2017 - Fast Forward 10 Years: Fact, Fiction & Failure by Ian Thornton Trump

prove it to you yeah thank you we're just still packing them in a little bit that's good thank you folks that's awesome so I'll just kind of went through a bit of a bio before we get started into the cyber mayhem that I have in store for you Def Con who is heroes at Def Con anyone make the pilgrimage yeah awesome awesome I'm sorry if I yelled at you to get in line okay that's my apology right there except for fish is he here here's his first year at Gooding at the world's largest security conference he did a great job I'm just going on record to saying that I get to write for security publications and

stuff and that's that's fun one of the things I'm involved in is architecting day games and challenges for the UK cyber defense challenge and the Canadian cyber defence challenge the only difference between the two is that in the Canadian one we say I'm sorry that you didn't get that particular flag I've got a book coming out on cybersecurity I'm hoping to get it launched in December it's part of this presentation is going to really talk about that as well with some examples and I come to security from a law enforcement background really with some time with the Canadian military police as well as I'm working as RCMP criminal intelligence analyst really fascinated by cyber crime and cyber criminals and I

think what are the things that we can talk about is the cybercrime problem is not going away I pull up these two examples from indictments Department of Justice the indictments are actually excellent teaching tools for cyber security because an indictment basically lays out the evil Lex Luthor cybercrime plan that the bad guys had and then they got caught which is really great because then we can understand not only how they got caught but also um what you could do as a small medium business to defend yourself so these two guys the first guys are really kind of twits because they broke into PBX systems and basically use them as our long-distance services and send them out on the

internet they did this from 1999 to 2014 by the time they were caught this second group I really liked because they were too cyber crime in a really neat way they decided to buy ads that popped up on people's computers that said you're infected by a virus you need to call this 1-800 number and then they sold free antivirus for around four hundred US dollars to fix your computer so they got busted my point is this is that these are low tech attacks and they're not going away the only thing that we can do collectively in from now and ten or maybe 20 years forward is really talk about education an education becomes super important because we continue to

see fail on an epic proportion okay 200 million identities including what parties they preferred we're left on a cloud server that's what no encryption okay that's pretty egregious right and what's really interesting is how quickly a number of businesses say oh that was our subcontractor or that was our MSP like they're not responsible for that data at all so I'm hoping that GD P R is a big wallop for these type of organizations they do stuff like put personally identifiable information into cloud servers mysteriously believing that simply because it's in Amazon everything will be okay okay everything is not okay there are a whole bunch of MongoDB s that were set up in Amazon that got pilfered by bad guys

because again there was no security there now I want to talk a little bit about how performance reviews for cyber security go in other countries not so good but context is really important in this so this particular guy he was the head of Iran's cyber warfare unit and as you probably know there were reached a whole bunch of distributors denial service attacks on US banks okay these banks basically had to shore up their defenses and fix their web application vulnerabilities because these SSL type of attacks exhaustion attacks and overwhelming the servers caused a lot of people to be unable to access their banking information right sort of think of it as outsource BT you know when they go down nobody can do

anything um what happened is is the new prime minister of Iran what a date aunt with the United States he wanted to renegotiate and I feel that this particular guy might have said no can do bro and that's how he got replaced now I say this because in other countries the performance review process is a little bit different but the point here is is that as we go on cyber and the big takeaway from my presentation is what happens in cyber can affect real life and what happens in real life can affect cyber so here's an example and I'd love to point this one out because it's so exciting to me these guys were Syrian

electronic army operatives working in support of the Assad regime okay Assad is not a particularly nice guy he you know does things like you know nerve gases his people things like that but as you can see in the highlighted portion this person picked and not a good alias to do his cybercrime and yeah not only that they were extorting American businesses saying that we're with the Syrian electronic army and we're gonna attack your business if you don't pay us money now where their plan came off the rails was they used Facebook accounts and Gmail accounts to try and extort American businesses I would suggest that probably using a giant American service provider to extort money from American

businesses is maybe not the route to go like maybe protonmail might be a little bit better but I heard that they just hot today so one of the reasons why we want to talk about this is the money there is a lot of money involved in cybersecurity okay so those of you starting your career you're starting at a really good time because there is a lot of growth forecasted by Forbes and everything like that but let me bring to your attention the two trillion dollars in cyber crime forecast this is not so good for us and for everyone and I think that as time goes on that two trillion might be a little bit soft

one of the biggest problems we'll talk about this in a moment is we don't have any accurate measures of cybercrime now one of the interesting things that we found is that one of the more lucrative ways of making money online is to simply go to a business and ask them to send you money this type of attack seems to work particularly well and what's interesting about it is it cost an Australian defense firm 57 million dollars that they transferred to Chinese bank because that CEO sent an email to the CFO now you would be happy to note that the CEO paid the iron price for that and is no longer CEO and this is what I'm talking about so these are 2016

numbers from IC 3 IC 3 is the collective law enforcement database of reported cyber crime what I find very interesting about this is when you have personally been ripped off you are very interested in reporting cyber crime so as an example we see business email compromise that we just talked about topping the scales at 360 million in losses last year followed by confidence fraud and romance okay followed by more payment on delivery this stuff is all low-tech this has been around since Ruhlman periods okay but if you look over and you look at malware scareware and ransomware at a paltry two million that makes no sense when you contrast that with many vendors reports that

are saying ransomware is a 1 billion dollar problem so the problem that we have is GATT the government policy level is we are working with flawed data and this is why it fell to a 23 year old IT security researcher with a bad haircut to stop a worldwide ransomware attack we're going to talk about that in a little bit one of the other problems that we have with our leaders is massive overreaction to the cyber threat every time terrorists on do something and we start talking about things like we're going to outlaw encryption we're gonna drone strike hackers everybody kind of goes batshit crazy I'm sorry I said no party words right ok I apologize

I'll go on ok good she gave me stink eye right away the point here is is that we continue to deal with this situation and absolutely the wrong way rather than analyzing what the problem is so in 2017 we see a couple of major trends that are going to be with us moving forward botnet Wars and the evolution of ransomware and I just kind of run down some of the major attacks and one of the things that was really interesting to me is the versatility of bots for cybercrime so meth bot was making 5 million dollars a day by basically clicking on videos ok and that was it but they were fraudulently clicking on because it was a botnet and

so instead of humanized it was no eyes and people were making all kinds of money doing that we entered into the realm of massive cyber attack and I'm not talking about ransomware I want to cry or not petty I'm talking about Bricker BOTS bicker bot is really interesting because it destroys poorly protected IOT devices IOT devices with either vulnerabilities or default passwords ok what was interesting is when a German guy tried to leverage that he acts gently shut down 1.25 million rotors for Dorset telco and again he got caught and he's now you know going to jail and that's very exciting but that heralded a new problem that we had that we never had before where other devices and math

attacks are capable of rendering our Internet on its knees and we saw this with things like want to cry as soon as that NSA malware became available many antivirus people many IT providers did not do what was necessary despite us-cert guidance that said SMB v1 thou shalt not expose it to the Internet thou shalt block it out your firewall and Microsoft said here's a bunch of patches 58 days we had 28 days since the patches were made available but yet so many businesses suffered and we'll talk about what that what that was eternally and SS are if you don't know what those are those are NSA malware that came complete with an instruction set on how to use it okay

absolutely you basically gave okay this would be the equivalent of giving every nation on the planet enriched uranium and moving the entire cyber well warfare program forward the saddest thing in the world though is when you look at the eternal blue and you do the reverse analysis it was simply this putting a 32-bit value into a 16-bit register that was the attack so my harsh criticism on that and again I used the potty mouth in an actual newspaper article was that this was something that every vendor should have picked up on every IPS vendor every IDS vendor and every IT professional should have paid attention to us sir and these guys didn't ah oh and they're now gonna pay the iron price

I'm sorry if I'm throwing all those I Game of Thrones references in but totally addicted to it now 300 million in Ross - 300 million to four hundred million in losses for that company do you think that will change things I think it will because I think if I was the CIO of that company I would be updating my resume on LinkedIn okay there Tim the TMT one I have a personal connection for I showed up to do a conference and my booth stuff didn't because TNT had a ransomware attack mate and he is owned by FedEx and FedEx basically let all the analysts know that they are going to take a writedown loss on their next quarter

results as a result of ransomware so it is becoming to have real consequences so I want to talk a little bit about now our tech malware attack would be my love child with Jenny Radcliffe basically died stopped want to cry loses his anonymity as a result of that goes to DEFCON how some fun gets arrested please read the indictment if you get your hold up and get your hands on it because here's the biggest problem with this indictment it is basically taken his security researcher and said that actually making stuff for security research purposes is against the law in the United States this is what they're trying to get through I don't think they were because Marcia Hoffman is like a

Doberman Pinscher and she is one of the sharpest lawyers that there is out there that handles hackers she used to be the ability of chairperson of the e FF and this is really one of those extra dis reached by the DOJ the other problem is is that there were no victims of the Chronos malware in the United States so please explain to me how this guy gets arrested for something that didn't affect anybody in the United States and an indictment in Wisconsin gets fooled up so I'm hoping that they crush it so going to a more cheery topic of 2018 you want to talk about a mascot the incident that I think it's looking more and more like we're in a very

precarious situation and maybe not actually here in the g20 but in other countries where we've handed our poorly design tech and moved it down we've moved the problem to Africa and Latin America in terms of vulnerabilities and critical infrastructure however we now have this all of the cars hackings that we're going on at DEFCON truly interesting stuff here where again security was an afterthought in a lot of these cases and my boss of the DEFCON games mark Rogers is known for hacking Tesla's okay so there is a lot of hacking and I'm gonna play this no I'm gonna go back and I'm gonna play this video here I think I can do it here okay

all right okay come on come back come back please okay let's see if I can play this now spacebar to play yes all right so dashcam recording I find this fascinating and you see that basically in this there's an autonomous vehicle running a red light that in itself is not necessarily a problem but here's the problem what happens if one day all the autonomous vehicles decide to run red lights that's the issue that we have with the safety because if the vulnerability is in one vehicle given at certain particular circumstances enterprising young hackers may find a way to affect an entire fleet of vehicles and this is some of the stuff that we are talking about now in the ICS

transportation world simply because this is pertinent to our daily lives because running being run over by an autonomous vehicle is going to be not good okay so in 2019 I thought about maybe we would have a cyber war but maybe it's actually started already so elect I'll dysfunction is a serious issue of which you can get drugs for on the Internet but we have seen a pattern of damaging the credibility of the various parties involved and in the elections so we saw email servers being attacked we see patriotic Russians who somehow decide that the United States prefers Trump as president we see the states versus the executive branch about the voter rolls and finally we see a search warrant

dropped on DreamHost for the IP address logs of anyone on a anti-trump website and if that doesn't put a tingle up your spine it really should because this is going back to the McCarthy era in the United States where they make a list of people they don't need people anymore they need a list of IP addresses okay so this is where we've gone here and this is why I think we're so very vulnerable when it comes to social media and fake news and meddlesome in democracies and this is the classic example where quite literally one hacker and at first the United States thought it was the UAE but then they reversed the position and blame the Russians created a crisis in

the Middle East by suggesting that the leader of Qatar said things that were pro-israel and pro Iran okay and then what happened was Qatar actually hosts one of the largest military bases in there the reason why they think it was the Russians was that they wanted to destabilize that relationship between Qatar in the United States and then we have the other problems out there we have a very interesting apt style attack where a fake person was created to actually be free folks working in the oil and gas industry this was attributed to an apt group called cobalt gypsy or twisted kitten I think twisted kitten is an awesome apt name I'd want to work for

twisted cat not got a shirt and everything the idea here was using a catfish style attack okay again something that we will have moving forward which is also why I think malware attack might have gotten into some trouble because after five or six shots I'm talking about you know fun things in Vegas to be perfectly honest he's 23 and if a really good-looking lady was sitting down beside him who your malware tech I can see where that went it turns out her initials were FBI but you know oops so when we talk about what cyber war looks like out of kinetic level do we can go back in history and see a whole bunch of different attacks

that happened pipeline an explosion alleged pipeline explosion in 2008 the attacks the data destruction attacks on Saudi are local shaman and shaman to tunnel lights in Haifa Israel which were turned on green at both ends okay caused a little bit of a traffic jam but wasn't you know a mass attack the my favorite was the really angry guy that let loose thousands of gallons of sewage back in 2001 in Australia caused millions of dollars in cleanup we had trick from Team poison who then went on to the cyber caliphate who launched a series of ransomware attacks including allegedly the one on the hospital and you know the Ukrainians are having a rough time keeping the lights on in their country

and national infrastructure attacks we can see examples of that when people ask me in what does cyber war look like I said all of this plus more in one weekend usually a long weekend just after you've turned the lights out in the office that's what cyber war looks like so I think at some point we're gonna have to deal with this and we're gonna have to have some treaties we're gonna have to put in some controls or in cyber warfare and we see this because we're seeing whole bunch of offensive tools dumped out there with no regard whatsoever for who could actually start using them and we just saw double pulsar used again by an apt group to spy on people

that were going to luxury hotels okay I think we are not approaching this the right way because we're looking at the Internet as something that can be managed by countries and the problem is is the Internet's global and so I see us evolving into having some sort of way of defending this global thing Emily because right now it's hard to get somebody on the phone in Estonia to shut down a BGP route that has now you know is now taking the next ransomware attack and spreading it all over right I've talked with Maurey level on this quite a bit and we want to put together a task force that basically says if we see 4,000 infections in five minutes we want

to push those places off the internet we want to put a BGP or update and block hold on just like Pakistan did to itself when they put out a BGP route update for her YouTube and it was to some farmers cable modem and they crushed themselves they put themselves off the internet for like four or five hours so I think we're gonna get a second cyber war because war seem to always come in twos and it's because we're doing this and Elon Musk and a bunch of other people I'm Shane Webb who is probably a super killjoy at any party who basically says yeah you know what I think we're probably gonna get and buy technology now obviously

that probably doesn't go over particularly well but I want to bring your attention to this video and I hope I can play this one with more success here than I had last time okay so can i oh yeah okay I might have even mastered doesn't so this originally had some had some music - just like perk everybody up here but um what we're seeing here is a little Russian robot and it basically broke out of its lab and wanted to meet people was programmed to meet people right now this is really hilarious because it ran out of battery power and stopped in Mill Street and you'll see shortly there's police guy and then the sighted scientist and he's

now rolling it back okay now this is funny right but here's the problem this was the second time this robot did this after a complete wipe of its firmware so that's a problem because they can't figure out why it breaks out of its compound and goes to try and meet people there's more that we're gonna get into of what we're seeing so in 2022 I'm talking about social activism now becomes a real major issue and there's a member of things that I think are gonna drive this starting with this transportation and logistics this is a lumber ship that docked in British Columbia and back in the day around say the 17 late 1700s early 1800s in order

to get a ship loaded and moved you're talking about a hundred and fifty people at least okay there's four people that load and unload this ship now because it's all automated that's it and you only need three crew people to move this ship they work in shifts because it's got built-in navigation system so really all you're paying somebody to do is steer it off the rocks if the navigation system goes or it goes down so what is that going to do well we're gonna see job loss across the spectrum and I've got some numbers about that in a little bit transportation logistics it turns out are a huge part of the gross domestic product of most g20 countries

so we're going to see the automobile loan industry take a huge hit because why buy a car when we have autonomous vehicles everywhere right the automobile insurance industry why would we need to buy insurance if we are using autonomous vehicles all the time municipal impacts no more parking ticket revenue for speeding fines because you're an autonomous vehicle and autonomous vehicles only occasionally break the law and if they do then we'll blame hackers no more need for traffic enforcement right Travel services and roadside infrastructures no longer really need it but alcohol sales will go way up because you can get bombed get into the autonomous vehicle and you then continue the party in the autonomous vehicle so

that's good news so I've got another video here and this just shows some really interesting robots working in China where I have to underscore in China laborers are very very cheap very cheap so what you're seeing here is a human really enjoying his job right now and all these guys move in parcels around and this is where there would be literally hundreds of people potentially working in a logistics place but now the robots are coming in and they're basically pushing those jobs out and yeah it's great they can work 24/7 and recharge themselves so this is a problem for I think our society in that we're excited about this possibility but we're not thinking about the social

consequences moving forward and I find it fascinating that we're plunging ourselves into this sort of dystopian scenario without really thinking through the impact and this is where one of the impacts are is that those jobs that you would get out of high school to get some experience and stuff like that are disappearing because they're so automated anyone been to a McDonald's lately the new one will you just order your thing right anyone notice this staff headcount has gone way way down way down dramatically so here's one of the biggest problems that we have derelict the Daleks know we had a guy who's working on a factory floor turned into pasted by a robot and the problem with

that is as you can see the defendants in this particular case are numerous the question becomes if a robot kills you because this is a wrongful death suit who's responsible and the problem is is that the lawyers will argue about the percentage of responsibility based across the defendants so while this is tied up in court and there's tons of arguments there's a dead person that isn't that it's questionable as to who's going to compensate that particular person yeah and General Motors wants to put 30,000 factory robots on the internet so I see a bit of a problem with that because it's a two-millimeter problem I was I was really lucky to talk to a CIO of Fiat and he talked about

what his biggest fear was and it was a car that goes off the line missing a screw and he said that because the amount of product recall that a manufacturer will need to make if a systems integrity is violated by hackers or by a software mistake is huge I strongly urge you to look up s 4x17 Vienna and look for the keynote on I hocked my heart it is an amazing tale of a medical device a person that had a medical device in them and their struggle to understand exactly what software was in there because she found a bug she climbed the stairs I believe it's at Russell Square 196 steps up and at 180 beats per second or BER per

minute on her heart it defaulted to 80 and she collapsed there was a software bug in beside her so this is what we're talking about folks where we get into some really interesting scenarios when we combine software and put it inside people or have it directing and building things and we're not putting in the checks so here's the problem where we're now building AI and I've got some really interesting ideas around AI but we have now robots potentially learning from other robots okay and I just hope that they're not learning things like homicide okay cuz that's not going to be good for anybody but this is where it got a little bit strange when 2a is

controlled by Facebook AI Bob and AI Alice this is what they started saying to each other they invented a code now we don't know what the code is the code could have been exterminate all the humans we don't know but scientists switched it off and said that's not good the problem becomes is what happens when we start working at business speed what happens when these AIS are running factory systems or power systems or transportation systems and they go a little wacky that's a huge concern as is this as you know especially given my last name I am a believer in global climate change I've seen some reports that suggest that that two and a half

degree thing is on the conservative side that there could be significantly more in fact I saw one historical report that came out that said it was going to be seven point five degrees and half the human race would go missing but one of our trend analysis is is that we're seeing that seven jobs are reduced or are removed by the implementation of industrial robots and that's a concern with the unemployment and the forecasted growth that we're seeing so we're into this perfect storm where basically that's the answer say Forrester predicting twenty four point seven million US jobs or 17% will be lost by 2027 as a result of industrialization a million unemployed business-to-business sales people mostly

because we prefer to pay Amazon more money so we can get stuff from them faster which is a brilliant business model by the way they do they will say that automation will create 14 point nine million jobs or about 10% but that leaves nine point eight million people or 7% unemployed so we have this problem that thank you for coming and talking about it with me and participating because it's something we need to start thinking about I think we're going to be here pretty quickly where we have to partition the internet into a trusted network and an untrusted Network I'm not the first person to talk about that but I think because we're reporting these

devices that affect life safety on something that by its very nature with the protocols is not secure we have a major problem on our hands but then Elon Musk wants to connect our human brains to the Internet and I well let's just say some of you have very filthy minds that I don't want on the Internet okay so this is a great idea where your identity could be you but the problem that we have is is the use cases of the Internet sometimes we want total anonymity other times we want partial anonymity especially in the case of voting we don't want people to know what you voted but we want your vote to be authenticated and counted and then

finally when we're doing things like banking for instance we want a hundred percent authentication and no anonymity at all right because anonymity equals you know bad guy emptying your accounts so the problem is we have these three crazy use cases and we're using the same technology to try and provide for all of them and that that in itself as a as an issue and in 2011 Keith Alexander actually floated the idea of these critical services or a dot secure network and what was interesting is that was also talked about by guys like Bruce Schneier who if you know Bruce you know he is like absolutely the ante like government free weed for everybody like he's a great guy okay but

when he says you know might be time they look at this issue because of the Internet of Things and the capacity to do denial service attacks we may need to have something separate in order to keep critical services running so in 2024 I'm saying that the cyber war ends right and this is the part which becomes really interesting because our economic models are going to go down in flames because it just doesn't work what we have anymore we're going to possibly see where the trusted network is something that's direct human connection and finally we're going to see some really strange professions where we're going to have to deal with AI and virtualizations of ourselves and other types of things

basically when to uncharted waters by then and I think that by 2025 we're gonna have that trusted network bring new prosperity of business it's gonna be a hard a hard go but I think there's a number of things that are going to help us achieve that a lot of it is really around identity and the use of your identity in your day to day lives and the fact that passwords are failing us as a as a control mechanism and that the move to biometrics is becoming I think more more commonplace it's interesting when they did a poll of Millennials Millennials were way more interested in having a chip implanted in them then I sold conger people like we

don't like that no touchy-touchy one of the reasons why I think we're going to have to move to that trusted network is when we look at colonization of other planets everything on that planet becomes a life safety issue and we cannot be using ntp and BGP and DMS in order to make sure that the airlocks door opened on these on these colonies it's interesting because back in 2008 NASA at the the protocol to use over space that looks a lot like IP it's really interesting and that they can do a round trip in about eight minutes between Mars and and and Earth so it's called the DTN and I think it's really something that is going to be interesting because it it

will pave the way for us to move you know into you into space because it appears that we can't go anywhere without being able to be on our smartphones so 2027 I'm seeing a second cyber war treaty adopted and signed simply because things have fallen apart to the point where we are now rebuilding but there might be an opportunity here to fix this because we might get the big reinstall it's called the Carrington event this is where Earth gets smashed by a giant colonial mass injection and it's like somebody said any MP MP bomb off and basically shuts everything down and then as you know when you shut down stuff sometimes it doesn't come back on

this is more of a permanent fry and I scenario due to the power spikes when we find that we're gonna be rubbing two sticks together to figure out how to make fire and everybody will be like do you have signal do you have signal anyways thanks for listening I'm glad to take some questions and stuff like that how much time do we have yeah are we good or 15 okay so we would do five minutes question then send them on break early how's that I didn't want have any questions concerns gonna go sir

so it's interesting I think at this small micro level insurance has a role to play and I think in litigation especially around Internet of Things like when your dishwasher decides to burn down your house that would be really interesting in terms of how insurance will start putting in standards already we're seeing in cyber liability insurance a bunch of due diligence requirements in order for the insurance to be valid which is very interesting because if you did all of those things in the first place you may not need some earth insurance so yeah I see the insurance vehicle for individuals and for small business but one of the problems is how do you insure the entire

national power grid right you can't and so when we see the attacks going on in the Ukraine for instance the Ukrainian service providers their infrastructure they you know their insurance is the Ukrainian government right there was another question somebody had at the way at the back or bush coffee yeah you know it's interesting there's a lot of cybersecurity people that are pretty good campers oddly enough they get out of the data center once in a while I think that there will be times when the Internet has prolonged outages beyond sort of the Dyne dns issue that we saw which apparently there was a report that came out from a think-tank cost the United States something like four

billion dollars office gross domestic product and I think that's what started the conversation with legislation coming from the US on internet of things there's still some ambiguity it's a start I was talking to professor dresser about this it's a start the problem is is they're not talking about liability for you know bad internet of things they're talking about the ability for it to be patched and the requirement for we're setting an on default password which are great sort of manufacturing issues that need to be dealt with but not great in terms of like what is the liability right any other questions so and this is our biggest problem because what the UK might want which now the UK has built a

completely untrusted Network because we all know that they're gobbling up all of our her all of the information about our web searches at some point whoever it is the national government bodies possibly the UN or possibly the made the the main people that have the keys to the Internet will sit down and say you know what this is something that we have to start doing so I think it'll be a commercial issue and I think pushing it is that two trillion dollars in cybercrime loss I think we could build a better internet for two trillion seems like a lot of money right anyone yes sir yeah you know and it is true because I put up there alone apart

from 80 Kearney that said the entire value chain of the Internet I use at five point three trillion by 2020 and the cybercrime was going to take two trillion dollars off of that meaning that's a 33% basically tax by cybercrime if that comes true why would you want to be on the Internet if 33 percent of every dollar you make you know could be victimized by cybercrime I think what we're doing right now is a nation I think UK's doing a great job of it because of cybersecurity essentials and some other stuff we're pushing the problem to somebody else's neighborhood right we're not approaching a problem at a national or an international level right and it seems like the United

States is all too quickly to arrest people that are doing criminal copyright infringement like the guy that was running kickass torrents yeah now we can't pirate stuff anymore but again he didn't actually break any crime and I think he was living in Romania at the time right so we have these we have these moments where it's extrajudicial mostly led by the United States but we're not sort of we don't have a internet governing council that can say okay we're good a partition at this is what it's going to look like this is how it's going to how it's going to go

yeah and this is and this is why I say yeah the problem becomes right now most of the internet traffic that we have I think 70 to 80 percent is routed through the United States if the United States decides to turn off the internet they can I think it would be a gross political act and I think there would be ramifications of the of the UN but in an extreme circumstance where we do have you know not Patea running like rampid and we knew that patient zero for not patio was the Ukraine where most of the infection started and then spread out if we could have in time called the telcos of the Ukraine and said you guys need to

drop your kill switch and shut down because you're unleashing something lethal on the Internet it's time to have that discussion and dialogue I think there are extremes in circumstances where you do need to be able to at least filter right and you know the attack you know the attack pattern and you need to block that stuff at the provider level yep exactly exactly right the ramifications are something that we'd have to figure out so we're gonna have to be able to figure out what we can turn off and what we can't turn off right it's not as simple as the old days where it was hydro lights are on and the lights are off some of the lights need

to be hunted others need to be off right you can't shut down an entire Hospital you know because of a ransomware attack that's happening in another country way way way at the back

yeah definitely so what's gone on in a lot of cases in Africa and the Middle East and places like that a lot of the technology has been hand-me-down and that stuff is gonna start coming out and newer stuff is gonna start going in as these countries become more prosperous I think the real issue though is is that infrastructure issue that those countries have right now most of them aren't doing wired infrastructure it's all wireless and that has a whole different attack surface then what we have as a traditional kind of wired backbone Internet and I think the other problem too is that as more of the world is divvied up into fiber providers so Facebook is laying their own fiber

Google is laying our own fiber connecting Australia to to the Middle East we now have a problem of okay how do we interact at a nation-state level and say you know we need access to that lawfully or legally or we need to fix a problem because we need to write some traffic across your fiber because we've lost you know the publicly owned fiber so we're gonna see a whole bunch of challenges in that regard we're gonna see a lot more automation going to Latin America and South America and and certainly in the Africa area and that automation is going to be problematic from from an infrastructure perspective one of the reasons why 5g for instance

is being talked about so widely is exactly the autonomous vehicles demands on bandwidth right now a single autonomous vehicle is using quite a significant amount of bandwidth if you fill a road with them you can you can imagine that that particular cell phone tower may be and it may be difficult for that cellphone tower to keep up with the amount of data that those autonomous vehicles are using so I think that's it right are we wrapped time for Scott helm hold on to your seats if you think I'm funny this guy I'm telling you [Applause]