Risky Business - Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape
Episode Date: April 10, 2025In this podcast, Patrick Gray chats with SentinelOne’s Chris Krebs and Alex Stamos about the huge changes afoot in the United States government and what they mean for ...the threat environment. From the director of NSA being fired to massive job cuts at CISA and huge foreign policy shifts, tomorrow’s threat environment is going to be very different to today’s. Tune in to hear analysis from two of the best in the business! This episode is also available on Youtube. Show notes
Transcript
Discussion (0)
Hey everyone, Pat Gray here with a pre-podcast note. This episode of Wide
World of Cyber featuring Alex Stumus and Chris Krebs was recorded a few days ago
which means it was recorded before US President Donald Trump wrote and issued
and signed a presidential memorandum instructing the Department of Justice to pursue Chris Krebs over I don't even
know. But I just wanted to put this note here so that people when listening to
this understand why it's something that doesn't come up in the discussion and
that's because as I say this was recorded a couple of days ago. What a
difference a couple of days make. Anyway I'll leave you to the podcast now. I hope you enjoy it.
Hey everyone and welcome to another edition of the Wide World of Cyber podcast. My name is Patrick
Gray. For those who are unfamiliar, the Wide World of Cyber podcast is a podcast that we produce in conjunction with Sentinel
One.
It is a Sentinel One sponsored podcast.
And that's great because we get to talk to our two guests here, Mr. Chris Krebs, the
founding director of CISA, who these days serves as, I believe you're the director of
policy and intelligence with Sentinel One.
Is that correct?
You got it.
I got it.
All right.
Can finally remember everyone's titles.
And we're also joined by Sentinel-1's chief security officer, Mr. Alex Stumos, who is
also known for being the former CISO of Facebook and Yahoo and the director of the Stanford
Internet Observatory.
G'day, Alex.
Hey, Patrick.
Now, we are not recording this at our originally scheduled
time and the story behind that is why we're having to do a do-over is actually kind of appropriate
for the topic of this conversation because we were all getting ready to record the podcast last time
and Alex said I'll just dip into my office at the Stanford Internet Observatory and set up my
microphone and he was like, got there
and he's like, oh, my office is no longer there because of course the Internet Observatory
was defunded.
And how did that work?
That was the cancellation of a grant or something.
How did the Internet Observatory wind up going away again, Alex?
It's more complicated than that, but yes, the Internet Observatory is no longer.
I still teach at Stanford, but I have been relegated to the basement.
So all my stuff was in boxes in the basement and I could not record.
So.
Yes.
So now he is in a windowless room at Stanford, which wouldn't have made for a particularly
attractive backdrop for this conversation.
What we're going to be talking about today is, I guess, the way the Trump administration
is changing the world and the knock-on effects that's going to have for technology and cybersecurity.
And I guess a good point to begin this conversation is to sort of outlay some of those changes.
So we're seeing there are reports coming out of fairly significant layoffs that are going
to happen at CISA.
We're going to talk about them in a moment.
But probably the big news over the last week is that the Trump administration has let go
of Tim Haw and Wendy Noble at NSA.
That's the director and deputy director of NSA.
Let's start with you, Chris, being a former US Gov.
Why do you think this has happened?
We've seen reports that it was over the reluctance
of NSA leadership to switch targeting
onto Mexican drug cartels.
My sources tell me that that's not accurate,
that that's the quote unquote Fox News explanation,
and that really, you know,
Horan and Noble were let go just because
they weren't Trump people.
But what's your take here?
I'm curious.
I mean, let me pick up where you left off
and that, you know, whatever they're not Trump people means,
any way you cut it in at least the US government
form of management, leadership,
whatever you want to call it,
you know, everyone works at the direction
and the discretion of the president.
They say you serve at the pleasure of the president.
And traditionally in military roles
where you have general or flag officers
in these leadership positions,
which by the way, there are still general officers
and flag officers
that were nominated and confirmed
during the Biden administration
that are leading combatant commands
and other organizations within the military.
They're still there.
I think what's different though,
specific to General Hawk is that he was
in that dual hat role,
that he was the chief of Cyber Command, commanding
general of Cyber Command, as well as the director of the NSA. And the director of the NSA is an
extremely powerful position. The NSA itself is a significant, you know, portion of the intelligence
community, exceedingly powerful, lots of capabilities, resources.
And there's an argument that I have heard
that the administration is interested
in putting a political appointee appointed
by President Trump into that NSA director position.
Now, of course, there's a bigger issue there.
And one that Pat, we talked about in Sydney
during the live taping was, you know,
whether the dual had nature, you know,
what is going to happen with this position?
The fact that NSA and Cyber Command are currently linked
and governed by the same leader, that can be resolved.
The first, you have to have an administration decision
that we wanna split.
And the second is the Congress has to pass a law
that enables that, at least by the book,
by statute that's required.
And what we may have seen last week,
I guess it was Thursday night,
was that first kind of salvo in,
we're gonna get rid of the leadership,
we're gonna make this determination,
and you heard plenty out of the Trump advisor camp
suggesting it, and then you move on
and you make the request up to the Congress,
and the Congress, again, by the book,
passes that legislation and you split them up.
Now, we can talk about the wisdom of a removing General Hawk is an exceedingly capable leader.
In fact, I'd probably say he is the one of the first general officers that really truly grew up
in this space. From almost the day he entered into military service. He has been at least in intelligence, but certainly in the signals in cyber space.
And so just extremely capable. I've worked with him in the past.
And again, I think he was the right leader for that organization.
I'm I feel the same about Joe Hartman, who is the acting NSA director and cyber comm chief.
But again, this is a distraction.
It's a change up in leadership that we don't need right now.
We had great stability, particularly at a time when, you know, when you do hear anything
cyber out of this administration, it's about cyber offense, cyber offense, cyber offense.
Well, where do you think that comes from?
That tends to be USA over command.
Yeah.
Yeah.
So I mean, I'm not really hearing much, you know, from you in the, in the way of, well,
this is the reason they did it.
This is the logic.
This is the outcome that they're going for here.
Look, we've seen a couple of names like kicked around just in, you know, among people I know
in the United States for potential nominees.
One would be Ezra Cohen,
who's been floating around Natsy X-Circles
for quite a while.
The other is Trey Stevens,
who I think is, what is he, on the board
or a co-founder of Andural, the sort of defense contractor.
Yeah, he's a founders fund guy, yep.
Yeah, yeah, so linked to Peter Thiel and Elon Musk.
But I guess, at the moment,
we're drawing a bit of a blank on the reason behind this.
One thing that you've pointed out several times
when we've spoken is that Project 2025 has proved
to be somewhat of a policy roadmap for policy
and action roadmap for the Trump administration.
Does it have anything to say about NSA leadership?
Can we draw any lessons from looking
at those parts of Project 2025?
Yeah, I mean, again, you've got the intelligence chapter as well as the defense chapter that
say in their own separate ways, because again, they're written by different authors.
There's not a whole lot of one voice writing throughout that document.
So the styles are a little bit different, but yeah, both of them say, we got to call the ball here.
And I think both of them, as well as dating back to the first Trump administration, there
was a bias towards separating them. In fact, I, you know, rumor mill has it that in the
last weeks or months of the first Trump administration, there was a memo that was finalized and went
up again. That's, that's kind of NatSec rumor mill inside the Beltway.
Well, I mean, it was pretty widely reported at the time
that those moves were underway.
I do remember.
Yeah.
So there's a bias to action, there's a bias to splitting here.
I'm frankly a little, I mean, honestly,
I'm a little surprised that it took them till April.
I honestly would have expected this to be something, particularly again, with anything
that's come out cyber from this administration thus far in any terms of cyber policy has
been on cyber offense.
And this is where it happens.
Again, you're seeing plenty of reasons dating back to the fact that General Hawk was somehow
in the General Mark Milley coaching tree, General Nakasone, Acolyte, all these things
which are apparently chalked up as negatives in certain camps that are being tied to.
But again, I just, Occam's razor on this one,
it's all a prelude to splitting NSA and Cyber Command for me.
Okay, fair enough.
I mean, I don't quite understand why you would need
to jettison the leadership to do that,
but I'm not an expert in the way that the US system works.
Alex, I wanna bring you in on this now,
because while all of this is going on,
we've got the so-called Liberation Day tariffs kicking off.
And you'll see why I'm bringing them in in a moment.
We've basically got the United States launching a trade war
on everybody else, on the rest of the world.
I mean, even my country of Australia,
with a trade surplus with the United States and no tariffs,
is eating a 10% tariff. I don't believe
that our government is going to retaliate there. We don't in fact do all that much trade with the
United States. But obviously noses are out of joint everywhere, right? And not just because of the
tariffs, there's sort of a bit of a distrust of the current administration in some quarters, in Europe
in particular.
And this has led to more and more policy people increasingly saying that Europe needs its
own cloud computing stacks.
Now I was kind of dismissive of this up to about a month ago when I'm just sort of saying,
well look, they're committing hundreds of billions of dollars into new defense material.
You know, they're going to develop all sorts of new military stuff and they're committing hundreds of billions of dollars into new defense material.
They're going to develop all sorts of new military stuff,
and they're kicking in one or two billion
for these sorts of purposes around cloud computing AI.
But I know that this is something that you've
been tracking quite closely.
You think this time it's different,
and the Europeans might actually follow through
on spinning up their equivalent of GCP, Azure, and AWS.
So walk us through your thinking there, because I think that's interesting.
I do think it's different this time.
I think the last time there's a big blow up like this, it was after the Stone disclosures.
But in 2013, the big focus of the Europeans was around the social media companies and the consumer
apps.
So when they were concerned about privacy, they're really concerned about the privacy
of consumer data, there was a lot less focus on what it meant for the competitiveness of
European businesses and the fact that they were really reliant upon a American kind of cloud compute substrate for them to be competitive
for the rest of the world.
That has changed.
That is both the rise of cloud computing and the fact that European policymakers now totally
understand that their businesses run on the American cloud, but also obviously the rise
of AI. And AI has made it completely clear if you listen to any EU policymaker, and I think
we've gone far enough along.
Chris did a little name dropping.
I can do some name dropping.
So I was in dinner with Emmanuel Macron and he was talking about how far behind France
and Europe are in AI, right?
Like if you listen to any leader of any European country, you can't, they will not go more
than 10 minutes without talking about the fact that Europe, while having these great
universities, having been the actual birthplace of some of the leaders of the AI field, that
those leaders of the AI field, Europeans, are doing most of
their work in the United States. And so, that is something they're incredibly aware of, and they
realize that that is both the people are leaving Europe, the companies are being formed outside of
Europe, and the actual compute is happening outside of Europe. And that compute is often
happening inside the large cloud. And so, I do think the Europeans might see this as an opportunity because the United States is, as you said,
instead of this being a trade war against China, which is what a lot of people thought
this was going to be, right? I think that was the assumption of a lot of Wall Street
types going into this, was that maybe the 10% tariffs people kind of expected globally,
there's something like that the last time around, but then the really tough tariffs
would be reserved for China.
And then to focus on pushing low cost industries out of China into the Cambodias and the Vietnam's
and the such, which is what we saw.
We've seen under multiple administrations going way back to Obama, right?
Obama visiting Vietnam and such of trying to get America to move to non-Chinese supply
chains.
Going to war against the entire world at once gives the Europeans an opportunity here to
maybe make a break.
I think the way they might do that is through the data privacy framework because we're on
kind of our third model of how European companies are supposed to be authorized
to use American clouds.
This is based upon, and not to get into too much of the weeds here, but there's been a
whole series of court cases post Snowden disclosures from the European Court of Justice, where the European Court of Justice basically said under the European constitution, it is the US does not have adequate safeguards
for the privacy of European citizens.
You should not be able to utilize American computers to process the data of Europeans.
This was a humongous deal, I believe it was like 2015 or something like that, when they
first did this.
It was a humongous deal when this decision first came down.
It was called the Shrems decision after this kind of legal gadfly named Max Shrems.
His target was Facebook, but it wasn't really about Facebook.
It was really about the United States and American surveillance law.
And at the time, all of the other parts of the European government, the European
Commission, the European Parliament, did not want anything to happen because they knew it would be
economically disastrous for Europe to be cut off from all American compute facilities. And so the
European Commission, the European Parliament put together what was first called the Safe Harbor
agreements. That fell apart. There was a bunch of other fights
and there's another, there's a Shrems II decision. There's a thing called the European EU US Privacy
Shield. That fell apart. We now under this thing called the data privacy framework, which was
agreed to between the EU and the Biden administration. That is yet to be tested in the European courts. And so far,
it has not been, all of the fine parts have not been worked out. And so it would be really,
really easy for the Europeans basically to let this go because effectively you've got two parts
of the three-part European government fighting actively to say the US is good, right?
So all you have to do is the European Commission, the European Parliament just have to be like,
we're just going to let this one go and let the European Court of Justice kind of grind
things out.
And the outcome of that would be European companies are not allowed to use American
computers.
And American companies are not allowed to operate, American tech companies are not allowed to operate in Europe unless we, American companies,
have basically fully European compute stacks.
And I think that has become much, much, much more likely in the last week.
So it's interesting what you just said, because I would have thought the obvious remedy here would be for, you know, Amazon, Google, Microsoft, to somehow spin up subsidiaries in Europe that are subject to European laws, regulations and whatnot, and just sort of change the way that they structure their businesses to sort of soothe the Europeans a little bit, right?
to sort of soothe the Europeans a little bit, right? But everybody I talked to about that says,
well, that won't work.
And the reasoning is, I think, fascinating
because ultimately they're worried about
who is controlling these companies,
which really reminds me of the US concerns
around the control of Chinese companies.
So we're coming back to this issue
where state leverage on tech firms,
which has been something we've worried about with China,
is now something the rest of the world
is starting to worry about with the United States.
I mean, do you see that or am I like wildly off base?
No, I think you're totally right.
And they already have, right?
So like Microsoft, AWS, I'm not sure about Google,
but I know AWS, for example, their European services are like actually a Luxembourg company. They have European.
And TikTok host everything on Oracle in the United States, but it's not enough, right? So
isn't it strange that it's the sort of same paradigm, right? It just blows my mind.
It's exactly the same. Yes, it's exactly the same. I mean, and this is really the deglobalization of the internet
started years ago. What will be interesting to see is whether or to what extent do you have to,
could American companies go to make the Europeans happy? Is there a model in which AWS can build
European facilities that are okay to the Europeans?
I think the answer probably is yes, because realistically,
you're not gonna have Deutsche Telekom, honestly,
build a cloud stack top to bottom
that competes with AWS here.
Well, this was gonna be my next line of questioning, right?
Which is when you look at, so, you know,
we use DigitalOcean for a bunch of stuff.
And the thing that's amazing about DigitalOcean
is it's just like TimeWarp AWS from a decade ago, right?
It's just offering that basic cloud compute,
which is what got all of the cloud majors started.
But these days, the cloud computing platforms
are much more complicated.
They've got all of these advanced functions
and serverless and rah, rah, rah, rah, rah,
everything is a service.
Whereas if you just want to throw down an image, you know, like old school AWS EC2,
you know, you could do that with DigitalOcean these days.
And I sort of feel like if the Europeans were going to try to reinvent these fabulous, frankly
fabulous American cloud platforms, you know, they're not going to be very good.
They're just not going to be very good. They're just not going to be very good.
Right. But they would get what they wanted if they had a system in which they forced
Amazon to use Deutsche Telekom data centers to utilize European staff and to effectively have a separation of control that employees in the US never have access to that data.
So you think that that's workable? You think that that might be the way that this shakes out rather
than Deutsche Telekom offering? Or it might be a joint venture, right? It might be like what the
Chinese require, which is for American companies operating in China, you end up with a 51% joint
venture that's controlled by the peer. Now, it wouldn't be just like, it wouldn't be the Chinese Communist Party, right? So it wouldn't be like, you know, the German Labour Party, you know, or the Christian
Democrats or whatever. It would be a Deutsche Telekom or, you know, some equivalent, Orange or
somebody, right? Siemens. But you might see that too. Overseen by a regulator, backed by new laws,
blah, blah, blah. Right, which they have. Yeah. So if you have to guess that's the way this will
shake out as opposed to the Europeans developing their own.
I mean, you know, honestly, that's sort of like what I was getting at before.
Like, why can't they, you know, operate these things a little bit more independently?
I think that would.
And I think that would meet what their, that would probably meet with the ECJ equivalency
discussion, because you would have, it would effectively be a European entity that is licensing
American technology, but is operating it domestically in Europe. And the only thing that's flowing back to the
United States is dollars. What that's going to kill though, is the American companies like
the Googles, the Facebooks, the consumer companies, because a global product that needs data to flow
across borders can't operate that way. The cloud can, right? Because you could have, here's AWS EU.
It's just more expensive.
They'll just charge you more.
And European companies will be pissed
because they'll be paying twice as much per minute,
whatever, to use French nuclear atoms instead of US electrons
to power the virtual machines.
But Facebook can't operate that way because an American is supposed to be able to be a
Facebook friend of a European.
This was always a problem.
And I was at Facebook during the first Shrems problem.
And this is an issue, like we literally had this discussion with the French regulators.
It was like, how do you expect a German and an American to be friends on Instagram if you don't want
the Germans data ever to flow to the United States?
And they don't have an answer for that, right?
And so that's like a fundamental problem.
Do you think consumer services should be able to bridge the Atlantic Ocean?
And so if they go this direction, then it would be like the reason like TikTok in China
don't work is that TikTok China and TikTok US are actually
different products. They are different namespaces. You cannot be a friend. You cannot friend somebody
across Douyin and TikTok US. I would really, that would be a really sad outcome for my
Facebook friends in Europe all of a sudden to disappear. Well, yeah, and probably Australia
too. Boo. Yeah. We'll just have to chat on Signal.
I'm about to record this on Signal.
Chris, I wanna bring you into this.
Like, is this how you think
it's all gonna shake out as well?
I don't know.
I'm not ready to discount the Europeans ability
to seize the moment.
I mean, we've talked about it before,
but the last time they really had this inflection point was immediately post Snowden.
And granted, that was a different set of issues, and they responded a little bit differently in going more of the enforcement angle.
But I think if you combine the enforcement angle that Alex just walked through with some investment, but it's got to be pan-European. Right. They you haven't seen from a tech perspective, individual countries really jump up.
SAP, of course, is, you know, everybody knows SAP.
But beyond that, you start getting limited limited friction.
And there has been a lot of a lot of excitement,
whatever that means, in an EU sense of a Euro stack.
I mean, look, let me just inject something in here, given that this is a cybersecurity
podcast ostensibly, which is that there's been a lot of hard lessons learned by the
major cloud providers in the United States over a very long period of time, like something
like 20 years.
I do worry about the Europeans trying to speed run that process, right?
And what that's going to mean for the security of those stacks once they spin them up.
I mean, because that is a non-trivial effort.
Like, you could get a, you know, functional, you know, European cloud stack up and running
with an API that does most of what you want it to do.
But the behind the scenes machinery that keeps that safe is gargantuan. I mean, this could have some security implications, sure. Oh, for sure. And, you know, we've talked to,
and I'm sure you have too, Pat, different European private equity firms that are looking for European champions to invest in.
And they're kind of few and far between, certainly not on the scale of a US company or an Israeli
company. So again, maybe there's an opportunity to cobble something together that's multiple
companies or countries rather. But again, that Euro stack is it's not just about the cloud,
right? I mean, this goes down,
this goes to the chips and they've got a head start in certain places, ASML for instance,
but they're going to have to lock down critical minerals. They're going to have to get their
arms around. I think they, from a connectivity perspective, they probably have that under
control, but then you just kind of build it up from there. So there's a lot of unanswered
questions. There's a lot of interest and excitement,
but it's gonna take political will and commitment
that's all circling around the same outcome
and pushing towards it.
And I just don't know if Europe can pull that off right now,
if you can get the countries together.
But I'm gonna disagree here, Chris,
in that this is the risk of the United States going to war with everybody at the same time.
So yes, I agree. They don't have to compete anymore against, it is now cheaper for European
companies to buy super micro and other Taiwanese OEMs products, right? Like this is a great time,
if you're France,
you're taking a bunch of your money and you're saying I've got excess nuclear electrical capacity and I have the ability, you know, companies have 0% import tariffs on everything
that's made by quanta computing and super micro and all those boards. Now's your time that you
want to build out your data centers in France. Well, and I think also there's carve-outs
for some semiconductor stuff, particularly from Taiwan.
I mean, if there's not, there's going to be.
But it's only semiconductors.
It's not the fully made servers, right?
It's not the fully made boards.
It's not the PCBs.
You know, like, it's not all the stuff
that actually goes in the data center.
No, I understand.
But the Nvidia bits are the important bits,
and they are going to be exempt.
Because otherwise, what you're going to see is, like,
otherwise, if they weren't going to do that,
I'm taking my money.
I'm putting it all into real estate investment trusts that do data centers in Canada and
Mexico, right?
Because that's where the AI data centers are going to be.
But look, I want to switch focus.
Just to-
Well, no, but it's the manufactured stuff.
You already saw that Nintendo is pausing Switch 2 because their final manufacturing there
is in Cambodia, which they moved it out of China into Cambodia, specifically, I think around tariffs because
they thought Cambodia was safe.
It's pause.
I thought they paused pricing.
They paused.
They paused.
The pre-sales are supposed to start.
They paused the pre-sales because they haven't set the price.
Oh, I know my 15 year old is not happy.
Yeah.
I just, I just can't see the administration doing anything
that's gonna slow down AI data centers being built
within the United States, right?
So that's more what I was getting at there.
Pat, I know you wanna move on,
but just one more point here is that don't assume
that whatever Europe does is kind of the final shot, right?
There's gonna be a lot of action, reaction, so forth and so how are,
you know, how broad can trade war, how broad can tariffs go from breaking up any sort of pivot
within Europe to stand up their own tech stacks? Those are the sorts of things I'm sure they're
playing out right now. Now, look, I just want to move on to another area
where there's been change in the United States.
And you're the perfect person to speak about this, Chris,
because you were the first director of CISA.
We are seeing now that there's something like,
what is it, 1,200, 1,300 staff cuts coming down the line.
We've already seen a few hundred let go.
I think all told, it's kind of hard
to keep track of the numbers here,
but I think all told, we're looking at maybe a 40% headcount reduction at CISA.
Public reporting suggests that a lot of the capability that CISA is losing is going to
be around threat hunt.
Now I think one thing that might not be known widely outside of people who are in this space
is that NSA, while it does do threat hunt operations, they're for the Department of Defense.
And to a lesser degree, the Defense Industrial Base,
like NSA doesn't do threat hunt at like
the State Department or the Department of Commerce
or the Department of Justice.
Like that is a CISA thing.
Although I see Chris's finger going up there.
So I'll let you answer this in full in just a moment.
You know, the question was really gonna be like,
what sort of impact is
this? Is, are these staffing cuts likely to have on America's visibility into
adversaries targeting, you know, it's civilian government?
So I think the way that we should all be looking at it is that the CISA that we knew
over the last several years is at least
for the foreseeable future, not a thing as we knew it.
And again, if you read project 2025,
if you listen to secretary Noam in her confirmation hearing
it was about a streamlined, nimble CISA.
And so you might think, what does that mean?
I don't even really know what CISA is.
Keep in mind, CISA is not just cyber, right?
The second piece of that is infrastructure security.
There's a physical security aspect
that really dominated the mission
of the predecessor organizations of CISA.
It was all about chemical security, anti-terrorism,
securing sporting events and malls and all that stuff.
But over time, the budget certainly grew
to eclipse the physical side
and also on the personnel side,
it is predominantly a cybersecurity focused mission.
I think what they're trying to do
is really streamline the organization down to effectively
serve as the federal CISO for civilian agencies.
So to provide some of the EDR capabilities, some of, yes, the threat hunting capabilities,
some of the red team capabilities, the incident
response capabilities, but just for federal civilian networks, all the other stuff that
is more about public private partnerships, about information sharing with industry.
I think that is by what I'm kind of seeing how this playing out.
They see that as, Hey, this hadn't really worked
over the last 15 years.
We're getting our butts kicked.
I mean, they might, sorry to cut you off there, Chris,
but they might have a point there.
Some of the information sharing.
I'm just making the argument.
Yeah, yeah, yeah.
No, I mean, I'm just saying,
some of that stuff has failed, right?
And we've seen reporting over the years
where some of these threat sharing exchange programs
were set up and really no one was using them.
And I've even had DHS officials on the show and they're like, oh yeah, it's going great,
a little bit bumpy.
And then you see they'll shut out one of these programs a few weeks later.
So I can certainly understand that there's always going to be places you can cut.
But I mean, I was specifically asking about that, that threat hunting function,
has that been paired back to your knowledge?
I don't know right now.
And what you're talking about is this,
again, 12, 13, 1400 personnel cutback,
they just today opened up the Deferred Resignation Program,
which is that fork in the road email
that went out from Doge earlier in the administration.
They opened that back up again for the next week or so.
And so they're hoping that people will opt in to leave.
And from what I've seen, there is plenty of interest
from across a number of different pieces of CISA
that are looking for the exit, looking for an off ramp.
So I don't know exactly just yet
what the real impact is gonna be on Threat Hunting.
I do know though, that is a highly capable team.
This is the team that has been in there looking
for the MSS Salt Typhoon related actors over the last year.
They've been very effective in finding them.
They've been pretty good at rooting them out
and they haven't leaked. You haven't heard any of this stuff. So I
think it's a capability at a minimum for the federal networks that I hope we're retaining
because the threat landscape's not getting any cleaner. And I really don't see a purely
offensive strategy, which I'm not saying that's what
they're doing, but a super heavy offensive.
I don't, I just don't see it knocking the MSS back that much.
I don't see it knocking the SVR back that much right now.
Which is why that threat hunt function is important.
But this is, this is actually the perfect segue into the last thing that
I wanted to talk about with you two today, which is what all of this means.
So we're talking about, you know, pairing back CISA, changes of leadership and focus
at NSA.
I believe one thing NSA is being tasked with these days is actually going after Mexican
cartels.
So there's been, you know, eyes taken off some areas
and focused on others, which is entirely within the
within the purview of the US president and his advisors.
But I guess my question is,
and now we've got this trade war kicking off,
what does all this mean for the threat environment?
And specifically, what does it mean for the Chinese threat?
Right? Because we've got the United States and specifically, what does it mean for the Chinese threat? Right?
Because we've got the United States and China,
which have always had a pretty bumpy relationship,
let us say, they've been adversaries.
Now we've got all of this stuff kicking off.
Alex, you have feelings.
Please share them with the group.
Yeah, so I mean, the real question is,
does this, we've talked about here, that there's
been lots of discussion on whether or not China was preparing one way or another for
possible invasion of Taiwan in the next five, you just have anger with the US administration.
You have possible, several thousand, I believe, Chinese companies at the circuit breakers
and the Chinese stock exchange, right?
So you have, this is causing massive economic dislocation inside of China at the same time.
A trade war, I don't think anybody wants a trade war. This is going to be bad both inside
the United States and inside the PRC. And so, you know, you both have the possible economic
damage that causes, but also possibly a need for Xi and the CCP to rally the population in that situation.
So you might have domestic political needs.
I mean, the counterpoint there is that they're dealing with an adversary in Donald Trump
who is quite unpredictable, which would be one of the reasons that they may choose to
wait.
And that would be a reason to wait.
Yeah.
So I mean, that would be the con side for them is that you don't know exactly how he
would act.
But you also have the US having alienated our allies in a way that was not true, right?
Both Pacific allies and NATO allies.
So the odds of the US having backup in this situation have gone down a lot.
So I think, you know, it's hard to judge for a big war. Certainly, I think there's absolutely
nothing going to be holding back Chinese threat actors, right? Like there's no way she is going
to say anything about, you know, for, I think it is quite possible that we're going to see a
lessening of Russian threat just because right now you have the Russians trying to get what they
want out of a deal, you know, over Ukraine.
Well the Russians, mind you, I'll just inject one thing here,
interject with one thing here, which is that with oil below 70 a barrel, the
Russians are in a world of hurt right now. Like it's if you can think of a
silver lining to this whole thing, which obviously, you know,
viewers can probably tell and listeners can probably tell,
I don't think tariffs are great personally.
But if there is a silver lining,
it's that Russia is going to be in a very tricky position
if these oil prices continue.
I mean, you have to look hard for silver lining.
People are like, oh, look, interest rates are down.
Like, mortgage are cheaper because the economy's crashing
and therefore interest rates are down.
But okay, sure.
Well, my joke about that was, you know know when people are talking about these you know better interest
rates is like it's like sort of cutting off your feet so you don't have to cut your toenails anymore.
Yeah right. Just not not you know you've solved a problem sure but you know you kind of have a
a new set of problems but go on what you were with what you were saying about the the threat.
Yeah so I think like it's very hard just like said, there's on both sides you could see arguments
for what could possibly happen over Taiwan.
But for actual cyber, for non-Taiwan related cyber action,
I would expect that there should be very little limit
on Chinese activity.
But is there much of a limit now?
I mean, it seems like they're pretty no-holes
barred. I mean, I think they're only constrained by their capacity. We've got the MSS hacking into
civilian arms of the US federal government, probably military as well. They're doing all
sorts of operations targeting companies still. They're everywhere. So aren't they just constrained
by their capacity? Does this actually change anything?
What we have not seen is we haven't seen intentionally
damaging attacks.
So I think one question, one change
that we should be looking for is to see whether or not they
start to raise the pressure by utilizing
some of these mechanisms.
Like, we know they have had access
to critical infrastructure, and we
have yet to see that access to critical
infrastructure utilized to cause actual damage. So that's one thing we should be watching for.
And who am I to disagree with you? But I don't see it. And the reason I don't see it is because
that would be an escalation. And if there's one thing that this administration does not mind
doing, it's exercising state power in ways that defy norms. And I would expect that if you
saw the Chinese pull the trigger on a destructive cyber attack, they would get it back tenfold.
Chris, I want to get your thoughts on that. Where do you sit on all of this?
I'm actually of the mind that the invasion timeline moved up. I think they see an increasingly populist and isolationist base of support
for the administration that effectively is what got the president at least a large contingent
of his voting base is very much about no more foreign wars, about cutting off support to
Ukraine.
And that same vein is pushing for cutting off support to Ukraine. And that same vein is pushing for cutting off support to
Taiwan. It is, you know, a little bit of a contradiction, though. You do have a Pentagon
that is focused on pivoting the entire military might from a deterrence perspective to the Pacific. So I don't know. I mean, I've always been conflicted about
whether they really do it just because they think the economic impact, the trade impact
would be devastating. But hey, if a trigger has already been pulled on kind of global
economic devastation and you kind of are picking up enough of the,
reading enough of the tea leaves to say,
hey, maybe there's not a whole lot
of political support for Taiwan,
which I don't think really there is
based on my conversations over the last several years
of running mock war games and invasion drills.
You know, you get to, you get to, you know,
kinetic things flying and just like that, political will evaporates.
Because body bags, 20,000 body bags of American service members showing up is not something
that anybody wants entertained right now, particularly for an island over there.
I think there's less economic damage to the Chinese now because the odds of the rest of
the world falling the US into a boycott
of China is extremely low.
You're not going to see even Pacific allies, especially not Europe, cut off both.
If the US is cutting off Europe, they're not going to also cut themselves off from China.
Let me just pick you up there, Chris, on the cyber component of this.
Do you agree with Alex that we might see, you know, more
aggressive, uh, operations from the Chinese, including destructive
attacks, because that's the part where I'm like, eh, I don't quite see it.
That's the theory behind everything the, the PLA was doing with, uh,
volt typhoon now again, you know, there are circuit breakers involved that, that the Chinese could say, hey, we're not going to do this if you guys just stay out of it.
Otherwise, we gotcha.
This is the whole holding at risk conversation.
So there are always going to be off ramps there.
They let us do our thing, stay out of it.
We won't we won't come after you if you don't come after us.
We won't come after you if you don't come after us.
I think the bigger issue here though is adversaries worldwide
are getting more active. Cyber, offensive operations are getting baked more
and more into military doctrine and strategies.
We're only plugging more things in.
We're only more interdependent.
We only, it's becoming more complicated
and everyone's actually forgetting
how all this shit got kind of stitched together. So I just see a lot more pain in the future.
And it's, it's going to keep pods like this busy. We're going to be wrong about a lot of stuff.
We're going to be right about a lot of stuff. But these conversations aren't going away anytime soon.
That's Mr. Chris Bucket of puppies, sunshine, Krebs right there.
Catastrophic Krebs. Yep.
Catastrophic Krebs are rounding out this edition of Wide World of Cyber. I got to be honest too,
I think if Taiwan's going to happen, I think the time it will happen is around the inauguration of the next US president in January, 2029.
I think that is going to be the time personally.
But Alex Stamos, Chris Krebs, thank you so much for joining me for another fascinating
discussion here on the Wide World of Cyber podcast at Risky Business.
Thank you.
Thanks, Patrick.
Thanks, guys.