 from New York City, it's theCUBE. Covering CyberConnect 2017, brought to you by Centrify and the Institute for Critical Infrastructure Technologies. Welcome back everyone, this is theCUBE's live coverage in New York City at the Grand Hyatt Ballroom for CyberConnect 2017 presented by Centrify. I'm John Furrier, the co-host of theCUBE with my co-host this week is Dave Vellante, my partner and co-founder and co-CEO with me at SiliconANGLE Media in theCUBE. Next guest is James Scott, who's the co-founder and senior fellow at ICIT, welcome to theCUBE. You guys are putting on this event, really putting the content together. So Centrify, just so everyone knows, is underwriting the event but this is not a Centrify event. You guys are the key content partner. Developing the content agenda, it's been phenomenal. It's an inaugural event, so it's the first of its kind bringing industry, government and practitioners all together kind of up leveling from the normal and good events like Black Hat and other events like RSA which go into deep dives. Here's a little bit different. Explain the- Yeah it is, we're growing, we're a newer think tank, we're less than five years old. The objective is to stay smaller. So we have organizations that like Centrify that they came out of nowhere in DC. So we deal most, most of what we've done up till now has been purely federal and on the hill. So what I do is I work in the intelligence community, I specialize in social engineering and then I advise in the Senate for the most part, some in the house. So we're able to take these organizations into the Pentagon or wherever and when we get a good read on them and when senators are like, hey can you bring them back in to brief us? That's when we know we have a winner. So we started really creating a relationship with Tom Kemp who's the CEO and founder over there and Greg Cranley who heads their federal division. And they're aggressively trying to be different as opposed to trying to be like everyone else which makes it easy. So if someone wants to do something, they have to be a fellow for us to do it but if they want to do it just like if they want to commission a paper, we just basically say okay, you can pay for it but we run it. And Centrify has just been excellent. They get the community model and they get the relationship that you have with your constituents in the community where trust matters. So you guys are happy to do this but more importantly the content, you are held to a standard in your community. This is a new, I mean not to go in a different direction for a second but this is what the community marketing model is. Stay true to your audience and your trust and you're relied upon. So that's a balance that you guys have to do. Yeah and the thing is we deal with like Silance and like other, Silance for example was the first to introduce machine learning or artificial intelligence to get past that mutating hash for endpoint security. They fit in really well in the intelligence community. Centrify, the great thing about working with Centrify is they let us take the lead and they're very flexible and we just make sure they come out on top each time. So yeah, the content, it's very content driven. In DC we have like at our cocktail receptions, they're CIA, NSA, DARPA, NASA. Like they're the deal. You guys are the poster child of to be big, think small. Yeah, exactly, intimate. You say Centrify's doing things differently. They're not sort of just following in line, like a lemming. What do you mean by that? What is everybody doing that these guys are doing differently? I think now in the federal space, I think commercial too, but you have to be willing to take a big risk to be different. So you have to be willing to pay a premium. If people work with us they know they're going to pay a premium but we make sure they come out on top. What they do is they'll tell us, okay, Centrify will be like, look, we're going to put X amount of dollars into a lunch. Here are the types of pedigreed individuals that we need there. And maybe they're not executives. Maybe they're the actual practitioners at DHS or whatever. So the one thing that they do different is they're aggressively trying to deviate from the prototype. That's what I mean. I'm a vendor trying to sell stuff. Yeah, and the thing is that's why when someone goes to a Centrify event, I don't work for Centrify, full disclosure. That's how they're able to attract. I mean, if you see, we have General Alexander, we've got like major players here because of the content, because it's been different. And then the other players want to be on the stage with the other player. You know what I mean? So it almost becomes a competition for, hey, I was asked to come to an ICIT thing. That sort of thing. That's what I mean. It's reputation, you guys have a reputation and you stay true to that. That's what I was saying. This is, to me, I think this is the future of how things get done when you have a community model. You're held to a standard with your community. If you cross the line on that standard and you head fake your community, that's the algorithm that keeps you on balance. So you bring good stuff to the table and you vet everyone else on the other side. So it's just more of a collaboration, if you will. Yeah, and we try to, like the themes here, what you'll see is within critical infrastructure, we tried to gear this a little more towards the financial sector silo. So we brought the, from Etna, he set up the FSISAC. Now he's over with the health sector, ISAC. We're trying to keep, for this particular geography in New York, we're trying to have it focus more around the health sector and financial critical infrastructure. So you'll see that. All right, so James, I got to ask you, you're a senior fellow, you're in the front lines with the great role of this, great relationships in DC and you're advising and leaned upon by people making policy, looking at the world that is the general laid out, which is, the reality is, shit's happening differently now. So the world's got to change. So take us through the day and the life of some of the things that you guys are seeing and what's the outlook? I mean, it's like a perfect storm of chaos but yet opportunity. Yeah, it really depends. Each federal agency, so we look at it from the Hill perspective, it comes down to really educating them. So when I'm in advising in the house, I know I'm going to be working with a different policy pedigree than a Senate committee policy expert. You know what I mean? So you have to gauge the conversation depending on how new the office is, how Senate, are they minority side, you know? And then what we try to do is we try to bring the issues that the private sector is having while simultaneously hitting the issues that the federal agency space is. So we usually will have like a needs list from the C-suite at the different federal agencies for a particular topic like the Chinese APTs or the Russian APTs. So what we'll do is we'll break down what the issues is, so with Russia for example, it's a combination of two types of exploits that are happening. You have the technical exploit, you know, the malicious payload and a vulnerability in a critical infrastructure network. And then profiling those actors. But we also have another problem which is the influence operations, which is why we started the Center for Cyber Influence Operations Studies, that we've been asked repeatedly since the elections last year by the intelligence community just tell us explain this new propaganda. And the interesting thing is the synergies between the two sides are they're exploiting and weaponizing the same vectors. So while on the technical side, you're exploiting a vulnerability in a network with a technical exploit, with a payload, a compiled payload with a bunch of tools. On the influence operation side, they're weaponizing the same social media platforms that you would use to distribute a payload here, but only the, the web, that's right. You have either way, you have critical infrastructure. The payload being content, fake content or whatever content, has an underpinning that gamification call it, by reality, network effect. And user psychology around, they don't really open up the Facebook posts and just read the headline in the picture. So okay, so there's a dissidence campaign or whatever they're running. It might not be critical to national security at that time, but it's also a- But it shifts the conversation in a way where they can use, for example, right now all the rage is with nation states is to use metadata, put it into big data analytics, come up with a psychographic algorithm and go after critical infrastructure executives with elevated privileges. So you can do anything with those guys. You can, you can spearfish them. The Russian modus operandi is to call an act like a recruiter, have that first touch of contact to be the phone call, which they're not expecting. Hey, I got this job. Keep it on the download. Don't tell anybody. I'm going to send you the job description. Here it's a PDF and take it from there. Click on that. So how should we think about the different nation state actors? You mentioned Russia, there's China, there's Iran, North Korea. Can you lay it out for us? Sure, so each geography has a different vibe to their hacking. With Russia, you have the stealth and sophistication and their hacking is just like their espionage. It's like playing chess. They're really good at making ponds feel like they're kings on the chess board. So they're really good at recruiting insider threats. Bill Avenina is the head of counter intel. He's a bulldog. I know him personally. He's exactly what we need in that position. The Chinese hacking style is more smash and grab, very unsophisticated. They'll use a payload over and over again. So forensically it's easy to... The signature. Yeah, yeah, it is. So more sharing on the tooling or whatever. Yeah, they'll use code to the point of redundancy. So it's like, all right, well, the only reason they got in is not, Chinese get into a network not because of sophistication, but because the network is not protected. Then you have the mercenary element, which is where China really thrives. So Chinese PLA, they'll hack for the nation state during the day, but they'll moonlight at night to North Korea. So North Korea, do they have people that may consider themselves hackers, but they're not code writers? They outsource. They're brokers. They're like, they're general contractors. Yeah, yeah, they're not sophisticated enough to carry out a real nation state attack. So what they'll do is outsource to Chinese PLA members. Chinese PLA members will be like, okay, well, here's what I need for this job. And typically what the Chinese will do, their loyalties are different than in the West. They'll discover, during the day, they'll discover a vulnerability or an ode. They won't tell their boss right away. They'll capitalize off of it for a week. And if you do that, you go to jail over here. Russia, they'll kill you. But China, somehow this is an accepted thing. They don't like it, but it just happens. Then you have the Eastern European nations and Russia still uses mercenary elements out of Moscow and St. Petersburg. So what they'll do is they will freelance as well. That's when you get the really sophisticated like carbon act style hack where they'll go into the financial sector. They'll monitor the situation, learn the ins and outs of everything having to do with that particular swift or like bank or whatever. And then they go in and those are the guys that are making millions of dollars on a breach. Hacking in general is a grind because a lot of vulnerabilities work, but few work for long. So it's difficult to, and everybody's always thinking that there's this omega code that they have. It's just brute force, you just pound it all day long. Yeah, and that's it. And it's a grind because you might have something that you worked on for six months, you're ready to monetize it. What about South America? What's the vibe down there? Anything happening in there? Not really, there is some, nothing of substance that really affects us here. But again, if a organization's completely unprotected. Russia, China? Oh, Russia and China. And what about our allies? Yeah, GCHQ. Israel? Israel, yeah, definitely. I mean, and what's the collaboration coordination, snooping, what's the dynamic like there? Yeah, so we deal mostly with NATO and Five Eyes. I actually had dinner with NATO last night. Five Eyes is important because we share the signals intelligence. And most of the communications will go through the Five Eyes, which is California, United States, Australia, New Zealand and the UK. So those are our five most important allies and then NATO after that, as far as I'm concerned. First for cyber. Then you have the whole weaponization of space going on with SATCOM interceptions. We're dealing with that with NASA, DARPA. But not a lot is happening down in South America. The next big thing that we have to look at is the cyber caliphate. Because you have the Muslim Brotherhood that funds it. Their influence operations domestically are extremely strong. And they have a lot of contacts on the hill, which is a problem. And this, I don't, you know, and then you have Antifa. So there's like two sides to this. You have the technical exploit but then the information warfare. What about the Bitcoin underbelly that started with the Silk Rose and you've seen a lot of Bitcoin. Because, you know, anti-money laundering is a big deal and know your customer now regulation is part of the big ICOs going on. Have you seen any activity from those? Are they pulling from previous mercenary groups? Or are they just arbitraging just more free? For updating Bitcoin? Bitcoin is a whole Bitcoin networks and there's been an effort to commercialize, obviously, blockchain. And so there's been kind of a legitimate track to bring that on. But yet there's still a lot of actors. I think Bitcoin is important to keep. And I know that if you look at like the more Black Ops type hacking or payment stuff, Bitcoin is an important element just as tour is an important element, just as encryption is an important element. So the thing is- It's fundamental actually. It's a necessity. And so when I hear people on the hill, I have my research and I'm like, anytime you hear somebody trying to have a weakened encryption, back doors encryption, the first thing, we add them to the briefing schedule. I'm like, look, here's what you're proposing. You're proposing that you outlaw math. So what, now two plus two doesn't equal four? What is it, three and a half? Where's the logic? And so when you break it down for them like that on the hill in particular, they begin to get it. So they're like, well, how do we get the intelligence community or the FBI, for example, to get into this iPhone? Well, you know, civil liberties, you got to take that into consideration. All right, so I got to ask you a question. This comes up. I had an interview with a guy, I won't say his name, actually commented off the record, but he said to me, he said, you won't believe how dumb some of these state actors are when it comes to cyber. There's some super smart ones. Specifically, Iran and the Middle East talks about they're really not that bright. And he used an example, and I don't know if it's true or not that Stuxnet or WannaCry, I forget which one it was, it was a test and it got out of control and they couldn't pull it back and revealed their hand, but it could have been something worse. His point was they actually screwed up their entire operation because they were doing some QA on their thing. I can't talk about Stuxnet, but it's easy to get. It's easy. But in terms of how do you test, I mean, how do you QA your work? Like how do you peer review malware? Yeah, so you can't comment on it. Oops, it's out of control. The accuracy of zero base, the documentary. No comment. Next comment, next question. What, here's what you find. Like some of these nation state actors, everybody's trying to, they saw what happened with our elections. So they're like, whoa, we have a really crappy offensive cyber program, but maybe we can thrive in offensive and influence operations and propaganda and whatever. So we're getting hit by everybody. And 2020 is going to be, I don't even want to imagine. He thinks we have to control. It's going to be. All right, so I got to ask this question. This came up. You're bringing up a really good point. I think a lot of people aren't talking about, but we've brought up a few times. I want to keep on getting it out there. In the old days, state on state actors, we used to do things, espionage, and everyone knew who they were. And it was very important to not to really bring their queen out, if you will, too early or reveal their moves. But now with WikiLeaks and public domain, a lot of these tools are being democratized so that they can covertly put stuff out in the open for enemies of our country to just attack us at will. Is that happening? I mean, we hear about it. I hear about it. Meaning that, okay, I might be rush, or I might be someone else that, hey, I really don't want to reveal my hand, but hey, all you ISIS guys out there and all you guys in the Middle East might want to use this great hack. Without me open. Yeah, I think. Is that happening? Yeah. So, the new world order, I guess, the order of things, the power positions, are completely flipped, like what, B side, counter, whatever, it's completely not what the establishment was thinking it would be. What's happening is Facebook is no more relevant, I mean, Facebook is more relevant than the UN. WikiLeaks has more information pulsating out of it than a CIA analyst, you know, whatever. So there's a democratization of the information flowing in tools. Yeah, because the thing is we're no longer a world that's divided by geographic lines in the sand that were drawn by these two guys that fought and lost a war 50 years ago. We're now in a tribal, chieftain digital society, and we're separated by ideological variation. And so you have tribe members here in the US who have fellow tribe members in Israel, Russia, whatever. I mean, look at anonymous. I mean, anonymous, I think everybody understands that's the biggest law enforcement honeypot there is. But like, you look at the ideological variation and it's hashtags and it's keywords and it's forums. That's the Senate. That's Congress, that's, you know what I'm saying? This is a new reality. This is the reality. All right, so how do you explain that to the senators? I was watching on TV where they're just trying to grok what Facebook is and Twitter. Cyber hygiene. Oh my God, what are you talking about? I mean, certainly Facebook knew what was going on. They're trying to play the policy and there are noobs and there are newbies when it comes to policy. They don't have any experience on the Hill. Apple guys are kind of ramping up. They've had some help, but the tech has never been an actor on the stage of policy formulation. Yeah, we have a real problem. We're looking at outside threats as our national security threats, which is incorrect. You have Dragonet surveillance capitalists. So you've got, here's the biggest threats we've got. The weaponization of Facebook, Twitter, YouTube, Google and the search engines like Comcast. They all have a censorship algorithm, which is how they monetize your traffic. It's censorship. So you're signing your rights away and your free will when you use Google. You're not getting the right answer. You're getting the answer that coincides with an algorithm that they're meant to monetize and capitalize on. It's complete censorship. What's happening is we had something that just passed SJ Res 34, which just no resistance whatsoever blew my mind. What that allows is for a new actor, the ISPs, to curate metadata on their users and charge them their monthly fee as well. It's completely corrupt. So these Dragonet surveillance capitalists have become Dragonet surveillance censorists. Is that a word, censorists? I'll make it one. Sounds good. Which now they've become Dragonet surveillance propagandists. So that's why 2020 is up for grabs. All right, so here's the question. By the way, we come to the same school here on this one, but here's the question. The younger generation, I asked the general when he was in the hallway on his way out, and I said, where's the cyber West Point? We're the Navy SEALs in this new digital culture. And he said, oh yeah, there's some things. I mean, we're talking about the younger generation. The kids playing Call of Duty, Destiny. These are the guys out there, young kids are coming up that'll probably end up having the multiple disciplinary skills. Where are they going to come from? So the question is, are we going to have a counterculture? I mean, we're almost feeling like what the 60s were to the 50s, Vietnam. I kind of feel like maybe this security stuff doesn't get taken care of. A revolt's coming. You're talking about Dragonet censorship. You're talking about the kind of lack of control and privacy. I mean, I don't mind giving a face of my data just to connect with my friends and see my Thanksgiving photos or whatever, but now I don't want fake news jammed down my throat and anti-Trump, anti-Hillary spew. I didn't buy into that. I don't want that anymore. Yeah, I think the millennials, I have a 19 year old son. And my researchers, they're like right out of grad school. Like Heinz, I'm a CMU. What's the profile like? They have no trust whatsoever in the government and they laugh at legislation. They don't even care anymore about having their face, you know, on their Facebook page and all the most intimate details of last night's date and tomorrow's date with two different, whatever. Girls, they just don't- The consequences of their- They loathe the traditional way of things. And I think, you know, I mean, you got to talk to General Alexander today. We have a really good relationship with him. I mean, I'm not gonna hate him, Mike Rogers. Like, there is a counter-culture in the works, but it's not going to happen overnight. Because we have a tech deficit here where we need foreign tech people just to make up for that deficit. So Bill Mann and I were just talking. So I mean, I heard the general basically, this is my interpretation. If we don't get our shit together and this is going to be an F'd up situation, that's what I heard him basically say. Yeah. You guys don't come together. What Bill talked about was two scenarios. If industry and government, if industry doesn't share and come together, they're going to have stuff mandated on them by the government. Yeah. That's true. You agree? I do. What's going to happen? The argument for regulation on the Hill is they don't want to stifle innovation, which makes sense. Yeah, that's true. But then ISPs don't innovate at all. They're using 1980s technology. So why did you pass SJRS 34? For access. I don't know, because nation states just look at that as, oh wow, another treasure trove of metadata that we can weaponize. Let's start psychographically charging alt-left, alt-right. You know what I mean? Yeah, it's true. It's inevitable. The hacks are inevitable. That seems to be a trend. So, but you talked before, James, about threats. You mentioned weaponization of social. You just kind of... Social media. Yeah, you just kind of mentioned another one, I think, in terms of ISPs. Drag that. What are the big threats? Weaponization of social. Yeah. You mentioned, I mean, ISP metadata, obviously it's a... Metadata. So we've got, well, see, it really depends. And that's the thing. That's what makes the advisory so difficult because you have to go between influence operations and the exploit. Because the vectors are used for different things in different variations. It's an integrated model. It really is. It's an integrated model. And so, with a question like that, I'm like, well, okay, so my biggest concern is the propaganda, political warfare, information warfare. You know, we... People are underestimating the value of that. How big that is, our thing. Oh my God. They're over simplifying the impact of these info campaigns. Yeah, because your reality is based off of, if you look, it's like this, influence operations. Traditional media, everybody, is all about the narrative, controlling the narrative. What Russia understands is to control the narrative, the most embryo state of the narrative is the meme. Control the meme, control the idea. If you control the idea, you control the belief system. Control the belief system, you control the narrative. Control the narrative, you control the population, no guns were fired. Yeah. See what I'm saying? Yeah, and I was explaining to a friend on Facebook like that I was getting into a rant on this and I used a very simple example. In the advertising world, they run millions of dollars of ad campaigns, car companies, for post-car purchase cognitive dissidents campaigns. Just to make you feel good about your purchase. In a way, that was what's going on to explain what's going on on Facebook. It's just this constant reinforcement of these beliefs, whether it's for Trump or Hill. I mean, all this stuff was happening. I'd see, I saw it firsthand. I mean, that's just one small nuance, but it's like across the spectrum of memes. Yeah, and you have all these people, all these, you have nation states, you have mercenaries, but the most potent force in this space, the most hyper-evolving in influence operations is the special interest group, the well-funded special interests. That's going to be a problem, because you come 2020, I keep hitting that just because I was doing an interview earlier. 2020 is going to be a tug of war for the psychological core of the population and it's free game. Dragonate surveillance capitalists will absolutely be Dragonate surveillance propagandists. They will have the candidates that they're going to push. Now, that can also work against them because mainstream media, Twitter, Facebook, work completely against Trump, for example, and that worked to his advantage. We've seen this move before. So we thought, I'm a little bit older, we are the same generation, but remember when they were going to open up the C-Lex? Remember the last mile for connectivity? That battle was won before it was even fought. So what you're saying, if I get this right, the war and the tug of war going on now is a big game. If it's not played in one now, this kind of jury rigging, gerrymandering of stuff could happen. And so that when people wake up and realize what's happened, the game has already been won. That's what you're saying, right? Your universe, as you know it, your belief systems, what you hold to be true and self-evident. If you, again, the embryo, if you look back to the embryo introduction of that concept, whatever concept it is, to your mind, it came from somewhere else. There are very few things that you believe that you came up with yourself. And so the digital space expedites that process. And that's dangerous, because now it's being weaponized. All right, so back to the, who fixes this? So who's the watchdog on this? I mean, these ideas are, you're talking about, somebody like, man, that guy's lost it. He's crazy. Actually, I don't think you're crazy at all. I think it's right on. Is there a media outlet watching it? Who's reporting on it? Who even can grok what you're saying? I mean, what's going on in DC? Can you share with us the perspective? Yeah, so the people that get this are the intelligence community, okay? But the problem is, the way we advise is, I will go in with one of the silos in the NSA and explain what's happening and how to do it. They'll turn around their computer and say, show me how to do it. How do you do a multi-vector campaign with this meme and make it viral in 30 minutes? You have to be able to show them how to do it. Yeah, we can do that, yeah. Yeah, so. Actually, we can. Well, yeah. And so like that sort of thing. We've done that before. You have to, I'm sorry, I'm spitting all over. You have to be able to show them because there's not enough practitioners, we call them operators. And so when you're going in, you're teaching them. And the thing is, you look at it. Well, the thing is, if they have the metadata to your treasure trove, this is how they do it. Explain it here. If they have the metadata, they know where the touch points are. It's a network effect model. It's just a distributed model. They can put content in certain subnetworks that they know have a reaction to the metadata. So they have the knowledge going in. So it's not like they're scanning the whole world. They're monitoring pockets. Yeah. Like a drone, right? And once they get over the territory, then they just do their acquired deeper targets and then go viral. Yeah. That's basically how fake news works. Yeah. And see, the problem is, you look at something like, let's pick two things, alt-right and anti-file. Anti-file, just like Black Lives Matter, the initiatives may have started out with righteous intentions, just like take a knee. These initiatives, first stage is, if it causes chaos, chaos is the op. Foreignation state in the U.S. That's the op. Chaos, that's the beginning and the end of an op. So what happens is, they will, oh, okay, well look, this is taking off all these other people, so let's fan the flame of this take-the-knee thing. Hurt the NFL, I mean, who cares? I don't even watch football anyway, but taking the, it's causing all this chaos in the- It's called trolling. Yeah, so what will happen is, Russia and China, China's got their 13th five-year plan. Russia has their foreign influence operations. They will fan that flame to exhaustion. Now, what happens to the anti-file guy when he's a self-radicalized wound collector with a mental disorder, maybe he's bipolar? Well, now, after, with anti-file, he's experienced a heightened, more extreme variation of that particular ideology. So who steps in next? Cyber-Caliphate and Muslim Brotherhood. That's when we're going to have an epidemic. I can't believe, I, you know, anti-file is a domestic terrorist organization. It's shocking that the FBI is not taking this more serious. What's happening now is, Muslim Brotherhood funds basically a cyber-Caliphate, okay? Cyber-Caliphate, the whole point of the cyber-Caliphate is to create awareness and instill the illusion of rampant xenophobia for recruiting. They have self-radicalized wound collectors with anti-file that are already extremists anyway. They're just looking for a reason to take that up a notch. That's when they cyber-Caliphate. They hook up with them with a hashtag. They respond, they create a relationship. They get the flywheel going. They take them to a deep web forum, dark web forum, and start showing them how it works. You could do this. You could be part of something, and then this guy that was never even Muslim now is going under the ISIS moniker. And he acts. He drives people over in New York. They fossilized their belief system. Yeah, and then culture rated it. Yeah, the whole point to the cyber-Caliphate is to find actors that are already in the self-radicalization phase. But what does it take psychologically, and from a mentoring perspective, to get them to act? That's the cyber-Caliphate. That's how you understand it. This is the value of data and context in real time, using the current events to use that data, refuel their operation. It's a case of data-driven terrorism. What's the prescription that you're advising? You know, I'm not a regulations kind of guy, but anytime you're curating metadata, like we're just talking about right now, anytime you have organizations like Google, like Facebook that have become so big, they are like their own nation state. That's a dangerous thing, you know. So the metadata curation- The value of the data is very big. That's the point. It is, because what's happening- There's always a vulnerability. There's always a vulnerability, and it will be exploited. And all that metadata that's unscrubbed, I'm not worried about them selling metadata that's scrubbed, I'm worried about the nation state or the sophisticated actor that's already, has a remote access trojan on the network, and is exfiltrating in real time. That's the guy that I'm worried about, because he can just, he's like, forget it. I'm just going to target people that are at this face, he knows how to write algorithms, comes up with a good psychographic algorithm, puts the data in there, and now he can, he's like, look, I'm only going to promote this concept to people that are at this particular stage of self-radicalization, or sympathetic to the Kremlin. We have a big problem on the college campuses with IP theft because of the Chinese student scholar associations, which are directly run by the Chinese Communist Party. It's a problem. And I heard a rumor that the Equifax's franchise strategy had partners on the VPN that were state sponsored. They weren't even hacking, they had full access. Yeah, there's a reason that the Chinese are buying hotels, bought the wall of Astoria. We do stuff with the UN and NATO, you can't even stay there anymore. I think it's still under construction, but it's a no-no to stay there anymore. I mean, Western nations and allies, because they'll have bugs in the rooms. The Wi-Fi that you use. That's fake certificates. Yeah, or there's a vulnerability that's left in that network so that the information for executives who have IP, or PII, or electronic health records, like on the, you know what I mean? And so you go to these places to stay overnight as an executive and you're compromised. Well, look what happened with Jean Kaspersky. I mean, I don't know, the real story, I don't know if you can comment, but one sees that and says, okay, this guy used to have high-level meetings at the Pentagon, you know, weekly, monthly. Now he's persona non grata. Yeah, he fell out of favor, I guess, right? It happens. I guess. It happens. James, great conversation. Thanks for coming on theCUBE. We congratulate you on the great work you guys are doing here at the event. I know the content agenda's been well received. Certainly the keynotes we saw are awesome. CISOs, people from the government, from industry, congratulations. Yeah, thanks. Scott, who's the co-founder and senior fellow of ICIT, Internet Critical Infrastructure Tech. Knowledge. Institute for Critical Infrastructure Technology. And then we. Yeah. Critical infrastructure. And then a Center for Cyber Influence Operations. Great, good stuff. A lot of stuff going on. The Influences side exploits infrastructure. It's all mainstream. It's a crisis of our generation. There's a radical shift happening and the answers are all going to come together from industry and government coming together to theCUBE. Bringing the data here. I'm John Furrier with Dave Vellante. Thanks for watching. More live coverage after this short break.