The Tools We Need for Safer Cyberspace

Laura Galante is a recognized expert on cyber security, knowing just how much the digital world can enhance our lives, as well as the depth of the associated risks. What is the internet we signed up for, and how do we understand and use cyberspace for optimal benefit and minimal danger? The primary threats, by and large, aren’t about bots and spams. The biggest threats are global, and at times massive in scale. It is about using technology to access information. It is about economic security. It is about the very fabric of our reality, our thoughts, and our perceptions. How do we react? Frame and understand the problem. Think critically. It’s about choices, and communication, and personal agency.

00.00

it's obvious that the digital world is full of amazing possibilities but it is also of course full of risks and vulnerabilities Laura Galante knows this all too well she's one of the world's leading authorities on cybersecurity she's a resource to governments to corporations and NGOs she knows who the hackers are she knows what they want and how they can disrupt business democracy and your life here to take us through the area of cybersecurity is Laura Galante [Applause] well good morning it's 2018 right your credit score's been hacked you're getting new credit cards in the mail every couple months to replace the old ones the Russians are manipulating your facebook newsfeed and if a Nigerian

01.00

prince isn't telling you how to unlock your secret fortune then you're not looking at your spam right this isn't the internet we signed up for when I say I'm in cybersecurity I get two different looks one is well and the other is I don't know anything about that but here's what we're gonna do today we're gonna break this down so that we start understanding that this place that we're living in cyberspace the information space this is a world where the same types of analysis that we've been doing for centuries for millennia as people need to start being applied and thought through all right now how are we going to do it how are we gonna see cyberspace as this lens of both how people interact and also the place where our future challenges and problems are going to be played out let's start with

02.03

China particularly the Chinese government go back and it's gonna feel like a long time ago now go back to about 2013 and at that time we had in Washington what is a Washington secret and there's two types of them ones that don't matter and ones that are way too good to keep and this secret fell right in the middle of those two types and it was that the Chinese military was stealing through hacking through computer intrusions the research and development from a variety of defense sector companies everything from the f-35 fighter jet all the way to green energy and high-end manufacturing intellectual property but no one could figure out how to talk about this or what to do about it what was standing in the way this was an

03.00

IT issue this was about something funky something weirds happening on our network and then pictures would show up from Beijing with a s 35 fighter jet look-alike and no one could put this story together then five years ago this month actually few people of which I was lucky to be part of the team said were seeing over a hundred and forty different intrusions against multinational and American companies that all have some really odd similarities we need to dig in here and it was through that analysis through looking at the forensic behind the different incidents that corporations and governments were calling us in to look at that we started to learn a couple different things the tools the malware that was being used against these corporate networks had little

04.00

pieces of indicators about who was behind it and what they were doing and what they were thinking the types of targets that the same group of people this that were using these tools what they would go after tracked very closely with the Chinese government's stated five-year plan for development and most telling and most real in a sense to the world when we put this report out was the way we were able to trace to actual military units to the people behind this and the forensics behind it allowed us to pinpoint a unit in Shanghai where English speakers were being hired for their ability in computer science and their ability to think about who to target for R&D gains and when we put this report out called advanced persistent threat one five years ago it started to shed light on this problem in

05.01

a way where people were able to understand that this wasn't about BOTS this wasn't about BAM this was about a concerted effort to get at the crown jewels in this case of the American economy in 15-20 years of R&D that were getting targeted and taken from computer networks in with that report we were able to frame this problem this enormous security challenge at the level that it required this was economic and national security not computers and from there what happened May 2014 the US government Department of Justice indict five PLA officers and everyone in Washington runs around and says give me a break China has been stealing intellectual property for years this this isn't going to change anything to have five PLA officers pictures on the do J's website alright another year

06.03

goes by and a threat of sanctions starts coming out in 2015 the administration says look if there are products coming from China that have benefited from stolen hacked intellectual property well there's going to be tariffs on them then come September 2015 President Obama and President Xi President China signed an accord saying we will not participate in economic espionage through electronic means through hacking in behind-the-scenes we've been tracking how these different Chinese hacking groups had been behaving and there it was the dip in 2014 an activity right around the same time as this DOJ indictment and then 2015 from the fall on didn't see a single case of intellectual property theft through hacking I not that sounds too good to be

07.00

true right it always does but here's the reality because we were able to take apart this problem and understand that this wasn't hacking just for hacking this was intellectual property theft this was industrial espionage we were able collectively in the private sector and in the government to say there difference between hacking for state secrets something that's been going on since ancient Rome ancient Greece not the hacking part but taking state secrets and espionage right and there's a difference between industrial espionage towards the private sector and it was that ability to specify where a norm a behavioural line could be drawn on what's off-limits and what's acceptable where we were able to start changing how States approach this problem so what have we seen since then we've seen record numbers of technology

08.02

purchases by Chinese companies particularly in robotics and in semiconductors but we don't see the the variety and the volume of hacking that we saw before that so a really interesting way to think about how this became an economic security issue all right now who's our other kind of protagonist if I had been talking to you three years ago and I had said let's talk about how the Russian government is hacking you probably would have closed your eyes and taking a little iPhone break for a few minutes right things have changed so rapidly back 10 years ago when I was in the Pentagon looking at how the Russians approach cybersecurity the reception that we would get when we were talking about this was all right nice to hear go back to the basement of the Pentagon tell us when something's going to blow up and what we were looking at at that time 10

09.00

years ago what's the very explicit and thoughtful framework that the Russian government was using to think about cyberspace here's what they were doing and remember this is before iPhones right this is before we were all plugged in 24/7 the Russian government puts out a doctrine that says this isn't just about ones and zeros this isn't just about networks and systems cyberspace or as they call it the information sphere is made up of the thoughts and opinions in information that people use to create their reality and they saw this information sphere this information space as a place that needed to be defended and also a land of great opportunity and the ability to use perceptions and change narratives in favorable ways would be the tool that

10.02

would serve them far better than any modernized military far better than any economic might that they would be able to muster after the 90s and they invested heavily in thinking about that use of this new domain all right you can probably see the writing on the wall here right but what that contrasted with was how the US military was thinking about cyberspace which was much more technical Network focused how do we defend the Pentagon how do we defend our information assets and it was those two definitions one far more expansive and focused on information and another far more technical that created the ships passing in the night problem that we saw in high relief in the 2016 election and we're still talking about today how does this work though so what the Russian government thinks as they're imagining this space is that if you're

11.01

able to change the way that people perceive information if you're able to underscore the divides that are already existing in society around narratives around policy around candidates around whatever that fissure is then you're able do it have an outsized effect in asymmetry in this space that's hard to imagine and it was that thinking that played into how creative Russian hackers in the Russian military was able to amplify Texas secessionist narratives black lives matter rallies in whatever the issue was where they felt that people could be I did even more by the extremist rhetoric and the incredibly engaging content around these issues that's where they were able to see enormous dividends and their actions there's a quote from

12.02

Abe Lincoln in fact that I think sums up the way that the Russian government has thought about it and it's that public sentiment is everything with it nothing will fell against it nothing will succeed we've always known that perceptions matter the problem is when we don't understand who's trying to influence us and we don't fully grasp what that influence looks like and that's the place that we're in right now so what do we do about it we have intellectual property theft and industrial espionage we have credit-card crime we have people trying to manipulate narratives whether it's Russia or someone else in this country or outside of it what do we do the first thing we have to do is understand these problems there's this phrase in DoD the intelligence preparation of the battlefield your

13.01

ability to think about the problem you're up against how do we use our analytic tools to understand what we're looking at let us not just glaze our eyes when we hear another hack understand what it is number two think critically everyone remembers when their mom or when they for the first time we're talking to their kids about commercials right you would look at commercials on TV and say remember if it's too good to be true it probably is right we're going through that same moment as we think about Facebook so you think about all of these different technology platforms that are the places where our attention is getting grabbed and captured for advertising purposes and for other purposes we need that same type of mentality that same mental resilience if you will that we live through in the 60s and 70s as the world changed

14.00

from TV we need that same type of a mental hardware today if you're not paying for something you're the product right if you are so engaged in your phone and you're in whatever app it is you're looking at if you are so engaged is it because you've chosen to be there or is it because that video that starts playing next that keeps coming up is holding your attention there so that the next thing in front of you can be a product that you just feel you have to buy we've got a question the models that we've set up and allowed ourselves to buy into as we think about how we prepare ourselves for understanding information and thinking about it critically and finally this starts with people so often it's easy to say technology oh man I

15.00

you know let's see what comes next this is always about choices algorithms it's the dressed-up way to talk about recipes right an algorithm is simply people saying here the values computer or here the values equation that I think are most important for you to choose from you do this every night for dinner who's eating how much time do I have and what's in the pantry right these are the types of human calculations that go into the technology and the tools that we're developing and we have to be the people who understand what is going into those calculations look for transparency they're in question what technology's role is in our lives let's see it as a tool not as something that's our Overlord and that starts with us so much of the political situation and the feeling that we're in right now in the u.s. doesn't feel like how politics

16.00

should be I was lucky enough to go to mr. Jefferson's University and we had a phrase that was politics are a good thing and I still believe that and the more we can start saying this is about talking to each other again this isn't about using the symbols in language that has been weaponized to trigger you as in this tribe in me as in another or my stance on something yours on another the more we can wade through that and just start talking to each other again is going to be our path to thinking about this digital future where we're living in the most constructive terms and if you're tempted to say Laura that doesn't scale the biggest insult you can give to anyone in Silicon Valley right it doesn't scale I'll say this it's the only way we've ever scaled change here in the US it's person-to-person it's believing that you have the agency to change your community

17.02

your family your own self our ability for self improvement so with that I leave you today I think it starts here in beautiful Naples and it starts with our ability to go around and talk to each other again as people thank you [Applause]