[Applause]
how many devices do you have two three
count them all up in your head i phone
laptop tablet kindle internet connected
smart toaster all of them on each of
these devices your targeted in the same
place you receive emails from your
lovely old grandma you get the
occasional plea for help from a nigerian
prince or someone pretending to be your
grandma who really wants you to open
this weird-lookin attachment when you
check the news on your devices you hear
about how we’re getting hacked left
right center by everyone if the russians
don’t have your social security
information the chinese definitely have
your credit card number so we read the
news we get hacked and the blame usually
falls on one of two parties the
government or the private sector how
could the State Department have such
weak security systems or how could
Facebook have let the Russians propagate
fake news why are we the consumers and
citizens suffering growing up I’ve
always wanted to work in the government
which can be strange when all of my
peers and cyber security are vying for
spots on the hottest startup but in this
moment I’d like to use my experience as
someone who’s worked for both the
government and the tech sectors to offer
up a piece of the security puzzle one
that doesn’t usually make the big
headlines effectively the government and
the private sector to think about cyber
security in completely contrasting ways
a lot of this has to do with how they’re
set up and what their long-term goals
are for the private sector cyber is an
industry if you’re not a cyber security
company you don’t think about cyber past
your last software update most of these
companies don’t work together and all of
them are focused on turning a profit for
the government cyber is a domain like
air
Landen space its mission is to defend
the US homeland from cyber threats and
thus has a bunch of departments trying
to work together to both produce and
consume security products and sometimes
these products are also brought in from
the private sector so because these two
parties are so different and don’t
really communicate public and private
set cybersecurity doesn’t work out as
well as it should
let’s go back to this internet connected
toaster which is a real thing by the way
this bizarre invention is part of a
wider array of products called the
Internet of Things or IOT basically
computers have become so cheap that
engineers have realized we can make our
homes smart our security camera can
connect to our phone when we go on
vacation our coffee machine can make
that double mocha latte at precisely
7:00 a.m. when we roll out of bed and
our toaster can imprint photos on toast
for some reason consumers all of us we
went nuts yes this is great we’re living
in the future and businesses saw this
here was a product that was incredibly
in demand could be manufactured cheaply
and then sold at an exorbitant price
businesses saw an opportunity to make a
profit and thus sold hordes of IOT
devices at increasingly cheaper costs to
compete in this market as costs got
cheaper quality went down as quality
went down security got left out of the
building process many of these devices
DVRs routers especially had hard-coded
passwords now what this means is if you
have a router and you can log into that
router you can now log in to any other
router anywhere in the world made by
this company because they all have the
same unchangeable password what could
possibly go wrong on October 21st 2016
somebody took advantage of all of these
hard-coded passwords and log on to over
a hundred thousand devices this
actors and used these devices to attack
dine a company that essentially provides
easy access to the Internet
dine servers went down and the internet
for the entire northeastern United
States and parts of Europe went down for
an entire business day okay so the
internet was down for a day who cares we
do everyone does we’ve become so
interconnected that the Internet is a
key resource when a natural disaster
occurs reporters give estimates on when
the Wi-Fi will be back up when Facebook
is down people actually dial
but in terms of dollars and cents on
that day huge conglomerates like CNN
Airbnb Spotify couldn’t conduct regular
business people who had to browse
certain sites for their jobs simply had
to go home and all of this occurred
because companies were so focused on
pushing out the newest hottest product
the cheapest Internet connected toaster
instead of taking a hard look at how
their lack of security could hurt
consumers then shortly the private
sector can learn from the government
right the government doesn’t update its
products much which is understandable it
takes a long time to figure out how a
new piece of technology can impact
national security
so government products are evaluated
extensively before integration but
instead of pushing out products as fast
as possible the government has fallen
into an opposite problem after decades
without update technologies can become
slow and incompatible with newer systems
with parts that are impossible to repair
or vulnerabilities that are impossible
to fix because it takes so long for
governments to understand how a new
upgrade could impact us they become wary
of the upgrades themselves but the old
systems legacy systems become threats to
national security
simply because of how old they are
here’s a scary example the United States
holds over 440 minute monetary nuclear
missiles housed in land silos all across
the country these missiles are
constantly on high alert just in case
you know someone wants to lob a nuke our
way what’s alarming is that the
communication system for these missiles
which sends and receives orders from the
president has malfunctioned on multiple
occasions this system is comprised of
8-inch floppy disks a computer from 1976
and other hardware that’s over 50 years
old in the 1980s a malfunction from this
system caused the United States to
believe that the Soviet Union had sent
over 220 no 2,200 nuclear missiles
towards the United States advisers were
about to recommend a counter-attack
effectively starting World War 3 before
scares like this elevated tensions
during the Cold War and this particular
scare happened twice because of this it
was recommended that the Minutemen
theory communication system be either
retired or updated in the 1980s but this
still hasn’t happened
the most recent schedule for update has
a completion date of 2020 while the
Soviet Union is no longer around
we now have North Korea to worry about
and these malfunctions could happen
these aren’t isolated events but are
caused by a larger difference in world
view people like us in the private
sector unless we work in cyber security
don’t stop to think about how new
products could cause us harm it’s not
our fault we live in a time of progress
a time of great change at great speed
many of us are net natives because we
grew up with the internet we think it
could change the world given the chance
Facebook’s 2.1 billion connections reach
across borders leaving us with pure
unfiltered human bond or you know if we
just dropped 500 flash drives with
information about democracy over North
Korea Kim jong-un will be powerless to
unfortunately the same internet that we
Herald as this great equalizer also
Facebook’s unfiltered human connection
led to Russian interference in the u.s.
elections South Korean nonprofits have
become victims of North Korean
cyberattacks by advertising their flash
drive drops over the Internet we become
so enamored with the possible benefits
that a technology can bring that we
governments on the other hand don’t
usually see technological solutions it’s
not their fault either as of May 2016
there are only four net natives in
Congress only one Democrat and three
Republic
we can’t fault our legislators for not
growing up with the internet but we
can’t fault them when they don’t really
understand or try to understand what
they regulate over the course of my
undergraduate career I’ve had the
distinct pleasure and honor to talk to
you and ask questions to individuals in
our government our military and then
think tanks specifically about
cybersecurity about 20% of the time I
get one of the following cyber is just
not important to my job or I don’t
really understand the Internet my
grandson sets up my router thankfully I
see these answers less and less I really
hope it’s because these important
individuals in our government have
figured out that cyber is important to
their job even if it’s not in their job
description I really hope it’s not just
because they found someone else to set
up their router worse than Minutemen
systems or grandsons this public-private
communication gap is the biggest legacy
system in cybersecurity for the
government the problem is a lack of
understanding and innovation something
that the private sector is abundant in
the private sector meanwhile moves too
quickly without thought of regulation
and security something that the
government can rein in with good
regulation thankfully both sides have
started to figure this out and are
working on the issue but the internet
isn’t just made up of companies and
governments it’s added to modified
viewed by users everyone in this room
has the unique ability to understand how
technology affects the world around us
it does not take an engineering degree
to understand that and it only takes a
moment to consider security before you
buy has this company been hacked before
does this router have a hard-coded
password do I really need this cheaply
made Internet connected toaster
also as citizens we have the ability to
keep governments accountable by rallying
around good security policy we work hard
to build our futures traveling the globe
starting a family finding that dream job
and so as you leave these talks today to
go pursue that future whatever it may be
I hope that you consider making it a
secure one thank you [Applause]
how many devices do you have two three
count them all up in your head i phone
laptop tablet kindle internet connected
smart toaster all of them on each of
these devices your targeted in the same
place you receive emails from your
lovely old grandma you get the
occasional plea for help from a nigerian
prince or someone pretending to be your
grandma who really wants you to open
this weird-lookin attachment when you
check the news on your devices you hear
about how we’re getting hacked left
right center by everyone if the russians
don’t have your social security
information the chinese definitely have
your credit card number so we read the
news we get hacked and the blame usually
falls on one of two parties the
government or the private sector how
could the State Department have such
weak security systems or how could
Facebook have let the Russians propagate
fake news why are we the consumers and
citizens suffering growing up I’ve
always wanted to work in the government
which can be strange when all of my
peers and cyber security are vying for
spots on the hottest startup but in this
moment I’d like to use my experience as
someone who’s worked for both the
government and the tech sectors to offer
up a piece of the security puzzle one
that doesn’t usually make the big
headlines effectively the government and
the private sector to think about cyber
security in completely contrasting ways
a lot of this has to do with how they’re
set up and what their long-term goals
are for the private sector cyber is an
industry if you’re not a cyber security
company you don’t think about cyber past
your last software update most of these
companies don’t work together and all of
them are focused on turning a profit for
the government cyber is a domain like
air
Landen space its mission is to defend
the US homeland from cyber threats and
thus has a bunch of departments trying
to work together to both produce and
consume security products and sometimes
these products are also brought in from
the private sector so because these two
parties are so different and don’t
really communicate public and private
set cybersecurity doesn’t work out as
well as it should
let’s go back to this internet connected
toaster which is a real thing by the way
this bizarre invention is part of a
wider array of products called the
Internet of Things or IOT basically
computers have become so cheap that
engineers have realized we can make our
homes smart our security camera can
connect to our phone when we go on
vacation our coffee machine can make
that double mocha latte at precisely
7:00 a.m. when we roll out of bed and
our toaster can imprint photos on toast
for some reason consumers all of us we
went nuts yes this is great we’re living
in the future and businesses saw this
here was a product that was incredibly
in demand could be manufactured cheaply
and then sold at an exorbitant price
businesses saw an opportunity to make a
profit and thus sold hordes of IOT
devices at increasingly cheaper costs to
compete in this market as costs got
cheaper quality went down as quality
went down security got left out of the
building process many of these devices
DVRs routers especially had hard-coded
passwords now what this means is if you
have a router and you can log into that
router you can now log in to any other
router anywhere in the world made by
this company because they all have the
same unchangeable password what could
possibly go wrong on October 21st 2016
somebody took advantage of all of these
hard-coded passwords and log on to over
a hundred thousand devices this
actors and used these devices to attack
dine a company that essentially provides
easy access to the Internet
dine servers went down and the internet
for the entire northeastern United
States and parts of Europe went down for
an entire business day okay so the
internet was down for a day who cares we
do everyone does we’ve become so
interconnected that the Internet is a
key resource when a natural disaster
occurs reporters give estimates on when
the Wi-Fi will be back up when Facebook
is down people actually dial
but in terms of dollars and cents on
that day huge conglomerates like CNN
Airbnb Spotify couldn’t conduct regular
business people who had to browse
certain sites for their jobs simply had
to go home and all of this occurred
because companies were so focused on
pushing out the newest hottest product
the cheapest Internet connected toaster
instead of taking a hard look at how
their lack of security could hurt
consumers then shortly the private
sector can learn from the government
right the government doesn’t update its
products much which is understandable it
takes a long time to figure out how a
new piece of technology can impact
national security
so government products are evaluated
extensively before integration but
instead of pushing out products as fast
as possible the government has fallen
into an opposite problem after decades
without update technologies can become
slow and incompatible with newer systems
with parts that are impossible to repair
or vulnerabilities that are impossible
to fix because it takes so long for
governments to understand how a new
upgrade could impact us they become wary
of the upgrades themselves but the old
systems legacy systems become threats to
national security
simply because of how old they are
here’s a scary example the United States
holds over 440 minute monetary nuclear
missiles housed in land silos all across
the country these missiles are
constantly on high alert just in case
you know someone wants to lob a nuke our
way what’s alarming is that the
communication system for these missiles
which sends and receives orders from the
president has malfunctioned on multiple
occasions this system is comprised of
8-inch floppy disks a computer from 1976
and other hardware that’s over 50 years
old in the 1980s a malfunction from this
system caused the United States to
believe that the Soviet Union had sent
over 220 no 2,200 nuclear missiles
towards the United States advisers were
about to recommend a counter-attack
effectively starting World War 3 before
scares like this elevated tensions
during the Cold War and this particular
scare happened twice because of this it
was recommended that the Minutemen
theory communication system be either
retired or updated in the 1980s but this
still hasn’t happened
the most recent schedule for update has
a completion date of 2020 while the
Soviet Union is no longer around
we now have North Korea to worry about
and these malfunctions could happen
these aren’t isolated events but are
caused by a larger difference in world
view people like us in the private
sector unless we work in cyber security
don’t stop to think about how new
products could cause us harm it’s not
our fault we live in a time of progress
a time of great change at great speed
many of us are net natives because we
grew up with the internet we think it
could change the world given the chance
Facebook’s 2.1 billion connections reach
across borders leaving us with pure
unfiltered human bond or you know if we
just dropped 500 flash drives with
information about democracy over North
Korea Kim jong-un will be powerless to
unfortunately the same internet that we
Herald as this great equalizer also
Facebook’s unfiltered human connection
led to Russian interference in the u.s.
elections South Korean nonprofits have
become victims of North Korean
cyberattacks by advertising their flash
drive drops over the Internet we become
so enamored with the possible benefits
that a technology can bring that we
governments on the other hand don’t
usually see technological solutions it’s
not their fault either as of May 2016
there are only four net natives in
Congress only one Democrat and three
Republic
we can’t fault our legislators for not
growing up with the internet but we
can’t fault them when they don’t really
understand or try to understand what
they regulate over the course of my
undergraduate career I’ve had the
distinct pleasure and honor to talk to
you and ask questions to individuals in
our government our military and then
think tanks specifically about
cybersecurity about 20% of the time I
get one of the following cyber is just
not important to my job or I don’t
really understand the Internet my
grandson sets up my router thankfully I
see these answers less and less I really
hope it’s because these important
individuals in our government have
figured out that cyber is important to
their job even if it’s not in their job
description I really hope it’s not just
because they found someone else to set
up their router worse than Minutemen
systems or grandsons this public-private
communication gap is the biggest legacy
system in cybersecurity for the
government the problem is a lack of
understanding and innovation something
that the private sector is abundant in
the private sector meanwhile moves too
quickly without thought of regulation
and security something that the
government can rein in with good
regulation thankfully both sides have
started to figure this out and are
working on the issue but the internet
isn’t just made up of companies and
governments it’s added to modified
viewed by users everyone in this room
has the unique ability to understand how
technology affects the world around us
it does not take an engineering degree
to understand that and it only takes a
moment to consider security before you
buy has this company been hacked before
does this router have a hard-coded
password do I really need this cheaply
made Internet connected toaster
also as citizens we have the ability to
keep governments accountable by rallying
around good security policy we work hard
to build our futures traveling the globe
starting a family finding that dream job
and so as you leave these talks today to
go pursue that future whatever it may be
I hope that you consider making it a
secure one thank you [Applause]
Please follow and like us: