Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:03):
On this episode of the NEWTS World. It's not often
I get the opportunity to speak with someone who used
to be a professional hacker for the CIA. My guest
is doctor Eric Cole. He is a renowned cyber security expert, entrepreneur,
and best selling author with over thirty years of experience
in the industry. He is known for his work in
(00:24):
advancing cybersecurity and his dedication to making the digital world
a safer place. He has advised some of the world's
top companies on reducing their digital threats and improving their
cyber health. He's the author of the book cyber Crisis,
Protecting Your Business from real threats in the Virtual World. Eric,
(00:53):
welcome and thank you for joining me on NEWTS World.
Speaker 2 (00:56):
My pleasure and thank you for having me.
Speaker 1 (00:58):
I'm very curious. Symber of last year, Chinese hackers breached
a third party vendor for the US Treasury Department to
gain access to over three thousand unclassified files. How could
this have happened and what should the US government learn
from this?
Speaker 2 (01:16):
The reality is this is happening all the time.
Speaker 3 (01:20):
Most security vendors, most companies, most organizations have been compromised
or penetrated by the Chinese, the Russians, or the Iranians,
and we just didn't detect it. We didn't realize it,
and we didn't know that it's happening.
Speaker 2 (01:37):
So this is a much.
Speaker 3 (01:38):
Bigger problem that has been brewing for a long time,
and unfortunately there's not been a lot of awareness around
just how bad the issue is. And governments and other
organizations have to realize that the probability of third party
vendors or third party sources having a vulnerability or a
compromise is very high, and we need to redesign our systems,
(02:02):
We need to redesign how we're configured to protect against it.
And most importantly, we need federal laws on cybersecurity. There's
a lot of state laws, California is leading the pack
where there's a lot of privacy laws, but the United
States is one of the few countries that don't have
federal laws on cybersecurity and federal laws on data privacy.
Speaker 1 (02:27):
Then why is that? Why are we behind?
Speaker 3 (02:30):
I believe the big issue is we always thought and
a lot of people still do, that cybersecurity gets in
the way of freedom of speech, that cybersecurity gets in
the way of exchange of information, and that cybersecurity is
not fit for a democracy. Like most people when they
think of cybersecurity, you think of North Korea, where they
(02:53):
don't have internet access. Citizens in North Korea, they can't
access the internet, they don't have email, they can't access information.
Even in Russia, most people don't realize a lot of
the websites that we take for granted, a lot of
the social media sites are not accessible in Russia and
(03:13):
they're not available. So people have always felt that cybersecurity
is more of limiting and reducing access to information.
Speaker 2 (03:21):
But that's just not correct.
Speaker 3 (03:23):
Cybersecurity is about how do we protect and control our
information so only people that need access to it has
access to it. And I think that's why we've fallen behind,
because we just haven't realized that cybersecurity is actually a
compliment to democracy, it's not adverse to it.
Speaker 1 (03:41):
Does anybody the you know of have an effective cybersecurity
bill proposal?
Speaker 3 (03:48):
None that I'm aware of. I continually try to push it.
The problem is, as you're probably very familiar, everything is
so political, everything is so either side has to disagree
with each other that anything we we're trying to push
through on cybersecurity is reading a version from.
Speaker 2 (04:07):
The other side.
Speaker 3 (04:08):
And the reality is we need to recognize cybersecurity as
a non bipartisan issue. It's really something that impacts both sides.
It impacts democrats and impacts Republicans and impacts America as
a whole. And one of the things I'm trying to
do is really, how can we break down those barriers
and get both sides to agree that, Okay, we can
(04:29):
fight about some things, but cybersecurity, we need to get
her act together. Because when the founding fathers wrote the
Constitution and the bill Wrights, they had no clue that
we were going to be carrying cell phones with us.
They had no clue that we've been having tracking devices
on us twenty four to seven and we need new
(04:49):
laws that are keeping up with the digital frontier.
Speaker 1 (04:52):
I couldn't help but smile, dad, is we have ready
to celebrate our two hundred and fiftieth birthday that if
you were to drop George Washington or Jefferson or Franklin
under the current situation, all of them would have found them. Yeah.
Speaker 2 (05:05):
I think they would be amazed.
Speaker 1 (05:08):
It'll be remarkable. One of the examples I've been thinking
about a lot elon Musk and Doge sent an email
to federal workers saying, please reply to this email with
approximately five bullets of what you accomplished this week and
carbon copy your manager. Now, if people responded to that,
are there any cybersecurity risks in responding to an email
(05:31):
like that?
Speaker 3 (05:33):
There's huge cybersecurity risks because you essentially have somebody who
is not employed by that government agency and they're asking
for information about what you're doing on a daily basis.
If I answered that accurately, I would be giving away
(05:53):
a lot of critical information. If I had to go
in and say, well, I'm working on this project, I'm
working in this area, I'm working.
Speaker 2 (06:00):
On this research.
Speaker 3 (06:01):
That's a lot of valuable information that if that got
on the wrong hands. And my question is what email
address is Elon Musk using to get replies?
Speaker 2 (06:13):
Where are those emails being stored?
Speaker 3 (06:14):
Because at least from as far as I can tell,
Elon is not using government servers. I know that he's
installed some of his own servers at Treasury and other areas.
Speaker 2 (06:25):
So now, if these.
Speaker 3 (06:26):
Emails from government employees that potentially are containing sensitive or
even classified information are stored on public servers, what happens
if foreign adversaries get access to it. And I don't
know if you saw this week, but the Doze website
got hacked.
Speaker 2 (06:44):
They don't even have proper security.
Speaker 3 (06:46):
So here he's setting up their website for Doze for
government efficiency. They got hacked, and they're expecting government employees
to give all this sensitive information to these servers that
clearly have vulnerabilities.
Speaker 1 (07:00):
What I'm thinking that this is one of those ideas which,
when you hit the implementation phase, is a thousand times
more complicated than the idea. Yeah, and I think that
they really don't fully understand that.
Speaker 3 (07:14):
And this is one when I can resonate because at
the end of the day, Elon is a geek. He's
not a businessman, he's not a cyber guy. He's a geek,
and he's all about solving problems and he wants to
solve the problem as quick and as fast as possible
and get access to information. The issue is cybersecurity is
(07:35):
always an afterthought. And back to your original question of
why is the United States behind it's because cybersecurity is
always an afterthought. We're not thinking of cybersecurity. Elon didn't
sit down and say, okay, how can we do this
in a secure manner. What are the cybersecurity protocols that
we need in place to do this correctly? He basically
just said, I need the data. We'll figure out cyber later.
(07:58):
But the problem is with digital information. Once your data
is leaked out, once your data exists on servers, you
can't get it back. It will exist forever. I know
before the podcast, I was talking with your producer how
she took her daughter to a hospital and it got
hacked and her daughter's personal information was exposed. And the
(08:20):
reality is now that person has to live the next
fifty sixty seventy years of their life in a world
where their personal information has been compromised because once somebody
has your social Security number, you can't get it back.
Speaker 1 (08:35):
So to make clear how big a threat this says,
you talk about a cyber war, you say, quote, our
nation is currently a war, whether we realize it or not.
We're in the middle of World War three. The reason
why many people don't recognize it is because it's a
different type of world war. In this war, every single
country is involved in. Every single country is both being
(08:58):
attacked and attacking other countries. Walk us through all that.
I agree with you, but I think it'll be very
helpful for people to hear what this cyber war is like.
Speaker 2 (09:08):
So most of us think of wars.
Speaker 3 (09:11):
We think of World War one, World War two, tanks, planes, boats, missiles,
and guns.
Speaker 2 (09:20):
But we're in a digital war because we live in
a digital world.
Speaker 3 (09:24):
And now it's not bullets, it's not weapons, it's packets,
it's information, it's data, it's leakage. And the reality is,
as we're starting to see with some of these breaches
that come out. We saw Colonial Pipeline. I live on
the East Coast in Virginia, and when Colonial Pipeline, a
large oil supplier on the East coast, got hacked, our
(09:47):
gas stations were closed for four days. People were actually walking,
they were panicking, saying, are we actually going to be
able to get gas because of a cyber attack. Then
we have Solar Winds, where you talked about earlier, where
broke into a vendor that compromised government systems, And these
attacks continue to happen and occur, but the reality is
(10:10):
they started five to ten years ago. The Chinese, the Russians,
they're in our systems, we're in their systems, and it's
sort of like the nuclear Cold War where Russia could
destroy the United States and we could destroy Russia. So
neither side would actually launch a nuclear weapon. But we're
(10:31):
in Russian's critical infrastructure, they're in our critical infrastructure, and
neither side is going to do anything because it would
do mutual mass destruction. But what's happening when our information
starts leaking out? What happens when our data is being compromised?
And the reality is because we're at war. When you're
(10:52):
at war, you have a different mentality. I've been over
in the Ukraine, I was over in Iraq during the
Iraq War. When you're in a war, people are thinking differently,
they're acting differently. They're more scared, they're more paranoid, they're
more careful about what they're doing. The problem we have
in the United States is everybody on the Internet thinks
(11:13):
we're in peace time conditions. So they're sharing information, they're
giving their data, they're accessing whatever they want, they're posting pictures,
they're putting everything out there. But the reality is, if
they knew were at war, we need wartime thinking. People
need to be more paranoid, a little more scared, than
a little more protective of the data. They need to
(11:34):
be careful of who they're giving their information to. We
need to start implementing security because here's the great news.
Your banks, your e commerce all have security built in,
but it's turned off by default. It's not all turned
on because they don't think citizens are ready for it.
So we need to start going in to our apps,
(11:56):
going into our devices and start turning on security as
turning on notifications, turning on two factor authentication. So the
security is there, but we just have to start implementing it.
And the war that we're facing today is not a
visible war where there's huge explosions or banks are being
(12:18):
taken down. It's a war of data leakage. Imagine we
have a big bucket. Instead of somebody going in emptying
the bucket, they're just putting little holes in the bucket.
They're slowly leaking our data and leaking our information, and
by the time the bucket's empty, most people don't even notice.
(12:39):
A reality that I see all the time is most
people's bank accounts or credit cards are compromised. But here's
the reality. The attacker is stealing a dollar a month. Now,
imagine if somebody is taking a dollar from your bank
account each month or a dollar from your credit card,
you probably wouldn't know. Most people don't look at their
(13:02):
credit cards that closely. Most people don't look at their
bank accounts close enough that if a dollar was missing,
they would not recognize that error. But if you steal
a dollar from every person every single month, that starts
turning into a billion dollar industry, which is what we
have right now. Cybercrime is over fifty billion dollars. It's
(13:26):
costing America on a regular basis.
Speaker 1 (13:29):
That's wild, and that's so much bigger than people think
it is. Exactly if people want to protect themselves somewhat
from their own devices, what should they do and how
do they do it?
Speaker 3 (13:41):
So the first thing they need to do is realize
that when you buy a new iPhone or you buy
a new Android device, they are very secure.
Speaker 2 (13:51):
They are very locked down and protected.
Speaker 3 (13:54):
The problem is when we start installing all of these
different apps. Free is not free, and basically a free
app is tracking your location. So first, if you have
the choice between a free app or a paid version,
use the paid version. If it's something that you need
(14:14):
to run your life or it's critical for your life,
you need to use a paid version because the paid
versions are a lot more secure than the free versions. Next,
any app that you haven't used in forty five days,
the lead the lead off your app, And I'm going
to give you the challenge. I run my life on
(14:35):
ten apps. If I go and download a new app,
I only do it if I delete an old one.
So instead of having fifty and seventy apps on your
device that you're not using, do you realize an app
that you install on your device but you're not using,
actually is spying on you. It's tracking your location, it's
accessing your camera, it's accessing your information. So delete any
(14:58):
apps that are not needed or required. Second, for any
application you're using, you need to use what we call
two factor authentication. This is where when you log in,
you put in your password and then your text a
one time code to your cell phone, and then you
have to enter in that one time code. And I
(15:19):
know people's initial response is, Eric, that's annoying if every
time I need to log in, I have to enter
a code that takes a couple of extra seconds. And
my response is, you know what's really annoying your bank
account getting hacked. You know what's really annoying your identity
being stolen. So do you want a short term annoyance
(15:40):
with two factor or a long term annoyance of being vulnerable? Next,
turn on account notification. Every time I use my credit card,
every time I withdraw money from my bank, I get
a text notification where it says, Eric, is this you
Did you actually do this transaction?
Speaker 2 (16:02):
Did you actually withdraw money from the account?
Speaker 3 (16:05):
And the reality is I get text messages at least
one to two times a quarter that are unauthorized transactions.
So if I didn't have that turned on, those transactions
would have occurred, and I would have been exploited and
I would have been compromised. So once again, small short
(16:26):
term annoyance, but long term benefits. So turn on account
activity notification on all your systems. And then the last
piece I always give is, under no circumstances should you
ever click on a link. Don't ever click on a link,
don't ever click on attachment. This just happened to one
of my friends where they're traveling in Florida. They got
(16:51):
a text notification that said, you ran one of the
fast tolls in Florida and you need to pay the
fine or you're going to have huge issue. Using problems
click on this link, and because they were in Florida,
they thought it was legit. They clicked on the link
and it was a scam. So don't ever click on
a link, don't ever open an attachment. But Eric, what
(17:12):
if my bank sends me a notification that says there's
a problem and there's a link, Go to the app,
Go to the app, log in using a valid app
to access your bank account, But never click on a
link and never open an attachment.
Speaker 1 (17:29):
Well, I'm really curious, Eric, should you have a banking
app on your phone? Yes?
Speaker 3 (17:34):
I know that's counter because a lot of security people
are like, no, don't have anything. The reality is our
phone is a trusted advisor. It's something that we have
with us and we access And here's the reality. Apps
are much more secure than websites. Apps are much.
Speaker 2 (17:52):
More secure than clicking links.
Speaker 3 (17:55):
So if you're going to use your bank, if you're
going to do online banking, if you're going to e commerce,
it's much better to use the apps. The apps have
a lot more security and a lot more protection than websites.
So the best advice I can give you is minimize
your use of websites. Maximize your use of trusted apps,
(18:16):
and that's going to also make you a lot more secure.
Speaker 1 (18:35):
We're really kind of a free for all where it's
not like the Cold War where there was one side
and the other side. It's more like between governments and
private criminal groups, et cetera. It can be coming from
anywhere at any time, and so you can't just focus
on North Korea or focus on Russia. You almost have
to focus on how you defend yourself against all the
(18:57):
attacks in every single version.
Speaker 2 (18:59):
That's very because here's the reality. There are no.
Speaker 3 (19:04):
National and international borders on the Internet. When you're on
the Internet, I can access different countries, different areas, different locations,
and there's no boundaries.
Speaker 2 (19:15):
There's nothing.
Speaker 3 (19:15):
Somebody in Russia can access servers and individuals in America
without going through customs, without presenting a passport, without going
through immigration. So the problem is, as I mentioned, the
laws were written for physical boundaries. If somebody is physically
in the United States, they have to abide by our laws.
(19:38):
If they're physically in Russia, they abide by Russian laws. Well,
on the Internet, you don't know where you're at. I
track very closely and I will tell you when I'm
surfing the Web and doing daily activity just like you
and anyone else. I'm frequently accessing servers in the Philippines
because there's a lot of data centers there. In Singapore,
(19:59):
the Middle East has a lot of data centers, Dubai,
South America, and people don't realize that even when they're
going to e commerce sites or banks or other areas
and giving away their information, those servers are often not
in the United States, which means your data and your
information is not in the United States, which means even
(20:20):
if we had privacy laws, they might not apply to
your data information if it's outside of our country. So
people just don't really understand the complexities that the Internet
is really one world.
Speaker 2 (20:34):
There's no boundaries.
Speaker 3 (20:35):
Servers can exist, data can exist anywhere, and until we
get international laws where we all cooperate and say, okay,
we're all going to work together, it's going to be
real difficult. Because this just happened this morning is I'm
working on an investigation and we found a hacking group
in Russia. We know who they are, we know where
(20:56):
they're located, we have their physical address. They're a company,
an incorporated company in Russia. But here's the problem. They're
not breaking any laws in Russia, and there's no extradition
treaty with Russia, so we know who's hurting us, who's
hurting Americans, who's stealing our information. But because there's no
international laws, there's really little we can do to stop them, which,
(21:21):
as you said, every individual has to realize they're a
target and we need to start putting measures in place
and protect us because unfortunately, until there's global laws, the
laws aren't going to be able to protect us or
keep us safe.
Speaker 1 (21:35):
Can we reverse it and use our cyber capabilities to
go back in and attack the people who are doing.
Speaker 3 (21:41):
This, We absolutely can. That's another area that we've seen
the recent presidents actually do a really good job on
Trump in his first term he was actually the first
president that actually allowed Department of Defense to launch scienceber
attacks without executive approval.
Speaker 2 (22:03):
Prior to Trump passing.
Speaker 3 (22:05):
That executive order on his first term, if the Department
of Defense wanted to launch a cyber attack and offensive operation,
they needed presidential approval. Now, China doesn't require that, Russia
doesn't require that.
Speaker 2 (22:20):
I ran in Iraq doesn't require.
Speaker 3 (22:22):
That, so we were really hamstrung in that capability. So yes,
we have to start getting more aggressive. But the other
thing we need to do is got a lot more
partnership between government and commercial organizations. In China, the Chinese
government spies and steals information from US companies for the
(22:44):
benefit of Chinese companies. In the United States, we don't
have that capability in the United States, the Department of Defense.
They can't steal corporate information and give it to US
companies because once again.
Speaker 2 (23:00):
That violates our laws.
Speaker 3 (23:02):
But if other countries, their governments are working on behalf
of local companies to help and support them, we need
to do the same thing. We need to have a
much closer partnership where we can launch offensive operations and
then the government can share that information with US companies
to help make them more competitive.
Speaker 1 (23:21):
As you think through this continuous cyber war, as I
understand that North Korea is almost entirely government run cyber war,
but Russia has a huge amount of criminal operations. Nigeria,
I think has a lot of criminal operations. So yeahther
China has a mixture of government them free enterprise entrepreneurs.
(23:45):
Is that lily to all around the world that there
are different.
Speaker 3 (23:47):
Patterns, absolutely, and you nailed it in North Korea.
Speaker 2 (23:52):
There's really no corporations.
Speaker 3 (23:54):
The government is the country and basically runs everything, so
everything is run from the govern and control by the government.
In China, it's very cooperative where companies and the government
work very closely together, so the government is going to
do attacks on the heaf of companies and vice versa.
(24:15):
Now when you get in to carriers like Russia and Nigeria,
it's interesting the commercial criminal actually helps and supports the government.
So these commercial elements are actually supporting and involved.
Speaker 2 (24:30):
A lot of government.
Speaker 3 (24:31):
Officials in Nigeria, a lot of government officials in Russia.
They're actually involved and sit on the board of these
cyber crime or criminal companies, so they're actually supporting, helping them,
and they're helping and supporting the government in return. Imagine
in the United States if we had generals and government
(24:54):
officials actually sitting on commercial boards that are doing offensive
operations to help the company but also help the country.
Speaker 2 (25:03):
It's a total mind shift.
Speaker 3 (25:05):
But the reality is until we start thinking and acting
like the adversary and started doing what the adversary does,
we're at a disadvantage. Because these other countries have commercialized cybercrime.
They're making tons of money on it. They've legalized cybercrime,
and because in the United States it's illegal, we're at
a huge disadvantage in terms of offensive operations and protecting ourselves.
Speaker 1 (25:29):
And some of these things are really big. If I'm
mumber correctly, the twenty fifteen Office of Personnel Management breach
was a huge failure. Did we learn anything from it?
Speaker 2 (25:41):
Unfortunately, very little. And the reality that.
Speaker 3 (25:45):
Is brought up that we have to recognize is social
security numbers are no longer private information.
Speaker 2 (25:53):
We have this term.
Speaker 3 (25:55):
I'm sure you've heard PII personally identifiable information or PHI
personal healthcare information, and our social security number, our driver's
license are all considered private information. And if somebody knows
my social security number, my data birth and my driver's license,
(26:16):
they can open bank accounts, they can open credit cards,
they can access information, they can access data. But as
you said, in that breach and in other breaches, a
large percent of American social security number has been compromised.
A large number of social security numbers is public information.
So now we're living in a world where a personal
(26:39):
identifiable information is actually public. Our social security number is public,
our driver's license is public.
Speaker 2 (26:45):
Yet that's what we're.
Speaker 3 (26:46):
Using to authenticate, and verify. So in terms of back
to the federal laws, we actually need to come up
with new unique identifiers for American citizens that is actually secure,
protected and not compromise. Something along the lines of biometrics.
We're actually tying it to like your fingerprint or your
(27:07):
facial idea or something that's much more difficult for somebody
to steal. But the reality is what we're using as
personal information is actually public and exposed and available to
many people.
Speaker 1 (27:19):
I mean, should people despair or how do you function
in the kind of wide open world you're describing?
Speaker 3 (27:25):
The reality is sort of two things. One is awareness
is recognizing the reality. Don't be afraid of it, don't
be terrified. I work in cybersecurity, and people like Eric,
how are you in a good mood?
Speaker 2 (27:40):
How are you not depressed?
Speaker 3 (27:41):
Them like, Because I'm aware and I understand that, I
embrace it, and then it's just doing simple things, doing
cyber hygiene. But the reality is because technology came on
so quick that most of us were not trained in school.
When I went to school, the Worldwide Web didn't exist.
There weren't cell phones, there weren't computers. They didn't teach
(28:03):
me about cyber hygiene.
Speaker 2 (28:04):
But now my.
Speaker 3 (28:05):
Kids are going to school and they're still not teaching
them about cyber hygiene.
Speaker 2 (28:10):
So to me, it's a lot of simple things.
Speaker 3 (28:11):
One is just recognize and know that you're a target,
and understand where is your information, where is your critical data?
And then understand that passwords are a thing of the past.
Passwords are no longer strong. I can crack any password.
You give me an account that uses a password, and
(28:32):
I'll break into it. And we need to really embrace
what we call two factor, a multi factor, and this
is where you get an alert to your phone. You
type in a code and start doing that. The other
thing we have to realize is free apps are not free.
Those free apps that you have on your cell phone,
they're spying on you. I always love doing this. If
we were in person, with your permission, I would ask
(28:55):
to look at your phone and go under advanced settings
and go under tracking and camera and you would probably
be shocked of how many apps are tracking your location
and how many apps are accessing your camera, or how
many apps are accessing your microphone. And the reality is
we can turn that off if we're aware. Most people
(29:16):
just are not aware of how bad the threat is,
and how open and exposed our data is.
Speaker 1 (29:22):
I'm sort of being sobered up just thinking about it.
Let me ask you specifically about North Korea, because several
people have said to me that a large part of
the North Korean military operation is actually subsidized by cybercrime,
and that if we were really serious about putting pressure
on North Korea, we would find ways to sort of
(29:43):
isolate them from a cyber theft standpoint. I mean, is
that accurate?
Speaker 3 (29:48):
It is accurate, and not just for North Korea, but
also Russia and Nigeria and Argentina and a lot of
these countries that they're realizing that competing with the United
States in traditional business is really hard. It's really difficult,
(30:08):
and I hate to say it. You heard the phrase
crime pays. It is real easy to commit cybercrime. I
often joke with my friends and family that if I
didn't have ethics and morals and I didn't love this country,
I could be a lot richer if I moved to
South America and basically was a cyber criminal.
Speaker 2 (30:28):
It is just unfortunately so easy and.
Speaker 3 (30:31):
Simple to break in to these different companies, steal information,
hold them ransom, ransomware attacks where they break in, they
steal the data unless you pay ransom. Most people don't
realize last year, in two thousand and twenty four, ransomware
attacks just in the United States against US companies was
(30:53):
over forty two billion dollars.
Speaker 1 (30:57):
Good grief.
Speaker 3 (30:58):
Now take twenty bills million of that, give that to
North Korea. Take another ten billion, give that to Russia.
So yes, imagine now a country like North Korea is
making twenty billion dollars a year on cybercrime, and they're
increasing their capabilities because guess what, it's working. We can't
(31:20):
stop them, and they're continuing to get more advanced in
their capabilities. I always laugh is we're trying to stop
North Korea from having nuclear weapons, But the reality is,
without realizing it, North Korea has built cyber security nuclear weapons.
Speaker 2 (31:39):
That are hurting and harming US, and we don't even realize.
Speaker 1 (31:41):
It that the whole system you're describing. We really have
(32:04):
to reconceptualize how we're approaching this. It's so much bigger,
so much more powerful, it has so many more threats.
You almost need to start from ground zero and try
to imagine both what would a secure effective system be
like and what would the right kind of offensive system
be to make people decide it was too expensive and
(32:27):
too painful to do things to us. I mean, it
does not require a whole new way of thinking about
the system's architecture.
Speaker 2 (32:34):
Absolutely.
Speaker 3 (32:35):
We talked about the last several years about infrastructure. There
was the trillion dollar Infrastructure Bill to sort of rebuild
the US infrastructure because it's old and it's outdata, it's antiquated.
We need a trillion dollar bill on rebuilding our cyber infrastructure.
Because the reality is the United States created the Internet.
(33:00):
If you go back to the sixties and seventies, there
was Darpernet, which was the original research project with the
Department of Advanced Research, Department of Defense that actually built
out the Internet. Well, what happened is the infrastructure of
the Internet and the United States have now become one,
which means we don't have any boundaries, we don't have
(33:22):
any protection. North Korea can disconnect from the Internet. They
know where they're connected to the Internet. Russia has done
this twice a year. Russia disconnects from the Internet for
twenty four hours to show that they can run independently.
The problem is in the United States, the Internet is
(33:43):
the United states. We can't disconnect, we can't isolate, we
can't protect. So you are spot on where we need
a huge revamping, where we need to rebuild the cyber infrastructure.
We need to rebuild how we're connected to the Internet,
and we need to create ice related countries just like
Russia and North Korea, where we could protect, secure and
(34:05):
limit who can access and what can access or information.
But until we sort of redesign our infrastructure on the
Internet and have a new cyber infrastructure, this is going
to continue to be a problem because we're trying to
fix a broken model.
Speaker 1 (34:20):
Seems smoothed. What you have is something which grew up
at hoc over a long period of time and gradually
began to attract more and more bad actors. And now
you have bad actors who have very modern technologies and
very modern approaches kind of trading a system much of
which is obsolete. This has really got to be one
(34:41):
of the profound infrastructure challenges of the Trump administration to
take this head on.
Speaker 3 (34:48):
I agree, and that's one where I love what's going
on now with government efficiency and dodge and cutting spending.
But my concern is are we focused on the right
now problem Government efficiency is an issue.
Speaker 2 (35:04):
It's an issue that we need to address. We need
to limit spending.
Speaker 3 (35:07):
Cyber security is a problem that we have to stop ignoring.
So you really summarize it so well that this administration,
to me, if they want to go down and sort
of be remembered and have a legacy, the legacy is
not going to be in government efficiency. It's not going
to be in cutting spending. It's going to be Could
this be the first administration that actually passes federal cyber
(35:32):
security laws? Could this be the first administration that passes
a trillion dollar cyber infrastructure bill that rebuilds our cyber infrastructure.
Speaker 2 (35:42):
But you're right.
Speaker 3 (35:42):
Until we start taking this seriously and Congress and the
White House and everyone starts realizing that cybersecurity is the
number one problem, we're going to continue to have these
issues and continue to be vulnerable.
Speaker 1 (35:54):
This is exactly right. And I'm really delighted that we
had this conversation because I think you put your finger
on one of the great challenges of the next ten years.
And I want to thank you for joining me. Your book,
Cyber Crisis, Protecting Your Business from Real Threats in the
Virtual World is available now on Amazon and in bookstores everywhere.
(36:14):
We're going to feature a link to buy it on
our show page, and I want to let our listeners
know they can follow your recent work by visiting your
website at doctor Ericcole dot orgon Thank you so much for.
Speaker 2 (36:25):
Being here, my pleasure, Thank you for having me.
Speaker 1 (36:31):
Thank you to my guest, doctor Eric Cole. You can
get a link to buy his new book Cyber Crisis
Protecting Your Business from Real Threats in the Virtual World
on our show page at newtsworld dot com. Newtsworld is
produced by Gamelish three sixty and iHeartMedia. Our executive producer
is Guarnsey Sloan. Our researcher is Rachel Peterson. The artwork
(36:52):
for the show was created by Steve Penley. Special thanks
to the team at Gaglish three sixty. If you've been
enjoying Newtsworld, I hope you'll go to Apple Podcast and
both rate us with five stars and give us a
review so others can learn what it's all about. Right now,
listeners of Neutrold can sign up for my three free
weekly columns at Gingrich sixty dot com slash newsletter. I'm
(37:15):
newt Gingrich. This is neut world,