Risky Business - Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape

Episode Date: April 10, 2025

In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for ...the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business! This episode is also available on Youtube. Show notes

Transcript
Discussion (0)
Starting point is 00:00:00 Hey everyone, Pat Gray here with a pre-podcast note. This episode of Wide World of Cyber featuring Alex Stumus and Chris Krebs was recorded a few days ago which means it was recorded before US President Donald Trump wrote and issued and signed a presidential memorandum instructing the Department of Justice to pursue Chris Krebs over I don't even know. But I just wanted to put this note here so that people when listening to this understand why it's something that doesn't come up in the discussion and that's because as I say this was recorded a couple of days ago. What a difference a couple of days make. Anyway I'll leave you to the podcast now. I hope you enjoy it.
Starting point is 00:00:45 Hey everyone and welcome to another edition of the Wide World of Cyber podcast. My name is Patrick Gray. For those who are unfamiliar, the Wide World of Cyber podcast is a podcast that we produce in conjunction with Sentinel One. It is a Sentinel One sponsored podcast. And that's great because we get to talk to our two guests here, Mr. Chris Krebs, the founding director of CISA, who these days serves as, I believe you're the director of policy and intelligence with Sentinel One. Is that correct?
Starting point is 00:01:23 You got it. I got it. All right. Can finally remember everyone's titles. And we're also joined by Sentinel-1's chief security officer, Mr. Alex Stumos, who is also known for being the former CISO of Facebook and Yahoo and the director of the Stanford Internet Observatory. G'day, Alex.
Starting point is 00:01:41 Hey, Patrick. Now, we are not recording this at our originally scheduled time and the story behind that is why we're having to do a do-over is actually kind of appropriate for the topic of this conversation because we were all getting ready to record the podcast last time and Alex said I'll just dip into my office at the Stanford Internet Observatory and set up my microphone and he was like, got there and he's like, oh, my office is no longer there because of course the Internet Observatory was defunded.
Starting point is 00:02:13 And how did that work? That was the cancellation of a grant or something. How did the Internet Observatory wind up going away again, Alex? It's more complicated than that, but yes, the Internet Observatory is no longer. I still teach at Stanford, but I have been relegated to the basement. So all my stuff was in boxes in the basement and I could not record. So. Yes.
Starting point is 00:02:34 So now he is in a windowless room at Stanford, which wouldn't have made for a particularly attractive backdrop for this conversation. What we're going to be talking about today is, I guess, the way the Trump administration is changing the world and the knock-on effects that's going to have for technology and cybersecurity. And I guess a good point to begin this conversation is to sort of outlay some of those changes. So we're seeing there are reports coming out of fairly significant layoffs that are going to happen at CISA. We're going to talk about them in a moment.
Starting point is 00:03:06 But probably the big news over the last week is that the Trump administration has let go of Tim Haw and Wendy Noble at NSA. That's the director and deputy director of NSA. Let's start with you, Chris, being a former US Gov. Why do you think this has happened? We've seen reports that it was over the reluctance of NSA leadership to switch targeting onto Mexican drug cartels.
Starting point is 00:03:34 My sources tell me that that's not accurate, that that's the quote unquote Fox News explanation, and that really, you know, Horan and Noble were let go just because they weren't Trump people. But what's your take here? I'm curious. I mean, let me pick up where you left off
Starting point is 00:03:52 and that, you know, whatever they're not Trump people means, any way you cut it in at least the US government form of management, leadership, whatever you want to call it, you know, everyone works at the direction and the discretion of the president. They say you serve at the pleasure of the president. And traditionally in military roles
Starting point is 00:04:16 where you have general or flag officers in these leadership positions, which by the way, there are still general officers and flag officers that were nominated and confirmed during the Biden administration that are leading combatant commands and other organizations within the military.
Starting point is 00:04:35 They're still there. I think what's different though, specific to General Hawk is that he was in that dual hat role, that he was the chief of Cyber Command, commanding general of Cyber Command, as well as the director of the NSA. And the director of the NSA is an extremely powerful position. The NSA itself is a significant, you know, portion of the intelligence community, exceedingly powerful, lots of capabilities, resources.
Starting point is 00:05:07 And there's an argument that I have heard that the administration is interested in putting a political appointee appointed by President Trump into that NSA director position. Now, of course, there's a bigger issue there. And one that Pat, we talked about in Sydney during the live taping was, you know, whether the dual had nature, you know,
Starting point is 00:05:31 what is going to happen with this position? The fact that NSA and Cyber Command are currently linked and governed by the same leader, that can be resolved. The first, you have to have an administration decision that we wanna split. And the second is the Congress has to pass a law that enables that, at least by the book, by statute that's required.
Starting point is 00:05:56 And what we may have seen last week, I guess it was Thursday night, was that first kind of salvo in, we're gonna get rid of the leadership, we're gonna make this determination, and you heard plenty out of the Trump advisor camp suggesting it, and then you move on and you make the request up to the Congress,
Starting point is 00:06:18 and the Congress, again, by the book, passes that legislation and you split them up. Now, we can talk about the wisdom of a removing General Hawk is an exceedingly capable leader. In fact, I'd probably say he is the one of the first general officers that really truly grew up in this space. From almost the day he entered into military service. He has been at least in intelligence, but certainly in the signals in cyber space. And so just extremely capable. I've worked with him in the past. And again, I think he was the right leader for that organization. I'm I feel the same about Joe Hartman, who is the acting NSA director and cyber comm chief.
Starting point is 00:07:07 But again, this is a distraction. It's a change up in leadership that we don't need right now. We had great stability, particularly at a time when, you know, when you do hear anything cyber out of this administration, it's about cyber offense, cyber offense, cyber offense. Well, where do you think that comes from? That tends to be USA over command. Yeah. Yeah.
Starting point is 00:07:27 So I mean, I'm not really hearing much, you know, from you in the, in the way of, well, this is the reason they did it. This is the logic. This is the outcome that they're going for here. Look, we've seen a couple of names like kicked around just in, you know, among people I know in the United States for potential nominees. One would be Ezra Cohen, who's been floating around Natsy X-Circles
Starting point is 00:07:47 for quite a while. The other is Trey Stevens, who I think is, what is he, on the board or a co-founder of Andural, the sort of defense contractor. Yeah, he's a founders fund guy, yep. Yeah, yeah, so linked to Peter Thiel and Elon Musk. But I guess, at the moment, we're drawing a bit of a blank on the reason behind this.
Starting point is 00:08:04 One thing that you've pointed out several times when we've spoken is that Project 2025 has proved to be somewhat of a policy roadmap for policy and action roadmap for the Trump administration. Does it have anything to say about NSA leadership? Can we draw any lessons from looking at those parts of Project 2025? Yeah, I mean, again, you've got the intelligence chapter as well as the defense chapter that
Starting point is 00:08:28 say in their own separate ways, because again, they're written by different authors. There's not a whole lot of one voice writing throughout that document. So the styles are a little bit different, but yeah, both of them say, we got to call the ball here. And I think both of them, as well as dating back to the first Trump administration, there was a bias towards separating them. In fact, I, you know, rumor mill has it that in the last weeks or months of the first Trump administration, there was a memo that was finalized and went up again. That's, that's kind of NatSec rumor mill inside the Beltway. Well, I mean, it was pretty widely reported at the time
Starting point is 00:09:08 that those moves were underway. I do remember. Yeah. So there's a bias to action, there's a bias to splitting here. I'm frankly a little, I mean, honestly, I'm a little surprised that it took them till April. I honestly would have expected this to be something, particularly again, with anything that's come out cyber from this administration thus far in any terms of cyber policy has
Starting point is 00:09:34 been on cyber offense. And this is where it happens. Again, you're seeing plenty of reasons dating back to the fact that General Hawk was somehow in the General Mark Milley coaching tree, General Nakasone, Acolyte, all these things which are apparently chalked up as negatives in certain camps that are being tied to. But again, I just, Occam's razor on this one, it's all a prelude to splitting NSA and Cyber Command for me. Okay, fair enough.
Starting point is 00:10:10 I mean, I don't quite understand why you would need to jettison the leadership to do that, but I'm not an expert in the way that the US system works. Alex, I wanna bring you in on this now, because while all of this is going on, we've got the so-called Liberation Day tariffs kicking off. And you'll see why I'm bringing them in in a moment. We've basically got the United States launching a trade war
Starting point is 00:10:35 on everybody else, on the rest of the world. I mean, even my country of Australia, with a trade surplus with the United States and no tariffs, is eating a 10% tariff. I don't believe that our government is going to retaliate there. We don't in fact do all that much trade with the United States. But obviously noses are out of joint everywhere, right? And not just because of the tariffs, there's sort of a bit of a distrust of the current administration in some quarters, in Europe in particular.
Starting point is 00:11:07 And this has led to more and more policy people increasingly saying that Europe needs its own cloud computing stacks. Now I was kind of dismissive of this up to about a month ago when I'm just sort of saying, well look, they're committing hundreds of billions of dollars into new defense material. You know, they're going to develop all sorts of new military stuff and they're committing hundreds of billions of dollars into new defense material. They're going to develop all sorts of new military stuff, and they're kicking in one or two billion for these sorts of purposes around cloud computing AI.
Starting point is 00:11:33 But I know that this is something that you've been tracking quite closely. You think this time it's different, and the Europeans might actually follow through on spinning up their equivalent of GCP, Azure, and AWS. So walk us through your thinking there, because I think that's interesting. I do think it's different this time. I think the last time there's a big blow up like this, it was after the Stone disclosures.
Starting point is 00:11:58 But in 2013, the big focus of the Europeans was around the social media companies and the consumer apps. So when they were concerned about privacy, they're really concerned about the privacy of consumer data, there was a lot less focus on what it meant for the competitiveness of European businesses and the fact that they were really reliant upon a American kind of cloud compute substrate for them to be competitive for the rest of the world. That has changed. That is both the rise of cloud computing and the fact that European policymakers now totally
Starting point is 00:12:37 understand that their businesses run on the American cloud, but also obviously the rise of AI. And AI has made it completely clear if you listen to any EU policymaker, and I think we've gone far enough along. Chris did a little name dropping. I can do some name dropping. So I was in dinner with Emmanuel Macron and he was talking about how far behind France and Europe are in AI, right? Like if you listen to any leader of any European country, you can't, they will not go more
Starting point is 00:13:11 than 10 minutes without talking about the fact that Europe, while having these great universities, having been the actual birthplace of some of the leaders of the AI field, that those leaders of the AI field, Europeans, are doing most of their work in the United States. And so, that is something they're incredibly aware of, and they realize that that is both the people are leaving Europe, the companies are being formed outside of Europe, and the actual compute is happening outside of Europe. And that compute is often happening inside the large cloud. And so, I do think the Europeans might see this as an opportunity because the United States is, as you said, instead of this being a trade war against China, which is what a lot of people thought
Starting point is 00:13:54 this was going to be, right? I think that was the assumption of a lot of Wall Street types going into this, was that maybe the 10% tariffs people kind of expected globally, there's something like that the last time around, but then the really tough tariffs would be reserved for China. And then to focus on pushing low cost industries out of China into the Cambodias and the Vietnam's and the such, which is what we saw. We've seen under multiple administrations going way back to Obama, right? Obama visiting Vietnam and such of trying to get America to move to non-Chinese supply
Starting point is 00:14:27 chains. Going to war against the entire world at once gives the Europeans an opportunity here to maybe make a break. I think the way they might do that is through the data privacy framework because we're on kind of our third model of how European companies are supposed to be authorized to use American clouds. This is based upon, and not to get into too much of the weeds here, but there's been a whole series of court cases post Snowden disclosures from the European Court of Justice, where the European Court of Justice basically said under the European constitution, it is the US does not have adequate safeguards
Starting point is 00:15:12 for the privacy of European citizens. You should not be able to utilize American computers to process the data of Europeans. This was a humongous deal, I believe it was like 2015 or something like that, when they first did this. It was a humongous deal when this decision first came down. It was called the Shrems decision after this kind of legal gadfly named Max Shrems. His target was Facebook, but it wasn't really about Facebook. It was really about the United States and American surveillance law.
Starting point is 00:15:41 And at the time, all of the other parts of the European government, the European Commission, the European Parliament, did not want anything to happen because they knew it would be economically disastrous for Europe to be cut off from all American compute facilities. And so the European Commission, the European Parliament put together what was first called the Safe Harbor agreements. That fell apart. There was a bunch of other fights and there's another, there's a Shrems II decision. There's a thing called the European EU US Privacy Shield. That fell apart. We now under this thing called the data privacy framework, which was agreed to between the EU and the Biden administration. That is yet to be tested in the European courts. And so far,
Starting point is 00:16:29 it has not been, all of the fine parts have not been worked out. And so it would be really, really easy for the Europeans basically to let this go because effectively you've got two parts of the three-part European government fighting actively to say the US is good, right? So all you have to do is the European Commission, the European Parliament just have to be like, we're just going to let this one go and let the European Court of Justice kind of grind things out. And the outcome of that would be European companies are not allowed to use American computers.
Starting point is 00:17:00 And American companies are not allowed to operate, American tech companies are not allowed to operate in Europe unless we, American companies, have basically fully European compute stacks. And I think that has become much, much, much more likely in the last week. So it's interesting what you just said, because I would have thought the obvious remedy here would be for, you know, Amazon, Google, Microsoft, to somehow spin up subsidiaries in Europe that are subject to European laws, regulations and whatnot, and just sort of change the way that they structure their businesses to sort of soothe the Europeans a little bit, right? to sort of soothe the Europeans a little bit, right? But everybody I talked to about that says, well, that won't work. And the reasoning is, I think, fascinating because ultimately they're worried about
Starting point is 00:17:53 who is controlling these companies, which really reminds me of the US concerns around the control of Chinese companies. So we're coming back to this issue where state leverage on tech firms, which has been something we've worried about with China, is now something the rest of the world is starting to worry about with the United States.
Starting point is 00:18:15 I mean, do you see that or am I like wildly off base? No, I think you're totally right. And they already have, right? So like Microsoft, AWS, I'm not sure about Google, but I know AWS, for example, their European services are like actually a Luxembourg company. They have European. And TikTok host everything on Oracle in the United States, but it's not enough, right? So isn't it strange that it's the sort of same paradigm, right? It just blows my mind. It's exactly the same. Yes, it's exactly the same. I mean, and this is really the deglobalization of the internet
Starting point is 00:18:45 started years ago. What will be interesting to see is whether or to what extent do you have to, could American companies go to make the Europeans happy? Is there a model in which AWS can build European facilities that are okay to the Europeans? I think the answer probably is yes, because realistically, you're not gonna have Deutsche Telekom, honestly, build a cloud stack top to bottom that competes with AWS here. Well, this was gonna be my next line of questioning, right?
Starting point is 00:19:18 Which is when you look at, so, you know, we use DigitalOcean for a bunch of stuff. And the thing that's amazing about DigitalOcean is it's just like TimeWarp AWS from a decade ago, right? It's just offering that basic cloud compute, which is what got all of the cloud majors started. But these days, the cloud computing platforms are much more complicated.
Starting point is 00:19:39 They've got all of these advanced functions and serverless and rah, rah, rah, rah, rah, everything is a service. Whereas if you just want to throw down an image, you know, like old school AWS EC2, you know, you could do that with DigitalOcean these days. And I sort of feel like if the Europeans were going to try to reinvent these fabulous, frankly fabulous American cloud platforms, you know, they're not going to be very good. They're just not going to be very good. They're just not going to be very good.
Starting point is 00:20:10 Right. But they would get what they wanted if they had a system in which they forced Amazon to use Deutsche Telekom data centers to utilize European staff and to effectively have a separation of control that employees in the US never have access to that data. So you think that that's workable? You think that that might be the way that this shakes out rather than Deutsche Telekom offering? Or it might be a joint venture, right? It might be like what the Chinese require, which is for American companies operating in China, you end up with a 51% joint venture that's controlled by the peer. Now, it wouldn't be just like, it wouldn't be the Chinese Communist Party, right? So it wouldn't be like, you know, the German Labour Party, you know, or the Christian Democrats or whatever. It would be a Deutsche Telekom or, you know, some equivalent, Orange or somebody, right? Siemens. But you might see that too. Overseen by a regulator, backed by new laws,
Starting point is 00:20:59 blah, blah, blah. Right, which they have. Yeah. So if you have to guess that's the way this will shake out as opposed to the Europeans developing their own. I mean, you know, honestly, that's sort of like what I was getting at before. Like, why can't they, you know, operate these things a little bit more independently? I think that would. And I think that would meet what their, that would probably meet with the ECJ equivalency discussion, because you would have, it would effectively be a European entity that is licensing American technology, but is operating it domestically in Europe. And the only thing that's flowing back to the
Starting point is 00:21:28 United States is dollars. What that's going to kill though, is the American companies like the Googles, the Facebooks, the consumer companies, because a global product that needs data to flow across borders can't operate that way. The cloud can, right? Because you could have, here's AWS EU. It's just more expensive. They'll just charge you more. And European companies will be pissed because they'll be paying twice as much per minute, whatever, to use French nuclear atoms instead of US electrons
Starting point is 00:22:02 to power the virtual machines. But Facebook can't operate that way because an American is supposed to be able to be a Facebook friend of a European. This was always a problem. And I was at Facebook during the first Shrems problem. And this is an issue, like we literally had this discussion with the French regulators. It was like, how do you expect a German and an American to be friends on Instagram if you don't want the Germans data ever to flow to the United States?
Starting point is 00:22:28 And they don't have an answer for that, right? And so that's like a fundamental problem. Do you think consumer services should be able to bridge the Atlantic Ocean? And so if they go this direction, then it would be like the reason like TikTok in China don't work is that TikTok China and TikTok US are actually different products. They are different namespaces. You cannot be a friend. You cannot friend somebody across Douyin and TikTok US. I would really, that would be a really sad outcome for my Facebook friends in Europe all of a sudden to disappear. Well, yeah, and probably Australia
Starting point is 00:23:01 too. Boo. Yeah. We'll just have to chat on Signal. I'm about to record this on Signal. Chris, I wanna bring you into this. Like, is this how you think it's all gonna shake out as well? I don't know. I'm not ready to discount the Europeans ability to seize the moment.
Starting point is 00:23:20 I mean, we've talked about it before, but the last time they really had this inflection point was immediately post Snowden. And granted, that was a different set of issues, and they responded a little bit differently in going more of the enforcement angle. But I think if you combine the enforcement angle that Alex just walked through with some investment, but it's got to be pan-European. Right. They you haven't seen from a tech perspective, individual countries really jump up. SAP, of course, is, you know, everybody knows SAP. But beyond that, you start getting limited limited friction. And there has been a lot of a lot of excitement, whatever that means, in an EU sense of a Euro stack.
Starting point is 00:24:07 I mean, look, let me just inject something in here, given that this is a cybersecurity podcast ostensibly, which is that there's been a lot of hard lessons learned by the major cloud providers in the United States over a very long period of time, like something like 20 years. I do worry about the Europeans trying to speed run that process, right? And what that's going to mean for the security of those stacks once they spin them up. I mean, because that is a non-trivial effort. Like, you could get a, you know, functional, you know, European cloud stack up and running
Starting point is 00:24:42 with an API that does most of what you want it to do. But the behind the scenes machinery that keeps that safe is gargantuan. I mean, this could have some security implications, sure. Oh, for sure. And, you know, we've talked to, and I'm sure you have too, Pat, different European private equity firms that are looking for European champions to invest in. And they're kind of few and far between, certainly not on the scale of a US company or an Israeli company. So again, maybe there's an opportunity to cobble something together that's multiple companies or countries rather. But again, that Euro stack is it's not just about the cloud, right? I mean, this goes down, this goes to the chips and they've got a head start in certain places, ASML for instance,
Starting point is 00:25:31 but they're going to have to lock down critical minerals. They're going to have to get their arms around. I think they, from a connectivity perspective, they probably have that under control, but then you just kind of build it up from there. So there's a lot of unanswered questions. There's a lot of interest and excitement, but it's gonna take political will and commitment that's all circling around the same outcome and pushing towards it. And I just don't know if Europe can pull that off right now,
Starting point is 00:26:00 if you can get the countries together. But I'm gonna disagree here, Chris, in that this is the risk of the United States going to war with everybody at the same time. So yes, I agree. They don't have to compete anymore against, it is now cheaper for European companies to buy super micro and other Taiwanese OEMs products, right? Like this is a great time, if you're France, you're taking a bunch of your money and you're saying I've got excess nuclear electrical capacity and I have the ability, you know, companies have 0% import tariffs on everything that's made by quanta computing and super micro and all those boards. Now's your time that you
Starting point is 00:26:41 want to build out your data centers in France. Well, and I think also there's carve-outs for some semiconductor stuff, particularly from Taiwan. I mean, if there's not, there's going to be. But it's only semiconductors. It's not the fully made servers, right? It's not the fully made boards. It's not the PCBs. You know, like, it's not all the stuff
Starting point is 00:26:56 that actually goes in the data center. No, I understand. But the Nvidia bits are the important bits, and they are going to be exempt. Because otherwise, what you're going to see is, like, otherwise, if they weren't going to do that, I'm taking my money. I'm putting it all into real estate investment trusts that do data centers in Canada and
Starting point is 00:27:09 Mexico, right? Because that's where the AI data centers are going to be. But look, I want to switch focus. Just to- Well, no, but it's the manufactured stuff. You already saw that Nintendo is pausing Switch 2 because their final manufacturing there is in Cambodia, which they moved it out of China into Cambodia, specifically, I think around tariffs because they thought Cambodia was safe.
Starting point is 00:27:30 It's pause. I thought they paused pricing. They paused. They paused. The pre-sales are supposed to start. They paused the pre-sales because they haven't set the price. Oh, I know my 15 year old is not happy. Yeah.
Starting point is 00:27:43 I just, I just can't see the administration doing anything that's gonna slow down AI data centers being built within the United States, right? So that's more what I was getting at there. Pat, I know you wanna move on, but just one more point here is that don't assume that whatever Europe does is kind of the final shot, right? There's gonna be a lot of action, reaction, so forth and so how are,
Starting point is 00:28:07 you know, how broad can trade war, how broad can tariffs go from breaking up any sort of pivot within Europe to stand up their own tech stacks? Those are the sorts of things I'm sure they're playing out right now. Now, look, I just want to move on to another area where there's been change in the United States. And you're the perfect person to speak about this, Chris, because you were the first director of CISA. We are seeing now that there's something like, what is it, 1,200, 1,300 staff cuts coming down the line.
Starting point is 00:28:37 We've already seen a few hundred let go. I think all told, it's kind of hard to keep track of the numbers here, but I think all told, we're looking at maybe a 40% headcount reduction at CISA. Public reporting suggests that a lot of the capability that CISA is losing is going to be around threat hunt. Now I think one thing that might not be known widely outside of people who are in this space is that NSA, while it does do threat hunt operations, they're for the Department of Defense.
Starting point is 00:29:05 And to a lesser degree, the Defense Industrial Base, like NSA doesn't do threat hunt at like the State Department or the Department of Commerce or the Department of Justice. Like that is a CISA thing. Although I see Chris's finger going up there. So I'll let you answer this in full in just a moment. You know, the question was really gonna be like,
Starting point is 00:29:24 what sort of impact is this? Is, are these staffing cuts likely to have on America's visibility into adversaries targeting, you know, it's civilian government? So I think the way that we should all be looking at it is that the CISA that we knew over the last several years is at least for the foreseeable future, not a thing as we knew it. And again, if you read project 2025, if you listen to secretary Noam in her confirmation hearing
Starting point is 00:30:03 it was about a streamlined, nimble CISA. And so you might think, what does that mean? I don't even really know what CISA is. Keep in mind, CISA is not just cyber, right? The second piece of that is infrastructure security. There's a physical security aspect that really dominated the mission of the predecessor organizations of CISA.
Starting point is 00:30:21 It was all about chemical security, anti-terrorism, securing sporting events and malls and all that stuff. But over time, the budget certainly grew to eclipse the physical side and also on the personnel side, it is predominantly a cybersecurity focused mission. I think what they're trying to do is really streamline the organization down to effectively
Starting point is 00:30:49 serve as the federal CISO for civilian agencies. So to provide some of the EDR capabilities, some of, yes, the threat hunting capabilities, some of the red team capabilities, the incident response capabilities, but just for federal civilian networks, all the other stuff that is more about public private partnerships, about information sharing with industry. I think that is by what I'm kind of seeing how this playing out. They see that as, Hey, this hadn't really worked over the last 15 years.
Starting point is 00:31:27 We're getting our butts kicked. I mean, they might, sorry to cut you off there, Chris, but they might have a point there. Some of the information sharing. I'm just making the argument. Yeah, yeah, yeah. No, I mean, I'm just saying, some of that stuff has failed, right?
Starting point is 00:31:40 And we've seen reporting over the years where some of these threat sharing exchange programs were set up and really no one was using them. And I've even had DHS officials on the show and they're like, oh yeah, it's going great, a little bit bumpy. And then you see they'll shut out one of these programs a few weeks later. So I can certainly understand that there's always going to be places you can cut. But I mean, I was specifically asking about that, that threat hunting function,
Starting point is 00:32:08 has that been paired back to your knowledge? I don't know right now. And what you're talking about is this, again, 12, 13, 1400 personnel cutback, they just today opened up the Deferred Resignation Program, which is that fork in the road email that went out from Doge earlier in the administration. They opened that back up again for the next week or so.
Starting point is 00:32:33 And so they're hoping that people will opt in to leave. And from what I've seen, there is plenty of interest from across a number of different pieces of CISA that are looking for the exit, looking for an off ramp. So I don't know exactly just yet what the real impact is gonna be on Threat Hunting. I do know though, that is a highly capable team. This is the team that has been in there looking
Starting point is 00:32:55 for the MSS Salt Typhoon related actors over the last year. They've been very effective in finding them. They've been pretty good at rooting them out and they haven't leaked. You haven't heard any of this stuff. So I think it's a capability at a minimum for the federal networks that I hope we're retaining because the threat landscape's not getting any cleaner. And I really don't see a purely offensive strategy, which I'm not saying that's what they're doing, but a super heavy offensive.
Starting point is 00:33:30 I don't, I just don't see it knocking the MSS back that much. I don't see it knocking the SVR back that much right now. Which is why that threat hunt function is important. But this is, this is actually the perfect segue into the last thing that I wanted to talk about with you two today, which is what all of this means. So we're talking about, you know, pairing back CISA, changes of leadership and focus at NSA. I believe one thing NSA is being tasked with these days is actually going after Mexican
Starting point is 00:34:02 cartels. So there's been, you know, eyes taken off some areas and focused on others, which is entirely within the within the purview of the US president and his advisors. But I guess my question is, and now we've got this trade war kicking off, what does all this mean for the threat environment? And specifically, what does it mean for the Chinese threat?
Starting point is 00:34:24 Right? Because we've got the United States and specifically, what does it mean for the Chinese threat? Right? Because we've got the United States and China, which have always had a pretty bumpy relationship, let us say, they've been adversaries. Now we've got all of this stuff kicking off. Alex, you have feelings. Please share them with the group. Yeah, so I mean, the real question is,
Starting point is 00:34:44 does this, we've talked about here, that there's been lots of discussion on whether or not China was preparing one way or another for possible invasion of Taiwan in the next five, you just have anger with the US administration. You have possible, several thousand, I believe, Chinese companies at the circuit breakers and the Chinese stock exchange, right? So you have, this is causing massive economic dislocation inside of China at the same time. A trade war, I don't think anybody wants a trade war. This is going to be bad both inside the United States and inside the PRC. And so, you know, you both have the possible economic
Starting point is 00:35:37 damage that causes, but also possibly a need for Xi and the CCP to rally the population in that situation. So you might have domestic political needs. I mean, the counterpoint there is that they're dealing with an adversary in Donald Trump who is quite unpredictable, which would be one of the reasons that they may choose to wait. And that would be a reason to wait. Yeah. So I mean, that would be the con side for them is that you don't know exactly how he
Starting point is 00:36:06 would act. But you also have the US having alienated our allies in a way that was not true, right? Both Pacific allies and NATO allies. So the odds of the US having backup in this situation have gone down a lot. So I think, you know, it's hard to judge for a big war. Certainly, I think there's absolutely nothing going to be holding back Chinese threat actors, right? Like there's no way she is going to say anything about, you know, for, I think it is quite possible that we're going to see a lessening of Russian threat just because right now you have the Russians trying to get what they
Starting point is 00:36:47 want out of a deal, you know, over Ukraine. Well the Russians, mind you, I'll just inject one thing here, interject with one thing here, which is that with oil below 70 a barrel, the Russians are in a world of hurt right now. Like it's if you can think of a silver lining to this whole thing, which obviously, you know, viewers can probably tell and listeners can probably tell, I don't think tariffs are great personally. But if there is a silver lining,
Starting point is 00:37:12 it's that Russia is going to be in a very tricky position if these oil prices continue. I mean, you have to look hard for silver lining. People are like, oh, look, interest rates are down. Like, mortgage are cheaper because the economy's crashing and therefore interest rates are down. But okay, sure. Well, my joke about that was, you know know when people are talking about these you know better interest
Starting point is 00:37:29 rates is like it's like sort of cutting off your feet so you don't have to cut your toenails anymore. Yeah right. Just not not you know you've solved a problem sure but you know you kind of have a a new set of problems but go on what you were with what you were saying about the the threat. Yeah so I think like it's very hard just like said, there's on both sides you could see arguments for what could possibly happen over Taiwan. But for actual cyber, for non-Taiwan related cyber action, I would expect that there should be very little limit on Chinese activity.
Starting point is 00:38:01 But is there much of a limit now? I mean, it seems like they're pretty no-holes barred. I mean, I think they're only constrained by their capacity. We've got the MSS hacking into civilian arms of the US federal government, probably military as well. They're doing all sorts of operations targeting companies still. They're everywhere. So aren't they just constrained by their capacity? Does this actually change anything? What we have not seen is we haven't seen intentionally damaging attacks.
Starting point is 00:38:30 So I think one question, one change that we should be looking for is to see whether or not they start to raise the pressure by utilizing some of these mechanisms. Like, we know they have had access to critical infrastructure, and we have yet to see that access to critical infrastructure utilized to cause actual damage. So that's one thing we should be watching for.
Starting point is 00:38:51 And who am I to disagree with you? But I don't see it. And the reason I don't see it is because that would be an escalation. And if there's one thing that this administration does not mind doing, it's exercising state power in ways that defy norms. And I would expect that if you saw the Chinese pull the trigger on a destructive cyber attack, they would get it back tenfold. Chris, I want to get your thoughts on that. Where do you sit on all of this? I'm actually of the mind that the invasion timeline moved up. I think they see an increasingly populist and isolationist base of support for the administration that effectively is what got the president at least a large contingent of his voting base is very much about no more foreign wars, about cutting off support to
Starting point is 00:39:41 Ukraine. And that same vein is pushing for cutting off support to Ukraine. And that same vein is pushing for cutting off support to Taiwan. It is, you know, a little bit of a contradiction, though. You do have a Pentagon that is focused on pivoting the entire military might from a deterrence perspective to the Pacific. So I don't know. I mean, I've always been conflicted about whether they really do it just because they think the economic impact, the trade impact would be devastating. But hey, if a trigger has already been pulled on kind of global economic devastation and you kind of are picking up enough of the, reading enough of the tea leaves to say,
Starting point is 00:40:28 hey, maybe there's not a whole lot of political support for Taiwan, which I don't think really there is based on my conversations over the last several years of running mock war games and invasion drills. You know, you get to, you get to, you know, kinetic things flying and just like that, political will evaporates. Because body bags, 20,000 body bags of American service members showing up is not something
Starting point is 00:40:53 that anybody wants entertained right now, particularly for an island over there. I think there's less economic damage to the Chinese now because the odds of the rest of the world falling the US into a boycott of China is extremely low. You're not going to see even Pacific allies, especially not Europe, cut off both. If the US is cutting off Europe, they're not going to also cut themselves off from China. Let me just pick you up there, Chris, on the cyber component of this. Do you agree with Alex that we might see, you know, more
Starting point is 00:41:25 aggressive, uh, operations from the Chinese, including destructive attacks, because that's the part where I'm like, eh, I don't quite see it. That's the theory behind everything the, the PLA was doing with, uh, volt typhoon now again, you know, there are circuit breakers involved that, that the Chinese could say, hey, we're not going to do this if you guys just stay out of it. Otherwise, we gotcha. This is the whole holding at risk conversation. So there are always going to be off ramps there. They let us do our thing, stay out of it.
Starting point is 00:41:59 We won't we won't come after you if you don't come after us. We won't come after you if you don't come after us. I think the bigger issue here though is adversaries worldwide are getting more active. Cyber, offensive operations are getting baked more and more into military doctrine and strategies. We're only plugging more things in. We're only more interdependent. We only, it's becoming more complicated
Starting point is 00:42:24 and everyone's actually forgetting how all this shit got kind of stitched together. So I just see a lot more pain in the future. And it's, it's going to keep pods like this busy. We're going to be wrong about a lot of stuff. We're going to be right about a lot of stuff. But these conversations aren't going away anytime soon. That's Mr. Chris Bucket of puppies, sunshine, Krebs right there. Catastrophic Krebs. Yep. Catastrophic Krebs are rounding out this edition of Wide World of Cyber. I got to be honest too, I think if Taiwan's going to happen, I think the time it will happen is around the inauguration of the next US president in January, 2029.
Starting point is 00:43:08 I think that is going to be the time personally. But Alex Stamos, Chris Krebs, thank you so much for joining me for another fascinating discussion here on the Wide World of Cyber podcast at Risky Business. Thank you. Thanks, Patrick. Thanks, guys.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.