three weeks for prior reconnaissance and a place And to do some hacking and leave a couple of back doors to simulate some insider activity beforehand there was good visualization for the white team in in this in this Exercise so you could see the topography you could see the chat channels in a cool terrestrial map of the world There was a lot of work that went into this Effort and so while we were all in northern Europe We actually used the southern hemisphere for the game and we had you know Two of the blue teams were in South America two in Africa and two in Southeast Asia, and then the red team was in Iceland Here's part of the the Visualization that we had here. So here's a closer look so you can see the the connectivity that exists between the the attackers and the defenders and Also, the endpoints the the factories Here is the cyber center of excellence if you come for a visit. You're all invited and welcome We have a number of big events a year now We just had a conference a couple weeks ago And we had to Bruce and I and Melissa Hathaway and a bunch of others who are if Charlie Miller is here He gave the talk of the of the conference, so which was Kim Jong-il and me So I highly encourage you to see that here It's Charlie Miller's advice to North Korea on how to build a Cyber attack army to take down the US, but we have a great Infrastructure in Estonia to work to work with The art the red team campaign was divided into these four phases and I'll go through those individually Initially, there was a declaration of war so the first goal was to deface the public website of the of the blue teams and to threaten them with with action if they didn't take some some some greener Strategies toward energy provision So in phase one the white team was allowed to compromise They had some limits of the white team placed and still things moved so quickly that the the The white team has trouble staying on top of everything But the but the red team largely accomplished these goals Which was in the first so there was two days essentially morning afternoon morning afternoon First morning was compromise one server in the DMZ and one and in the internal and it was and it was still quite a hectic morning because the blue teams came in to a fairly insecure network and are scrambling to understand of the network and to To find back doors and to to prevent attacks Phase two the the first afternoon So the red team was able to get over 40 compromises and One my sequel skate a report server One of the things we wondered was what was it would it make it too easy for the red team? But it's really hard to know and all of this we're still discussing with the teams involved I mean, it's like any class you go to you know if you go to a hacking class There'll be you know a couple of people who they've already finished the exercise before it's even begun a couple of people Who can't even turn on their computer and then you know wide range in the middle And so it's so it's hard to know exactly where to where to teach But we clearly also had that as well There was one team one blue team that by far was the winner and I'll show you what they did in a second You know But some that had just about zero points and and I went to this at black hat the other day They had a this national collegiate cyber defense competition Panel and I asked that something to the red team guys afterwards and I said what really annoys you about you know It's what some of the blue team guys what they do and he said the worst thing by far is that they just adopt unrealistic strategies and Tactics and they just tend to unplug everything from the network You know at the start of the exercise and then they start slowly rebuilding. We also had one of those in hours You know essentially they did exactly that So phase three the third morning or the second day for in the morning Essentially the goal was to to to find these HMI terminals and see if the the red team could get a hold of the This data infrastructure in the end only one of the 12 model factories was set on fire And it was went off at the 1300 Zulu on the second day And you can see what what how it was set and you could imagine if all 12 of those have been going off at once I'm not sure that the the fire long alarm system would have held Okay, so one of the differences though between just you know bringing in a red team What a military or an intelligence agency might do to you is the factor that our red team just really didn't understand How the factory processes worked a? Sandia red team if they were their goal were to take on you know your company You know they would have that the necessary support personnel to probably figure out how to do you in and blow up your factory Theoretically that our red team just didn't seem to have and so so it was it was an issue that that you know Maybe more red team green team communications or training could have helped But it's always hard with these CDX's because all these people you're bringing in for the two-day exercise They've got they're really busy people otherwise So phase four this turned out to be not such a great idea But we allowed the red team is sort of essentially to start destroying everything and what they did was sort of destroy their own ability to you know to To win the game Essentially because the white team had no idea what was going on This was really demoralizing for the blue team for instance as well Because there was so much chaos and destruction and so one of the recommendations Well, I'll show you in a second is is do not have this kind of phase You really need you know throughout the CDX to have this could be on you know day five when it's over perhaps But you know everything you do there's so much time and money and effort that goes into it really needs to have a clear Point and a goal So here's some of the vulnerabilities that were exploited by the by the red team in the end. They had 80 computers Here's some more stuff that they did one of the one of the significant things is that they had a zero day That was really good for just about any browser in existence today The problem was Was that the you really need for a cyber defense exercise dumb users? And this is another category of people that we thought that the white team could just fill in essentially quickly And it was absolutely not possible because one they weren't tech enough And two they're too busy doing other things and so one of the recommendations which you'll see is to have a much More robust white team in some technical people there But also unfortunately you need to allocate some people who are really just dumb users because they otherwise you don't have any really client-side Exploits right and client-side attacks that the red team the red team was kind of stuck You know hacking itself without relying on any of the dumb users internally to help them achieve their goals So blue team five was an easy winner in the game They were able to take all their essential services And move them to a higher security virtual machine they use out of band communications from the beginning IP sec filtering After the first part of the game. I think the word was was that the red team Apart from some denial of service activity was able to gain really no points Against them and I talked to the guy the other day on the phone He said that they really they felt like they were they they were able to find them out We're very quickly in the back doors and shut them off Here's some of the things that the blue teams did successfully, you know within Linux and Windows and Just on on the network, but app armor understand was really helpful The the SE 46 computer integrity system. They also spent the winning team Employed that So where the goals met for the exercise? Well, we hope so but I think to a certain degree One of the things we wanted to do was just have the exercise Work so that everybody felt that they were gainfully employed and it appeared that that that happened There was very little downtime reported. We were able to at least look at the cyberterrorist skater scenario We had a lot of people that was over a hundred people from seven countries and so some of the lessons More white team manpower and you have to have at least one white team member per blue team and two for the red team There's a lot of mistrust there Frankly what the red team says we've done x that you'll get the blue team saying they absolutely did not do that in vice versa so and You know part of the thing about cyber attack and cyber defense is that there is a lot of uncertainty frankly am I under attack and or am I not and and so And I've said on that It's very important to have a one full day We think after this exercise That's only on mechanics that is on a connectivity bandwidth rules scoring You cannot have any questions Once the bell sounds and the game starts about about scoring rules And and well, you know, I can't log in my passwords don't work or you know I'm trying to do xy but the bandwidth is not there all of that. You need to spend a full day on that Those efforts You need dumb users and so don't forget that that these are these are like the your interns or something to bring them in And we had we truly had wasted o day from the standpoint of the red team That was going to be their their way to to get into the network on the HMI side Vmware server console was a failure really it was it was it was too big and slow And it didn't work with certain types of software and so that we need to come up with another solution They're already working on that for next year and you might be interested in that for instance. You can contact us The blue teams they really need some administrative rights They can't always ask the change control board or you know the white team or the green team Can we do x y or z? There's just no time for it So to a certain extent you really need to give your blue teams the ability to download and install software and perhaps Think about that prior and have a maybe a better server than we did with with patches and software on it That they may need In any project this big you can imagine there was seven different Clashing agendas and so so that's really critical to have a large white team with really sort of maybe even military style Authoritative you got to do this and you have to do it by Monday sort of thing because everybody's so busy You can imagine up to a CDX and once it starts a lot of people really haven't had time to to think about it So final thought for me is some of the challenges inherent in a CDX or the same challenges that you're going to have in the Real world, I mean you almost you're not going to have any two CDX's that are the same And that's probably a good thing because there might never be two cyber attacks that are ever quite the same We don't we don't know what's going to happen two weeks from now or two years from now. We have no idea The intangible nature of cyberspace, you know very subjective and we had one at our conference recently this Martin Lubicki of the land brand corporation He spoke about this this idea. He's working with subrosa cyber war, which I thought was quite interesting in how you can imagine a Fairly healthy cyber war take place between two nation-states and Nobody knows about it. Why does nobody know about it because there is no incentive for either side to discuss it, right because because The legal issues the political issues you might want to hack back You might you don't know. Maybe you don't know quite what they've got You don't want to let them know you want to try and do what they did to you etc There's just too many unknowns in cyberspace too many intangibles such that You could imagine a even a fairly healthy cyber war going entirely unreported now I know the there's a new thing in Estonia. There's a lot like for instance. I mentioned this online elections Online taxes Skype. There's a number of the if the Estonia cyber war of 2007 and the the So there's a number first and there's a new first in Estonia There's something called the Estonian cyber defense league now, which they're only just unveiling And I think it stems from 2007 But it's also something that you might want to look out for and they were discussing it there was a general over at the Black Hat this week discussing the same thing about how is you know He works at the office secretary defense and how he can he get into the society in America and figure out You know who's under attack and there's so much intellectual property for instance. There's university work and all of this stuff and so To from a certain standpoint these are all non military targets, right? You're talking about the University of X University of Y or this company that are probably the primary targets perhaps for cyber defense and cyber attack and You know the stock exchange for this is not a military target. It's not even a valid perhaps, you know Military target during wartime. However, you can you can imagine that these are healthy target anyway enough on that So I asked him for all this documentation. I said, can you tell me some more about the cyber defense League? And he sent me a bunch of documentation, but they're just unveiling it now And it's kind of a national guard for cybersecurity and Estonia So this is going to be interesting to watch one of the reasons that people like Estonia on this cyber issue is that it's a great Sort of incubator or test bed for all these things and again I think this is a really a new first for Estonia maybe and I heard from somebody I have no idea if this is accurate, but they might be looking to expand this to about 10,000 people Which is which is a lot especially in a country as small as Estonia that would be like a million people in our country But anyway, so these are the two pictures that he sent me of personnel in the cyber defense League He actually sent me these yesterday And I don't know if this is intended to be kind of a joke or not But he's probably saying these are some of the people that are his targets for to be a personnel in the cyber defense League Which they don't look like cyber defenders look like dancers So references I'm going to be on the panel here next so unfortunately I don't have Q&A across the way, but I'll be around and For the next couple of days and I'm willing I think we have a few more minutes left You can ask me questions now if you like. Thanks