 New York City, it's theCUBE, covering CyberConnect 2017. Brought to you by Centrify, and the Institute for Critical Infrastructure Technologies. Okay, welcome back, everyone. This is theCUBE's live coverage in New York City. This is the CyberConnect 2017 presented by Centrify, underwritten by Centrify's industry event. I'm John Furrier, Dave Vellante, and next guest is Byron Agahito, who's the journalist and lastwatchdog.com. Thanks for joining us. Welcome to theCUBE. Thank you, pleasure to be here. So, season journalist, there's a lot to report. Cyber is great. We heard a great talk this morning around the national issues around the government, but businesses are also struggling too. That seems to be the theme of this event, an inaugural event. It really is a terrific topic that touches everything that we're doing, the way we live our lives today. So yeah, this is a terrific event where some of the smartest minds dealing with it come together to talk about issues. What's the top level story in your mind in this industry right now? Chaos, is it data, civil liberties, common threats? What's, how do you stack ranked at level of importance, the most important story? You know, it really is all of the above. I had the privilege to have lunch with General Keith Alexander. I've seen him speak before at different security events, but there's a small group of the keynote speakers and Tom Kemp, the CEO of Centrify. And he just like nailed it. He basically, what resonated with me was, he said basically, we're kind of like where we were, where the world was at the start of World War I, where all, you know, Russia and Germany and England, you know, were all kind of lining up and Serbia was in the middle and nobody really knew the significance of what lay ahead and the US was on the sidelines and all these things were just going to converge and create this huge chaos. Well, he, that's what he compared it today, except we're in the digital space with that, you know, because we're moving into cloud computing, mobile devices, destruction of privacy, and then now all the nation states, Russia is lining up, North Korea and Iran. We are doing it too. That was part of one of the most interesting things that he mentioned. His rhetoric was very high on the, hey, get our act together country attitude. Like we got a lot to bring to the table. He highlighted a couple of use cases and some war stories that the NSA has been involved in, but almost kind of teasing out like, we're kind of getting in our own way if we don't reimagine this. Yes, he is a very great advocate for the private sector, industry, but not just industry, the different major verticals like the, especially the financial sector and the energy sector to put aside some of the competitive urges they have and recognize that this is going on. Okay, but I got to ask you, as a journalist, last watchdog, General Alexander definitely came down when he sort of addressed privacy and Snowden and the whole story he told about the gentleman from the ACLU who came in as skeptic and left an advocate as a journalist whose job is to be a skeptic. Did you buy that? Does your community buy that? What's the counterpoint to that narrative that we heard this morning? Well, actually, I think he hit it right on the head and as a journalist, why I got into this business and I'm still doing it after all these years is if I can do a little bit of shit, a little bit of light on something that helps the public recognize what's going on, that's what I'm here to do and this topic is just so rich and touches everything and we were talking just about the nation-state level of it, but really it connects down to what we're doing as a society, what Google and Facebook and Twitter is, how they're shaping our society and how that impacts privacy. And we were talking last night, Dave, about the Twitter, Alphabet and Google, I mean, Twitter and Facebook and Alphabet and from the Senate hearings last week and how it means, he brought it up today, the common protection of America. In this time, you know, given the past election, actually that was the context of the Google thing, really has got a whole opportunity to reimagine how we work as a society in America, but also on the global stage. You got China, Russia and the big actors, so it's interesting, can we eventually reimagine, use this opportunity as the greatest crisis to transform the crap that's out there today, divisiveness, no trust? And we're living in an era now where, I mean, in my lifetime, I can honestly say, I've never seen it this shitty before. I mean, it's bad, I mean, it's like, younger generation looking at us, looking at, oh, Trump this, Trump that, I don't trust anybody, and the government has an opportunity. All right, but wait a minute, so I'm not, I mean, I'm down the middle, as you know, but I'm going to play skeptic here a little bit. What I basically heard from General Alexander this morning was, we got vetted by the ACLU and they threw sort of holy water on it, but, and we followed the law and I believe everything he said, but I didn't know about that law until Snowden went public and I agree with you, Snowden should be in jail. I didn't say that. But he did. You said that a couple of cube, two years ago in the cube, you said that. Anyway, regardless. I don't think, I'm going to go find the, maybe I'm rewriting history. But that, but those laws were enacted kind of in a clandestine manner. So I put it out to both of you guys. I mean, as a citizen, are you willing to say, okay, I'll give up maybe some of my privacy rights for protection? I know where I stand on that, but I'm just asking you guys, I mean, do all your readers sort of agree with that narrative? They're all, they're all the cube. Well, I mean, if you look at the World War Warnings table that generally brought up in lunch, I think it wasn't there, but just me thinking about that it brings up a good perspective. If you look at reinventing how society in America is done, what will you give up for safety? These are some of the questions and what does patriotism mean for if industry is going to work together, what does it mean to be a patriot? What I heard from the general on stage today was we're screwed if we don't figure this out because the war, it's coming. It's happening at massive speeds. Again, I know where I stand on this. I'm a law abiding citizen, go ahead. Byron, what do you think? Please snoop me, but there, I know people who would say, no, that's violating my constitutional rights. I don't know. Well, yeah. It's worth a debate is all I'm saying. It's a core question to how we're living our lives today, especially here in the US in terms of privacy. I think the horse has left the barn. Nobody cares about privacy. If you just look at the way we live our lives, right? Google and Facebook have basically thrown the privacy model that came about because we went through World War I and World War II and we wanted the right to be left alone and not have, you know, authoritative forces following us inside the door. But now we don't live in just the physical space. We live in the cyber space. I think there's new rules. I mean, you're, I mean, you kind of- So there is no privacy. I'm going to go to the corner here. I did maybe say some comments, but looking forward, the new realities are, there are realities happening. And I think the general illuminated a lot of those today. I've been feeling that. However, I think when you define what up, it's me to be a patriot of the United States of America and freedom, that freedom has to be looked through the prism of the new realities and new realities are, as the general illuminated, there are now open, open public domain tools for anyone to attack the United States, industry and government. And he brought it up. Who do they protect? The banks. This ends up, I think will be a generational thing that the younger generation and others will have to figure out, but the leaders in industry will have to step up. And I think that to me is interesting. What does that look like? I think, I think leadership is the whole key to this. But I think, you know, there's a lot of, there's a big threat about where the burden lies. I write about that a lot as a central theme. Where is the burden? Well, each of us have a burden in this society to pay attention to our digital footprint, but it's moving and whirling so fast. And, you know, the speaker just now from US Bank said, there is no such thing as unprecedented. It's all ridiculous the way things are happening. So it has to be at the level of the leaders, the combination, and I think this is what the general is advocating, combination of the government, as we know it, as we've built it, buying for the people and industry, recognizing that if they don't do it, the regulations are going to be pushed down, which is already happening here in New York. New York State Department of Financial Services now imposes rules on financial services companies to protect their data, have a CISO, check their third parties. That just went in the second march. So that's a good point. Let's unpack that because I think that's what's new. If they don't do this, they don't partner, if governments and industry don't partner together, either collectively as a, you know, vertical or sector with the government, then the government will impose new mandates on them. Right? That's kind of what you're getting at. That's what's happening. It'll be a push and shove. So now the push is because industry has not acted with enough urgency and, you know, even though that we're seeing them in the headlines, you know what I mean? The states have already, California has already led the way in terms of this data loss disclosure law that now 47 states have, but it's a very, I mean, that's just the level that government can push. And then industry has to be active. I got to say, I mean, I'm just being an observer in the industry. We do the queue, but how many events will we hear the word digital transformation? I mean, if people think digital transformation is hard now, imagine if the government imposes all these restrictions. I mean. What about GDPR? All right, how does that affect? That's a good question. You know, you tell me the US government is going to be obliged to delete private information because of a socialist agenda, which GDPR has been called again. Well, no, that's another one of these catalysts or these, you know, one of these drivers that are pushing, because if Google, all the, it's a, we're in a global society, right? Here's my take, I'll share my opinion on this, Dave. I brought it up earlier. What General was pointing out is now the terror states now have democratized tools that other big actors are democratizing through the public domain to allow any enemy of the United States to attack with zero consequences because they're either anonymous, but let's just say they're not anonymous. Let's just say they get caught. We can barely convert drug dealers, multiple jurisdictions and court in the end of the world. What court is out there that will actually solve the problem? So the question is, if they get caught, what is the judicial process? Maybe SEALs? I mean, obviously I'm using the DEA and drug, when we've been fighting drug for multiple generations and we still have to have a process to multiple years to get that in a global court. I mean, it's hard. My point is, if we can't even figure out for drug trade, generations of data, how fast are we going to get cyber criminals? Well, there is recognition of this and there is work being done, but the gap is so large. Microsoft has done a big chunk of this in fighting botnets, right? So they've taken a whole legal strategy that they've managed to impose in maybe a half dozen cases the last few years where they've legally went and got legal power and they've shut down hosting services that were sources of these botnets. So that's just got one piece of it. So there's World War I analogy. Let's just take it to the cloud wars. So in a way, Dave, we asked Amazon early on, Amazon Web Services how their security was and you questioned, maybe cloud has better security than on-premise. At that time, eight years ago, oh my God, the cloud is so insecure. Now it looks like the cloud's more secure. So maybe it's a scale game. Cloud guys might actually be an answer if you take your point to the next level. What do you think? I correct me if I'm wrong, but you haven't seen these kind of massive Equifax like breaches at Amazon and Google. That we know about. That we know about all, but. What do you think? Cloud players have an opportunity? Well, that we know about. Yeah, that's what I was saying. I'm not saying they haven't breached it, but it's breached it. The question on the table is, are the cloud guys in a better position to walk around and carry the heavy stick on cyber? Personally, I would say no question is homogeneity of the infrastructure and standardization and more automation. What do you think? What's your community think? I think you're right, first of all, but I think it's not the full answer. I think the full answer is what the general keeps hammering on, which is private, public. This needs to be leadership. We need to connect all these things where it makes sense to connect them and realize that there's a bigger thing on the horizon that's already breathing down our necks, it's already blowing fire like a dragon at us. And it's a piece of- It's a community problem. The community has to solve the problem at leadership level for companies and industry, but also what the security industry has always been known for is sharing, right? The question is, can they get to a data sharing protocol? I'm so sorry. Yeah, it's more than just data sharing. I mean, he talked about that. He talked about the, at lunch he did, about the ISAC sharing. He said, no, it's more ISACs are these informational sharing by industry, by financial industry, health industry, energy industry. They share information about how they've been hacked, but he said it's more than that. We have to get together at the table and recognize where these attacks are coming and figure out what the smart things are doing like at the ISP level. So where, if the ISPs are, that's a big part of the fund. I mean, a crucial part of the fund is where traffic moves. That's where it needs to be done. What about the balance of power in cyber war, cyber warfare? I mean, US obviously, US military, industrial complex, Russia, China, okay, we know what the balance of power is there. Is there much more of a level playing field in cyber warfare, do you think? Or is it sort of mere the size of the economy or the sophistication of the technology? Or is- No, I think you're absolutely right. There is much more of a level playing field. I mean, a North Korea can come in and do a, this is what we know about, what we think we know about, come in and do like a WannaCry attack, develop a ransomware that actually moves on the internet of things to raise cash, right? For North Korea, right? So there, yeah, you're absolutely right. There is- It's fun in the Defense Department. So that, as Robert Gates said when he was in the Cube, we have to be really careful with how much we go in the offense with cybersecurity because we have more to lose than anybody with critical infrastructure and the banking system, the electrical grid, nuclear- Well, I interviewed a cyber guy on the Cube in the studio from Vitter in June 80s long. He's like, we can look at GEO and not have anyone outside the U.S. access our grid. I mean, no one should attack our resources from outside the U.S. to start with. So core network access has been a big problem. Here's something, I think I can share this because I think you said it, you wouldn't mind me sharing it. At lunch today, to your point that we have more to lose is, you know, the general said, yeah, we have terrific offensive capability. Just like in the analog world, we have all the great bombers, more bombers than anybody else, but can we stop people from getting, we don't have the comparable level of stopping- The defense is weak. Defense, right. Same thing with cyber. He said somebody once asked him, how many of your, what percentage of your offensive attacks are successful? 100%. You know, yeah, we do have, we saw some of that with leaks of the NSA's weapons that happened this year that gone out. It's like Swiss cheese. The leaks are everywhere. And this, but at the networking shows, I entered a guy who was running one of the big ports. I won't say the city to reveal who it was, but he's like, oh my God, these guys have come into Maritime Network, accessing the core internet. Unvetted. Pure core access. His first job at CIO was shut down the core network. You know, so he has to put a VPN out there in a segment that will validate all the traffic coming through. But the other predecessors had direct internet access to their core network. Yeah, I think the energy sector, and you know, there's a sponsor here, ICIT, that's an industrial control space that I think that's where a lot of attention is going to go in the next couple of years, because as we saw with these attacks of the Ukraine, shutting down, you know, getting in there and shutting down their power grid for half a day or whatever. Or with our own legit US-owned involvement in something like Stuxnet, where we get into the power grid and Iran. Those controls are over here with a separate legacy. If once you get in, it's really easy to maneuver around. I think, you know, that needs to be all cleaned up and locked down. That's part of the- They're already in there, the malware's sitting in there. We're already over there, probably, I don't know that. But that's what I guess, I hope, yeah. I don't believe anything I read these days, except for your stuff, of course, and ours. Being a journalist, what are you working on right now? I mean, honestly, you're out there reporting. What are the top things you're looking at that you're observing? What's your observation space relative to what you're feeding into your reports? This topic, security, I'm going to retire and be long gone on. It's a terrific topic that means so much and connects to everything. A lot of runway on this topic, right? I think the whole area of, right there, your mobile device and how it plugs into the cloud and then what that portends for internet of things. We have this whole 10-year history of the laptops and we're not even solving that with the servers and now we're moving here to these mobile devices in the cloud and IoT, it's just attack surface area is just continuous time. And the T-cameras, I mean, it's just- The other thing I noticed on Etna's presentation this morning on the keynote, Jim, was he said a lot of times that people chase the wrong attack vector. He's not sharing, literally, waste cycle times on innovation. So it's just interesting market. Okay, final thoughts, Byron, this event, what's the significance of this event? Obviously this black hat out there, the other industry events. What is so significant about CyberConnect from your perspective? Obviously, our view is it's an industry conversations up leveled a bit, but it's not competing with other events. Do you see it the same way? What is your perspective on this event? You know, I think that it's properly named Connect. And I mean, I think that is right at the center of all this when you have people like Jim Ralf from Ethno which is doing these fantastic things in terms of protecting their network and sharing that freely. And the US Bank guy that was just on and Verizon is talking later today, they've been in this space for a long time sharing terrific intelligence. And then somebody like the general, and Tom Kemp, the CEO of Centrify, talking about giving visibility to that, a real key piece that's not necessarily sexy, but by locking that down, that's, you know, accessing. How is the Centrify message being received in like the DC circles? I mean, obviously they're in enterprise, they're doing very well. I don't know if they're revenue numbers or if they're private, they don't really report those. Are they well received in the DC and in the cyber communities in terms of what they do? I mean, these identity obviously is a key key to the kingdom, but you know, it used to be kind of like a fenced off area in enterprise software model. They seem to be have more relevance now. Are they that translating for them in the marketplace? I, you know, I would think so. I mean, the company's growing. And I think that was just telling to somebody what they, the story they have to tell is substantive and really simple. So they're, that's the smart people over there. And I think that they're friendly ears out there to hear what they have to say. Yeah, anything with identity. Know your customer is a big term and you hear in blockchain and anti-money laundering and know your customer big, big term. That's, you're seeing more of that now. Certainly seeing Facebook, Twitter and Alphabet in front of the Senate getting peppered. I thought that was interesting. We follow those guys pretty deeply. They got, they got hammered. I mean, they're like, what's going on? How could you let this happen? So, and not that it was national security, but it was a major fud campaign going on on those, on those platforms. That's data, right? So it wasn't necessarily hacked per se, but great stuff. Byron, thanks for joining us here in theCUBE. Appreciate it. And your website is lastwatchdog.com. Yes. Okay, lastwatchdog.com. Byron Okohito here inside theCUBE. I'm John Furrier, Dave Vellante. We'll be back with more live coverage after this short break.