WEBVTT

1
00:00:00.160 --> 00:00:03.759
<v Speaker 1>Welcome to the deep dive. We're here to well navigate

2
00:00:03.799 --> 00:00:06.280
<v Speaker 1>the complicated stuff and pull off the key insights from

3
00:00:06.280 --> 00:00:10.080
<v Speaker 1>today's source. And today we're really digging into Ben Buchanan's book,

4
00:00:10.119 --> 00:00:15.039
<v Speaker 1>The Cybersecurity Dilemma, Hacking, Trust and Fear between Nations. Our

5
00:00:15.080 --> 00:00:17.440
<v Speaker 1>mission really is to cut through the complexity, you know,

6
00:00:17.480 --> 00:00:20.519
<v Speaker 1>where cybersecurity bums up against international relations. We want to

7
00:00:20.559 --> 00:00:24.920
<v Speaker 1>extract the core ideas about how nations actually operate, how

8
00:00:24.960 --> 00:00:27.760
<v Speaker 1>they build trust or maybe more often, how they don't,

9
00:00:28.120 --> 00:00:31.239
<v Speaker 1>and how they handle this well, this digital battlefield exactly.

10
00:00:31.280 --> 00:00:33.920
<v Speaker 2>And b Canon puts this concept, the cybersecurity dilemma right

11
00:00:33.960 --> 00:00:35.920
<v Speaker 2>at the center. It's the lens for looking at these

12
00:00:36.079 --> 00:00:40.000
<v Speaker 2>modern conflicts. The basic idea is when a country tries

13
00:00:40.000 --> 00:00:42.920
<v Speaker 2>to make itself safer online, those very actions can end

14
00:00:43.000 --> 00:00:45.679
<v Speaker 2>up looking threatening to others, and that can, you know,

15
00:00:45.759 --> 00:00:49.320
<v Speaker 2>unintentionally wratchet up tensions. It's this constant high stakes balancing act.

16
00:00:49.520 --> 00:00:52.240
<v Speaker 1>Yeah, and to make it real, Buchanan starts with a

17
00:00:52.280 --> 00:00:56.200
<v Speaker 1>pretty chilling example. Remember the reported twenty fifteen Russian hack,

18
00:00:56.600 --> 00:00:59.399
<v Speaker 1>the one that hit the White House communication system. I

19
00:00:59.399 --> 00:01:02.479
<v Speaker 1>mean this was just like stealing some files. It showed

20
00:01:02.520 --> 00:01:06.359
<v Speaker 1>the dilemma perfectly. They reportedly got into President Obama's emails,

21
00:01:06.640 --> 00:01:10.480
<v Speaker 1>sensitive stuff, legislative things, scheduling, you name it. A senior

22
00:01:10.519 --> 00:01:13.799
<v Speaker 1>officially even called it one of the most sophisticated intrusions

23
00:01:13.799 --> 00:01:16.599
<v Speaker 1>we've ever seen. That's pretty stark. And it wasn't just

24
00:01:16.599 --> 00:01:18.959
<v Speaker 1>a White House. There were breaches at the Pentagon Joint

25
00:01:19.000 --> 00:01:22.719
<v Speaker 1>Chief State Department. So this isn't just theory. Buchanan uses

26
00:01:22.760 --> 00:01:24.879
<v Speaker 1>these real world examples and even draws on things like

27
00:01:24.920 --> 00:01:28.439
<v Speaker 1>the Snowden revelations, not really for the whole civil liberties debate,

28
00:01:28.480 --> 00:01:30.640
<v Speaker 1>but more to show the mechanics, the how and why

29
00:01:30.680 --> 00:01:34.040
<v Speaker 1>of these cyber ops. Okay, so let's unpack this core idea,

30
00:01:34.359 --> 00:01:37.760
<v Speaker 1>the security dilemma. I. Buchanan traces it way back right

31
00:01:37.799 --> 00:01:41.359
<v Speaker 1>to classical international relations. For listeners maybe not so familiar.

32
00:01:41.400 --> 00:01:43.400
<v Speaker 1>Where does this actually come from? And how does he

33
00:01:43.439 --> 00:01:46.319
<v Speaker 1>connect that ancient idea to well, today's digital world.

34
00:01:46.400 --> 00:01:50.560
<v Speaker 2>It's fascinating. Actually, the roots go way way back to Thucydides,

35
00:01:50.959 --> 00:01:54.000
<v Speaker 2>you know, the ancient Greek historian is history of the

36
00:01:54.040 --> 00:01:57.560
<v Speaker 2>Peloponnesian War. He talks about that famous standoff between Athens

37
00:01:57.560 --> 00:02:00.879
<v Speaker 2>and Mellows and the Athenians basically say, look, the strong

38
00:02:01.120 --> 00:02:03.640
<v Speaker 2>do what they can and the weak suffer what they must.

39
00:02:03.680 --> 00:02:07.079
<v Speaker 2>It's brutal, and that captures this idea of anarchy in

40
00:02:07.120 --> 00:02:09.599
<v Speaker 2>the international system. There's no world government, right. It's not

41
00:02:09.680 --> 00:02:12.280
<v Speaker 2>like inside a country where you have laws and police

42
00:02:12.560 --> 00:02:17.199
<v Speaker 2>between nations. It's more like Hopps' state of nature solitary, poor, nasty,

43
00:02:17.360 --> 00:02:21.280
<v Speaker 2>brutish and short, not Locke's idea of ordered government. So

44
00:02:21.479 --> 00:02:25.080
<v Speaker 2>political scientists like John Hurst and the historian Herbert Butterfield

45
00:02:25.280 --> 00:02:28.199
<v Speaker 2>they formalize this. They said, Look, when one state tries

46
00:02:28.240 --> 00:02:31.319
<v Speaker 2>to get more power just to feel secure, it automatically

47
00:02:31.360 --> 00:02:34.039
<v Speaker 2>makes other states feel ass secure, and those other states react,

48
00:02:34.120 --> 00:02:35.879
<v Speaker 2>They build up their own power, and you get these

49
00:02:36.000 --> 00:02:40.319
<v Speaker 2>dangerous arms races. It just feeds on itself. Mistrust everywhere, right, and.

50
00:02:40.240 --> 00:02:43.240
<v Speaker 1>That maps directly onto intelligence gathering, doesn't it bu Canon

51
00:02:43.280 --> 00:02:47.319
<v Speaker 1>brings in Michael Herman, a British signals intelligence guy. Herman

52
00:02:47.360 --> 00:02:50.280
<v Speaker 1>pointed out that even if you're just collecting intel defensively,

53
00:02:50.360 --> 00:02:53.599
<v Speaker 1>the country you're spying on sees it as threatening. So

54
00:02:53.680 --> 00:02:56.759
<v Speaker 1>why is intelligence so crucial? I mean, obviously states need it,

55
00:02:56.759 --> 00:02:58.520
<v Speaker 1>but how does that need feed the dilemma? Oh?

56
00:02:58.520 --> 00:03:02.639
<v Speaker 2>It's absolutely vital. Intell is about foresight, about knowing what's coming.

57
00:03:02.759 --> 00:03:06.479
<v Speaker 2>Think about Pearl Harbor or nine to eleven. Those disasters

58
00:03:06.479 --> 00:03:10.199
<v Speaker 2>show exactly why states need good intelligence to prevent surprises,

59
00:03:10.280 --> 00:03:13.240
<v Speaker 2>to protect people. But and this is the core paradox.

60
00:03:13.439 --> 00:03:16.800
<v Speaker 2>States collecting that intel usually see their own actions as

61
00:03:16.840 --> 00:03:21.639
<v Speaker 2>you know, necessary, even benign, defensive, but the state being

62
00:03:21.680 --> 00:03:24.680
<v Speaker 2>spied on, they see it as provocative, as potentially hostile.

63
00:03:25.080 --> 00:03:27.840
<v Speaker 2>Buchanan uses the Cold War, like in nineteen eighty three

64
00:03:27.960 --> 00:03:30.960
<v Speaker 2>as an example. Reagan and his team were apparently genuinely

65
00:03:31.000 --> 00:03:34.360
<v Speaker 2>baffled that the Soviets thought the US might attack. George Schultz,

66
00:03:34.439 --> 00:03:37.960
<v Speaker 2>Secretary of State, then called Soviet fears incredible. He just

67
00:03:37.960 --> 00:03:41.199
<v Speaker 2>couldn't believe it. But then years later, Gorbachev admitted he

68
00:03:41.240 --> 00:03:43.680
<v Speaker 2>hadn't really grasped how much fear his side's actions were

69
00:03:43.680 --> 00:03:46.039
<v Speaker 2>causing in the US. So each side thinks they're the

70
00:03:46.039 --> 00:03:48.680
<v Speaker 2>good guys, just defending themselves, and the other side is

71
00:03:48.719 --> 00:03:51.199
<v Speaker 2>the aggressor. It's the cycle of misperception.

72
00:03:51.400 --> 00:03:54.800
<v Speaker 1>Okay, So if that's the backdrop, this constant suspicion, what

73
00:03:54.840 --> 00:03:57.800
<v Speaker 1>does it mean for offensive cyber operations. Buchanan calls this

74
00:03:57.879 --> 00:04:01.000
<v Speaker 1>the intruder's view. Okay, some of the big examples he

75
00:04:01.080 --> 00:04:02.919
<v Speaker 1>uses to show why States Field they need to go

76
00:04:02.960 --> 00:04:04.280
<v Speaker 1>on the attack in cyberspace.

77
00:04:04.520 --> 00:04:06.680
<v Speaker 2>Well, he kicks off with Stucksnet. That was a real

78
00:04:06.719 --> 00:04:10.080
<v Speaker 2>game changer. It was this incredibly sophisticated bit of malware

79
00:04:10.120 --> 00:04:14.639
<v Speaker 2>aimed at Iran's Nten's nuclear facility back in twenty ten.

80
00:04:15.039 --> 00:04:18.000
<v Speaker 2>And it didn't just steal data, It physically damaged things.

81
00:04:18.040 --> 00:04:21.319
<v Speaker 2>It subtly broke about one thousand centrifuges over time. It

82
00:04:21.399 --> 00:04:25.040
<v Speaker 2>was so stealthy, so effective that the Iranians actually arrested

83
00:04:25.040 --> 00:04:28.160
<v Speaker 2>some of their own people, thinking they were spies sabotaging

84
00:04:28.160 --> 00:04:30.519
<v Speaker 2>the plant. So yeah, it showed you could get real

85
00:04:30.560 --> 00:04:33.519
<v Speaker 2>world physical or kinetic as they say, effects from a

86
00:04:33.560 --> 00:04:34.759
<v Speaker 2>purely digital attack.

87
00:04:34.800 --> 00:04:37.879
<v Speaker 1>That was huge, And Stuck's Net, even though it was devastating,

88
00:04:37.959 --> 00:04:40.319
<v Speaker 1>was maybe just scratching the surface of what was being planned.

89
00:04:40.480 --> 00:04:42.399
<v Speaker 1>Bu can And talks about nitro Zeos. Can you tell

90
00:04:42.439 --> 00:04:44.240
<v Speaker 1>us more about that? That scale sounds enormous.

91
00:04:44.600 --> 00:04:49.720
<v Speaker 2>Oh, absolutely. Nitro Zius was basically a massive US contingency plan.

92
00:04:50.199 --> 00:04:53.639
<v Speaker 2>The idea was, if needed, to use cyber capabilities to

93
00:04:53.680 --> 00:04:57.480
<v Speaker 2>take down huge swathes of Iranian infrastructure. We're talking power grids,

94
00:04:57.639 --> 00:05:02.519
<v Speaker 2>transportation systems, air defenses, the works. The scale was just immense.

95
00:05:02.600 --> 00:05:05.879
<v Speaker 2>Thousands of people involved, tens of millions of dollars spent

96
00:05:06.360 --> 00:05:10.319
<v Speaker 2>just getting the access embedding tools deep inside Iranian networks.

97
00:05:10.560 --> 00:05:13.399
<v Speaker 2>They were apparently checking this access sometimes nightly, just to

98
00:05:13.439 --> 00:05:15.360
<v Speaker 2>make sure it was still there, ready to go. Now,

99
00:05:15.399 --> 00:05:17.879
<v Speaker 2>the plan itself was never actually activated because the Iron

100
00:05:17.959 --> 00:05:21.319
<v Speaker 2>nuclear deal happened in twenty fifteen, but the existence of

101
00:05:21.399 --> 00:05:24.160
<v Speaker 2>nitro Z shows you the level of planning, the ambition,

102
00:05:24.399 --> 00:05:28.839
<v Speaker 2>and the strategic thinking behind these offensive cyber preparations.

103
00:05:29.079 --> 00:05:31.240
<v Speaker 1>So if you can run operations like stuck Scent or

104
00:05:31.319 --> 00:05:33.800
<v Speaker 1>prepare something like nitro Z, you need the right tools.

105
00:05:34.079 --> 00:05:36.600
<v Speaker 1>I was really struck by what Buchanan says about zero days.

106
00:05:36.600 --> 00:05:39.120
<v Speaker 1>These sound like the ultimate cyber weapon. What are they exactly?

107
00:05:39.360 --> 00:05:41.600
<v Speaker 2>Yeah, they really are kind of the secret sauce in

108
00:05:41.639 --> 00:05:46.839
<v Speaker 2>the cyber arsenal. A zero day is basically a vulnerability,

109
00:05:47.040 --> 00:05:51.000
<v Speaker 2>a flaw in software that nobody knows about yet, or crucially,

110
00:05:51.040 --> 00:05:53.360
<v Speaker 2>the vendor, the company that made the software doesn't know

111
00:05:53.399 --> 00:05:56.480
<v Speaker 2>about it, so there's no patch, no fix available. This

112
00:05:56.560 --> 00:05:59.240
<v Speaker 2>makes them incredibly valuable for an attacker because it gives

113
00:05:59.279 --> 00:06:01.879
<v Speaker 2>you a way into system that well, nobody's guarding against.

114
00:06:01.879 --> 00:06:04.560
<v Speaker 2>It's a secret door if you. Cannon points out the

115
00:06:04.680 --> 00:06:08.480
<v Speaker 2>NSSAY reportedly paid over twenty five million dollars in just

116
00:06:08.560 --> 00:06:11.920
<v Speaker 2>one year to one French company just for the zero

117
00:06:11.959 --> 00:06:14.480
<v Speaker 2>days that company found. That kind of money tells you

118
00:06:14.600 --> 00:06:16.759
<v Speaker 2>just how critical these things are operationally.

119
00:06:17.160 --> 00:06:19.240
<v Speaker 1>And it's not just about getting in. Is if Buchanan

120
00:06:19.240 --> 00:06:24.040
<v Speaker 1>talks about achieving persistence, that sounds clingy and pretty ominous.

121
00:06:24.040 --> 00:06:25.839
<v Speaker 1>What does that actually involve and why is it such

122
00:06:25.879 --> 00:06:26.360
<v Speaker 1>a big deal.

123
00:06:26.759 --> 00:06:30.920
<v Speaker 2>Persistence is about sticking around. It means burrowing really, really

124
00:06:30.959 --> 00:06:34.160
<v Speaker 2>deep into a target system, not just installing some malware

125
00:06:34.199 --> 00:06:37.639
<v Speaker 2>on the hard drive, but getting into the system's firmware

126
00:06:37.839 --> 00:06:40.519
<v Speaker 2>or even the bio sets, the basic input output system

127
00:06:40.519 --> 00:06:44.079
<v Speaker 2>that starts the computer up. When you're in, at that level, it's,

128
00:06:44.160 --> 00:06:48.120
<v Speaker 2>as Buchanan quotes, virtually impossible to get them out. You

129
00:06:48.160 --> 00:06:51.079
<v Speaker 2>could wipe the hard drive, reinstall everything, the operating system,

130
00:06:51.079 --> 00:06:53.720
<v Speaker 2>all the software, and the implant, the malicious code could

131
00:06:53.720 --> 00:06:56.600
<v Speaker 2>still be there waiting. Security folks call it the race

132
00:06:56.639 --> 00:06:59.959
<v Speaker 2>to the bear metal. Getting as low level as possible,

133
00:07:00.360 --> 00:07:03.439
<v Speaker 2>bu Caan incites research from Kaspersky Labs, suggesting the US

134
00:07:03.439 --> 00:07:05.759
<v Speaker 2>developed ways to do this against hard drives from pretty

135
00:07:05.800 --> 00:07:09.480
<v Speaker 2>much all the major manufacturers. Researchers called it an ultimate

136
00:07:09.519 --> 00:07:13.279
<v Speaker 2>persistence mechanism, next level you've never seen before. It's about

137
00:07:13.279 --> 00:07:15.800
<v Speaker 2>having that permanent, hidden foothold, right, So.

138
00:07:15.759 --> 00:07:18.439
<v Speaker 1>They're basically moving into the digital foundations of the house,

139
00:07:18.519 --> 00:07:21.600
<v Speaker 1>not just breaking a windows. Yeah, that's a defender's nightmare. Yeah,

140
00:07:21.639 --> 00:07:24.000
<v Speaker 1>which leads to why they do this. What are the

141
00:07:24.160 --> 00:07:29.199
<v Speaker 1>operational incentives? Buchanan points to, why build these deep persistent footholds.

142
00:07:29.560 --> 00:07:32.759
<v Speaker 2>It comes down to preparation. States want to do detailed

143
00:07:32.800 --> 00:07:37.360
<v Speaker 2>reconnaissance before any potential conflict. It's officially called cyber operations

144
00:07:37.360 --> 00:07:41.639
<v Speaker 2>in Preparation of the Environment or COPE fancy term, but

145
00:07:41.680 --> 00:07:46.000
<v Speaker 2>it means mapping the territory. Buchanan mentions DARPA's Plan X program.

146
00:07:46.199 --> 00:07:49.120
<v Speaker 2>This was about building this constantly updated digital map of

147
00:07:49.160 --> 00:07:53.240
<v Speaker 2>potential targets, figuring out vulnerabilities, placing tools so you could

148
00:07:53.279 --> 00:07:57.560
<v Speaker 2>launch cyber operations really quickly if needed. The goal, quite explicitly,

149
00:07:57.759 --> 00:08:01.120
<v Speaker 2>was to dominate the cyber battlespace. It's about having everything

150
00:08:01.160 --> 00:08:03.600
<v Speaker 2>lined up ready to go at a moment's notice.

151
00:08:03.680 --> 00:08:05.879
<v Speaker 1>And what's really tricky here is, Buchanan points out, is

152
00:08:05.920 --> 00:08:09.000
<v Speaker 1>this dual use problem. The access you need for spying

153
00:08:09.399 --> 00:08:12.120
<v Speaker 1>often looks exactly like the access you need for an attack.

154
00:08:12.480 --> 00:08:14.199
<v Speaker 1>Can you give us examples? And why does he say

155
00:08:14.199 --> 00:08:17.399
<v Speaker 1>these ops are often opaque sort of hard to grasp

156
00:08:17.480 --> 00:08:19.160
<v Speaker 1>for traditional military folks.

157
00:08:19.399 --> 00:08:22.360
<v Speaker 2>Yeah, this dual use thing is absolutely central to the

158
00:08:22.399 --> 00:08:26.000
<v Speaker 2>whole dilemma. The tools and access for espionage often are

159
00:08:26.040 --> 00:08:28.879
<v Speaker 2>the same tools and access needed for attack. He uses

160
00:08:28.920 --> 00:08:32.200
<v Speaker 2>the hacks on Saudi Ramco, the Oil Giant, and Sony pictures.

161
00:08:32.720 --> 00:08:35.679
<v Speaker 2>In both cases data was destroyed, hard drives wiped at

162
00:08:35.720 --> 00:08:38.879
<v Speaker 2>a Ramco, massive data deletion at Sony, but data was

163
00:08:38.919 --> 00:08:42.840
<v Speaker 2>also stolen embarrassing emails, employee data, movie scripts from Sony.

164
00:08:43.039 --> 00:08:46.039
<v Speaker 2>Same access, different goals or maybe even both goals at once,

165
00:08:46.480 --> 00:08:50.600
<v Speaker 2>And they're opaque to traditional military planners because well, cyber

166
00:08:50.639 --> 00:08:52.919
<v Speaker 2>isn't like tanks and planes. You can't easily count cyber

167
00:08:52.960 --> 00:08:56.200
<v Speaker 2>weapons or see troops massing on a border. It's invisible,

168
00:08:56.399 --> 00:08:59.720
<v Speaker 2>hard to quantify, hard to fit into establish military doctrines.

169
00:09:00.200 --> 00:09:03.000
<v Speaker 2>This makes it really difficult to integrate cyber into broader

170
00:09:03.039 --> 00:09:05.879
<v Speaker 2>strategic planning and to assess the true threat level.

171
00:09:05.960 --> 00:09:07.840
<v Speaker 1>Okay, let's clip the coin. Now, let's talk about the

172
00:09:07.840 --> 00:09:11.039
<v Speaker 1>defender's view. Protecting networks against all This sounds like a

173
00:09:11.080 --> 00:09:14.840
<v Speaker 1>monumental task. U Canon calls it a massive and largely

174
00:09:14.960 --> 00:09:17.919
<v Speaker 1>secret effort. What kind of fight has the NSA, for example,

175
00:09:18.000 --> 00:09:19.919
<v Speaker 1>been waging just to keep network secure?

176
00:09:20.240 --> 00:09:23.919
<v Speaker 2>It's a constant, uphill battle. You take the NSA, they've

177
00:09:23.919 --> 00:09:27.080
<v Speaker 2>been in this long running fight against Chinese cyber intrusions,

178
00:09:27.440 --> 00:09:31.399
<v Speaker 2>which they code named Byzantine Hades. Buchanan says there were

179
00:09:31.440 --> 00:09:34.519
<v Speaker 2>over five hundred major cases attributed to this one actor group.

180
00:09:34.879 --> 00:09:38.480
<v Speaker 2>It just shows the sheer persistence and sophistication attackers brain.

181
00:09:38.799 --> 00:09:42.120
<v Speaker 2>Even the most capable agencies are constantly playing defense, trying

182
00:09:42.200 --> 00:09:44.759
<v Speaker 2>to patch holes and detect breaches.

183
00:09:44.639 --> 00:09:48.639
<v Speaker 1>And sometimes the best defense is offense. Buchanan mentions this

184
00:09:48.679 --> 00:09:52.159
<v Speaker 1>tactic of hacking the hackers that sounds pretty bold. How

185
00:09:52.159 --> 00:09:54.879
<v Speaker 1>did the NSA apparently use this against Chinese operations?

186
00:09:55.039 --> 00:09:58.000
<v Speaker 2>Yeah, it's a fascinating turn about. So in response to

187
00:09:58.080 --> 00:10:02.000
<v Speaker 2>one specific Chinese intrusion camp code named Byzantine Candor, the

188
00:10:02.120 --> 00:10:05.639
<v Speaker 2>NSA's threat operations center their cyber hunters, they actually managed

189
00:10:05.639 --> 00:10:08.360
<v Speaker 2>to break into five computers that the Chinese hackers were

190
00:10:08.440 --> 00:10:11.200
<v Speaker 2>using to launch their attacks from. This gave the NSA,

191
00:10:11.279 --> 00:10:13.799
<v Speaker 2>as Buchanan puts it, excellent sources of data on what

192
00:10:13.840 --> 00:10:16.120
<v Speaker 2>the attackers were doing, their tools, their targets. They can

193
00:10:16.159 --> 00:10:19.039
<v Speaker 2>basically watch them in action, which is invaluable for figuring

194
00:10:19.039 --> 00:10:21.679
<v Speaker 2>out how to stop them and protect US networks.

195
00:10:22.120 --> 00:10:26.120
<v Speaker 1>So how do defenders spot these intruders, especially the really

196
00:10:26.159 --> 00:10:30.240
<v Speaker 1>sophisticated ones. Buchana goes through different detection methods. Let's start

197
00:10:30.240 --> 00:10:31.000
<v Speaker 1>with pattern.

198
00:10:30.720 --> 00:10:34.360
<v Speaker 2>Matching, right. Pattern matching is a common technique. It relies

199
00:10:34.399 --> 00:10:38.759
<v Speaker 2>on finding known indicators of compromise or IOCs. These can

200
00:10:38.799 --> 00:10:43.120
<v Speaker 2>be simple things like atomic indicators specific IP addresses or

201
00:10:43.159 --> 00:10:46.639
<v Speaker 2>domain names known to be used by attackers, or they

202
00:10:46.639 --> 00:10:51.840
<v Speaker 2>can be computed indicators like cryptographic hashes basically digital fingerprints

203
00:10:51.840 --> 00:10:55.879
<v Speaker 2>of known malicious files. And then there are behavioral indicators,

204
00:10:55.919 --> 00:10:58.679
<v Speaker 2>which are more about the patterns of activity, how an

205
00:10:58.679 --> 00:11:01.639
<v Speaker 2>intruder moves through a network, the sequence of commands they use.

206
00:11:01.879 --> 00:11:04.440
<v Speaker 2>It's like recognizing a burglar's typical methods.

207
00:11:04.559 --> 00:11:06.559
<v Speaker 1>Okay, but what if the attackers are using brand new

208
00:11:06.559 --> 00:11:09.399
<v Speaker 1>tools like those zero days we talked about? Pattern matching

209
00:11:09.440 --> 00:11:12.399
<v Speaker 1>might miss that, right? What about things like network security

210
00:11:12.440 --> 00:11:15.159
<v Speaker 1>monitoring or memory analysis exactly.

211
00:11:15.320 --> 00:11:18.480
<v Speaker 2>That's where those more advanced techniques come in. Network security

212
00:11:18.519 --> 00:11:21.120
<v Speaker 2>monitoring is about watching all the traffic going in and

213
00:11:21.159 --> 00:11:23.960
<v Speaker 2>out of a network. You collect it, analyze it, looking

214
00:11:24.039 --> 00:11:27.559
<v Speaker 2>for anything unusual, any anomalies that don't fit the normal patterns,

215
00:11:27.600 --> 00:11:29.679
<v Speaker 2>even if you don't know exactly what the attack looks

216
00:11:29.720 --> 00:11:33.039
<v Speaker 2>like yet. And memory analysis is really powerful too. Instead

217
00:11:33.039 --> 00:11:35.080
<v Speaker 2>of just looking at file stored on the hard drive,

218
00:11:35.399 --> 00:11:38.360
<v Speaker 2>you examine what's currently running in the computer's RAM, it's

219
00:11:38.399 --> 00:11:41.960
<v Speaker 2>active memory. This can catch malware that tries to hide

220
00:11:42.000 --> 00:11:46.000
<v Speaker 2>itself or exploits like zero days that might not leave

221
00:11:46.080 --> 00:11:48.440
<v Speaker 2>many traces on the disc. It sees what the computer's

222
00:11:48.440 --> 00:11:49.080
<v Speaker 2>doing right now.

223
00:11:49.600 --> 00:11:52.559
<v Speaker 1>The NSA also has this concept of foreign intelligence and

224
00:11:52.559 --> 00:11:56.600
<v Speaker 1>supportive dynamic defense. Sounds like using spy data to directly

225
00:11:56.679 --> 00:11:59.519
<v Speaker 1>improve security. You an example of how that actually works

226
00:11:59.519 --> 00:12:00.120
<v Speaker 1>in practice.

227
00:12:00.360 --> 00:12:04.200
<v Speaker 2>Yeah, it's exactly that, connecting the dots between intelligence gathering

228
00:12:04.279 --> 00:12:08.360
<v Speaker 2>and network protection. It's a direct feedback loop. Buchanan mentions

229
00:12:08.360 --> 00:12:11.639
<v Speaker 2>that by twenty eleven, the NSA's defensive systems armed with

230
00:12:11.679 --> 00:12:15.279
<v Speaker 2>this intelligence could block something like twenty eight different categories

231
00:12:15.279 --> 00:12:18.480
<v Speaker 2>of threats. Automatically, and there was this one specific case

232
00:12:18.679 --> 00:12:22.600
<v Speaker 2>where they stopped a byzantine Haites attack targeting four very

233
00:12:22.639 --> 00:12:25.679
<v Speaker 2>senior US military leaders, including the Chairman of the Joint

234
00:12:25.720 --> 00:12:29.240
<v Speaker 2>Chiefs of Staff. So that's intelligence directly preventing a potentially

235
00:12:29.320 --> 00:12:33.000
<v Speaker 2>serious breach at the highest levels. It shows the operational value.

236
00:12:33.480 --> 00:12:36.759
<v Speaker 1>Then there's this really interesting almost cloak and dagger concept

237
00:12:36.960 --> 00:12:40.720
<v Speaker 1>fourth party collection, piggybacking on other countries hacking operations. How

238
00:12:40.720 --> 00:12:43.279
<v Speaker 1>does that work and what does it do to trust,

239
00:12:43.320 --> 00:12:44.559
<v Speaker 1>maybe even between allies.

240
00:12:44.799 --> 00:12:49.120
<v Speaker 2>It gets pretty murky. Yeah, the example Buchanan uses involves

241
00:12:49.159 --> 00:12:52.879
<v Speaker 2>the Five Eyes Alliance, you know, the US, UK, Canada, Australia,

242
00:12:52.919 --> 00:12:57.840
<v Speaker 2>and New Zealand. They apparently targeted South Korea's signals intelligence operations.

243
00:12:58.080 --> 00:13:00.240
<v Speaker 2>They weren't just trying to learn what South Korean knew

244
00:13:00.279 --> 00:13:03.360
<v Speaker 2>about North Korea from their spying. They were sometimes even

245
00:13:03.480 --> 00:13:07.360
<v Speaker 2>hijacking the tools the exploits that South Korea was using

246
00:13:07.399 --> 00:13:10.799
<v Speaker 2>against North Korea and repurposing them for Five Ey's own use.

247
00:13:11.279 --> 00:13:12.799
<v Speaker 2>As you can imagine this kind of thing, Knowing that

248
00:13:12.840 --> 00:13:15.759
<v Speaker 2>even your partners might be intercepting your operations can read

249
00:13:15.799 --> 00:13:19.799
<v Speaker 2>a lot of paranoia, as Buchanan puts it within intelligence circles.

250
00:13:19.840 --> 00:13:21.720
<v Speaker 2>It really complicates trust.

251
00:13:21.720 --> 00:13:25.080
<v Speaker 1>Which brings us back to a fundamental debate. Is cyberspace

252
00:13:25.200 --> 00:13:28.279
<v Speaker 1>inherently a fence dominant We hear that a lot. President

253
00:13:28.360 --> 00:13:31.559
<v Speaker 1>Obama said offense is moving faster than defense. Michael Hayden,

254
00:13:31.639 --> 00:13:35.000
<v Speaker 1>former NSA director, was even stronger, there's almost nothing inherent

255
00:13:35.039 --> 00:13:36.679
<v Speaker 1>in the domain that plays to the defense.

256
00:13:37.440 --> 00:13:39.559
<v Speaker 2>Is that the whole story? Though? What's the counter argument?

257
00:13:39.879 --> 00:13:42.679
<v Speaker 2>It's definitely a common view that the attacker always has

258
00:13:42.679 --> 00:13:45.919
<v Speaker 2>the edge, and there's some truth to it, But defenders

259
00:13:45.919 --> 00:13:49.879
<v Speaker 2>and experts push back a bit. Richard Bettlich, a defense pioneer,

260
00:13:49.879 --> 00:13:53.000
<v Speaker 2>pointed out that attackers often have a huge advantage in focus.

261
00:13:53.320 --> 00:13:56.759
<v Speaker 2>They study one target system deeply. Defenders have to protect everything,

262
00:13:57.320 --> 00:14:01.879
<v Speaker 2>and Bruce Schneier, another top expert, famously said a sufficiently funded, skilled,

263
00:14:02.039 --> 00:14:06.399
<v Speaker 2>motivated adversary will get in, which sounds bleak, but the

264
00:14:06.480 --> 00:14:10.600
<v Speaker 2>nuance is important. While perfect defense might be impossible, good defense,

265
00:14:10.639 --> 00:14:14.240
<v Speaker 2>good preparation, good information sharing, smart strategies can make the

266
00:14:14.279 --> 00:14:17.759
<v Speaker 2>attacker's job much harder, much more expensive, and much riskier.

267
00:14:17.840 --> 00:14:20.120
<v Speaker 2>So it's not that defense is futile, but it is

268
00:14:20.159 --> 00:14:21.320
<v Speaker 2>incredibly challenging.

269
00:14:21.519 --> 00:14:24.559
<v Speaker 1>Okay, So pulling this all together, what does this cybersecurity

270
00:14:24.600 --> 00:14:27.840
<v Speaker 1>dilemma mean for overall stability between nations? How is it

271
00:14:27.879 --> 00:14:30.320
<v Speaker 1>different from the old Cold War security dilemma with nukes

272
00:14:30.320 --> 00:14:30.759
<v Speaker 1>and tanks.

273
00:14:31.159 --> 00:14:34.080
<v Speaker 2>Well, A key difference Buchanan highlights is the lack of

274
00:14:34.120 --> 00:14:37.919
<v Speaker 2>physical geography in cyberspace. You don't have oceans or mountains

275
00:14:37.960 --> 00:14:42.240
<v Speaker 2>acting as natural buffers or borders. It's inherently global and interconnected.

276
00:14:42.519 --> 00:14:46.759
<v Speaker 2>And maybe more importantly, sober capabilities are just fundamentally ambiguous.

277
00:14:47.279 --> 00:14:49.399
<v Speaker 2>It's incredibly hard to look at a cyber tool or

278
00:14:49.440 --> 00:14:51.879
<v Speaker 2>an intrusion and know for sure if the intent is

279
00:14:51.879 --> 00:14:55.399
<v Speaker 2>purely defensive like mapping networks to protect from better or

280
00:14:55.440 --> 00:14:58.679
<v Speaker 2>offensive like preparing for an attack. That ambiguity is a

281
00:14:58.799 --> 00:14:59.919
<v Speaker 2>huge source of tension.

282
00:15:00.559 --> 00:15:03.720
<v Speaker 1>That ambiguity must make it incredibly difficult to dial things down.

283
00:15:04.639 --> 00:15:07.679
<v Speaker 1>How does Buchanan suggest that just having good basic security

284
00:15:07.720 --> 00:15:10.440
<v Speaker 1>baseline defenses can help? And what about all the noise

285
00:15:10.519 --> 00:15:12.440
<v Speaker 1>he mentions like those ten million attacks?

286
00:15:12.799 --> 00:15:16.840
<v Speaker 2>Right? He argues that strong baseline defenses are actually crucial

287
00:15:16.879 --> 00:15:20.799
<v Speaker 2>for managing the dilemma. If your own networks are reasonably secure,

288
00:15:20.840 --> 00:15:23.080
<v Speaker 2>you can filter out a lot of the background noise

289
00:15:23.679 --> 00:15:26.039
<v Speaker 2>you mentioned as the former director of the OPM, the

290
00:15:26.159 --> 00:15:29.120
<v Speaker 2>US Personnel office that got massively hacked, talking about ten

291
00:15:29.159 --> 00:15:31.679
<v Speaker 2>million attacks a month. But most of that is just

292
00:15:31.759 --> 00:15:35.240
<v Speaker 2>automated scanning background radiation of the Internet, not serious state

293
00:15:35.320 --> 00:15:38.759
<v Speaker 2>level threats. Good defenses help you separate the signal from

294
00:15:38.759 --> 00:15:40.840
<v Speaker 2>that noise, so you can focus your resources on the

295
00:15:40.919 --> 00:15:45.600
<v Speaker 2>genuinely sophisticated, potentially dangerous intrusions. It simplifies the picture.

296
00:15:46.240 --> 00:15:50.159
<v Speaker 1>Okay, so defense helps, but that ambiguity is still there.

297
00:15:50.519 --> 00:15:53.879
<v Speaker 1>Trust seems essential. Buchanan looks back at the Cold War again,

298
00:15:53.919 --> 00:15:56.720
<v Speaker 1>specifically the hot line. How does that serve as a

299
00:15:56.759 --> 00:15:58.240
<v Speaker 1>model for cyber diplomacy.

300
00:15:58.440 --> 00:16:01.480
<v Speaker 2>The hotline between Washington in Moscow, set up after the

301
00:16:01.519 --> 00:16:04.320
<v Speaker 2>Cuban missile crisis, was vital. It was used during the

302
00:16:04.399 --> 00:16:08.519
<v Speaker 2>nineteen sixty seven Arab Israeli War other crises. It provided

303
00:16:08.559 --> 00:16:12.919
<v Speaker 2>that direct, immediate communication channel. It allowed leaders to quickly

304
00:16:12.960 --> 00:16:17.919
<v Speaker 2>clarify intentions, ask questions, and hopefully avoid misunderstandings escalating into

305
00:16:18.000 --> 00:16:22.000
<v Speaker 2>something catastrophic. There was even a lower level warmline for

306
00:16:22.159 --> 00:16:25.159
<v Speaker 2>operational folks to talk. It showed that even bitter rivals

307
00:16:25.200 --> 00:16:27.440
<v Speaker 2>saw the need for communication to manage.

308
00:16:27.200 --> 00:16:30.000
<v Speaker 1>Risk and we've seen attempts to apply that lesson to

309
00:16:30.120 --> 00:16:33.759
<v Speaker 1>cyber right. What about efforts between say the US and China.

310
00:16:33.960 --> 00:16:36.879
<v Speaker 2>Yeah, despite all the friction, there have been ongoing efforts

311
00:16:36.960 --> 00:16:40.720
<v Speaker 2>high level talks, joint working groups focusing specifically on cyber issues.

312
00:16:41.039 --> 00:16:44.120
<v Speaker 2>The results have been let's say mixed. China walked away

313
00:16:44.120 --> 00:16:46.120
<v Speaker 2>from talks for a while after the US indicted some

314
00:16:46.159 --> 00:16:48.960
<v Speaker 2>PLA officers for hacking, but then they eventually came back.

315
00:16:49.320 --> 00:16:51.759
<v Speaker 2>But the existence of these channels is important. They provide

316
00:16:51.799 --> 00:16:54.320
<v Speaker 2>a place to air grievances, discuss norms, and try to

317
00:16:54.320 --> 00:16:56.960
<v Speaker 2>build at least a minimal level of understanding. Even if

318
00:16:56.960 --> 00:16:57.720
<v Speaker 2>trust is scarce.

319
00:16:58.120 --> 00:17:02.919
<v Speaker 1>Beyond just talking, you can brings up costly signals. These

320
00:17:02.960 --> 00:17:06.119
<v Speaker 1>are actions a state takes that clearly show its trustworthy

321
00:17:06.480 --> 00:17:09.599
<v Speaker 1>because the action involves some kind of sacrifice. What are

322
00:17:09.640 --> 00:17:11.359
<v Speaker 1>some historical examples he uses.

323
00:17:11.519 --> 00:17:15.400
<v Speaker 2>He points to things like Khrushchev unilaterally pulling Soviet troops

324
00:17:15.400 --> 00:17:17.839
<v Speaker 2>out of Austria in the fifties. That wasn't just talk,

325
00:17:18.039 --> 00:17:21.240
<v Speaker 2>it was a tangible reduction in military presence. Or think

326
00:17:21.240 --> 00:17:24.559
<v Speaker 2>about Gorbachev making big concessions in arms control treaties like

327
00:17:24.559 --> 00:17:27.759
<v Speaker 2>the inf Treaty or pulling out of Afghanistan. These were

328
00:17:27.799 --> 00:17:31.240
<v Speaker 2>actions that cost the Soviets something, either strategically or politically,

329
00:17:31.519 --> 00:17:35.039
<v Speaker 2>but they signaled a genuine shift in policy, and Buchanan

330
00:17:35.119 --> 00:17:38.279
<v Speaker 2>notes how these actions gradually changed Reagan's perception of the

331
00:17:38.319 --> 00:17:42.119
<v Speaker 2>Soviet Union away from the evil empire rhetoric. They demonstrated

332
00:17:42.160 --> 00:17:43.720
<v Speaker 2>trustworthiness through sacrifice.

333
00:17:43.759 --> 00:17:46.839
<v Speaker 1>And this idea of costly signals applies directly to cyber

334
00:17:47.079 --> 00:17:50.559
<v Speaker 1>specifically with those zero day vulnerabilities. How can handling a

335
00:17:50.680 --> 00:17:52.680
<v Speaker 1>zero day demonstrate trustworthiness?

336
00:17:52.759 --> 00:17:55.359
<v Speaker 2>It's a really clear example. So a government finds a

337
00:17:55.440 --> 00:17:58.039
<v Speaker 2>zero day flaw, what does it do? Option one keep

338
00:17:58.079 --> 00:18:01.359
<v Speaker 2>it secret, use it for spying or potential attacks. That's

339
00:18:01.400 --> 00:18:04.240
<v Speaker 2>the offensive advantage. Option two may be selled on the

340
00:18:04.240 --> 00:18:07.119
<v Speaker 2>black market. Option three tell a software vendor so they

341
00:18:07.160 --> 00:18:10.119
<v Speaker 2>can fix it, patching the hole for everyone. Choosing option

342
00:18:10.200 --> 00:18:13.119
<v Speaker 2>three means giving up your secret weapon. You sacrifice that

343
00:18:13.200 --> 00:18:17.079
<v Speaker 2>operational advantage for the sake of broader cybersecurity, for collective defense.

344
00:18:17.200 --> 00:18:20.640
<v Speaker 2>That's a costly signal. Buchanan mentions the US has a

345
00:18:20.680 --> 00:18:24.799
<v Speaker 2>formal process, the vulnerability's equities process, trying to weigh these

346
00:18:24.839 --> 00:18:28.920
<v Speaker 2>offensive versus defensive equities, and he quotes the Dutch government's

347
00:18:29.079 --> 00:18:33.680
<v Speaker 2>clear stance encryption good, backdoors bad. It's about signaling commitment

348
00:18:33.720 --> 00:18:36.000
<v Speaker 2>to overall security, even at a cost.

349
00:18:36.200 --> 00:18:40.480
<v Speaker 1>Okay. Lastly, attribution and response. Knowing who did it is crucial.

350
00:18:40.799 --> 00:18:43.240
<v Speaker 1>The Sony Pictures hack is the big case study here.

351
00:18:43.559 --> 00:18:45.680
<v Speaker 1>How is the US so sure it was North Korea?

352
00:18:46.079 --> 00:18:47.799
<v Speaker 1>And what does this tell us about the role of

353
00:18:47.839 --> 00:18:48.720
<v Speaker 1>private companies?

354
00:18:48.759 --> 00:18:52.039
<v Speaker 2>Now, Attribution is notoriously hard in cyber but in the

355
00:18:52.079 --> 00:18:55.240
<v Speaker 2>Sony case, the US government expressed very high confidence it

356
00:18:55.279 --> 00:18:59.000
<v Speaker 2>was North Korea. B Canon suggests this confidence came largely

357
00:18:59.000 --> 00:19:01.839
<v Speaker 2>from pre existing acts access the US likely had inside

358
00:19:01.880 --> 00:19:05.519
<v Speaker 2>North Korean networks, giving them visibility into the operation as

359
00:19:05.559 --> 00:19:09.759
<v Speaker 2>it happened or shortly after. Intelligence was key, But the

360
00:19:09.759 --> 00:19:12.839
<v Speaker 2>Sony case also highlighted the growing role of the private

361
00:19:12.880 --> 00:19:17.920
<v Speaker 2>cybersecurity industry in attribution. These companies have global sensor networks,

362
00:19:18.200 --> 00:19:22.440
<v Speaker 2>deep technical expertise. They often publish their own detailed analyzes

363
00:19:22.480 --> 00:19:26.400
<v Speaker 2>of major attacks. This sometimes forces government's hands, making previously

364
00:19:26.440 --> 00:19:29.559
<v Speaker 2>secret operations public and adds another layer to figure out

365
00:19:29.559 --> 00:19:31.000
<v Speaker 2>who's behind a major incidence.

366
00:19:31.200 --> 00:19:33.559
<v Speaker 1>And when a state does attribute an attack, the response

367
00:19:33.599 --> 00:19:35.880
<v Speaker 1>doesn't have to be another cyber attack, right What other

368
00:19:35.920 --> 00:19:37.000
<v Speaker 1>tools were in the toolbox.

369
00:19:37.200 --> 00:19:40.160
<v Speaker 2>Absolutely, you can in stresses that responses don't need to

370
00:19:40.200 --> 00:19:42.839
<v Speaker 2>be inkind. You don't have to hack back just because

371
00:19:42.839 --> 00:19:46.079
<v Speaker 2>you're hacked. States can use other instruments of national power.

372
00:19:46.519 --> 00:19:48.839
<v Speaker 2>Economic sanctions are a big one. The US use them

373
00:19:48.839 --> 00:19:53.039
<v Speaker 2>against North Korea after Sony, or diplomatic actions like indicting

374
00:19:53.079 --> 00:19:56.279
<v Speaker 2>foreign military officers, as the US did with Chinese PLA members.

375
00:19:56.680 --> 00:20:00.359
<v Speaker 2>These are political signals. They show resolve imposed costs and

376
00:20:00.519 --> 00:20:05.119
<v Speaker 2>demonstrate that cyber actions have consequences without necessarily escalating things

377
00:20:05.200 --> 00:20:06.519
<v Speaker 2>in the cyber domain itself.

378
00:20:06.599 --> 00:20:09.759
<v Speaker 1>So wrapping this up, you canon, really leaves us wrestling

379
00:20:09.839 --> 00:20:13.400
<v Speaker 1>with this core tension, this cybersecurity dilemma. In this hyper

380
00:20:13.480 --> 00:20:17.359
<v Speaker 1>connected world, states are constantly trying to secure themselves, but

381
00:20:17.440 --> 00:20:21.279
<v Speaker 1>those very actions almost inevitably look like potential threats to others.

382
00:20:21.400 --> 00:20:23.799
<v Speaker 1>It's this fragile, ongoing struggle, it.

383
00:20:23.720 --> 00:20:26.000
<v Speaker 2>Really is, And it leaves you, the listener, with a

384
00:20:26.279 --> 00:20:29.839
<v Speaker 2>pretty fundamental question, doesn't it. Given how ambiguous cyber tools are,

385
00:20:30.079 --> 00:20:32.640
<v Speaker 2>how hard it is to tell defense from offense, can

386
00:20:32.680 --> 00:20:36.279
<v Speaker 2>things like costly signals and talking shops truly build lasting

387
00:20:36.319 --> 00:20:39.079
<v Speaker 2>stability or are we just stuck in this cycle and

388
00:20:39.119 --> 00:20:42.759
<v Speaker 2>what does this constant simmering tension between nations online mean

389
00:20:42.839 --> 00:20:45.440
<v Speaker 2>for your daily life, for the security of the data

390
00:20:45.519 --> 00:20:48.279
<v Speaker 2>you rely on, the services you use, the very infrastructure

391
00:20:48.279 --> 00:20:51.240
<v Speaker 2>that underpins our digital world. It kind of forces you

392
00:20:51.279 --> 00:20:54.279
<v Speaker 2>to think about how these high level state games filter

393
00:20:54.359 --> 00:20:57.039
<v Speaker 2>down and affect us all, and whether genuine trust is

394
00:20:57.039 --> 00:20:58.640
<v Speaker 2>even possible in this domain.