Bob Butler - Cybersecurity: Changing the Model

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

we're pleased to welcome Bob Butler this morning to talk about cyber deterrence strategies and I was looking for the right context in which to make an introduction of Bob and whatever else have we got going on out there now the context I think was we did a workshop a month ago posing the basic question then in a national security strategy that says or we want to out-compete our adversaries what does it mean to out-compete in cyberspace and this brought together 80 people around the table for a couple of days to scratch their heads over a problem without a very good answer as yet and one of the themes that emerge from the discussion was that in the community of people who are doing strategic thought about the new cyber problem the sense of conventional wisdom in that group is that we're at something like 1955 or 1957 and beginning to think about the nuclear problem that maybe we've thought our way 10% into this problem that the strategic thought that so far developed has been path breaking but has only launched just a little bit and if you look at this in a competitive net assessment context were way behind two or two or three or four adversaries who have invested a lot of time and intellectual capital in thinking about the new landscape and the opportunities available to them and the vulnerabilities they have in cyberspace and and to do the necessary strategic thought requires that we create new communities of interest that break down all of the lovely barriers and within our existing communities of interest you have to have people who understand the science technology people who understand military strategy people understand winning and circumstances sort of over armed tation counterintelligence law enforcement I mean the list goes on and on what makes our speaker today unique is that he's he's been a leader in that first bit of strategic thought and part because he's worked in so many of these different communities of interest he brings a military background an intelligence background a corporate background a government background he is the first Deputy Assistant Secretary of Defense for cyber policy we had the pleasure of serving together 10 years ago and he's now in a consulting role by and large where he's trying to stimulated more thinking in all of the communities of interests that are relevant to this problem and he's going to talk this morning about for about 40 45 minutes on the fundamentals of cyber strategy and pose some questions for us to think about and then we'll turn to QA the presentation itself is on the record and being videoed but the Q&A will be off the record the video will be will be off so we'll take the conversation wherever you would like please join me in welcoming Bob Butler well it's great to be here at the lab thanks for the invitation Brad to come out the one thing I was not expecting was the temperature to be the same as Texas and I got here I was expecting a little bit cooler climes so I'm I will be speaking on the record but from my personal vantage point I'm not going to be representing the government or AECOM or any of the other affiliations I have here and I'm going to try to give you some perspective of where we've been where we are and where I think we could go and as Brad indicated some challenges that I think we collectively should be able to to kind of work on so just by way of perspective Brad alluded to some of this I've had the opportunity to serve in the military for 26 years in the Air Force serving as an intelligence officer I started academically in the world of math and quantitative business methods and in programming so work back in the old days on ba L&P l1 and Fortran and C in different languages and I think as we look at the world today that actually put me in a situation where I was somewhat advantaged in thinking about where we were going with the world of information technology and technology at large and the evolution being involved in the intelligence community epic during the Cold War and then post Cold War and and then since then the experience is coming out of the military where we begin to see these crossovers in convergence right in digital and physical worlds but also in the worlds of the roles that we take on whether or a postdoc or a scientist here an engineer here whether or on boards or what have you so what I'd like to do is kind of collectively talk about what those experiences have have shown me over the last few years and I'll pick it up by talking first from where I was and serving as the deputy assistant secretary for space and cyber policy and kind of go forward from there in those days we we saw that a risk was looming it was increasing and accelerating at the same time we struggled with understanding what to do about it we came up with the first defense cyber strategy and then from that we developed a command structure which is a typical kind of military DoD response the world has changed radically since then it was actually changing underneath us and so again my perspective here is we think about the world as it exists today or as it was as opposed to thinking into the future so let me get started here I'll share my experiences in the business world as we go through this I do serve currently as the senior vice president for critical infrastructure protection strategies for ayyyy calm Akon actually is part of the lab environment here and aecom is a huge company that builds designs and builds lots of infrastructure around the world and you know my job is to kind of review in in both greenfield and brownfield space how do you build resilience right how do you build resilience in these converging worlds how do you build it and do it efficiently and how do you do it and you build it for a lifecycle okay I'm gonna start with the bottom line up front so the world as we see it today and I think many of you would are aware of this and would agree capabilities on the part of people that don't line up with our national interests is increasing in terms of their aggressiveness and proactiveness of working counter to our national interests and specifically based on the work that I'm focused on is it's Russia China Iran North Korea and and what we're dealing with terrorism today and in that space we continue to hit inflection points and we're struggling with what to do about it in the area of cyber itself we have struggled with thinking through you know the kinds of steps that we should take as we react to events looking back in the rearview mirror whether it's Chinese IP theft Russian intrusions into other sovereign states DDoS attacks distributed denial of service attacks or what have you and so what we have found is what we're doing is not deterring anything we need to do more so let me take you through then a series of work that we've done in the defense Science Board that has been published that kind of illuminates these points and drives then to these these ideas first off we we we've been looking at the defensive aspects for some time and back in 2012-2013 we did realize as we looked at what adversaries were doing across the risk spectrum right a lot of times people look at one aspect of risk risk is a function of threat vulnerability and Cox Quinn's management right many times we'll look at vulnerabilities and what we have to do to fix vulnerabilities and we look at it strictly within the information technology space as opposed to the broader security risk we're struggling with thinking ahead on advanced threats and we very very often don't think of all the consequences in terms of residual risk and how to build consequence management strategies in the defense Science Board work in 2012-2013 there was a real strong assertion that none of our military critical military systems were resilient and that there was an existential threat to to those systems that led to a series of other studies coming down the road get one dealing with cyber deterrence where we talk through what it meant to impose cost or to deny benefit and we talked about other issues regarding what how things were becoming intertangled and so this idea of thinking through the glass house that we live in and the fact that we are dependent upon critical infrastructure that is outside the fence line and and the fact that that critical infrastructure if it goes down if there's a problem actually creates real challenges for us let's fast forward then to the next study which was really cyber as a strategic capability and in that discussion what we came away with were five big findings and this is it was about a year and a half ago the first of which was dealing with the fact that strategy wasn't working it was ineffective it was stalled part of that was because a policy part of that was because of political will the second thing that we we came away with was in order for an offense to be effective we must have a good defense and we have to focus our defense in certain areas we have to focus on the high end systems because we can't protect everything right so we have to focus on the things that are most important the third thing that we third finding that came out of this study was people the challenge in creating a workforce that can actually have the readiness and more importantly the proficiency level at both the individual level and team level to support what we need to do in the space defensively and offensively the fourth was it's not just a team or eight or a group of teams within the department defense or the Department of Homeland Security or within a company it's a whole-of-government or a whole of America approach how do you work culturally across internal organizations how do you work say and in Washington across interagency below Washington interagency activities within joint task forces on a border or wherever how do you work with industry differently not just call it public-private partnerships of what does that really mean and then how do you work with allies with international partners to build like-minded strategies to solution not just to share information but to solution and then the fifth area was policy and the policies had we had struggled policy normally lags behind concepts operational concepts but we were really lagging in this space so as a result of that I had been thinking others have been thinking and former Assistant Secretary of Defense Frank Kramer who Brad knows and many of you in the room might know and I decided to put together a piece on what we should do about it and that's the the bulk of these ideas over here so I just want to walk through this in terms of what these ideas are what what's what it what it means behind the bullets and what we're doing about it today and how they can be operationalized and then some some ideas that the lab could take away this is very true this is this is the the different environment we're involved with today people some people call it gray zone but we have no long we no longer have overmatched capabilities I mean that was part of the Cold War that was part of what came out of the Cold War with the dividends of the cohort is we were overmatched in certainly in conventional capabilities we could we could actually do shock and awe right we are no longer overmatched in this level below armed conflict and we are we have adversaries that have learned from what we've done how to build a symmetries in this space so I'm going to start with just a little bit of a tutorial on active defense and what I mean by active defense I wrote about this in the in 2010-2011 with deputy secretary bill when we were talking about active cyber defense and back in those days it was we need to do more beyond the walls of a you know a network and and what we were thinking through was we had highlighted a problem with an operation called buckshot Yankee where we saw an adversary get inside and using removable devices infected computer systems and so the idea of looking beyond your networks doing something about it ahead of time we really never operationalize that but we we pushed forward with a new strategy in 2015 which was a good a good basis that built on 2011 but but still lagging behind the realization of what we really didn't needed to do with this risk big focus on deterrence so the idea of creating resilience within the DoD and and defense industrial based networks the idea of actually beginning to use offensive capability and finally this idea of supporting the combatant commands in an integrated way what we have found is that as we move forward in time and we seen aggressive activities on the part of especially the tier 5 tier 6 adversaries China and Russia those have been that has been ineffective so we needed to address all of these things going forward an active defense is one one way of approaching coordinated partnerships of active defense there's many techniques you can see them up here I'm happy to talk about them that George Washington University collected and kind of put into a neat graphic but but the concept here was to really go further in terms of taking the enemy to taking the fight to the enemy and so we have a new strategy out in 2018 called defend forward right and it's it's actually supported that's the defense strategy there is also a national cyber strategy which is aligned somewhat with this and the thought with defend forward is you basically are in red and you are actually working to support activity that helps you to take the fight to the enemy at the source of where malware might be created and as a result you have a strategy that's now enabled in a very different way a different way of thinking through policy and with the political will that we currently have within this administration we are changing policy we are changing the way we do TTP's tactics techniques and procedures of this idea of persistent engagement is now is now the construct for how a cyber command moves forward we are beginning to move in this area of leveraging whole of America we're not there yet but we're recognizing and not just saying but recognizing and working with allies and working with industry and working with interagency partners in different ways than we have in the past and of course as I mentioned previously we are prioritizing efforts one of the one of the things that hit me hard when I became a chief security officer of a global data center company and you are beginning to think about information physical assets of clients that are spread all over the world we had data centers in Singapore we had data centers in me in New Jersey we had data centers in Phoenix Ohio and in London you can't do everything so what are your most important information assets what are your most important physical assets and what what kind of resources do you have to put against that problem and then manage residual risk right managed to manage the rest of the enterprise okay so let's now get into the details of what what we're advocating and where we are the first idea is we need to do more on critical infrastructure and really when I say critical infrastructure I'm talking about lifeline infrastructure to support national security missions nuclear c-2 integrated missile defense force projection there's a natural nexus with Public Safety in these communities as we work through these events and and there's a natural nexus with business enterprises so it is the ones that I've listed up there energy not just the electric but oil and natural gas it is an intersection with nuclear it's a intersection with water water treatment and a lot of other lifeline infrastructures not all of those 16 critical infrastructures should be covered in the same way based on the again prioritizing resources I think we need to think carefully about how we apply the the resources that we have there are models that we can work off of the financial services a couple of years ago built a center called the financial systems and analysis resilience center FS Arc FS Arc is an example of like-minded businesses coming together around a common infrastructure namely the global transaction platform right so you have the eight biggest banks in the New York City area getting together working together sharing information sharing threat information solutioning together in active defense incentivized because of a global transaction platform that they all rely on but at the same time also focused on helping others inside of a large risk register right so those banks are dependent upon con Edison in New York City right so con Edison becomes part of their extended enterprise look so there are models that we can work off of there is also concepts here that we need to think about that allow us as Brad was indicating you have to treat collectives of cross sector integration so the defense industrial base has its own kind of information sharing approach it is it has scaled and it is growing it has some best practices that need to kind of cross over and support others both in the extended defense industrial base supply chain in the department defense and I think best practices could be shared between the financial services and did but every one of these needs some help now the question comes up can you do it all with you know regulations or how do you create incentives in this space the financial services you know they're fairly well-off right so they they are pretty well and scented there is a compliance regime with the SEC FSA over in London the Monetary Authority of Singapore and other regulatory authorities but their incentive to work together defense industrial base to a certain extent because of an intertwined supply chain and the business but it is competitive and so there's more of a regulatory approaches you see in the DeForest we have to find a way to adjust authorities and resourcing in the federal government system to allow these critical infrastructures to connect together much faster much better than they are today the F s arc again is an example of where that's happening I was involved in my a EECOM hat with the army cyber Institute a couple of years ago how many know your army cyber Ian's to anybody aware of them ok so the army cyber Institute is is a think-tank this organization at West Point and what they are working on our army futures right they're trying to look at it from both an education perspective at West Point as the US Military Academy and they're trying to connect into into a future where the Army force structure has to change to meet evolving mission sets part of it is homeland defense of what's going on in communities and cities and it's not just the National Guard function in light of where we see an evolving threat right so in that space one of the experiments that they were looking at was the idea of what should be the military's role in supporting communities as it relates to advanced threats I participated with them and help drive scenario development and execution of their second phase of their experimentation first phase was in New York City small exercise small experiment bring the Emergency Management team together let's talk about ways that we can build a much more effective integrated approach between the physical side and the cyber side of what's going on in New York City and police department Fire Department all these folks came together and small-scale but but now has created some synergy to create their own version of a new of a New York City cyber community I was involved with the Houston set up I'm from Texas and Euston of course large port city important port not only from a commercial standpoint but from the military standpoint we have port activities including up at Beaumont where we do a lot of trans load operations and so in that space we looked at ways that we could take a scenario of a natural disaster and then add the play of a nation-state actor into it so here you know it's a it's a deliberate event that you have warning on and you begin to now work in that space as a nation-state actor might to actually create worse effects for the community and for military missions projecting force out what came out of that was certainly some new play books and some new relationships but it became very obvious that there's a significant challenge here when you start to work bottom-up when you start to work from an Emergency Operations Center in Houston that again does great jobs with Super Bowls and World Series games and all kinds of other events but when you put this kind of activity into the space it really really makes it very difficult so we're connecting cities EMS critical infrastructure lifelines County State Guard FEMA Coast Guard FBI other elements of the of the federal government together and as a result of that we realize that this bottom-up approach the communities really understand what they need but programmatically they're struggling with the dollars to support this so the recommendation here is to you know we need to establish a way of creating some consistency on state support here in California I mean you've gone through a lot of natural disasters I mean fires and earthquakes and gas leaks and all kinds of issues here right every time we get into one of these events we learn from that event and those lessons are very difficult to translate into into other places so we the point here is let's leverage the expertise at a state level with with our regional experts out of FEMA begin to culturally draw physical response and the cyber response folks together raise the readiness levels of our Guard units to support this this idea national cybersecurity fusion Center you're familiar with NCTC the National Counterterrorism Center you're familiar familiar with the National counter-proliferation Center you're familiar with things that we've done at the federal level to bring different entities together they work differently based on their operational missions they may have different players in this space they're measured differently we believe that in this world of cyber especially as we look at the adversary taking really working across boundaries that we need a better a better way of working command and control a joint interagency task force like structure where it's intelligent Intel counter-intel driven ops that allows you to take not always rapid action but the right actions and to be able to include a much larger swath of American talent controversial recommendation that Frank and I have written about is this concept of certified active defenders so we have lots of entities some here at Lawrence Livermore some in other parts of the country that are really really gifted in terms of cyber defense we do not have enough in government today there are ways there are precedents in terms of being able to look at those individuals we see it in the guard all the time as we flip between a title 32 and a title 10 attitude can we create and employ statutes that allow us and then train to using certified active defenders from labs private sector and other places as a way of doing all of these activities you can see on the last bullet all requires some realignment I'm going to talk about realignment on the federal budget in terms of not just the budget but authority structure as well finally this is something I've written about in a couple of different ways this is the idea of like-minded nations right this is the fourth I the International Peace how do we get allies involved in helping us promote the right standards as we watch adversaries involved in looking at internet protocols and where we're going with internet protocols over time how do we get allies involved with looking at cross-border critical infrastructure let's go back to the swift attack on the bank in Bangladesh just a few years ago how do we work to do active defence campaign planning together as like-minded nations that's the construct behind the international cyber stability board enabling that are a few other things that allow us to go from whole-of-government whole of America to something broader so let me go ahead now and just talk a little bit quickly about the federal government piece there are different things that have to happen here based on what we're describing we are changing some of the authorities and policies already from the Department of Defense perspective so some of the foundational things that you'd want in a national cybersecurity fusion said are already beginning to gel a bit we do need to do more work with the Congress and the executive branch on support to state and local authorities with certainly any authorities for certified active defenders and you know as we think about new organizations that are standing up how do you ensure their readiness right I mean it's not just the organic government folks ready how do you ensure the readiness of that that reserve force that you might have importantly here is building off of concepts that we've already got some traction on so a few years ago in NATO's military committee and defence planning committees came up with this idea of framework nations more capable NATO allies helping less capable allies especially in enabling functions like logistics and support one of the arguments that we have made is let's use a similar concept with NATO in extended cyber deterrence so this is working with NATO allies to help them harden their military networks help them hardened entities that they're dependent upon with regards to doing their military missions and working hand-in-glove this is this could be an extension of the state Partnership Program where we have Guard units already going over to countries to ally countries it could it could be take on take on a frame in a lot of different ways but we're already starting to build on this as we go forward through through the Department of Defense activities resources are interesting because in the resource area it's not just setting up these centers but it's really bringing more people into this space so part of it is the certified active defenders part of it is also looking at training creating training programs that allow people to move quickly to higher level higher level skill sets it's cross flowing people differently from government to to industry and then back so that's that's another item that we we talked about with in the in the article and the final effort is in something hopefully near and dear to you is we have got to do better at looking at R&D right from I would say we do real good at fundamental research and basic research but when we start to move across the test readiness levels and I want to get to applied R&D and get something out the door finding ways to invest dollars that allow us to do DevOps because we're in a situation where we're not only converged but we're in constant contact with our adversary okay let's go to the next slide and this is now shifting gears again more to the technical architecture aspects I want to give credit to the defense Science Board I'll mention some of their recommendations us-cert Johns Hopkins University some of this was presented or our say this past year by the Johns Hopkins team and Carnegie Mellon but these are these are some ideas for helping to build a more resilient architecture we talk a lot about networks being breached and that they're going to be permanently breached but we're slow to pick up on how to address the problem we need to find ways to think about authenticating in roles and in responsibilities across devices and people and we need to continually update a risk register we need to think about the value of inefficiencies together with resiliency continue to see problems where we're exposing ourselves because of poor vulnerability management practices part of this is the fact that we're just not thinking about correlating log information I just recently saw where we trying to find an insider problem and we're not correlating Active Directory and DNS logs I mean so challenges in this space abound but we've got to get started with with actually moving in a direction where we presume breach will always have breach and what can we do with different kinds of adaptive resilient strategies so it's it's not just a honeypot it's not just segmentation but it includes you know pushing back in active defense it includes redundancy as a strategy and includes hiding in plain sight as a strategy includes a lot of different things so we're working on this in the Department of Defense we're moving in the enterprise we're actually challenging extended enterprise partners to move in that direction and I think that's that's the where we need to go and there's a lot of good vendor work going on in this space we just need to integrate it and realize that with the plethora of data that's coming in there's opportunities here to do things differently and the technology is changing in such a way that we we now can do zero to one of the things that really has frustrated me over the years is we typically see a problem we look at the problem we come up with a solution we might go to a darpur or or some other agency to prototype a solution and then it takes forever to get it out into the commercial world and then they get picked up by the US government base we saw that with WikiLeaks there was a technology solution that was available ten years prior we saw some things I've seen some things now with an acquisition of some endpoint software that we knew we needed six years ago still waiting for it right we have got to get into a DevOps environment in this space in zero trust extended enterprise supply chain these are defense Science Board recommendations but the idea and I just put two of them right we can talk about a lot of different strategies here one is in the era of hardware and we you know that most of our micro electronics is now offshore what do we do we I think we need to relook at at the problem from the standpoint on the hardware of not maybe creating a US government foundry but looking at commercial foundries here in the country and thinking through how that could be done how that could be protected how do we move forward with that the other is in the area of Software Assurance as you read in goe IG reports as you read and Gao reports we continue to struggle with validation of what we're doing to fix problems so creating an entity with some of the best formal methods to help us look at the issue of Software Assurance and again a privilege to help sit on the technical advisory group at Carnegie Mellon's software engineering Institute and there's some great work there there's some great work I'm sure going on here great work going on around the nation but finding a way to take those methodologies and rapidly put them into a process that allows us to really have high levels of assurance in extended supply chain and then the third area really and and again we've talked again a lot about this but now I see it happening more and more we need to take even some of the basic machine learning the the basic Bayesian theorem a priori logic schemes that we we currently are doing by human task within a Security Operations Center and we need to automate them we need to find a better way of taking assists admin and making him more productive or her more productive on higher level tasks and so there's work that I see going on with Splunk and UI path and some of the other vendors looking at data Lakes differently that we are we are starting to we are starting to look at it doesn't always have to be reviewing NetFlow logs we can do things differently so so those are some of the areas that we think about on the technical architecture I'm just going to throw out one more concept and then I'll wrap it up and with a challenge and that's this idea of continuous in that assessment so let me set some foundation on continuous in that assessment Brad alluded to some of the work in the past and when we started serving together back in 2009 timeframe well you know looking back in when when I was in uniform you know prior to the turn of the century I mean we we see things that happen we were fighting a cold war we actually were able to successfully draw that to a close meantime our adversaries were put into a situation where it was extremely difficult for them because a lot of the establishment the bureaucracy either didn't anticipate all the effects or there was a kind of an alternative within the country looking at a different way other than how it turned out publicly for these outcomes to change right so so what I mean here is like in the case of China after Tiananmen Square and I did get a chance to go to China 96 97 timeframe we were trying to open up a strategy with the Chinese on air traffic safety challenging times right and the route and if you read what the Chinese were writing out of the Academy of military science and reading what was coming out of a lot of their both their military institutions academic institutions they were they were taken aback by by some of the things that we were doing that they could see certainly Desert shield/desert storm there's a lot of Chinese writings on that this concept of shock and awe and the fact that they could not necessarily match what the United States was doing a lot of thinking then that goes into asymmetrical strategies right the Russian side just one example I happen to be in the Pentagon when the Russians introduced into the UN General Assembly in 98 this idea of a cyber arms control proposal and then spent that year and years afterwards working with like-minded and and other not like-minded nations to try to build norms as I think back on that that was an attempt to slow down what we were doing in the United States it was an attempt to think help give us pause so that the Russians could kind of think through what they want they saw what we did in shield stuff they saw what we did an Allied Force so so that's that's a snapshot and you know over the last decade or so in the last century now let's fast-forward and look from 2019 back to 2000 2001 and what what I see is that as we're doing these things the Chinese are actually now taking thoughts and putting them into action into capability development into deploying capabilities and pushing in their own regard I saw this when I serves as the Transcom director of intelligence during ofn Hawaii five-0 form and and it doesn't stop right because of the drive of the Chinese leadership and I'll go back to Jung soo min and go fast-forward up to President Xi there is this idea of of continuing to grow in non-traditional ways to meet the goals of what their what their nation espouses right and so in this space you have things like the belt and Road initiative take on a new life and we're surprised right we need to think through that differently and it's not just about economics there is a digital path behind this as well and it's really heavily dependent upon the digital path but what what are we doing in that space right the other the other is is what we're seeing with not just Russian activity that's happened in the past but how they're reflecting reflecting what they see us doing I mean the Gerasa moth doctrine is more is more about the Russians observation in the US than what the Russians say they're going to do so so we need to think through this and and what this causes me to reflect upon is we have to have a different way of thinking through strategic net assessment or in tactical sense be da bomb damage assessment to this concept of continuous net assessment that go that goes across multiple countries the four countries I've mentioned and others but includes counterforce targets and countervalue targets right it's a hard problem it throws our intelligence collection system upside down right it changes the way we work with partners so that is a challenge that I would ask all of us to think about and if you have ideas on how to pull forward on that in a in a smart way I'm be very open to talking with anyone about it but the bottom line for me is we really need to move from this space of where we've been to continue to drive this forward right we are in constant contact persistent engagement we are not deterring activity to protect national interests I think risk is is increasing our exposures increasing we need to do more and there are ways to do more in architectures in partnerships in thinking of unities unity of effort and this concept of how to manage risk the the idea of thinking about not not just saying that okay I'm gonna deploy this technology and this technology is going to give me this advantage today tomorrow and next year no it doesn't work that way that technology could give us relative advantage today but we no longer have can count on enduring advantage over years of time we have to think through in a gray zone you know below the level of what DoD calls phase three conflict how an adversary and how others in this space begin to work against it or with that technology or with that tactic in technique and procedure to create advantage for themselves so on one side it's understanding more about how long do I have advantage what does that advantage look like on another side it's looking at how technologies for instance could be can be exploited against us and what are the indications of warning that we're now moving into a different period of time of risk final slide and challenge I'll go back to my friend Jim gossler Jim co-chairs many of the or chairs many of the cyber panels within the defense Science Board I got to know Jim when he was head of the clandestine information technology office a couple of decades ago Jim talks about the idea of not only information assurance and many of you that are in the world of cyber and information technology understand the characteristics of availability confidentiality and integrity so I'm most concerned that we because we haven't paid enough attention here we're in a situation where integrity and you see it with gaen and deep fakes are real is real issues we have we have created situations where because we weren't paying attention to the the the integration the balance across these three attributes that we've we've so focused on preventing DDoS or preventing problems with somebody trying to steal something by going into complex strategies and multi-factor authentication that we're forgetting about data integrity but an adversary doesn't right and so there are things that are inherent within the capabilities that are deployed but there are things that adversaries introduce and so as adversaries take advantage of this more and more what can we do to get asymmetries on our side are there things here at the lab are there things that could be here at this lab that could help us in this space so that's about 45 minutes I'll stop there [Applause] you

Info

Channel: Lawrence Livermore National Laboratory

Views: 455

Rating: 4.3684211 out of 5

Keywords: LLNL, lawrence livermore national lab, cybersecurity, defense, air force, national security, homeland, homeland security, national defense, cyber security

Id: qnZra2-8Eys

Channel Id: undefined

Length: 44min 41sec (2681 seconds)

Published: Tue Oct 15 2019