WEBVTT 1 00:00:00.160 --> 00:00:03.000 Welcome to the deep dive. You know, think about the 2 00:00:03.040 --> 00:00:07.320 early vision for cyberspace. It was incredibly optimistic. Wasn't it 3 00:00:07.360 --> 00:00:10.759 a space to boost human interaction, help us work smarter, 4 00:00:10.960 --> 00:00:13.480 make decisions, connect the entire world? 5 00:00:13.560 --> 00:00:16.920 Absolutely a truly evolutionary idea. 6 00:00:17.359 --> 00:00:19.920 But here's the twist, and it's a big one. That 7 00:00:20.079 --> 00:00:23.640 same human ingenuity, the aggressive part of it, Well, it 8 00:00:23.719 --> 00:00:28.480 transformed this amazing invention into essentially a new battlefield. 9 00:00:28.440 --> 00:00:31.000 And that led to the development of what we now 10 00:00:31.039 --> 00:00:34.320 call cyber arms, right, and that whole transformation is exactly 11 00:00:34.399 --> 00:00:36.960 what we're diving into today. We're going to trace this 12 00:00:37.520 --> 00:00:40.719 really astonishing journey. It starts with things that seemed almost 13 00:00:40.719 --> 00:00:44.719 like pranks, you know, harmless malicious castus well, relatively harmless 14 00:00:44.719 --> 00:00:47.880 back then, but it evolved into these incredibly sophisticated cyber 15 00:00:47.920 --> 00:00:50.719 weapons we see now, and it's all about the dual 16 00:00:50.799 --> 00:00:53.280 nature of these digital tools, how they can defend but 17 00:00:53.359 --> 00:00:58.520 also cause well devastating offense. The implications for global security 18 00:00:58.560 --> 00:01:00.560 are critical, sometimes pretty settling. 19 00:01:00.759 --> 00:01:02.880 It feels like the tech moves so fast. 20 00:01:02.759 --> 00:01:05.959 It really does. What's striking is just how quickly the 21 00:01:06.000 --> 00:01:10.799 technology seems to outpace our ethics, our values, our ability 22 00:01:10.840 --> 00:01:12.799 to set clear rules in this. 23 00:01:12.799 --> 00:01:16.480 Domain, like we're always playing catch up. So to really 24 00:01:16.480 --> 00:01:20.400 get our heads around this complex evolution from those first 25 00:01:20.400 --> 00:01:24.760 digital annoyances to nation state threats, the tools, the escalating dangers, 26 00:01:24.959 --> 00:01:26.879 and what the world's trying to do about it. We've 27 00:01:26.920 --> 00:01:28.680 pulled together a whole stack of sources for you. 28 00:01:28.799 --> 00:01:29.799 Yeah, lots to untack. 29 00:01:30.120 --> 00:01:33.040 Okay, let's peel back the layers. So when we talk 30 00:01:33.079 --> 00:01:36.840 about the very start of cyber arms, it sounds almost 31 00:01:36.879 --> 00:01:40.680 quaint now, doesn't it, Thinking that something like a digital school. 32 00:01:40.359 --> 00:01:43.159 Prank I'll be sending apples bouncing across someone's screen. 33 00:01:43.120 --> 00:01:47.280 Exactly, that could somehow morph into something capable of crippling 34 00:01:47.319 --> 00:01:50.879 a nation's infrastructure. But our sources point way back to 35 00:01:51.000 --> 00:01:52.799 elk Clunter in nineteen eighty two. 36 00:01:53.040 --> 00:01:55.200 Nineteen eighty two, spread by floppy disc. 37 00:01:55.280 --> 00:01:58.079 By floppy disc, it copied itself into the boot sector. 38 00:01:58.640 --> 00:02:01.159 Then just a year Latereten three, we get the first 39 00:02:01.280 --> 00:02:05.280 quote professionally designed virus from a university. 40 00:02:04.680 --> 00:02:08.199 Experiment, and that's where the term computer virus was formally introduced. 41 00:02:08.240 --> 00:02:11.360 Really and that early evolution you mentioned elk Cloner, But 42 00:02:11.400 --> 00:02:14.080 think about viruses like whale that one really showed this 43 00:02:14.199 --> 00:02:19.280 fundamental cybersecurity problem. It's always a reactive battle. Oh so, well, 44 00:02:19.520 --> 00:02:22.759 the whale virus could actually mutate, It could rewrite its 45 00:02:22.759 --> 00:02:27.240 own instructions, making it incredibly hard to track using traditional methods. 46 00:02:27.360 --> 00:02:30.759 So the old anti virus way looking for a fixed pattern, 47 00:02:30.800 --> 00:02:32.280 a known signature. 48 00:02:31.919 --> 00:02:35.199 Exactly, that became obsolete almost immediately because these things could 49 00:02:35.280 --> 00:02:38.080 change their own code, you know, always one step ahead. 50 00:02:38.240 --> 00:02:41.159 It became this constant game of digital cat and mouse. 51 00:02:41.280 --> 00:02:43.919 And then the whole game just fundamentally shifted. The Internet 52 00:02:44.000 --> 00:02:46.199 arrives in ninety one, spreads. 53 00:02:45.759 --> 00:02:48.759 Everywhere into homes, offices. 54 00:02:48.080 --> 00:02:51.919 And suddenly email and electronic documents are the new prime targets. 55 00:02:51.960 --> 00:02:53.000 Forget floppy discs. 56 00:02:53.199 --> 00:02:57.319 They became the most profitable target for malware, as our 57 00:02:57.360 --> 00:02:58.080 sources put it. 58 00:02:58.120 --> 00:03:01.759 And then we saw this new type right environmental macroviruses 59 00:03:01.800 --> 00:03:04.000 like concept in the late nineties. 60 00:03:04.000 --> 00:03:07.199 Ah yes, concept that was disruptive because it wasn't stuck 61 00:03:07.199 --> 00:03:09.719 on one type of computer. It could jump between different 62 00:03:09.759 --> 00:03:12.240 operating systems, made it much harder to contain. 63 00:03:12.719 --> 00:03:16.639 And this progression, it wasn't just theoretical, It led directly 64 00:03:16.919 --> 00:03:19.400 to major real world incidents. 65 00:03:19.439 --> 00:03:23.560 Didn't it absolutely stark examples of our vulnerabilities. Think back 66 00:03:23.599 --> 00:03:26.159 to two thousand and seven, the attack on Estonia, the 67 00:03:26.240 --> 00:03:29.520 BDS attack, right, the distributed denial of service not just 68 00:03:29.560 --> 00:03:32.159 an annoyance, it was a full on assault. Took down 69 00:03:32.280 --> 00:03:35.639 government banking media services for three weeks. 70 00:03:35.400 --> 00:03:38.879 Caused by botnets, right, just overwhelming their systems. 71 00:03:38.599 --> 00:03:42.439 Massive botanets, flooding them with automated requests. Now, later it 72 00:03:42.479 --> 00:03:44.759 was characterized more as a cyber dispute than a full 73 00:03:44.800 --> 00:03:49.280 cyber war, but honestly it exposed a massive national vulnerability. 74 00:03:49.280 --> 00:03:50.599 It signaled a new era. 75 00:03:50.759 --> 00:03:54.000 And if Estonia showed the potential for disruption, twenty ten 76 00:03:54.120 --> 00:03:57.039 brought something else, entirely stuck Snitt. Ah. 77 00:03:57.159 --> 00:04:00.080 Stuck Snitt often called the first cyber weapon of do 78 00:04:00.080 --> 00:04:01.360 you have political significance? 79 00:04:01.719 --> 00:04:04.520 What made it so chilling was its precision, its target, 80 00:04:04.840 --> 00:04:07.120 Iran's Naden's nuclear facility. 81 00:04:06.840 --> 00:04:09.919 And crucially it got in even without an Internet connection. 82 00:04:10.080 --> 00:04:11.319 That's the mind bending part. 83 00:04:11.400 --> 00:04:16.879 How by manipulating Siemens plc's those programmable logic controllers, the 84 00:04:16.920 --> 00:04:19.600 sort of digital brains running the industrial machinery, to do 85 00:04:19.639 --> 00:04:23.040 what exactly, To subtlely make the centrifuges the ones enriching 86 00:04:23.199 --> 00:04:28.120 uranium basically self destruct over time, slow insidious sabotage. 87 00:04:28.240 --> 00:04:31.199 Wow. Okay. In building on that kind of capability, we 88 00:04:31.279 --> 00:04:34.240 then saw ransomware just explode. 89 00:04:33.560 --> 00:04:37.319 Didn't we Oh, absolutely a terrifying evolution. In twenty sixteen 90 00:04:37.439 --> 00:04:41.680 you had Lockey dozens of strains infecting millions of computers, 91 00:04:41.879 --> 00:04:45.079 especially in Europe, at one point heading over five thousand 92 00:04:45.160 --> 00:04:48.079 machines an hour in Germany alone hour. 93 00:04:48.480 --> 00:04:49.319 That's staggering. 94 00:04:49.399 --> 00:04:52.759 And then twenty seventeen brought WannaCry that went. 95 00:04:52.720 --> 00:04:56.360 Global, leveraging that Eternal Blue vulnerability. 96 00:04:55.879 --> 00:04:59.759 Exactly, which was leaked from reportedly from a US intelligence 97 00:04:59.800 --> 00:05:03.839 age andcies cyber arsenal. That single attack hit over three 98 00:05:03.959 --> 00:05:08.279 hundred thousand systems worldwide, massive disruption, real chaos. 99 00:05:08.360 --> 00:05:11.480 So this whole history it really hammers home this duality 100 00:05:11.519 --> 00:05:12.240 you mentioned earlier. 101 00:05:12.279 --> 00:05:14.879 Right, these tools, they can be used for defense and offense, 102 00:05:14.920 --> 00:05:18.079 whether it's software or a technique. It's the same toolkit offense. 103 00:05:17.759 --> 00:05:21.079 Which creates this environment where they can spread easily be misused. 104 00:05:21.360 --> 00:05:25.800 Precisely, the general accessibility makes it surprisingly easy from malicious 105 00:05:25.839 --> 00:05:31.240 actors anyone, from loan hackers to organized groups, even nation 106 00:05:31.360 --> 00:05:34.079 states to get their hands on and launch these cyber arms. 107 00:05:34.120 --> 00:05:37.959 Okay, So understanding that duality, that accessibility, it leads to 108 00:05:38.000 --> 00:05:40.920 the next question, how do these attacks actually happen. Let's 109 00:05:41.360 --> 00:05:44.399 let's unpack the stages of a full scale operation, right. 110 00:05:44.439 --> 00:05:46.720 It usually starts with reconnaissance. 111 00:05:46.160 --> 00:05:47.600 Intel gathering exactly. 112 00:05:47.800 --> 00:05:52.360 Attackers collect info on their targets, physical locations, network entry points, 113 00:05:52.439 --> 00:05:56.360 system weaknesses, you name it, our sources even mentioned long 114 00:05:56.480 --> 00:05:57.600 term recon by. 115 00:05:57.600 --> 00:05:58.920 Governments like surveillance. 116 00:05:59.079 --> 00:06:03.560 Yeah, things like analyzing telephone comms, voiceover IP calls, collecting 117 00:06:03.560 --> 00:06:07.399 metadata on network traffic patterns over time, building a picture. 118 00:06:07.519 --> 00:06:08.600 Okay, recon first. 119 00:06:09.120 --> 00:06:12.240 Then what then comes the breach and exploitation phase. This 120 00:06:12.279 --> 00:06:16.040 is where they actively use vulnerabilities flaws in operating systems, 121 00:06:16.079 --> 00:06:18.800 applications code to get unauthorized access. 122 00:06:18.879 --> 00:06:20.720 And there are different kinds of exploits, right. 123 00:06:21.000 --> 00:06:25.079 We distinguish between remote exploits where they don't need prior access, 124 00:06:25.199 --> 00:06:28.560 and local exploits where they do. For example, maybe they 125 00:06:28.600 --> 00:06:31.279 exploit a web application flaw to get a foothold like 126 00:06:31.319 --> 00:06:35.399 low level access exactly. But then maybe they exploit something deeper, 127 00:06:35.720 --> 00:06:38.240 like a flaw in a file sharing protocol like SMB 128 00:06:38.439 --> 00:06:41.079 server message block and that could give them much higher 129 00:06:41.120 --> 00:06:42.600 privileges within the network. 130 00:06:42.680 --> 00:06:45.319 Okay, so they're in now. They use assault. 131 00:06:44.920 --> 00:06:50.319 Tools, YEP, tools designed to actually change things, alter system configurations, 132 00:06:50.920 --> 00:06:54.639 environment variables, maybe target hardware settings, and then they. 133 00:06:54.560 --> 00:06:56.439 Need to get the goods out right data theft. 134 00:06:56.639 --> 00:06:59.199 That's where exploration tools come in. Think of them as 135 00:06:59.240 --> 00:07:03.279 digital vacuum cleaners, designed to hide or extract data covertly. 136 00:07:03.519 --> 00:07:06.279 How do they hide that often by using common everyday 137 00:07:06.319 --> 00:07:10.319 protocols open VPN, open ssh, FTP, things that might look 138 00:07:10.319 --> 00:07:13.720 like normal traffic, or they get clever use covert channels. 139 00:07:14.079 --> 00:07:17.560 Our sources even mentioned sneaking data out through mail protocols, 140 00:07:17.680 --> 00:07:21.759 encoding it, breaking it up into tiny pieces across multiple packets. 141 00:07:21.360 --> 00:07:23.160 Trying to fly under the radar. Makes sense. 142 00:07:23.360 --> 00:07:28.199 Then you have persistence tools, things like hidden malware, backdoors, 143 00:07:28.360 --> 00:07:32.240 stealth user accounts, all designed to maintain access to stay 144 00:07:32.279 --> 00:07:35.759 inside the network without being detected, sometimes for long periods. 145 00:07:36.000 --> 00:07:37.879 And they hide themselves too, not just the data. 146 00:07:37.920 --> 00:07:43.519 Absolutely, that's oppustation tools, proxy servers, VPNs, the tour network, 147 00:07:44.040 --> 00:07:48.120 anything to conceal the attacker's real location, their identity, the 148 00:07:48.160 --> 00:07:49.319 tools they're using. 149 00:07:49.199 --> 00:07:52.920 Which brings up a huge problem you mentioned attribution. If 150 00:07:52.920 --> 00:07:56.000 they're so good at hiding, how can anyone ever figure 151 00:07:56.000 --> 00:07:56.639 out who did it? 152 00:07:56.800 --> 00:07:59.680 That is the critical challenge. It's incredibly difficult. 153 00:08:00.079 --> 00:08:02.480 Attribution point is huge, and it makes sense then that 154 00:08:02.519 --> 00:08:05.959 the final stage often involves covering tracks tools. 155 00:08:05.680 --> 00:08:09.279 Exactly, removing all traces they were ever there, manually deleting 156 00:08:09.319 --> 00:08:12.560 logs using automated wipers, sometimes even causing a permanent denial 157 00:08:12.600 --> 00:08:15.639 of service, basically bricking the equipment to destroy evidence. 158 00:08:15.920 --> 00:08:19.240 What's wild is that these same tools, these techniques, security 159 00:08:19.240 --> 00:08:20.240 professionals use them. 160 00:08:20.079 --> 00:08:24.800 Too, right, they do in legitimate vulnerability assessments, penetration testing. 161 00:08:25.199 --> 00:08:30.399 But the key difference is obviously permission caution, strict ethical 162 00:08:30.399 --> 00:08:33.159 and legal boundaries. It's the intent that differs. 163 00:08:33.279 --> 00:08:39.320 Okay, and this whole world of tools and exploits, it's 164 00:08:39.440 --> 00:08:42.600 led to this underground marketplace, the cyber bizarre, that's what 165 00:08:42.639 --> 00:08:43.159 some call. 166 00:08:43.039 --> 00:08:46.360 It, yes or the black marketplace. What's really striking is 167 00:08:46.399 --> 00:08:50.279 how zero day vulnerabilities. Those are the flaws attackers find 168 00:08:50.320 --> 00:08:54.000 before the software makers know about the super valuable, incredibly valuable. 169 00:08:54.000 --> 00:08:57.960 They're treated like virtual products sold anonymously online, sometimes with 170 00:08:58.039 --> 00:09:01.320 tech support tutorials. Makes that accessible even if you're not 171 00:09:01.360 --> 00:09:02.320 a top tier hacker. 172 00:09:02.519 --> 00:09:05.120 There's that big takedown Darcode Right. 173 00:09:04.960 --> 00:09:08.399 Twenty fifteen, your poll called it the most prolific English 174 00:09:08.399 --> 00:09:12.080 speaking cyber criminal forum. Took a huge international effort law 175 00:09:12.120 --> 00:09:13.519 enforcement from twenty countries. 176 00:09:13.639 --> 00:09:16.279 There's a legitimate side too, like bounty programs. 177 00:09:16.759 --> 00:09:20.320 Yes, companies like Zerodium offer huge bounties for researchers who 178 00:09:20.360 --> 00:09:24.080 find and responsibly disclose these high risk vulnerabilities. They pay 179 00:09:24.120 --> 00:09:26.799 for the information so it can be fixed rather than 180 00:09:26.879 --> 00:09:29.879 sold on the black market. It's a complex ecosystem. 181 00:09:30.080 --> 00:09:32.120 Okay, let's shift gears a bit. Let's talk about the 182 00:09:32.200 --> 00:09:37.639 highest stakes, imaginable critical infrastructure and nuclear systems. 183 00:09:37.759 --> 00:09:40.879 Yeah, this is where the potential consequences get truly terrifying. 184 00:09:41.000 --> 00:09:44.440 So critical infrastructure, that's basically the stuff society needs to 185 00:09:44.440 --> 00:09:48.240 function right, National safety, economy, public health. 186 00:09:47.960 --> 00:09:53.440 Power grids, water systems, transportation, finance, communications, all of it. 187 00:09:53.519 --> 00:09:56.759 And our sources say cyber threats have moved squarely into 188 00:09:56.799 --> 00:10:02.000 the CBR end industries. That's chemical, biological, radiological, nuclear explosives. 189 00:10:02.679 --> 00:10:06.759 These sectors obviously require intense national level protection because an 190 00:10:06.799 --> 00:10:08.240 attack could be devastating. 191 00:10:08.399 --> 00:10:11.240 The consequences are just unthinkable exactly. 192 00:10:11.360 --> 00:10:14.639 Our sources state attacks on CBRN facilities could lead to 193 00:10:14.799 --> 00:10:18.600 national and even international level damage and irreversible consequences. 194 00:10:18.879 --> 00:10:22.600 And it's not just Internet connected systems, is it. Disconnected 195 00:10:22.600 --> 00:10:25.559 ones are vulnerable, like Ducksnet showed precisely. 196 00:10:25.679 --> 00:10:28.879 That's what's deeply concerning, and the threat is growing. One 197 00:10:28.960 --> 00:10:32.759 statistic highlighted was that in twenty sixteen, attacks on industrial 198 00:10:32.759 --> 00:10:36.679 control systems the ICs, the tech running these plants, jumped 199 00:10:36.720 --> 00:10:38.639 over one hundred and ten percent compared to just the 200 00:10:38.720 --> 00:10:39.440 year before. 201 00:10:39.240 --> 00:10:42.000 Over one hundred and ten percent. Wow. And we've seen 202 00:10:42.039 --> 00:10:46.200 some well chilling examples related specifically to nuclear systems over 203 00:10:46.240 --> 00:10:46.639 the years. 204 00:10:46.840 --> 00:10:49.360 There have been worrying incidents. 205 00:10:49.000 --> 00:10:51.600 Like the Moonlight Maze attack back in ninety nine, thought 206 00:10:51.600 --> 00:10:54.440 to be from Russia stealing sensitive files hitting the. 207 00:10:54.360 --> 00:10:56.480 Pentagon a massive breach back then. 208 00:10:56.600 --> 00:10:58.679 Or that incident in two thousand and seven where six 209 00:10:58.799 --> 00:11:01.000 nuclear armed cruise missiles went missing for thirty. 210 00:11:00.840 --> 00:11:04.279 Six hours, vanished from the tracking systems terrifying laps. 211 00:11:04.440 --> 00:11:07.840 And in twenty ten, fifty minute Man missiles just disappeared 212 00:11:07.840 --> 00:11:10.960 from monitors for about an hour. Plus reports in twenty 213 00:11:10.960 --> 00:11:13.879 seventeen of hackers actively targeting nuclear facilities. 214 00:11:14.080 --> 00:11:17.440 While the exact causes weren't always definitively linked to cyber attacks, 215 00:11:17.440 --> 00:11:21.159 in all those older cases, they absolutely underscore the extreme risks, 216 00:11:21.480 --> 00:11:24.000 the potential for a cyber attack to cause confusion, loss 217 00:11:24.000 --> 00:11:26.960 of control, or worse. It's unacceptable when you. 218 00:11:26.879 --> 00:11:30.200 Connect that to the bigger picture, the idea of a 219 00:11:30.200 --> 00:11:34.080 successful cyber attack on nuclear weapons themselves or their command 220 00:11:34.080 --> 00:11:36.840 and control planning systems early warning. 221 00:11:37.240 --> 00:11:40.799 It's not just theoretical anymore. It's considered possible, and if 222 00:11:40.799 --> 00:11:44.240 it happened, it could completely undermine rational deterrence theory, that 223 00:11:44.440 --> 00:11:49.600 core idea that mutually assured destruction prevents nuclear war. It 224 00:11:49.639 --> 00:11:51.759 fundamentally shifts strategic stability. 225 00:11:51.840 --> 00:11:54.960 Okay, that's heavy stuff. Now let's talk about something that's 226 00:11:55.159 --> 00:12:00.919 changing warfare again. Autonomous weapons systems AWS or law laws, 227 00:12:01.399 --> 00:12:03.559 lethal economists, weapons systems. 228 00:12:03.200 --> 00:12:06.720 Right systems that can select and engage targets without direct 229 00:12:06.799 --> 00:12:07.480 human intervention. 230 00:12:07.679 --> 00:12:10.639 We have examples already, don't we. Israel's Iron Dome. 231 00:12:10.519 --> 00:12:13.080 Which automatically tracks and intercepts rockets. 232 00:12:13.200 --> 00:12:15.120 The usc RAM system counter. 233 00:12:14.919 --> 00:12:18.279 Rocket artillery and mortar automatically destroys in coming rounds. 234 00:12:18.399 --> 00:12:20.240 Then there's Israel's Harpy drone, a. 235 00:12:20.240 --> 00:12:23.840 Fire and forget weapon that hunts radar signals autonomously, the. 236 00:12:23.799 --> 00:12:27.279 UK's Tyrannus Combat drone, the US Navy's X forty seven 237 00:12:27.360 --> 00:12:31.519 B Carrier drone, even those Samsung robots in the Korean DMZ, the. 238 00:12:31.360 --> 00:12:35.399 Sgr A one. Yeah, surveillance robots with an automatic mode 239 00:12:35.399 --> 00:12:38.120 for target engagement, although the exact parameters of that mode 240 00:12:38.120 --> 00:12:39.159 are debated. 241 00:12:38.960 --> 00:12:43.440 This whole area laugibly. Yes, it's sparking intense debate. Some 242 00:12:43.559 --> 00:12:46.039 call it the third revolution in warfare. 243 00:12:45.639 --> 00:12:49.960 After gunpowder and nuclear arms. Yes, it's a huge potential shift, and. 244 00:12:49.919 --> 00:12:52.519 The arguments against them are serious. 245 00:12:52.399 --> 00:12:56.240 Very serious, violating international humanitarian law? Can a machine make 246 00:12:56.320 --> 00:13:00.000 life and death calls appropriately lowering the threshold for conflict? 247 00:13:00.159 --> 00:13:04.039 Does it make war too easy, becoming indiscriminate weapons of terror? 248 00:13:04.080 --> 00:13:07.639 If they proliferate and a big one, they could be. 249 00:13:07.600 --> 00:13:09.600 Hackable, turned against their own side. 250 00:13:09.279 --> 00:13:12.279 Potentially, Yes, which is why you see prominent AI and 251 00:13:12.360 --> 00:13:15.720 robotics companies writing open letters to the UN urging for 252 00:13:15.799 --> 00:13:18.639 regulation before these things become widespread. 253 00:13:18.080 --> 00:13:21.159 And AI itself, artificial intelligence is woven into all of this. 254 00:13:21.240 --> 00:13:23.960 Isn't it absolutely central, both as a tool for attack 255 00:13:24.000 --> 00:13:24.559 and defense. 256 00:13:25.039 --> 00:13:27.720 Our sources predict AI and hand cyber attacks will be 257 00:13:27.799 --> 00:13:31.080 scary effective, accurately aimed, difficult to. 258 00:13:31.039 --> 00:13:36.639 Attribute, exploiting AI based vulnerabilities, and crucially having self improvement 259 00:13:36.679 --> 00:13:39.600 mechanisms they can learn and adapt on their own. 260 00:13:39.679 --> 00:13:43.080 Like automated spearfishing that gets better at tricking you or 261 00:13:43.240 --> 00:13:44.879 IBM's deep blocker concept. 262 00:13:44.960 --> 00:13:48.279 Yeah, deep blockers showed how AI could hide malware until 263 00:13:48.399 --> 00:13:52.720 very specific conditions are met, like recognizing a particular face 264 00:13:52.799 --> 00:13:56.320 or voice, making it ultra targeted and hard to detect beforehand. 265 00:13:56.759 --> 00:13:59.320 But AI is in fool proof right. It has weaknesses too. 266 00:14:00.279 --> 00:14:04.240 It can be tricked things like AI pixel poisoning, tiny 267 00:14:04.320 --> 00:14:07.600 invisible changes to an image that make an AI misclassify 268 00:14:07.639 --> 00:14:09.440 it completely. It's very much a dual use. 269 00:14:09.279 --> 00:14:11.120 Technology, so it could be used for defense too. 270 00:14:11.279 --> 00:14:15.120 Immense potential there. We're talking about intelligent autonomous mobile agents 271 00:14:15.159 --> 00:14:18.200 that could proactively hunt for threats on networks. NATO is 272 00:14:18.240 --> 00:14:21.440 exploring this plus using things like game theory and deep 273 00:14:21.519 --> 00:14:24.840 learning to model threats and develop smarter adaptive defenses. 274 00:14:24.960 --> 00:14:27.480 And all this potential is kicked off a global AI 275 00:14:27.679 --> 00:14:29.159 arms race, hasn't It. 276 00:14:28.879 --> 00:14:32.480 Seems that way. Russia's actively competing their defense minister pushing 277 00:14:32.519 --> 00:14:34.200 for AI development to counter. 278 00:14:33.960 --> 00:14:35.440 Threats and China. 279 00:14:35.559 --> 00:14:39.720 China has that incredibly ambitious plan be the world AI 280 00:14:39.840 --> 00:14:43.960 leader by twenty thirty. Big focus on cyber sovereignty, which 281 00:14:44.000 --> 00:14:45.639 means tight control. 282 00:14:45.440 --> 00:14:48.919 The Great Firewall affecting foreign tech companies. 283 00:14:48.600 --> 00:14:52.840 Right, and nearly three hundred new national cybersecurity standards, police 284 00:14:52.840 --> 00:14:56.720 powers to inspect businesses, remote network access. It's a very 285 00:14:56.759 --> 00:14:58.639 state centric controlled approach. 286 00:14:58.759 --> 00:14:59.240 In the US. 287 00:14:59.519 --> 00:15:04.320 Signific investments too, increased DdO D funding for unmanned systems 288 00:15:04.399 --> 00:15:08.080 offensive cyber capabilities DARP UP pushing the boundaries, though some 289 00:15:08.240 --> 00:15:12.240 projects like Project Maven involving Google previously sparked controversy about 290 00:15:12.279 --> 00:15:13.639 ethics and military AI. 291 00:15:13.840 --> 00:15:17.399 Okay, So bringing this all together with this complex, fast 292 00:15:17.440 --> 00:15:21.080 moving landscape, how do we actually defend cyberspace? What are 293 00:15:21.080 --> 00:15:22.000 the basic principles? 294 00:15:22.120 --> 00:15:24.879 Well, it often boils down to the classic CIA triad 295 00:15:24.919 --> 00:15:26.000 of information. 296 00:15:25.639 --> 00:15:27.919 Security CIA not the agency, No. 297 00:15:27.960 --> 00:15:32.639 Not the agency. Confidentiality, integrity and availability okay. Confidentiality protecting 298 00:15:32.679 --> 00:15:39.000 information from unauthorized access, keeping secret secret, ensuring information is accurate, complete, 299 00:15:39.080 --> 00:15:42.399 hasn't been tampered with. That's where things like cryptographic hashes 300 00:15:42.480 --> 00:15:47.000 come in MD five SAHA one like digital fingerprints, though 301 00:15:47.039 --> 00:15:50.200 it's worth noting some older ones like MD five aren't 302 00:15:50.240 --> 00:15:51.759 considered fully secure anymore. 303 00:15:51.840 --> 00:15:54.120 Right, need stronger ones now and. 304 00:15:54.279 --> 00:15:57.919 Availability making sure information and systems are accessible when you 305 00:15:57.960 --> 00:16:00.879 need them. Denial of service attacks are a direct threat 306 00:16:00.919 --> 00:16:01.720 to availability. 307 00:16:02.039 --> 00:16:06.840 So how do we achieve CI and A What are 308 00:16:06.840 --> 00:16:07.679 the key defenses? 309 00:16:07.879 --> 00:16:11.559 Well, encryption is fundamental scrambling rata, so only authorized parties 310 00:16:11.559 --> 00:16:12.039 can read it. 311 00:16:12.120 --> 00:16:13.360 Different types, Yeah. 312 00:16:13.159 --> 00:16:17.080 Symmetric encryption uses one key. Asymmetric uses a public key 313 00:16:17.120 --> 00:16:20.120 and a private key. That's the basis for PKI public 314 00:16:20.200 --> 00:16:24.799 key infrastructure which manages digital certificates and identities, and hybrid 315 00:16:24.840 --> 00:16:27.000 methods like s encryption try to get the best of both. 316 00:16:27.320 --> 00:16:29.759 There was that controversy in Australia about encryption. 317 00:16:29.559 --> 00:16:33.360 Laws right requiring tech companies to provide law enforcement access 318 00:16:33.399 --> 00:16:37.759 to encrypted messages. It highlights that constant tension between security 319 00:16:37.799 --> 00:16:39.240 needs and privacy rights. 320 00:16:39.320 --> 00:16:40.639 Okay, encryption, what else? 321 00:16:40.919 --> 00:16:43.240 Access control? Basically who gets to access what? 322 00:16:43.679 --> 00:16:44.960 Like permissions exactly. 323 00:16:45.399 --> 00:16:48.960 There's discretionary access control, where users control access to their 324 00:16:48.960 --> 00:16:52.840 own files. Mandatory access control is stricter. The system enforces 325 00:16:52.919 --> 00:16:56.559 rules based on security labels and a role based access 326 00:16:56.559 --> 00:17:00.320 control very common in organizations. Grants access based on your 327 00:17:00.440 --> 00:17:01.879 job role makes sense. 328 00:17:02.159 --> 00:17:04.559 What about finding weaknesses before they're attacked? 329 00:17:04.759 --> 00:17:10.119 That's vulnerability management. It's proactive identifying, classifying, fixing, or mitigating 330 00:17:10.160 --> 00:17:12.119 weaknesses before attackers exploit them. 331 00:17:12.200 --> 00:17:14.839 And there's a right way to report vulnerabilities. 332 00:17:14.240 --> 00:17:17.759 You find, yes, responsible disclosure. The best practice is to 333 00:17:17.880 --> 00:17:20.960 notify the vendor privately first, give them time to fix 334 00:17:21.000 --> 00:17:24.119 it before you announce it publicly. That protects users. 335 00:17:24.359 --> 00:17:28.440 Good practice. Okay, what about specific defenses against different malware 336 00:17:28.519 --> 00:17:30.680 types like those macroviruses. 337 00:17:30.839 --> 00:17:34.400 Standard antivirus solutions are still key there. For botnets, you 338 00:17:34.440 --> 00:17:36.519 need specialized anti botnet. 339 00:17:36.039 --> 00:17:39.000 Tools and passwords. Everyone hates passwords. 340 00:17:38.559 --> 00:17:42.599 Huh huh, true, but strong policies are crucial. Our sources 341 00:17:42.640 --> 00:17:46.799 recommend over sixteen symbols. Avoid personal info unique for every 342 00:17:46.880 --> 00:17:50.359 site or app. Better yet, use alternatives like. 343 00:17:50.319 --> 00:17:53.680 Fingerprint scanners or multi factor authentication MFA. 344 00:17:54.079 --> 00:17:59.000 Exactly biometrics or MFA adds significant layers, But be aware 345 00:17:59.119 --> 00:18:01.960 new tools are all always emerging that try to bypass 346 00:18:02.000 --> 00:18:06.480 even two factor authentication. The arms race continues. 347 00:18:06.160 --> 00:18:09.920 Always evolving. What about ransomware and that crypto mining stuff? 348 00:18:10.000 --> 00:18:14.400 Right, ransomware locks your files, demands payment. Crypto mining malware 349 00:18:14.480 --> 00:18:18.599 secretly uses your computer's power to mine cryptocurrency for the attacker. 350 00:18:19.000 --> 00:18:21.519 And you said crypto mining is overtaking ransomware. 351 00:18:21.680 --> 00:18:25.839 Our sources suggest that trend. Yeah, yeah, maybe less direct confrontation, 352 00:18:26.079 --> 00:18:30.240 more stealthy profit. Countermeasures include good anti malware and maybe 353 00:18:30.240 --> 00:18:32.599 some browser add ons designed block mining scripts. 354 00:18:32.640 --> 00:18:35.160 And if an attack does get through, what then. 355 00:18:35.319 --> 00:18:39.559 Then it's recovery and reporting. You need procedures, evaluate the damage, 356 00:18:39.599 --> 00:18:42.799 figure out the causes, check those logs, and crucially use 357 00:18:42.839 --> 00:18:45.799 your backups to restore systems and data. Backups are key, 358 00:18:46.039 --> 00:18:49.480 absolutely essential, and sometimes you need external experts for non 359 00:18:49.519 --> 00:18:53.200 technical stuff like legal issues or reputation management. This all 360 00:18:53.240 --> 00:18:54.920 feeds into digital forensics. 361 00:18:54.960 --> 00:18:55.960 The detective work. 362 00:18:55.880 --> 00:19:01.920 Precisely carefully collecting, preserving and analyzing digital evidence to figure 363 00:19:01.920 --> 00:19:05.279 out what happened, who did it, and document it properly, 364 00:19:05.440 --> 00:19:06.720 often for legal reasons. 365 00:19:07.000 --> 00:19:10.000 Okay, let's zoom out again. We've talked about attacks and defenses. 366 00:19:10.640 --> 00:19:14.240 What about global efforts international security? 367 00:19:14.400 --> 00:19:16.880 This is where it gets really complex, especially as we 368 00:19:16.960 --> 00:19:20.640 discussed with attribution, figuring out who doing it exactly. Our 369 00:19:20.680 --> 00:19:22.759 sources call it one of the most important elements for 370 00:19:22.839 --> 00:19:26.759 decurrents and one of major challenges why Because attackers use 371 00:19:26.839 --> 00:19:32.000 technical tricks VPNs, tour proxy chains, plus there are strategic, political, 372 00:19:32.240 --> 00:19:37.200 and legal hurdles. It makes tracing attacks back definitively incredibly hard. 373 00:19:37.359 --> 00:19:39.759 But you need attribution for deterrence to work right. 374 00:19:39.920 --> 00:19:43.359 Ideally, yes, if attackers know they'll be caught and face consequences, 375 00:19:43.359 --> 00:19:45.839 they might think twice. But proving it is tough. 376 00:19:46.000 --> 00:19:48.279 So how do different nations approach this? The US? 377 00:19:48.559 --> 00:19:52.960 The US has its DHS Cybersecurity strategy, various executive initiatives, 378 00:19:53.000 --> 00:19:56.799 the National Security Strategy. We see significant budget increases for 379 00:19:56.839 --> 00:20:00.799 things like unmanned systems, offensive cyber operations. DARPA is key 380 00:20:00.839 --> 00:20:02.480 for funding cutting edge tech. 381 00:20:02.720 --> 00:20:06.240 But there's that tension, right government working with the private sector, 382 00:20:06.279 --> 00:20:07.799 but also surveillance concerns. 383 00:20:08.000 --> 00:20:11.759 That's a constant balancing act. Yeah, especially after revelations about 384 00:20:11.799 --> 00:20:15.559 government surveillance programs. How do you foster innovation and collaboration 385 00:20:15.759 --> 00:20:19.319 while protecting privacy and civil liberties. It's a critical question. 386 00:20:19.559 --> 00:20:20.559 What about Russia. 387 00:20:20.720 --> 00:20:24.440 Russia's approach is guided by its information security doctrine. The 388 00:20:24.440 --> 00:20:28.559 priority is very much nation state safety, which often translates 389 00:20:28.640 --> 00:20:32.920 to significant monitoring and control over cyberspace within its borders. 390 00:20:33.000 --> 00:20:35.880 They have that big Digital Economy program yes. 391 00:20:35.839 --> 00:20:39.559 Twenty nineteen twenty twenty four trillions of rubles invested in 392 00:20:39.599 --> 00:20:43.640 regulating the digital environment, building infrastructure. Russia has also been 393 00:20:43.720 --> 00:20:47.880 very active and pushing for UN activities on international information security, 394 00:20:48.160 --> 00:20:49.559 advocating for certain norms. 395 00:20:49.640 --> 00:20:54.079 And China we mentioned their AI ambitions in cyber sovereignty. 396 00:20:53.680 --> 00:20:56.440 Right, aiming to lead an AI by twenty thirty. Cyber 397 00:20:56.480 --> 00:21:00.160 sovereignty is central the right to control their own digital space. 398 00:21:00.640 --> 00:21:04.160 That means the Great Firewall, strict rules for foreign tech companies, 399 00:21:04.480 --> 00:21:08.200 often requiring data localization or handing over encryption keys. 400 00:21:08.279 --> 00:21:11.640 And lots of new standards, police inspection powers. 401 00:21:11.519 --> 00:21:16.000