[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:02.01,0:00:05.06,Default,,0000,0000,0000,,>> Brian: Welcome to the AMA\NConference Center in New York City
Dialogue: 0,0:00:05.06,0:00:09.07,Default,,0000,0000,0000,,and for those following us on\Nline, my name is Brian Cute.
Dialogue: 0,0:00:09.07,0:00:12.08,Default,,0000,0000,0000,,I am the CEO of Public Interest Registry.
Dialogue: 0,0:00:12.08,0:00:17.00,Default,,0000,0000,0000,,Public Interest Registry or PIR\Nis the operator of the dot org,
Dialogue: 0,0:00:17.00,0:00:19.01,Default,,0000,0000,0000,,top level domain on the internet.
Dialogue: 0,0:00:19.01,0:00:25.00,Default,,0000,0000,0000,,We, along with New York Tech, a New York\NCity based Technology Industry Association
Dialogue: 0,0:00:25.00,0:00:28.08,Default,,0000,0000,0000,,and the Internet Society, New\NYork Chapter want to welcome you
Dialogue: 0,0:00:28.08,0:00:35.01,Default,,0000,0000,0000,,to today's event Mitigating DDoS Attacks, Best\NPractices for an Evolving Threat Landscape.
Dialogue: 0,0:00:35.01,0:00:42.00,Default,,0000,0000,0000,,For those of you online, today's event is\Nbeing webcast at the iSock Live Stream Channel
Dialogue: 0,0:00:42.00,0:00:44.10,Default,,0000,0000,0000,,and on that channel you can also post questions.
Dialogue: 0,0:00:44.10,0:00:50.04,Default,,0000,0000,0000,,We welcome questions from our online\Naudience to bring into the Q&A session today.
Dialogue: 0,0:00:50.04,0:00:58.00,Default,,0000,0000,0000,,You can also follow the event at\Nthe hashtag DDoS and with that,
Dialogue: 0,0:00:58.00,0:01:01.05,Default,,0000,0000,0000,,let me introduce today's\Nsession, Mitigating DDoS Attacks,
Dialogue: 0,0:01:01.05,0:01:05.05,Default,,0000,0000,0000,,Best Practices for an Evolving Threat Landscape.
Dialogue: 0,0:01:05.05,0:01:09.01,Default,,0000,0000,0000,,Distributed denial of service\Nattacks are deliberate attempts
Dialogue: 0,0:01:09.01,0:01:15.01,Default,,0000,0000,0000,,to make internet connected machines or network\Nresources unavailable to their intended users
Dialogue: 0,0:01:15.01,0:01:20.10,Default,,0000,0000,0000,,by temporarily or indefinitely\Ninterrupting or suspending DNS service.
Dialogue: 0,0:01:20.10,0:01:27.05,Default,,0000,0000,0000,,Unfortunately DDoS attacks are an all to-common\Nreality across today's internet landscape.
Dialogue: 0,0:01:27.05,0:01:31.09,Default,,0000,0000,0000,,Examples abound, most recently\Nlarge-scale attacks have been directed
Dialogue: 0,0:01:31.09,0:01:36.02,Default,,0000,0000,0000,,at major U.S. banks since September of 2012.
Dialogue: 0,0:01:36.02,0:01:41.01,Default,,0000,0000,0000,,Online service providers and corporations\Naround the world are often targeted.
Dialogue: 0,0:01:41.01,0:01:46.02,Default,,0000,0000,0000,,DDoS attacks have been directed against\NGovernment websites and it's quite possible
Dialogue: 0,0:01:46.02,0:01:50.00,Default,,0000,0000,0000,,that some attacks were at\Nleast condoned by governments.
Dialogue: 0,0:01:50.00,0:01:55.06,Default,,0000,0000,0000,,Why a DDoS attack is motivated by criminal\Nintent, like Cyber Extortion or is executed
Dialogue: 0,0:01:55.06,0:01:58.07,Default,,0000,0000,0000,,as an extreme form of free expression,
Dialogue: 0,0:01:58.07,0:02:03.01,Default,,0000,0000,0000,,the resulting service interruptions\Ncan have wide ranging effects.
Dialogue: 0,0:02:03.01,0:02:08.01,Default,,0000,0000,0000,,Today's program will explore the motives\Nbehind and targets of DDoS attacks.
Dialogue: 0,0:02:08.01,0:02:13.06,Default,,0000,0000,0000,,We will address ways attacks are carried\Nout, as well as mitigation techniques
Dialogue: 0,0:02:13.06,0:02:16.02,Default,,0000,0000,0000,,and the importance of collaboration.
Dialogue: 0,0:02:16.02,0:02:23.02,Default,,0000,0000,0000,,We will also explore the risks of unintended\Nconsequences related to DDoS attacks.
Dialogue: 0,0:02:23.02,0:02:26.02,Default,,0000,0000,0000,,Now before I introduce our esteem panelists,
Dialogue: 0,0:02:26.02,0:02:31.07,Default,,0000,0000,0000,,I wanted to note that PIR recently\Nconducted a survey in the United States
Dialogue: 0,0:02:31.07,0:02:36.04,Default,,0000,0000,0000,,to test the public's awareness of\NDDoS attacks, this very important
Dialogue: 0,0:02:36.04,0:02:39.04,Default,,0000,0000,0000,,and growing problem on the internet.
Dialogue: 0,0:02:39.04,0:02:42.09,Default,,0000,0000,0000,,Among the results, we found that 85%
Dialogue: 0,0:02:42.09,0:02:47.01,Default,,0000,0000,0000,,of the respondents did not\Nknow what AD DDoS Attack was.
Dialogue: 0,0:02:47.01,0:02:48.08,Default,,0000,0000,0000,,
Dialogue: 0,0:02:48.08,0:02:53.05,Default,,0000,0000,0000,,When asked, what would you do if you were made\Naware that DDoS attacks were taking place?
Dialogue: 0,0:02:53.05,0:02:59.06,Default,,0000,0000,0000,,Among the very revealing responses\Nwere, "Call the geek squad,"
Dialogue: 0,0:02:59.06,0:03:04.08,Default,,0000,0000,0000,,which is a technical service organization\Nthat comes to fix your home computer.
Dialogue: 0,0:03:04.08,0:03:10.00,Default,,0000,0000,0000,,"Call my spouse, or go to Google."
Dialogue: 0,0:03:10.00,0:03:13.09,Default,,0000,0000,0000,,And while we're very happy to have a Google\NRepresentative here on the panel today,
Dialogue: 0,0:03:13.09,0:03:19.09,Default,,0000,0000,0000,,I think these answers reveal the depth\Nand breadth of misunderstanding and lack
Dialogue: 0,0:03:19.09,0:03:23.02,Default,,0000,0000,0000,,of awareness about this very\Nimportant problem in the public.
Dialogue: 0,0:03:23.02,0:03:28.01,Default,,0000,0000,0000,,So today we're going to try to begin\Nto chip away and provide some awareness
Dialogue: 0,0:03:28.01,0:03:30.06,Default,,0000,0000,0000,,about the important problem of DDoS attacks
Dialogue: 0,0:03:30.06,0:03:34.02,Default,,0000,0000,0000,,and how we collectively can\Naddress them effectively.
Dialogue: 0,0:03:34.02,0:03:38.02,Default,,0000,0000,0000,,So with that, let me get on to the\Nintroduction of today's panelists.
Dialogue: 0,0:03:38.02,0:03:42.05,Default,,0000,0000,0000,,Today's panelists represent a\Nvariety of organizations that operate
Dialogue: 0,0:03:42.05,0:03:45.01,Default,,0000,0000,0000,,at various points in the internet ecosystem.
Dialogue: 0,0:03:45.01,0:03:49.05,Default,,0000,0000,0000,,Their wealth of experiences and\Ninsights from industry, government,
Dialogue: 0,0:03:49.05,0:03:55.04,Default,,0000,0000,0000,,and civil society perspectives should help us\Nbetter understand the challenges of DDoS attacks
Dialogue: 0,0:03:55.04,0:03:58.09,Default,,0000,0000,0000,,and identify mitigation practices.
Dialogue: 0,0:03:58.09,0:04:03.03,Default,,0000,0000,0000,,First, at the far-end, we have Mr. Jeff Greene.
Dialogue: 0,0:04:03.03,0:04:07.08,Default,,0000,0000,0000,,Jeff serves as a senior policy\Ncouncil at Symantec.
Dialogue: 0,0:04:07.08,0:04:12.08,Default,,0000,0000,0000,,Jeff focuses on cyber security,\Nidentity management, and privacy issues
Dialogue: 0,0:04:12.08,0:04:16.08,Default,,0000,0000,0000,,and works extensively with industry\Nand government organizations.
Dialogue: 0,0:04:16.08,0:04:21.10,Default,,0000,0000,0000,,Prior to joining Symantec, Jeff was a\Nsenior staffer on both the U.S. Senate,
Dialogue: 0,0:04:21.10,0:04:25.06,Default,,0000,0000,0000,,and House Homeland Security Committees\Nand before that was an Attorney
Dialogue: 0,0:04:25.06,0:04:28.07,Default,,0000,0000,0000,,with the Washington D.C. law firm.
Dialogue: 0,0:04:28.07,0:04:30.08,Default,,0000,0000,0000,,Next we have Ram Mohan.
Dialogue: 0,0:04:30.08,0:04:36.04,Default,,0000,0000,0000,,Ram is the Executive Vice President and\NChief Technology Officer at Afilias Limited.
Dialogue: 0,0:04:36.04,0:04:41.00,Default,,0000,0000,0000,,Ram oversees key strategic management\Nand technology choices for the Dublin,
Dialogue: 0,0:04:41.00,0:04:44.07,Default,,0000,0000,0000,,Ireland based provider of\Ninternet infrastructure services.
Dialogue: 0,0:04:44.07,0:04:49.08,Default,,0000,0000,0000,,Ram also serves as a Director and Key Advisor\Nto the Internet Corporation for Assigned Names
Dialogue: 0,0:04:49.08,0:04:56.10,Default,,0000,0000,0000,,and Numbers or ICANN, The Internet Society,\Nand the Anti-Phishing Working Group.
Dialogue: 0,0:04:56.10,0:05:01.00,Default,,0000,0000,0000,,Next, we have Dr. Damian Menscher.
Dialogue: 0,0:05:01.00,0:05:06.08,Default,,0000,0000,0000,,Damian is a Security Engineer at Google\Nwhere he leads the DDoS Defense Team.
Dialogue: 0,0:05:06.08,0:05:11.07,Default,,0000,0000,0000,,Damian uses his front-line experience defending\Ntoday's largest attacks to design defenses
Dialogue: 0,0:05:11.07,0:05:15.02,Default,,0000,0000,0000,,that will automatically mitigate future attacks.
Dialogue: 0,0:05:15.02,0:05:20.08,Default,,0000,0000,0000,,He also reduces botnet sizes by directly\Ninforming users of infections on their machines
Dialogue: 0,0:05:20.08,0:05:23.04,Default,,0000,0000,0000,,that are targeted messaging on Google.
Dialogue: 0,0:05:23.04,0:05:25.00,Default,,0000,0000,0000,,Previously, Damian gained experience
Dialogue: 0,0:05:25.00,0:05:31.08,Default,,0000,0000,0000,,in large-scale data analysis while completing\Nhis PhD in Computational Particle Physics.
Dialogue: 0,0:05:31.08,0:05:33.06,Default,,0000,0000,0000,,I could barely say that.
Dialogue: 0,0:05:33.06,0:05:35.07,Default,,0000,0000,0000,,Next is Miguel Ramos.
Dialogue: 0,0:05:35.07,0:05:41.04,Default,,0000,0000,0000,,Miguel is Senior Product Manager at NewStar\NInc, responsible for NewStar site project,
Dialogue: 0,0:05:41.04,0:05:45.01,Default,,0000,0000,0000,,a leading cloud-based DDoS Mitigation Service.
Dialogue: 0,0:05:45.01,0:05:51.02,Default,,0000,0000,0000,,Mr. Ramos has extensive experience in\Nproduct management, marketing and technology.
Dialogue: 0,0:05:51.02,0:05:55.00,Default,,0000,0000,0000,,Previously Miguel was a Product Manager in\Ncharge of hosting and email product lines
Dialogue: 0,0:05:55.00,0:06:00.08,Default,,0000,0000,0000,,at Network Solutions, a leading domain\Nregistrar and online services provider.
Dialogue: 0,0:06:00.08,0:06:05.07,Default,,0000,0000,0000,,We were also to have Wout\NDeNatris from the Netherlands.
Dialogue: 0,0:06:05.07,0:06:11.07,Default,,0000,0000,0000,,Unfortunately Wout is here in New York but came\Ndown with a sudden illness of food poisoning.
Dialogue: 0,0:06:11.07,0:06:13.09,Default,,0000,0000,0000,,We regret deeply that he's\Nnot here with us today.
Dialogue: 0,0:06:13.09,0:06:18.01,Default,,0000,0000,0000,,He was very eager to be here with\Nyou and we wish him a swift recovery.
Dialogue: 0,0:06:18.01,0:06:22.02,Default,,0000,0000,0000,,Next on the panel is Danny McPherson.
Dialogue: 0,0:06:22.02,0:06:26.00,Default,,0000,0000,0000,,Danny is the Chief Security Officer\Nfor Verisign, the trusted provider
Dialogue: 0,0:06:26.00,0:06:31.04,Default,,0000,0000,0000,,of key internet infrastructure services\Nincluding two of the root servers,
Dialogue: 0,0:06:31.04,0:06:34.05,Default,,0000,0000,0000,,and the dot com and dot net name spaces.
Dialogue: 0,0:06:34.05,0:06:38.04,Default,,0000,0000,0000,,Danny is responsible for strategic\Ndirection, research and innovation
Dialogue: 0,0:06:38.04,0:06:40.09,Default,,0000,0000,0000,,in infrastructure and information security.
Dialogue: 0,0:06:40.09,0:06:45.05,Default,,0000,0000,0000,,He currently serves on the internet\Narchitecture board, ICANN security
Dialogue: 0,0:06:45.05,0:06:51.01,Default,,0000,0000,0000,,and stability advisory council, the\NFCCs communication security reliability
Dialogue: 0,0:06:51.01,0:06:55.04,Default,,0000,0000,0000,,and interoperability council and\Nseveral other industry forum.
Dialogue: 0,0:06:55.04,0:06:59.09,Default,,0000,0000,0000,,And finally, on the near-end,\Nwe have Miss Jillian York.
Dialogue: 0,0:06:59.09,0:07:06.02,Default,,0000,0000,0000,,Jillian is a Director for International Freedom\Nof Expression at Electronic Frontier Foundation
Dialogue: 0,0:07:06.02,0:07:11.03,Default,,0000,0000,0000,,where she specializes in free speech issues\Nand the effects of corporate intermediaries
Dialogue: 0,0:07:11.03,0:07:13.08,Default,,0000,0000,0000,,on freedom of expression and anonymity,
Dialogue: 0,0:07:13.08,0:07:17.07,Default,,0000,0000,0000,,as well as the disruptive power\Nof global, online activism.
Dialogue: 0,0:07:17.07,0:07:23.06,Default,,0000,0000,0000,,Prior to joining EFF, Jillian spent 3 years at\NHarvard University's Berkman Center for Internet
Dialogue: 0,0:07:23.06,0:07:29.05,Default,,0000,0000,0000,,and Society, where she worked on several\Nprojects including the open net initiative.
Dialogue: 0,0:07:29.05,0:07:32.07,Default,,0000,0000,0000,,Thank you all for coming,\Nwe appreciate your time.
Dialogue: 0,0:07:32.07,0:07:36.08,Default,,0000,0000,0000,,Now the way we're going to structure\Ntoday's event and discussion is
Dialogue: 0,0:07:36.08,0:07:42.01,Default,,0000,0000,0000,,that I will do a first round of introductory\Nremarks from each of the panelists.
Dialogue: 0,0:07:42.01,0:07:45.00,Default,,0000,0000,0000,,We'll keep it brief and we're\Nbasically going to try
Dialogue: 0,0:07:45.00,0:07:49.08,Default,,0000,0000,0000,,to set the stage, the background\Non DDoS attacks.
Dialogue: 0,0:07:49.08,0:07:56.01,Default,,0000,0000,0000,,Now before I get there, I just want to\Noffer a little reaction from the common man.
Dialogue: 0,0:07:56.01,0:07:58.02,Default,,0000,0000,0000,,"I've been in the industry myself for 10 years.
Dialogue: 0,0:07:58.02,0:08:02.10,Default,,0000,0000,0000,,I have a familiarity with DDoS\Nattacks and internet infrastructure,
Dialogue: 0,0:08:02.10,0:08:07.06,Default,,0000,0000,0000,,but in approaching this event and preparing\Nfor it, I went on line and pretended
Dialogue: 0,0:08:07.06,0:08:10.01,Default,,0000,0000,0000,,to be an average guy from Columbus, Ohio.
Dialogue: 0,0:08:10.01,0:08:16.02,Default,,0000,0000,0000,,What would I find if I'm trying to educate\Nmyself online about this serious problem?
Dialogue: 0,0:08:16.02,0:08:23.08,Default,,0000,0000,0000,,And in doing that, what jumped out to me is an\Nissue of nomenclature, an issue of language,
Dialogue: 0,0:08:23.08,0:08:27.08,Default,,0000,0000,0000,,an issue of understanding, potentially\Nbarriers to understanding and awareness."
Dialogue: 0,0:08:27.08,0:08:33.02,Default,,0000,0000,0000,,So I'm going to ask Jeff Greene to start\Npainting the picture of what DDoS attacks are
Dialogue: 0,0:08:33.02,0:08:36.03,Default,,0000,0000,0000,,and while we have a number of\Nbrilliant engineers on this panel,
Dialogue: 0,0:08:36.03,0:08:40.08,Default,,0000,0000,0000,,let me suggest that when one goes online\Nas the average guy from Columbus, Ohio,
Dialogue: 0,0:08:40.08,0:08:51.04,Default,,0000,0000,0000,,he runs into things such as, dos, DDoS, DRDoS,\NSmurf attacks, SYN floods, ping of death,
Dialogue: 0,0:08:51.04,0:08:56.07,Default,,0000,0000,0000,,attacks that are perpetrated by Trojans\Nand Zombies, attacks that are combated
Dialogue: 0,0:08:56.07,0:09:01.00,Default,,0000,0000,0000,,through techniques like Black-holing,\Nsink-holing, and intrusion protection.
Dialogue: 0,0:09:01.00,0:09:06.00,Default,,0000,0000,0000,,Our job today is to utilize the expertise\Nof these brilliant folks on our panel
Dialogue: 0,0:09:06.00,0:09:11.03,Default,,0000,0000,0000,,to help translate all of these very intimidating\Nwords around attacks on the internet
Dialogue: 0,0:09:11.03,0:09:13.00,Default,,0000,0000,0000,,so that we can raise the\Nawareness for the public.
Dialogue: 0,0:09:13.00,0:09:17.05,Default,,0000,0000,0000,,So, Jeff if you wouldn't\Nmind kicking this off for us.
Dialogue: 0,0:09:17.05,0:09:19.10,Default,,0000,0000,0000,,>> Jeff: Sure, thanks again for\Nhaving me and thanks for including me
Dialogue: 0,0:09:19.10,0:09:22.06,Default,,0000,0000,0000,,with such a great group of folks up here.
Dialogue: 0,0:09:22.06,0:09:28.03,Default,,0000,0000,0000,,I thought I'd give a little background on\Nwhat are some trends we're seeing at Symantec
Dialogue: 0,0:09:28.03,0:09:35.05,Default,,0000,0000,0000,,in DDoS attacks, motivations also, and\Nhopefully set the table for the conversation.
Dialogue: 0,0:09:35.05,0:09:40.05,Default,,0000,0000,0000,,The first thing I would start by saying is,\Nwhen you're thinking about a DDoS attack,
Dialogue: 0,0:09:40.05,0:09:44.06,Default,,0000,0000,0000,,don't conceptualize it as a\Nsingle event or a siloed activity.
Dialogue: 0,0:09:44.06,0:09:49.09,Default,,0000,0000,0000,,You really need to think about it as potentially\Npart of a larger effort directed at you
Dialogue: 0,0:09:49.09,0:09:52.00,Default,,0000,0000,0000,,or directed at an entity organization.
Dialogue: 0,0:09:52.00,0:09:55.06,Default,,0000,0000,0000,,It can still be a one-off but\Nmore often now days, it is not.
Dialogue: 0,0:09:55.06,0:10:01.10,Default,,0000,0000,0000,,In terms of motives, they can run the gamut, it\Ncan be harassment, political, it could mischief,
Dialogue: 0,0:10:01.10,0:10:06.05,Default,,0000,0000,0000,,you know there's probably still some\N15-year-old hackers in the basement somewhere.
Dialogue: 0,0:10:06.05,0:10:09.06,Default,,0000,0000,0000,,It could be someone you know, annoyed,
Dialogue: 0,0:10:09.06,0:10:14.05,Default,,0000,0000,0000,,frustrated with a particular company\Nor entity and going after them.
Dialogue: 0,0:10:14.05,0:10:16.08,Default,,0000,0000,0000,,It really runs anything.
Dialogue: 0,0:10:16.08,0:10:22.01,Default,,0000,0000,0000,,It could extortion, simple "pay me"\Ntype activity, or more common now
Dialogue: 0,0:10:22.01,0:10:28.05,Default,,0000,0000,0000,,or what we're seeing more of what we're calling\Nmulti-frank attacks and transitioning to talk
Dialogue: 0,0:10:28.05,0:10:31.01,Default,,0000,0000,0000,,about some of trends, we'll start there.
Dialogue: 0,0:10:31.01,0:10:36.03,Default,,0000,0000,0000,,If you folks saw, I think it was in October,\NDefense Secretary Panetta was talking
Dialogue: 0,0:10:36.03,0:10:40.05,Default,,0000,0000,0000,,about cyber security and one of the things\Nhe mentioned were these frank attacks
Dialogue: 0,0:10:40.05,0:10:46.08,Default,,0000,0000,0000,,and DDoS is certainly a part of them and has\Nbecome less of a blunt-force attack to more
Dialogue: 0,0:10:46.08,0:10:50.04,Default,,0000,0000,0000,,of a sophisticated diversionary\Nattack; I should say it can be.
Dialogue: 0,0:10:50.04,0:10:59.07,Default,,0000,0000,0000,,The goal, basically being drawing attention and\Nresources away from standard security to focus
Dialogue: 0,0:10:59.07,0:11:03.01,Default,,0000,0000,0000,,on this response and leaving perhaps\Nyourself open to other activity.
Dialogue: 0,0:11:03.01,0:11:10.05,Default,,0000,0000,0000,,One example that we talked about at a conference\Nearlier this year, DDoS was a big part of it
Dialogue: 0,0:11:10.05,0:11:16.02,Default,,0000,0000,0000,,but the DDoS attack happened\Nactually at the end of the activity.
Dialogue: 0,0:11:16.02,0:11:18.10,Default,,0000,0000,0000,,This particular effort was\Ndirected to mid-sized banks.
Dialogue: 0,0:11:18.10,0:11:22.09,Default,,0000,0000,0000,,It began with spear-phishing and other efforts
Dialogue: 0,0:11:22.09,0:11:25.08,Default,,0000,0000,0000,,to compromise some IT administrators\Nat the bank.
Dialogue: 0,0:11:25.08,0:11:31.04,Default,,0000,0000,0000,,Once that is successful, the bad guys will then\Nspend their time figuring out what they need
Dialogue: 0,0:11:31.04,0:11:36.03,Default,,0000,0000,0000,,and they want and it was at this point\Nthat the DDoS attack was launched in one
Dialogue: 0,0:11:36.03,0:11:38.03,Default,,0000,0000,0000,,of the cases that our folks talked about.
Dialogue: 0,0:11:38.03,0:11:43.06,Default,,0000,0000,0000,,It was done on a Friday afternoon when staffing\Nwas light, nationally resources were directed
Dialogue: 0,0:11:43.06,0:11:49.09,Default,,0000,0000,0000,,at responding to the denial service attack which\Nthen left other activities perhaps unmonitored,
Dialogue: 0,0:11:49.09,0:11:52.06,Default,,0000,0000,0000,,and that's when the criminal enterprise
Dialogue: 0,0:11:52.06,0:11:57.03,Default,,0000,0000,0000,,or individual actually began the more\Nsophisticated attack and actually traded a lot
Dialogue: 0,0:11:57.03,0:12:02.07,Default,,0000,0000,0000,,of information that allowed them to\Nclone ATM Debit and Credit Cards.
Dialogue: 0,0:12:02.07,0:12:08.07,Default,,0000,0000,0000,,There press reports about one bank having\Nlost 9 million dollars over the next 48 hours.
Dialogue: 0,0:12:08.07,0:12:11.03,Default,,0000,0000,0000,,So again, the DDoS was a big part of it
Dialogue: 0,0:12:11.03,0:12:16.01,Default,,0000,0000,0000,,because it had really facilitated the\Nability to conduct a larger crime.
Dialogue: 0,0:12:16.01,0:12:21.00,Default,,0000,0000,0000,,Another trend we're seeing is\Ncrowd sourcing of DDoS attack.
Dialogue: 0,0:12:21.00,0:12:28.01,Default,,0000,0000,0000,,You may be familiar with operation payback,\Nwhich is something that Anonymous was behind.
Dialogue: 0,0:12:28.01,0:12:34.03,Default,,0000,0000,0000,,Initially started as a response to some\Nantipiracy efforts and worked into a response
Dialogue: 0,0:12:34.03,0:12:39.05,Default,,0000,0000,0000,,when the wikileaks became\Nvery press-worthy in terms
Dialogue: 0,0:12:39.05,0:12:45.03,Default,,0000,0000,0000,,of some companies responding to the wikileaks.
Dialogue: 0,0:12:45.03,0:12:53.01,Default,,0000,0000,0000,,So social networking facilitates the crowd\Nsourcing essentially why do you need to go build
Dialogue: 0,0:12:53.01,0:12:58.01,Default,,0000,0000,0000,,up or acquire your own botnet to\Nengage in attack when you could get 100
Dialogue: 0,0:12:58.01,0:13:01.02,Default,,0000,0000,0000,,or 1,000 like-minded friends who\Nwill happily do that thinking
Dialogue: 0,0:13:01.02,0:13:03.08,Default,,0000,0000,0000,,that they're doing something\Nfor the greater good.
Dialogue: 0,0:13:03.08,0:13:09.02,Default,,0000,0000,0000,,And I would also suggest that the criminal\Nenterprises are fully aware of this
Dialogue: 0,0:13:09.02,0:13:15.09,Default,,0000,0000,0000,,and why should they expose themselves or spend\Ntheir resources if they can gin up some real
Dialogue: 0,0:13:15.09,0:13:20.04,Default,,0000,0000,0000,,or imagined front by a company they're\Ntrying to penetrate and get people
Dialogue: 0,0:13:20.04,0:13:23.07,Default,,0000,0000,0000,,to unwittingly support their efforts.
Dialogue: 0,0:13:23.07,0:13:27.03,Default,,0000,0000,0000,,Another trend is application layer attacks.
Dialogue: 0,0:13:27.03,0:13:31.03,Default,,0000,0000,0000,,More sophisticated, generally\Nyou get more bang-for-your-buck,
Dialogue: 0,0:13:31.03,0:13:34.06,Default,,0000,0000,0000,,you can have more impact with less resources.
Dialogue: 0,0:13:34.06,0:13:37.06,Default,,0000,0000,0000,,It takes a little more work, but it is something
Dialogue: 0,0:13:37.06,0:13:40.01,Default,,0000,0000,0000,,that you will see more of,\Nwe suspect going forward.
Dialogue: 0,0:13:40.01,0:13:45.00,Default,,0000,0000,0000,,Two more things, one insider\Nthreat, not strictly DDoS
Dialogue: 0,0:13:45.00,0:13:46.08,Default,,0000,0000,0000,,but it is certainly can be a part of it.
Dialogue: 0,0:13:46.08,0:13:52.00,Default,,0000,0000,0000,,What we're seeing generally with intrusions is\Nan increasing number of compromised insiders.
Dialogue: 0,0:13:52.00,0:13:55.06,Default,,0000,0000,0000,,Again, often through use of social\Nmedia, social media is wonderful.
Dialogue: 0,0:13:55.06,0:13:59.08,Default,,0000,0000,0000,,So it allows folks to figure\Nout just how to get at someone
Dialogue: 0,0:13:59.08,0:14:02.03,Default,,0000,0000,0000,,and a compromising insider\Nfacilitates the effort and again,
Dialogue: 0,0:14:02.03,0:14:05.04,Default,,0000,0000,0000,,often the DDoS is part of\Nthe culmination of it there.
Dialogue: 0,0:14:05.04,0:14:08.07,Default,,0000,0000,0000,,Finally I would say it's\Ngetting easier than ever.
Dialogue: 0,0:14:08.07,0:14:15.06,Default,,0000,0000,0000,,There are attack kits, there's malware out there\Nthat you can buy, optimized for DDoS attacks.
Dialogue: 0,0:14:15.06,0:14:17.08,Default,,0000,0000,0000,,As all the attack kits out there,
Dialogue: 0,0:14:17.08,0:14:20.06,Default,,0000,0000,0000,,they're becoming much easier\Nfor less sophisticated users.
Dialogue: 0,0:14:20.06,0:14:24.01,Default,,0000,0000,0000,,You don't have to have a lot coding\Nexpertise to get some of these up and running
Dialogue: 0,0:14:24.01,0:14:29.02,Default,,0000,0000,0000,,and have yourself an ongoing\Ncriminal enterprise.
Dialogue: 0,0:14:29.02,0:14:32.00,Default,,0000,0000,0000,,So, circling back to where I began, I\Nwould say that, you know we're here talking
Dialogue: 0,0:14:32.00,0:14:37.05,Default,,0000,0000,0000,,about DDoS attacks but I think it's important\Nin this conversation not to put it in a box
Dialogue: 0,0:14:37.05,0:14:41.01,Default,,0000,0000,0000,,and isolate it from other malicious activities\Nthat going on and other vulnerabilities
Dialogue: 0,0:14:41.01,0:14:46.05,Default,,0000,0000,0000,,and intrusions because the bad guys don't\Nthink about it that way so we really,
Dialogue: 0,0:14:46.05,0:14:51.00,Default,,0000,0000,0000,,as we're talking about responding to\Nit, make sure that we don't do the same.
Dialogue: 0,0:14:51.00,0:14:54.08,Default,,0000,0000,0000,,>> Brian: Thank you Jeff, so in listening\NI'm hearing that I have more things
Dialogue: 0,0:14:54.08,0:14:56.08,Default,,0000,0000,0000,,to be concerned about, more\Nthings to be afraid of,
Dialogue: 0,0:14:56.08,0:14:59.08,Default,,0000,0000,0000,,something called spear-phishing,\NI'm not sure what that is.
Dialogue: 0,0:14:59.08,0:15:06.01,Default,,0000,0000,0000,,That this is a broader attack profile against\Nthe internet that there's numerous points
Dialogue: 0,0:15:06.01,0:15:13.04,Default,,0000,0000,0000,,of attack and it's part a simple attack\Nthat is designed to provide misdirection
Dialogue: 0,0:15:13.04,0:15:15.02,Default,,0000,0000,0000,,so a secondary attack can happen.
Dialogue: 0,0:15:15.02,0:15:21.05,Default,,0000,0000,0000,,So clearly, this is a troubling\Nlandscape that I'm trying to sort through.
Dialogue: 0,0:15:21.05,0:15:27.05,Default,,0000,0000,0000,,Ram, as Afilias Registry Operator on the\Ninternet, you provide technical services
Dialogue: 0,0:15:27.05,0:15:30.10,Default,,0000,0000,0000,,for dot org, on the internet\Nand other top-level domains.
Dialogue: 0,0:15:30.10,0:15:36.07,Default,,0000,0000,0000,,From the Registry Operators perspective,\Nwhat is the scope of this problem?
Dialogue: 0,0:15:36.07,0:15:41.03,Default,,0000,0000,0000,,>> Ram: Thank you Brian and\Nthanks for having me here.
Dialogue: 0,0:15:41.03,0:15:44.00,Default,,0000,0000,0000,,I guess the very first thing is,\Nif you're a Registry Operator,
Dialogue: 0,0:15:44.00,0:15:49.00,Default,,0000,0000,0000,,really what you're doing is\Nyou're providing a targeted answer
Dialogue: 0,0:15:49.00,0:15:53.00,Default,,0000,0000,0000,,for where the main names are on the internet.
Dialogue: 0,0:15:53.00,0:15:58.09,Default,,0000,0000,0000,,You're in a target of directory, to a large\Nextent and that's the biggest job that you do
Dialogue: 0,0:15:58.09,0:16:04.05,Default,,0000,0000,0000,,as Registry and you get information\Nfrom people who want to buy domain names
Dialogue: 0,0:16:04.05,0:16:06.05,Default,,0000,0000,0000,,or who want to get a website going.
Dialogue: 0,0:16:06.05,0:16:09.09,Default,,0000,0000,0000,,You get information from them,\Nstore it into a large database,
Dialogue: 0,0:16:09.09,0:16:15.01,Default,,0000,0000,0000,,and the biggest thing you do is propagate it\Ninstantaneously everywhere around the world.
Dialogue: 0,0:16:15.01,0:16:21.06,Default,,0000,0000,0000,,And what that means, is that your browser,\Ntyping in redcross.org when it's sitting here
Dialogue: 0,0:16:21.06,0:16:28.00,Default,,0000,0000,0000,,or on your mobile phone, typing in redcross.org\Nwhen your perhaps in another part of the world,
Dialogue: 0,0:16:28.00,0:16:34.09,Default,,0000,0000,0000,,they all translate to get to the actual Red\NCross site, and that translation is done
Dialogue: 0,0:16:34.09,0:16:36.10,Default,,0000,0000,0000,,by the registry, by the directory.
Dialogue: 0,0:16:36.10,0:16:45.01,Default,,0000,0000,0000,,So that makes it a really interesting place to\Nattack because after all if you can compromise
Dialogue: 0,0:16:45.01,0:16:50.02,Default,,0000,0000,0000,,or if you can take down the\Nauthoritative directory for every dot or,
Dialogue: 0,0:16:50.02,0:16:53.06,Default,,0000,0000,0000,,the main-name in the world, there are\Nmore than 10 million dot org domain names.
Dialogue: 0,0:16:53.06,0:16:56.01,Default,,0000,0000,0000,,There are more than 10 million\Ndot org websites in the world.
Dialogue: 0,0:16:56.01,0:17:03.00,Default,,0000,0000,0000,,If you can take down the provider who is giving\Nthe information that says to every computer
Dialogue: 0,0:17:03.00,0:17:08.06,Default,,0000,0000,0000,,in the world, hey for a given dot\Norg, which computer should I go to?
Dialogue: 0,0:17:08.06,0:17:09.05,Default,,0000,0000,0000,,Where should I go to?
Dialogue: 0,0:17:09.05,0:17:15.01,Default,,0000,0000,0000,,If you can take them down, that's not only\Na coo, but that also is a global event.
Dialogue: 0,0:17:15.01,0:17:19.10,Default,,0000,0000,0000,,It gets you noticed, there are many motivations\Nbut that's certainly one of them, right?
Dialogue: 0,0:17:19.10,0:17:26.06,Default,,0000,0000,0000,,And that makes the order of registry, a\N[inaudible] of what we run a regular target.
Dialogue: 0,0:17:26.06,0:17:32.03,Default,,0000,0000,0000,,Up on the screen you see, this is\Nsome data from earlier in the year,
Dialogue: 0,0:17:32.03,0:17:36.01,Default,,0000,0000,0000,,gives you an idea of the scaling, the\Nkinds of attacks that come through.
Dialogue: 0,0:17:36.01,0:17:46.08,Default,,0000,0000,0000,,So that's 2012, February and from 2012 February,\Nto 2012 June, this is the number of queries,
Dialogue: 0,0:17:46.08,0:17:53.03,Default,,0000,0000,0000,,the number of a requests coming into the servers\Nthat we run worldwide asking for information
Dialogue: 0,0:17:53.03,0:17:56.00,Default,,0000,0000,0000,,about a daughter of domain name right.
Dialogue: 0,0:17:56.00,0:18:03.04,Default,,0000,0000,0000,,And much of this comes from DDoS so, the\Nfoundation for DDoS is very simple, right?
Dialogue: 0,0:18:03.04,0:18:09.05,Default,,0000,0000,0000,,It's a denial of service so all these computers\Naround the world do it, they send a request
Dialogue: 0,0:18:09.05,0:18:16.02,Default,,0000,0000,0000,,in to our server saying hey, tell me where\Na particular daughter of domain name is.
Dialogue: 0,0:18:16.02,0:18:21.06,Default,,0000,0000,0000,,And before you even respond they're gone and\Nthey come back again and they say tell me where.
Dialogue: 0,0:18:21.06,0:18:28.00,Default,,0000,0000,0000,,And they do this hundreds of millions of times\Nin, it used to be a very short timeframe,
Dialogue: 0,0:18:28.00,0:18:31.06,Default,,0000,0000,0000,,but as you can see here,\Nit's an extended timeframe.
Dialogue: 0,0:18:31.06,0:18:35.05,Default,,0000,0000,0000,,Now what we saw earlier in the year\Nwas in the space of just a few months,
Dialogue: 0,0:18:35.05,0:18:40.09,Default,,0000,0000,0000,,February through to June, we had\Na 3X increase, a 3 times increase
Dialogue: 0,0:18:40.09,0:18:44.02,Default,,0000,0000,0000,,in the total volume coming\Nin in just 4 months-time.
Dialogue: 0,0:18:44.02,0:18:50.04,Default,,0000,0000,0000,,But, if you look further, if you look in\Nthe next screen, that's not the real story.
Dialogue: 0,0:18:50.04,0:18:56.02,Default,,0000,0000,0000,,That 3X increase that I showed you\Nearlier, so that was up to 2012,
Dialogue: 0,0:18:56.02,0:19:00.03,Default,,0000,0000,0000,,June but look at what happened\Nfrom there through to September.
Dialogue: 0,0:19:00.03,0:19:06.10,Default,,0000,0000,0000,,That was a 9X increase in total volume\Ncoming through to the daughter systems.
Dialogue: 0,0:19:06.10,0:19:14.09,Default,,0000,0000,0000,,In total, from February through to September,\Nthat was an 18 times increase in volume.
Dialogue: 0,0:19:14.09,0:19:18.08,Default,,0000,0000,0000,,Not the data is interesting.
Dialogue: 0,0:19:18.08,0:19:25.08,Default,,0000,0000,0000,,The real life importance of this is if as a\Nregistry provider, if you're not provisioned
Dialogue: 0,0:19:25.08,0:19:31.06,Default,,0000,0000,0000,,and if you don't have the measures to boot the\N[inaudible] attacks are coming and then be able
Dialogue: 0,0:19:31.06,0:19:35.05,Default,,0000,0000,0000,,to take appropriate counter measures\Nwhen such attacks are coming.
Dialogue: 0,0:19:35.05,0:19:42.04,Default,,0000,0000,0000,,You could just go down and going drinking\Nwater means that every single dot org website
Dialogue: 0,0:19:42.04,0:19:47.05,Default,,0000,0000,0000,,in the world, dot org email address, okay\Nevery single thing that depends on dot org,
Dialogue: 0,0:19:47.05,0:19:55.00,Default,,0000,0000,0000,,sooner or later is not accessible on the\Ninternet and it's not happened so far,
Dialogue: 0,0:19:55.00,0:20:00.07,Default,,0000,0000,0000,,but the gap between what do you\Nprovision, and what the scale
Dialogue: 0,0:20:00.07,0:20:02.09,Default,,0000,0000,0000,,of attacks, and who was attacking you.
Dialogue: 0,0:20:02.09,0:20:06.05,Default,,0000,0000,0000,,It's a continuous cat and mouse game.
Dialogue: 0,0:20:06.05,0:20:16.02,Default,,0000,0000,0000,,The other thing that I've wanted for you to\Nknow about is the DDoS words coming from,
Dialogue: 0,0:20:16.02,0:20:26.02,Default,,0000,0000,0000,,it's often coming from your PC that is just on\Nat home, connected to your broadband connection.
Dialogue: 0,0:20:26.02,0:20:29.03,Default,,0000,0000,0000,,Just sitting there, and you\Nprobably don't even know it.
Dialogue: 0,0:20:29.03,0:20:34.06,Default,,0000,0000,0000,,If you have a good ISB, if you have a good\Ninternet provider, they probably have ways
Dialogue: 0,0:20:34.06,0:20:38.10,Default,,0000,0000,0000,,to track it and many of the internet\Nproviders these days are putting in measures
Dialogue: 0,0:20:38.10,0:20:45.02,Default,,0000,0000,0000,,to understand whether they're a DDoS\Nattack, so whether you're part of a botnet.
Dialogue: 0,0:20:45.02,0:20:48.02,Default,,0000,0000,0000,,But when we say a zombie,\Nthat's really what it is.
Dialogue: 0,0:20:48.02,0:20:56.07,Default,,0000,0000,0000,,Your computer, your computing device somewhere\Nconnected online, has been taken over,
Dialogue: 0,0:20:56.07,0:21:06.03,Default,,0000,0000,0000,,and you don't know it but it's now part of a\Nglobal group of computers that can be harnessed
Dialogue: 0,0:21:06.03,0:21:10.07,Default,,0000,0000,0000,,to attack any given target at a moment's notice.
Dialogue: 0,0:21:10.07,0:21:16.05,Default,,0000,0000,0000,,And that is pretty scary, it's a\Npretty impressive feat of engineering,
Dialogue: 0,0:21:16.05,0:21:23.08,Default,,0000,0000,0000,,but it's scary because pulling together\N5 million of these is no big deal.
Dialogue: 0,0:21:23.08,0:21:28.08,Default,,0000,0000,0000,,Pulling together 40 million of these,\Ntakes some effort but it's doable.
Dialogue: 0,0:21:28.08,0:21:35.03,Default,,0000,0000,0000,,And if you have 40 million computers\Nthat are just sending a little ping every
Dialogue: 0,0:21:35.03,0:21:40.00,Default,,0000,0000,0000,,so many milliseconds, asking for\Ninformation and then just going away,
Dialogue: 0,0:21:40.00,0:21:47.05,Default,,0000,0000,0000,,that becomes a massive problem and\Nsomething that you really have to work hard
Dialogue: 0,0:21:47.05,0:21:50.02,Default,,0000,0000,0000,,to mitigate before it overwhelms you
Dialogue: 0,0:21:50.02,0:21:54.07,Default,,0000,0000,0000,,because if it becomes a tsunami,\Nit's very hard to overcome.
Dialogue: 0,0:21:54.07,0:21:58.00,Default,,0000,0000,0000,,>> Brian: Thank you Ram and thank you for\Ngiving pictures are worth a million words
Dialogue: 0,0:21:58.00,0:22:02.07,Default,,0000,0000,0000,,and giving us a sense of the scope of\Nthe problem and also in your comments,
Dialogue: 0,0:22:02.07,0:22:07.05,Default,,0000,0000,0000,,connecting this to the "why should\NI care" question as an individual
Dialogue: 0,0:22:07.05,0:22:12.05,Default,,0000,0000,0000,,if all the dot org sites in the world go down,\Nthe organization who have that website up,
Dialogue: 0,0:22:12.05,0:22:16.04,Default,,0000,0000,0000,,whether they're an NGO or not-for-profit\Ntrying to do good in their mission
Dialogue: 0,0:22:16.04,0:22:20.08,Default,,0000,0000,0000,,or whether it's an individual\Nor a company in a dot com,
Dialogue: 0,0:22:20.08,0:22:23.08,Default,,0000,0000,0000,,having their commercial activities\Ninterrupted, that's a very serious impact.
Dialogue: 0,0:22:23.08,0:22:28.00,Default,,0000,0000,0000,,So as we move through the discussion,\Nconnecting the dots to "why should I care",
Dialogue: 0,0:22:28.00,0:22:31.06,Default,,0000,0000,0000,,the individual at home, and\Nalso the interesting thing is
Dialogue: 0,0:22:31.06,0:22:37.06,Default,,0000,0000,0000,,that I might be an unwitting participant in\Nan attack, my machine on my desk at home,
Dialogue: 0,0:22:37.06,0:22:39.04,Default,,0000,0000,0000,,and be completely unaware of this.
Dialogue: 0,0:22:39.04,0:22:42.04,Default,,0000,0000,0000,,I think we're starting to get to\Nthose issues of "why I should care".
Dialogue: 0,0:22:42.04,0:22:48.08,Default,,0000,0000,0000,,So next, let's get to I think,\Nit's Dr. Damian Menscher.
Dialogue: 0,0:22:48.08,0:22:53.07,Default,,0000,0000,0000,,So we've heard from a Registry Operator\Nnow from an online service provider,
Dialogue: 0,0:22:53.07,0:22:57.04,Default,,0000,0000,0000,,in this case Google, the leading search engine.
Dialogue: 0,0:22:57.04,0:23:03.10,Default,,0000,0000,0000,,Damian with Google's breadth and depth of\Ntechnology and reach, this certainly can't be
Dialogue: 0,0:23:03.10,0:23:06.08,Default,,0000,0000,0000,,that big of a concern for a\Ncompany the size of Google, right?
Dialogue: 0,0:23:06.08,0:23:09.06,Default,,0000,0000,0000,,Tell me why I'm wrong.
Dialogue: 0,0:23:09.06,0:23:15.00,Default,,0000,0000,0000,,>> Damian: Right because we have a team\Nof people that worries about this stuff.
Dialogue: 0,0:23:15.00,0:23:19.01,Default,,0000,0000,0000,,So, most people don't realize that\NGoogle is actually regularly attacked.
Dialogue: 0,0:23:19.01,0:23:24.10,Default,,0000,0000,0000,,The reasons you'd sort of wonder why\Nwould anyone have anything against Google?
Dialogue: 0,0:23:24.10,0:23:27.04,Default,,0000,0000,0000,,Well it turns out we actually\Nhost a lot of user content,
Dialogue: 0,0:23:27.04,0:23:31.10,Default,,0000,0000,0000,,so blogspy includes random user\Ncontent from people all over the world.
Dialogue: 0,0:23:31.10,0:23:34.01,Default,,0000,0000,0000,,Sometimes that's controversial.
Dialogue: 0,0:23:34.01,0:23:38.03,Default,,0000,0000,0000,,Similarly u-Tube might have\Na controversial video on it
Dialogue: 0,0:23:38.03,0:23:43.03,Default,,0000,0000,0000,,and so frequently these sorts\Nof sites do get attacked.
Dialogue: 0,0:23:43.03,0:23:49.00,Default,,0000,0000,0000,,And it's not just DNSs as previously mentioned,\Nit's you know, we see application layer attacks
Dialogue: 0,0:23:49.00,0:23:54.00,Default,,0000,0000,0000,,where they'll dispatch the same homepage\Nover and over again at very high rates,
Dialogue: 0,0:23:54.00,0:23:59.01,Default,,0000,0000,0000,,you know upwards of maybe\Na million times a second.
Dialogue: 0,0:23:59.01,0:24:03.10,Default,,0000,0000,0000,,So, you've also probably noticed that we're\Nnever actually down so, if you want to talk
Dialogue: 0,0:24:03.10,0:24:06.05,Default,,0000,0000,0000,,about how we do that, if\Nyou go to the first slide.
Dialogue: 0,0:24:06.05,0:24:13.01,Default,,0000,0000,0000,,So we benefit a lot from economy of scale\Nwhen you look at most small websites,
Dialogue: 0,0:24:13.01,0:24:16.04,Default,,0000,0000,0000,,there might be a thousand\Nwebsites hosted on a single machine
Dialogue: 0,0:24:16.04,0:24:19.00,Default,,0000,0000,0000,,because they don't get very much traffic.
Dialogue: 0,0:24:19.00,0:24:22.09,Default,,0000,0000,0000,,We sort of turned that around and we might\Nhave a thousand machines hosting one website.
Dialogue: 0,0:24:22.09,0:24:28.09,Default,,0000,0000,0000,,You know Google.com is a big website,\Nit doesn't fit on a single machine.
Dialogue: 0,0:24:28.09,0:24:32.07,Default,,0000,0000,0000,,So we do benefit a lot from the economy of scale
Dialogue: 0,0:24:32.07,0:24:36.03,Default,,0000,0000,0000,,and pooling our defense resources\Nacross our various properties.
Dialogue: 0,0:24:36.03,0:24:41.00,Default,,0000,0000,0000,,But, go to the next slide, you have\Nto be a little bit careful about this
Dialogue: 0,0:24:41.00,0:24:44.06,Default,,0000,0000,0000,,if you put everything together,\Nyou also have some risk.
Dialogue: 0,0:24:44.06,0:24:52.01,Default,,0000,0000,0000,,So, I wanted to talk briefly about how\Nwe deal with this and this also is,
Dialogue: 0,0:24:52.01,0:24:56.02,Default,,0000,0000,0000,,as Jeff had mentioned, we have to be careful
Dialogue: 0,0:24:56.02,0:24:59.06,Default,,0000,0000,0000,,that we don't distract our security\Nteam when there is a dos attack.
Dialogue: 0,0:24:59.06,0:25:03.10,Default,,0000,0000,0000,,If we have one team that\Nfocuses on all of security,
Dialogue: 0,0:25:03.10,0:25:06.09,Default,,0000,0000,0000,,then when there's a dos attack we might\Nbe looking at that and miss other things.
Dialogue: 0,0:25:06.09,0:25:14.07,Default,,0000,0000,0000,,So, what we do actually is, go\Non, we have layered defenses.
Dialogue: 0,0:25:14.07,0:25:18.03,Default,,0000,0000,0000,,So we have a separate team that\Nfocuses on dos attacks so that
Dialogue: 0,0:25:18.03,0:25:21.01,Default,,0000,0000,0000,,when there's an attack we don't\Nlose sight of the other attacks
Dialogue: 0,0:25:21.01,0:25:24.10,Default,,0000,0000,0000,,that are happening against us every day.
Dialogue: 0,0:25:24.10,0:25:32.06,Default,,0000,0000,0000,,And, basically we focus on having layered\Ndefenses so; this is a very rough sketch
Dialogue: 0,0:25:32.06,0:25:33.07,Default,,0000,0000,0000,,of what our network might look like.
Dialogue: 0,0:25:33.07,0:25:37.06,Default,,0000,0000,0000,,We don't see the internet\Nnecessarily as a single cloud.
Dialogue: 0,0:25:37.06,0:25:43.09,Default,,0000,0000,0000,,We see it as multiple clouds because we\Npeer directly with several major ISPs.
Dialogue: 0,0:25:43.09,0:25:48.00,Default,,0000,0000,0000,,We go through a layer of\Nload balancing at our network
Dialogue: 0,0:25:48.00,0:25:54.10,Default,,0000,0000,0000,,so if any particular network device gets\Noverloaded, we can work around that.
Dialogue: 0,0:25:54.10,0:26:01.03,Default,,0000,0000,0000,,Then we go through a layer of load balancing\Nwithin our own network to eventually get
Dialogue: 0,0:26:01.03,0:26:05.09,Default,,0000,0000,0000,,to the backend that are the\Nwebservers, serving the actual content.
Dialogue: 0,0:26:05.09,0:26:08.08,Default,,0000,0000,0000,,And so by doing this, we're\Nable to shift traffic
Dialogue: 0,0:26:08.08,0:26:13.04,Default,,0000,0000,0000,,around to avoid any damage\Nfrom the attack traffic.
Dialogue: 0,0:26:13.04,0:26:17.04,Default,,0000,0000,0000,,We also have many layers of which we\Ncan filter out the bad traffic so,
Dialogue: 0,0:26:17.04,0:26:22.06,Default,,0000,0000,0000,,at the very edge of our network we might be able\Nto filter out some of the more obvious attacks,
Dialogue: 0,0:26:22.06,0:26:30.08,Default,,0000,0000,0000,,but as you get deeper in or more sophisticated\Nattacks, we filter them at other places.
Dialogue: 0,0:26:30.08,0:26:37.04,Default,,0000,0000,0000,,Another thing I want to mention though is, this\Nstyle works really well for a very large company
Dialogue: 0,0:26:37.04,0:26:42.08,Default,,0000,0000,0000,,like Google, but most of you are probably more\Ninterested in how to defend the small site
Dialogue: 0,0:26:42.08,0:26:51.06,Default,,0000,0000,0000,,and the best advice I have there is that\Nthe user comment of going to Google,
Dialogue: 0,0:26:51.06,0:26:54.07,Default,,0000,0000,0000,,might actually make sense if\Nthey host their site on Google,
Dialogue: 0,0:26:54.07,0:26:56.10,Default,,0000,0000,0000,,they automatically benefit from our defenses.
Dialogue: 0,0:26:56.10,0:26:58.10,Default,,0000,0000,0000,,They won't even know they're being attacked.
Dialogue: 0,0:26:58.10,0:27:04.05,Default,,0000,0000,0000,,And we frequently do see cases of\Norganizations that are under a heavy, dos attack
Dialogue: 0,0:27:04.05,0:27:09.08,Default,,0000,0000,0000,,and they just quickly setup a site on\Nblogger saying, "Hey, we're being attacked.
Dialogue: 0,0:27:09.08,0:27:12.02,Default,,0000,0000,0000,,We're going to use this for\Nour communication for now."
Dialogue: 0,0:27:12.02,0:27:17.04,Default,,0000,0000,0000,,That's actually, at one point, the\Ncountry of Georgia had their ministry
Dialogue: 0,0:27:17.04,0:27:23.10,Default,,0000,0000,0000,,of foreign affairs host their site on blogger\Nwhich was entertaining for me to say, like oh,
Dialogue: 0,0:27:23.10,0:27:28.06,Default,,0000,0000,0000,,what are we going to see as a result of this?
Dialogue: 0,0:27:28.06,0:27:33.06,Default,,0000,0000,0000,,But the other thing is just making sure that\Nyou are pooling your resources with others
Dialogue: 0,0:27:33.06,0:27:40.01,Default,,0000,0000,0000,,in your organization, there are other cloud\Nbased dos mitigation providers that sort
Dialogue: 0,0:27:40.01,0:27:47.05,Default,,0000,0000,0000,,of aggregate resources from several different\Nclients and can provide good defenses for you.
Dialogue: 0,0:27:47.05,0:27:50.06,Default,,0000,0000,0000,,>> Brian: Thank you Damian, and love ice.
Dialogue: 0,0:27:50.06,0:27:52.02,Default,,0000,0000,0000,,It's terrific.
Dialogue: 0,0:27:52.02,0:27:55.09,Default,,0000,0000,0000,,>> Damian: Also our PR people would\Nwant me to say it's not as weak
Dialogue: 0,0:27:55.09,0:27:59.03,Default,,0000,0000,0000,,as eggs, you know like fortified eggs.
Dialogue: 0,0:27:59.03,0:28:00.08,Default,,0000,0000,0000,,>> Brian: Boiled eggs.
Dialogue: 0,0:28:00.08,0:28:02.09,Default,,0000,0000,0000,,[Laughter] No terrific, thank you.
Dialogue: 0,0:28:02.09,0:28:04.08,Default,,0000,0000,0000,,>> Damian: Each layer is very strong.
Dialogue: 0,0:28:04.08,0:28:08.10,Default,,0000,0000,0000,,>> Brian: Thank you and you know,\Nfully appreciating your remarks too,
Dialogue: 0,0:28:08.10,0:28:15.02,Default,,0000,0000,0000,,one thing that jumped out to me is that I\Nthink one of the challenges we all share
Dialogue: 0,0:28:15.02,0:28:19.08,Default,,0000,0000,0000,,in this space is that from the user perspective,\Nand I'm going to try to keep bringing us back
Dialogue: 0,0:28:19.08,0:28:25.06,Default,,0000,0000,0000,,to the user and the average person at home,\Nis that this problem, there's a low level
Dialogue: 0,0:28:25.06,0:28:30.01,Default,,0000,0000,0000,,of awareness and one of the reasons is\Nbecause as very responsible service providers
Dialogue: 0,0:28:30.01,0:28:35.01,Default,,0000,0000,0000,,like Google and the other's on this panel,\Nyou've taken on the challenge and objective
Dialogue: 0,0:28:35.01,0:28:38.00,Default,,0000,0000,0000,,of staying up and not being\Ntaken down by DDoS attack.
Dialogue: 0,0:28:38.00,0:28:44.08,Default,,0000,0000,0000,,You've been successful to date and as\Nsuch, users who have their sites on Google,
Dialogue: 0,0:28:44.08,0:28:49.08,Default,,0000,0000,0000,,the DNS is sometimes thought of like\Nelectricity, you know it's just there.
Dialogue: 0,0:28:49.08,0:28:52.01,Default,,0000,0000,0000,,It's my website is up, the internet is up.
Dialogue: 0,0:28:52.01,0:28:55.00,Default,,0000,0000,0000,,I only notice it when it goes down.
Dialogue: 0,0:28:55.00,0:28:59.03,Default,,0000,0000,0000,,I only become aware there's a\Nproblem when there's a problem.
Dialogue: 0,0:28:59.03,0:29:03.02,Default,,0000,0000,0000,,So interesting thought, let's\Nkeep coming back to that
Dialogue: 0,0:29:03.02,0:29:05.06,Default,,0000,0000,0000,,"why should the individual,\Nwhy should the user care?"
Dialogue: 0,0:29:05.06,0:29:08.04,Default,,0000,0000,0000,,How do we get this on their\Nradar screen in a meaningful way
Dialogue: 0,0:29:08.04,0:29:10.09,Default,,0000,0000,0000,,so they can become part of the solution?
Dialogue: 0,0:29:10.09,0:29:14.00,Default,,0000,0000,0000,,So with that thought let's go to Miguel.
Dialogue: 0,0:29:14.00,0:29:20.01,Default,,0000,0000,0000,,And Miguel we're going to ask you to\Nfocus on specifically corporate responses
Dialogue: 0,0:29:20.01,0:29:25.07,Default,,0000,0000,0000,,from the perspective of a third-party\Nmitigation service provider.
Dialogue: 0,0:29:25.07,0:29:26.10,Default,,0000,0000,0000,,>> Miguel: Sure and thank you Brian.
Dialogue: 0,0:29:26.10,0:29:33.01,Default,,0000,0000,0000,,I'm going to dovetail on some of\Nthe things that Damian was saying.
Dialogue: 0,0:29:33.01,0:29:38.02,Default,,0000,0000,0000,,A lot of organizations and a lot of\Npeople don't understand or know about DDoS
Dialogue: 0,0:29:38.02,0:29:42.08,Default,,0000,0000,0000,,and don't see an issue until\Nit actually happens to them.
Dialogue: 0,0:29:42.08,0:29:46.07,Default,,0000,0000,0000,,And at that point, a lot of\Norganizations are kind of scrambling,
Dialogue: 0,0:29:46.07,0:29:51.04,Default,,0000,0000,0000,,trying to figure out what it is that they\Ncan potentially do to deal with this issue.
Dialogue: 0,0:29:51.04,0:29:57.04,Default,,0000,0000,0000,,And they most likely go to Google to try\Nto determine and try to find an answer.
Dialogue: 0,0:29:57.04,0:30:03.02,Default,,0000,0000,0000,,So, a lot of people don't think about\Nthis because they assume that their ISP
Dialogue: 0,0:30:03.02,0:30:07.02,Default,,0000,0000,0000,,or their hoster is actually going to\Ntake care of the problem for them.
Dialogue: 0,0:30:07.02,0:30:13.01,Default,,0000,0000,0000,,Actually, what tends to happen is that when\Nan organization is under heavy DDoS attack,
Dialogue: 0,0:30:13.01,0:30:17.06,Default,,0000,0000,0000,,the ISP and the hoster is looking\Nat protecting their own assets
Dialogue: 0,0:30:17.06,0:30:21.02,Default,,0000,0000,0000,,and will most likely just shut you down.
Dialogue: 0,0:30:21.02,0:30:24.00,Default,,0000,0000,0000,,And so they might contact you and\Ntell you you're under a DDoS attack
Dialogue: 0,0:30:24.00,0:30:27.02,Default,,0000,0000,0000,,but they may not help you through it.
Dialogue: 0,0:30:27.02,0:30:33.04,Default,,0000,0000,0000,,So, there are some things that organizations\Ncan do to help mitigate this risk.
Dialogue: 0,0:30:33.04,0:30:37.05,Default,,0000,0000,0000,,Some organizations look at dealing\Nwith the DDoS problem themselves.
Dialogue: 0,0:30:37.05,0:30:39.00,Default,,0000,0000,0000,,They'll look at buying their own hardware;
Dialogue: 0,0:30:39.00,0:30:42.03,Default,,0000,0000,0000,,they'll look at provisioning\Nbandwidth, etcetera.
Dialogue: 0,0:30:42.03,0:30:47.00,Default,,0000,0000,0000,,Unfortunately a lot of organizations don't\Nhave the resources to be able to do that.
Dialogue: 0,0:30:47.00,0:30:51.04,Default,,0000,0000,0000,,And it doesn't necessarily make sense for\Na lot of organizations because it's sort
Dialogue: 0,0:30:51.04,0:30:56.10,Default,,0000,0000,0000,,of an arms-race and it's hard to spend\Nyour way out of dealing with this problem
Dialogue: 0,0:30:56.10,0:31:01.09,Default,,0000,0000,0000,,as attacks larger and larger and\Nmore complicated and etcetera.
Dialogue: 0,0:31:01.09,0:31:09.06,Default,,0000,0000,0000,,So, there some third-party options that\Norganizations can look at that I would kind
Dialogue: 0,0:31:09.06,0:31:15.09,Default,,0000,0000,0000,,of consider to be the infrastructure as a\Nservice that can be used on an on-demand basis
Dialogue: 0,0:31:15.09,0:31:19.07,Default,,0000,0000,0000,,to help organizations deal with\NDDoS attack when they happen.
Dialogue: 0,0:31:19.07,0:31:26.07,Default,,0000,0000,0000,,So the idea is simply, you don't necessarily\Nhave to over-provision all hardware,
Dialogue: 0,0:31:26.07,0:31:29.04,Default,,0000,0000,0000,,bandwidth, etcetera to deal with the risk.
Dialogue: 0,0:31:29.04,0:31:36.02,Default,,0000,0000,0000,,You can potentially use the third-party that has\Nthat capacity and capability when you need it.
Dialogue: 0,0:31:36.02,0:31:42.04,Default,,0000,0000,0000,,And you know at that point you're looking at\Noptions like content distribution networks,
Dialogue: 0,0:31:42.04,0:31:47.09,Default,,0000,0000,0000,,they can potentially help deal with\Nabsorbing some of this traffic and keeping
Dialogue: 0,0:31:47.09,0:31:49.08,Default,,0000,0000,0000,,that traffic away from your network.
Dialogue: 0,0:31:49.08,0:31:55.06,Default,,0000,0000,0000,,There's also cloud-based providers that\Nspecifically focus on the DDoS problem
Dialogue: 0,0:31:55.06,0:31:59.04,Default,,0000,0000,0000,,and the idea there is if you're under an attack,
Dialogue: 0,0:31:59.04,0:32:03.08,Default,,0000,0000,0000,,your organization can potentially redirect\Nthe traffic over to a cloud-based provider
Dialogue: 0,0:32:03.08,0:32:08.04,Default,,0000,0000,0000,,that can absorb the traffic that\Nknows how to mitigate and deal
Dialogue: 0,0:32:08.04,0:32:12.08,Default,,0000,0000,0000,,with [inaudible] service attacks and then\Nsends you basically the clean traffic.
Dialogue: 0,0:32:12.08,0:32:19.03,Default,,0000,0000,0000,,It's sort of kind of putting a shield in front\Nof your infrastructure on a non-demand basis
Dialogue: 0,0:32:19.03,0:32:21.04,Default,,0000,0000,0000,,when you're dealing with these attacks.
Dialogue: 0,0:32:21.04,0:32:28.09,Default,,0000,0000,0000,,So, infrastructure as a service is something\Nthat is more affordable for organizations
Dialogue: 0,0:32:28.09,0:32:32.02,Default,,0000,0000,0000,,and something that organizations are\Nstarting to look at more and more
Dialogue: 0,0:32:32.02,0:32:35.09,Default,,0000,0000,0000,,as a way to deal with this DDoS issue.
Dialogue: 0,0:32:35.09,0:32:38.00,Default,,0000,0000,0000,,And certainly, there's a lot\Nof information about that
Dialogue: 0,0:32:38.00,0:32:42.01,Default,,0000,0000,0000,,on Google and it's key to become informed.
Dialogue: 0,0:32:42.01,0:32:46.07,Default,,0000,0000,0000,,>> Brian: Thanks Miguel, so we're beginning to\Nget a clear picture of the scope of the problem
Dialogue: 0,0:32:46.07,0:32:52.06,Default,,0000,0000,0000,,from a number of different perspectives and in\Naddition to service providers such as Google
Dialogue: 0,0:32:52.06,0:32:58.02,Default,,0000,0000,0000,,and Afilias, Verisign and NewStar maintaining\Ntheir services in a way that keeps them
Dialogue: 0,0:32:58.02,0:33:01.03,Default,,0000,0000,0000,,up 24/7 and addresses these attacks.
Dialogue: 0,0:33:01.03,0:33:06.03,Default,,0000,0000,0000,,There are 4 certain organizations\Nspecific resources available if needed
Dialogue: 0,0:33:06.03,0:33:11.06,Default,,0000,0000,0000,,and that's interesting as we're\Nbeginning to, after setting the scene,
Dialogue: 0,0:33:11.06,0:33:16.04,Default,,0000,0000,0000,,now let's transition towards those solutions\Nas mitigation efforts, the services that are
Dialogue: 0,0:33:16.04,0:33:20.07,Default,,0000,0000,0000,,out there to design specifically\Nto provide additional protection.
Dialogue: 0,0:33:20.07,0:33:28.01,Default,,0000,0000,0000,,As we transition, Danny I want you to help the\Naudience understand some domestic initiatives
Dialogue: 0,0:33:28.01,0:33:32.05,Default,,0000,0000,0000,,such as the anti-botnet work\Nundertaken by CSIRC and help us to begin
Dialogue: 0,0:33:32.05,0:33:38.02,Default,,0000,0000,0000,,to understand how we can begin to collectively\Ncome together to address this problem.
Dialogue: 0,0:33:38.02,0:33:39.01,Default,,0000,0000,0000,,>> Danny: Yes sir thanks Brian.
Dialogue: 0,0:33:39.01,0:33:43.06,Default,,0000,0000,0000,,So there have been a large number\Nof clamber of efforts between public
Dialogue: 0,0:33:43.06,0:33:50.04,Default,,0000,0000,0000,,and private sector related to botnet infections,\Ncompromised machines, male code proliferation,
Dialogue: 0,0:33:50.04,0:33:55.08,Default,,0000,0000,0000,,virulence of threats on the internet, just\Nthis broad swath of malicious activity.
Dialogue: 0,0:33:55.08,0:34:01.00,Default,,0000,0000,0000,,It's a nontrivial problem to solve because the\NISPs for example, a lot of folks point fingers
Dialogue: 0,0:34:01.00,0:34:05.01,Default,,0000,0000,0000,,at the ISPs, but the ISPs don't [inaudible]\Nsystems, their [inaudible] system in particular,
Dialogue: 0,0:34:05.01,0:34:10.04,Default,,0000,0000,0000,,the broadband ISP user residential\Nconsumers that acquire service from the ISP,
Dialogue: 0,0:34:10.04,0:34:14.01,Default,,0000,0000,0000,,and the ISP shouldn't be looking\Nat their traffic and you know
Dialogue: 0,0:34:14.01,0:34:17.02,Default,,0000,0000,0000,,and they have privacy concerns or other things.
Dialogue: 0,0:34:17.02,0:34:21.02,Default,,0000,0000,0000,,So, what sort of controls the capabilities\Nof the ISPs actually add to help them.
Dialogue: 0,0:34:21.02,0:34:24.02,Default,,0000,0000,0000,,So a number of efforts have\Nbeen underway actually.
Dialogue: 0,0:34:24.02,0:34:27.08,Default,,0000,0000,0000,,One such example is the FCC sizerk3,
Dialogue: 0,0:34:27.08,0:34:31.02,Default,,0000,0000,0000,,working group 7 recently published\Nsomething called the ABC for ISPs
Dialogue: 0,0:34:31.02,0:34:36.10,Default,,0000,0000,0000,,and it's basically the anti-botnet code and\Nthey develop with a number of other folks
Dialogue: 0,0:34:36.10,0:34:42.01,Default,,0000,0000,0000,,in the industry monolog messaging and ANIB's\Nworking group as well as some publication
Dialogue: 0,0:34:42.01,0:34:48.04,Default,,0000,0000,0000,,in the IETF and broader participation,\Nactually internationally from folks from Japan,
Dialogue: 0,0:34:48.04,0:34:53.04,Default,,0000,0000,0000,,Cyber Clean to Australia, Finland,\NGermany, other folks and it basically talks
Dialogue: 0,0:34:53.04,0:34:58.02,Default,,0000,0000,0000,,about some fundamental things that ISPs\Ncan do to help educate, protect, notify,
Dialogue: 0,0:34:58.02,0:35:02.01,Default,,0000,0000,0000,,detect malicious threats associated with their\Nconsumers and then activity they might take
Dialogue: 0,0:35:02.01,0:35:04.08,Default,,0000,0000,0000,,to help to clean that problem or sanitize
Dialogue: 0,0:35:04.08,0:35:07.01,Default,,0000,0000,0000,,or provide a little better\Nhygiene on their infrastructure.
Dialogue: 0,0:35:07.01,0:35:12.08,Default,,0000,0000,0000,,So, one pointer there is one of the\Nreports, the ABCs again, for ISPs,
Dialogue: 0,0:35:12.08,0:35:20.04,Default,,0000,0000,0000,,you can find it on the [inaudible] website\Nor the FCC sizerk3, working group 7 webpage
Dialogue: 0,0:35:20.04,0:35:25.04,Default,,0000,0000,0000,,that you can find easily via Google\Nand so that's certainly one effort.
Dialogue: 0,0:35:25.04,0:35:27.08,Default,,0000,0000,0000,,One of the fundamental things,\Ngoing back to the user,
Dialogue: 0,0:35:27.08,0:35:30.00,Default,,0000,0000,0000,,is there anyone on the receiving\Nend of a DDoS attack?
Dialogue: 0,0:35:30.00,0:35:33.08,Default,,0000,0000,0000,,What you should definitely be looking at\Nis sort of what enables your business?
Dialogue: 0,0:35:33.08,0:35:37.00,Default,,0000,0000,0000,,Most of the folks on this panel, you\Nknow network is our business all right,
Dialogue: 0,0:35:37.00,0:35:39.07,Default,,0000,0000,0000,,we're going to focus on providing\Nnetwork services and availability.
Dialogue: 0,0:35:39.07,0:35:44.00,Default,,0000,0000,0000,,We're absolutely committed to the security and\Nstability of our infrastructure and services,
Dialogue: 0,0:35:44.00,0:35:47.01,Default,,0000,0000,0000,,but a lot of folks, network\Nenables their business.
Dialogue: 0,0:35:47.01,0:35:52.04,Default,,0000,0000,0000,,It enables your email or your web\Npresents or your small business
Dialogue: 0,0:35:52.04,0:35:54.06,Default,,0000,0000,0000,,or your e-commerce or retail site.
Dialogue: 0,0:35:54.06,0:35:59.00,Default,,0000,0000,0000,,And so irrespective of what\Nit is, you absolutely need
Dialogue: 0,0:35:59.00,0:36:03.05,Default,,0000,0000,0000,,to consider what the critical network assets\Nare or the critical assets across the board
Dialogue: 0,0:36:03.05,0:36:11.00,Default,,0000,0000,0000,,to your organization and you identify those, you\Nsay what's the impact of an availability issue
Dialogue: 0,0:36:11.00,0:36:16.06,Default,,0000,0000,0000,,or security issue or a compromise of\Ninformation impacting those assets?
Dialogue: 0,0:36:16.06,0:36:21.03,Default,,0000,0000,0000,,And how might I put controls in place to\Nhelp mitigate that or to at least have a plan
Dialogue: 0,0:36:21.03,0:36:26.08,Default,,0000,0000,0000,,to respond if there's a DDoS attack or a breach\Ninside my infrastructure, those sorts of things.
Dialogue: 0,0:36:26.08,0:36:31.06,Default,,0000,0000,0000,,You know one of the things that I've seen in\Nthe past, we did this survey for several years,
Dialogue: 0,0:36:31.06,0:36:35.04,Default,,0000,0000,0000,,a previous employer of mine, and\Nmost of the folks that responded
Dialogue: 0,0:36:35.04,0:36:39.06,Default,,0000,0000,0000,,to this infrastructure security survey didn't\Nactually even have an incident response team
Dialogue: 0,0:36:39.06,0:36:42.07,Default,,0000,0000,0000,,in place in their organization\Neven if it's an over-lay team,
Dialogue: 0,0:36:42.07,0:36:44.06,Default,,0000,0000,0000,,much less an incident response plan.
Dialogue: 0,0:36:44.06,0:36:47.08,Default,,0000,0000,0000,,And if you don't have an incident response plan,\Nyou're certainly not going to exercise that
Dialogue: 0,0:36:47.08,0:36:51.07,Default,,0000,0000,0000,,and so you really don't want to be on the\Nreceiving end of something like a DDoS attack
Dialogue: 0,0:36:51.07,0:36:56.06,Default,,0000,0000,0000,,and not have a book in someone's hand that\Nsays this is the phone number I call for my ISP
Dialogue: 0,0:36:56.06,0:37:01.04,Default,,0000,0000,0000,,or for my national curator for my vendor that\Nprovides a certain service or capability to me,
Dialogue: 0,0:37:01.04,0:37:05.06,Default,,0000,0000,0000,,so I think it sort of starts with those\Nfundamentals, identifying critical assets,
Dialogue: 0,0:37:05.06,0:37:09.04,Default,,0000,0000,0000,,understanding what the options are to\Nprotect the things that are critical to you.
Dialogue: 0,0:37:09.04,0:37:13.07,Default,,0000,0000,0000,,If it's moving services to cloud infrastructure,\Nacquiring protection services for those,
Dialogue: 0,0:37:13.07,0:37:16.08,Default,,0000,0000,0000,,putting your own controls in\Nplace, but you definitely need
Dialogue: 0,0:37:16.08,0:37:18.01,Default,,0000,0000,0000,,to consider that in your environment.
Dialogue: 0,0:37:18.01,0:37:19.04,Default,,0000,0000,0000,,Consider what the impact would be.
Dialogue: 0,0:37:19.04,0:37:23.03,Default,,0000,0000,0000,,These are a real risk to your\Nbusiness and your operations and so,
Dialogue: 0,0:37:23.03,0:37:27.00,Default,,0000,0000,0000,,I think fundamentally that's sort of\Nwhere I would recommend you start, Brian.
Dialogue: 0,0:37:27.00,0:37:32.09,Default,,0000,0000,0000,,>> Brian: Thanks Danny, so interesting\Nin your comments, you mentioned ISPs,
Dialogue: 0,0:37:32.09,0:37:37.03,Default,,0000,0000,0000,,we've got registry operators, you've got online\Nservice providers, we've got search engines,
Dialogue: 0,0:37:37.03,0:37:43.02,Default,,0000,0000,0000,,so we really have a number of different\Nservice providers in this community
Dialogue: 0,0:37:43.02,0:37:45.09,Default,,0000,0000,0000,,that helps keep the internet\Nup in a collaborative way.
Dialogue: 0,0:37:45.09,0:37:52.01,Default,,0000,0000,0000,,The siezerk effort for ISPs in particular\Nsounds interesting and what we want to get
Dialogue: 0,0:37:52.01,0:37:56.05,Default,,0000,0000,0000,,at a little bit later in the conversation is\Na cross this community of service providers
Dialogue: 0,0:37:56.05,0:38:00.03,Default,,0000,0000,0000,,who I assume have different roles and maybe\Ndifferent responsibilities in some ways,
Dialogue: 0,0:38:00.03,0:38:05.06,Default,,0000,0000,0000,,how do we build on the collaboration that you've\Nbegun to speak about and also interestingly,
Dialogue: 0,0:38:05.06,0:38:09.03,Default,,0000,0000,0000,,you spoke to the organization and\Nwhat they should have in place.
Dialogue: 0,0:38:09.03,0:38:14.00,Default,,0000,0000,0000,,Understanding what enables your business, having\Na plan in place, and the question that raises
Dialogue: 0,0:38:14.00,0:38:18.07,Default,,0000,0000,0000,,for me is, well how do organizations\Nknow they should have these things
Dialogue: 0,0:38:18.07,0:38:20.09,Default,,0000,0000,0000,,and how do we educate on that front as well?
Dialogue: 0,0:38:20.09,0:38:27.03,Default,,0000,0000,0000,,So we'll get to that in a little bit, but\Nto round out the panel, thank you all so far
Dialogue: 0,0:38:27.03,0:38:31.04,Default,,0000,0000,0000,,for shedding some light on the scope and\Ndimensions of the problem and how we can begin
Dialogue: 0,0:38:31.04,0:38:36.05,Default,,0000,0000,0000,,to address it, but let me now go to Jillian.
Dialogue: 0,0:38:36.05,0:38:42.02,Default,,0000,0000,0000,,Jillian, what I'd like you to talk about\Nfrom your perspective is what are some
Dialogue: 0,0:38:42.02,0:38:47.04,Default,,0000,0000,0000,,of the unintended consequences related\Nto DDoS attacks and in particular,
Dialogue: 0,0:38:47.04,0:38:51.04,Default,,0000,0000,0000,,help us start thinking about potential\Nover-reactions to DDoS attacks.
Dialogue: 0,0:38:51.04,0:38:57.02,Default,,0000,0000,0000,,We know that these attacks are of furious\Nin nature, we know that we have a panelist
Dialogue: 0,0:38:57.02,0:39:02.02,Default,,0000,0000,0000,,of good guys who are doing what they can\Nand doing everything we think they should,
Dialogue: 0,0:39:02.02,0:39:06.10,Default,,0000,0000,0000,,but tell us about the unintended consequences\Nboth from the malicious attack side
Dialogue: 0,0:39:06.10,0:39:12.08,Default,,0000,0000,0000,,and when a well-intended operator tries to\Ntake mitigation techniques against an attack.
Dialogue: 0,0:39:12.08,0:39:20.08,Default,,0000,0000,0000,,>> Jillian: Sure, so at the beginning of this\NI think Jeff referred to, actually I'm sorry,
Dialogue: 0,0:39:20.08,0:39:23.08,Default,,0000,0000,0000,,Brian referred to sometimes\Nthese attacks being used as sort
Dialogue: 0,0:39:23.08,0:39:25.05,Default,,0000,0000,0000,,of an extreme form of free expression.
Dialogue: 0,0:39:25.05,0:39:27.04,Default,,0000,0000,0000,,I'm not sure I would classify\Nit as free expression,
Dialogue: 0,0:39:27.04,0:39:32.01,Default,,0000,0000,0000,,but we could say civil disobedience that's\Nbeen argued by many and an example of this
Dialogue: 0,0:39:32.01,0:39:36.07,Default,,0000,0000,0000,,that might resonate a little bit better than\Nsay the anonymous attacks against Master Card
Dialogue: 0,0:39:36.07,0:39:41.04,Default,,0000,0000,0000,,and Visa, would be sympathetic\Npeople to the Syrian opposition going
Dialogue: 0,0:39:41.04,0:39:43.01,Default,,0000,0000,0000,,after Syrian Government websites.
Dialogue: 0,0:39:43.01,0:39:45.06,Default,,0000,0000,0000,,That's something that a lot of\Npeople have sympathized with,
Dialogue: 0,0:39:45.06,0:39:50.00,Default,,0000,0000,0000,,have considered civil disobedience in a\Nscenario where the government has shut
Dialogue: 0,0:39:50.00,0:39:52.06,Default,,0000,0000,0000,,down the internet sensor,\Nthe internet, etcetera.
Dialogue: 0,0:39:52.06,0:40:00.01,Default,,0000,0000,0000,,And so nevertheless the vast majority of\Nthese attacks are malicious, are directed at,
Dialogue: 0,0:40:00.01,0:40:03.01,Default,,0000,0000,0000,,not just these big companies and the\Nbig networks, but also at the little guy
Dialogue: 0,0:40:03.01,0:40:06.01,Default,,0000,0000,0000,,and that's kind of where my\Nperspective is coming from.
Dialogue: 0,0:40:06.01,0:40:11.07,Default,,0000,0000,0000,,A few years ago when I was still at the Berkman\NCenter, we did a study that looked attacks
Dialogue: 0,0:40:11.07,0:40:17.04,Default,,0000,0000,0000,,on human rights websites and independent\Nmedia website, and 62% of the respondents
Dialogue: 0,0:40:17.04,0:40:23.07,Default,,0000,0000,0000,,to that study said that they had experienced a\NDDoS attack at some point and as Damian said,
Dialogue: 0,0:40:23.07,0:40:26.03,Default,,0000,0000,0000,,Google is sort of at what would\Nyou say, the core of the network.
Dialogue: 0,0:40:26.03,0:40:30.01,Default,,0000,0000,0000,,Google has resources, they\Nhave staff, they own fiber,
Dialogue: 0,0:40:30.01,0:40:36.04,Default,,0000,0000,0000,,but then you've got these\Nother small organizations
Dialogue: 0,0:40:36.04,0:40:38.01,Default,,0000,0000,0000,,that are what we would say is\Nat the edge of the network.
Dialogue: 0,0:40:38.01,0:40:42.01,Default,,0000,0000,0000,,These are organizations that not only are\Nthey literally at the edge of the network
Dialogue: 0,0:40:42.01,0:40:46.07,Default,,0000,0000,0000,,but they also lack the funding and\Nthe staff to ward-off an attack.
Dialogue: 0,0:40:46.07,0:40:52.09,Default,,0000,0000,0000,,They often have fairly insecure hosting,\Ntheir host might jack-up the cost in an effort
Dialogue: 0,0:40:52.09,0:40:58.00,Default,,0000,0000,0000,,to help them and so if you are using say,\NI don't want to throw any specific examples
Dialogue: 0,0:40:58.00,0:41:02.05,Default,,0000,0000,0000,,out there although I have a couple, but if\Nyou're using say a shared hosting provider
Dialogue: 0,0:41:02.05,0:41:08.01,Default,,0000,0000,0000,,such as Rackspace or Bluehost, I'm not\Nspeaking of those companies specifically but,
Dialogue: 0,0:41:08.01,0:41:12.00,Default,,0000,0000,0000,,if you're using one of those, and\Nyou are the victim of an attack,
Dialogue: 0,0:41:12.00,0:41:17.02,Default,,0000,0000,0000,,your provider could kick you off, they\Ncould also raise your costs which for many
Dialogue: 0,0:41:17.02,0:41:19.09,Default,,0000,0000,0000,,of us would be completely unaffordable.
Dialogue: 0,0:41:19.09,0:41:23.07,Default,,0000,0000,0000,,And so, when we're looking at the\Nunintended consequences of these,
Dialogue: 0,0:41:23.07,0:41:26.04,Default,,0000,0000,0000,,I mean I think that there's a\Ncouple of different aspects here.
Dialogue: 0,0:41:26.04,0:41:31.02,Default,,0000,0000,0000,,One is the legal consequences and so\NI'm not a lawyer and so I should say
Dialogue: 0,0:41:31.02,0:41:37.03,Default,,0000,0000,0000,,that I should just preface by saying that,\Nbut you know these attacks are largely
Dialogue: 0,0:41:37.03,0:41:41.06,Default,,0000,0000,0000,,by most governments at this point considered\Nhacking and are dealt with as such.
Dialogue: 0,0:41:41.06,0:41:45.02,Default,,0000,0000,0000,,And so in the U.S. that's governed\Nby the Computer Fraud and Abuse Act
Dialogue: 0,0:41:45.02,0:41:51.02,Default,,0000,0000,0000,,and in Europe there are other similar\Nconventions, but I think that we need
Dialogue: 0,0:41:51.02,0:41:55.01,Default,,0000,0000,0000,,to start looking at them as a\Nlittle bit different, than that.
Dialogue: 0,0:41:55.01,0:41:58.08,Default,,0000,0000,0000,,I think that you need to look at the sort\Nof the [inaudible] behind the attack,
Dialogue: 0,0:41:58.08,0:42:04.07,Default,,0000,0000,0000,,we need to look at the consequences of\Nthe attack, and I think a great example
Dialogue: 0,0:42:04.07,0:42:09.08,Default,,0000,0000,0000,,of this is an attack that was conducted against\NLufthansa, the German airline back in gosh,
Dialogue: 0,0:42:09.08,0:42:16.05,Default,,0000,0000,0000,,I'm not going to remember the year, early 2000\NI believe where a court actually did determine
Dialogue: 0,0:42:16.05,0:42:22.03,Default,,0000,0000,0000,,that the intent of that attack\Nwas not coercion and was there--
Dialogue: 0,0:42:22.03,0:42:28.01,Default,,0000,0000,0000,,I'm not a lawyer so I feel like\NI'm using the wrong language here,
Dialogue: 0,0:42:28.01,0:42:32.00,Default,,0000,0000,0000,,but it was dealt with as\Ncivil disobedience and so.
Dialogue: 0,0:42:32.00,0:42:34.09,Default,,0000,0000,0000,,But that's actually not my biggest concern.
Dialogue: 0,0:42:34.09,0:42:39.04,Default,,0000,0000,0000,,My biggest concern is the unintended\Nconsequences on these smaller websites
Dialogue: 0,0:42:39.04,0:42:43.00,Default,,0000,0000,0000,,and so when we look at the\Nconsequences on independent human rights
Dialogue: 0,0:42:43.00,0:42:49.07,Default,,0000,0000,0000,,and independent media websites, generally\Nthese sites go off line and are not able
Dialogue: 0,0:42:49.07,0:42:53.05,Default,,0000,0000,0000,,to quickly get back up and so we've\Nseen attacks that last a week, 6 weeks,
Dialogue: 0,0:42:53.05,0:42:55.04,Default,,0000,0000,0000,,or where the site goes down entirely.
Dialogue: 0,0:42:55.04,0:42:58.01,Default,,0000,0000,0000,,And so some of the suggestions that\Nhave already been given are excellent
Dialogue: 0,0:42:58.01,0:43:02.00,Default,,0000,0000,0000,,and I think actually what Damian said in\Nterms of people moving their sites to Google,
Dialogue: 0,0:43:02.00,0:43:06.08,Default,,0000,0000,0000,,that's actually one of the suggestions that\Nwe give is, if you are a small website,
Dialogue: 0,0:43:06.08,0:43:10.10,Default,,0000,0000,0000,,sometimes you're just better off hosting\Nyour site on a provider like Google
Dialogue: 0,0:43:10.10,0:43:14.08,Default,,0000,0000,0000,,where you have those resources to back you up.
Dialogue: 0,0:43:14.08,0:43:17.03,Default,,0000,0000,0000,,We've also, my organization along
Dialogue: 0,0:43:17.03,0:43:21.03,Default,,0000,0000,0000,,with the tactical technology collective has\Nalso developed this guide which is really,
Dialogue: 0,0:43:21.03,0:43:23.03,Default,,0000,0000,0000,,really basic mitigation techniques.
Dialogue: 0,0:43:23.03,0:43:26.04,Default,,0000,0000,0000,,We're not even talking about the kinds\Nof things that a corporate website
Dialogue: 0,0:43:26.04,0:43:32.03,Default,,0000,0000,0000,,or even a large-scale organization would\Nuse, but the things that your blogger,
Dialogue: 0,0:43:32.03,0:43:35.02,Default,,0000,0000,0000,,your independent media site might utilize.
Dialogue: 0,0:43:35.02,0:43:39.01,Default,,0000,0000,0000,,And this is available, I'll share it after,\Nbut it's also available in 9 languages.
Dialogue: 0,0:43:39.01,0:43:46.04,Default,,0000,0000,0000,,And so just to sum up, I would say that\Nwe need to think about these attacks,
Dialogue: 0,0:43:46.04,0:43:52.02,Default,,0000,0000,0000,,not just how they affect major websites, but\Nalso how they affect much smaller organizations.
Dialogue: 0,0:43:52.02,0:43:53.01,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,0:43:53.01,0:43:54.03,Default,,0000,0000,0000,,So thank you all.
Dialogue: 0,0:43:54.03,0:43:58.05,Default,,0000,0000,0000,,We've now set the scene, I hope, and provide\Nsome baseline understanding of the nature
Dialogue: 0,0:43:58.05,0:44:00.07,Default,,0000,0000,0000,,of the attacks, the scope of the attacks.
Dialogue: 0,0:44:00.07,0:44:01.10,Default,,0000,0000,0000,,We have 2 hours.
Dialogue: 0,0:44:01.10,0:44:08.02,Default,,0000,0000,0000,,What we're going to do is as follows, we're\Ngoing to leave 30 minutes at the end for Q&A
Dialogue: 0,0:44:08.02,0:44:11.09,Default,,0000,0000,0000,,from the folks in the room and from online and\Nwe're looking forward to all of your questions.
Dialogue: 0,0:44:11.09,0:44:14.02,Default,,0000,0000,0000,,We're going to have basically 2 sessions now.
Dialogue: 0,0:44:14.02,0:44:20.06,Default,,0000,0000,0000,,What I'm going to do now is engage in some Q&A\Nwith the panelists and we'll have 45 minutes
Dialogue: 0,0:44:20.06,0:44:26.02,Default,,0000,0000,0000,,for that and then we have in the second session\Na scenario that we've built that we want
Dialogue: 0,0:44:26.02,0:44:29.04,Default,,0000,0000,0000,,to rollout in front of our\Npanelist and ask how they,
Dialogue: 0,0:44:29.04,0:44:33.03,Default,,0000,0000,0000,,in their respective rolls would\Nreact to that particular scenario.
Dialogue: 0,0:44:33.03,0:44:38.10,Default,,0000,0000,0000,,Now I've got about 7 questions or so, we've\Ngot 45 minutes so this isn't rapid-fire
Dialogue: 0,0:44:38.10,0:44:43.05,Default,,0000,0000,0000,,but let's leave about 5 or 6 minutes for\Na response to each of these questions.
Dialogue: 0,0:44:43.05,0:44:48.02,Default,,0000,0000,0000,,This is open to anyone on the panel so let's\Nbe dynamic, raise your hand, don't be shy
Dialogue: 0,0:44:48.02,0:44:53.09,Default,,0000,0000,0000,,and we'll kick it off with the first question\Nwhich is; let's get specific and both
Dialogue: 0,0:44:53.09,0:44:56.06,Default,,0000,0000,0000,,from your perspective and\Nfrom a user's perspective.
Dialogue: 0,0:44:56.06,0:45:00.02,Default,,0000,0000,0000,,What mitigation techniques\Nare available to us today?
Dialogue: 0,0:45:00.02,0:45:05.03,Default,,0000,0000,0000,,Both you, as a service provider and the user,\Nhow do we stop these things at a basic level?
Dialogue: 0,0:45:05.03,0:45:07.08,Default,,0000,0000,0000,,Who would like to take that on first?
Dialogue: 0,0:45:07.08,0:45:09.02,Default,,0000,0000,0000,,Ram.
Dialogue: 0,0:45:09.02,0:45:16.01,Default,,0000,0000,0000,,>> Ram: Brian this is Ram, let me start; if\NI was a user, one of the things that I'd want
Dialogue: 0,0:45:16.01,0:45:29.08,Default,,0000,0000,0000,,to do is if I have a good ISP, then they\Nprobably have a botnet mitigation kit
Dialogue: 0,0:45:29.08,0:45:35.06,Default,,0000,0000,0000,,or something like that, that gets installed\Nin my computing devices and if not,
Dialogue: 0,0:45:35.06,0:45:43.02,Default,,0000,0000,0000,,I would go to my ISP and ask them\Nfor a mitigation kit like that.
Dialogue: 0,0:45:43.02,0:45:45.01,Default,,0000,0000,0000,,There pretty commonly available.
Dialogue: 0,0:45:45.01,0:45:50.04,Default,,0000,0000,0000,,They're pretty sophisticated and they\Ngive you the first order of protection.
Dialogue: 0,0:45:50.04,0:45:57.10,Default,,0000,0000,0000,,I just also want to point out; having antivirus\Nsoftware in your computer doesn't protect you
Dialogue: 0,0:45:57.10,0:46:03.01,Default,,0000,0000,0000,,from your computer getting\Ncompromised in a DDoS attack.
Dialogue: 0,0:46:03.01,0:46:03.01,Default,,0000,0000,0000,,>> Brian: That's interesting.
Dialogue: 0,0:46:03.01,0:46:06.05,Default,,0000,0000,0000,,Most average users would assume\Nthat that addresses that problem.
Dialogue: 0,0:46:06.05,0:46:09.02,Default,,0000,0000,0000,,Tell us why.
Dialogue: 0,0:46:09.02,0:46:12.01,Default,,0000,0000,0000,,>> Ram: So earlier, let me give you\Nan example, earlier we were hearing
Dialogue: 0,0:46:12.01,0:46:16.09,Default,,0000,0000,0000,,about spear-phishing right, so\NI give you a specific example,
Dialogue: 0,0:46:16.09,0:46:20.10,Default,,0000,0000,0000,,something that actually happened in\None the organizations I work with.
Dialogue: 0,0:46:20.10,0:46:29.07,Default,,0000,0000,0000,,A high-level executive in this company,\Nit's a pretty small company, got an email
Dialogue: 0,0:46:29.07,0:46:35.09,Default,,0000,0000,0000,,and the email had a very good subject line,\Nyou know it's a photograph of their daughter.
Dialogue: 0,0:46:35.09,0:46:41.02,Default,,0000,0000,0000,,And it said, took this photograph,\Nshe looks great
Dialogue: 0,0:46:41.02,0:46:44.06,Default,,0000,0000,0000,,and even had the daughter's name on it, right?
Dialogue: 0,0:46:44.06,0:46:49.02,Default,,0000,0000,0000,,And so the executive got the mail, it\Nlooked like a legitimate thing and the,
Dialogue: 0,0:46:49.02,0:46:55.01,Default,,0000,0000,0000,,from address in the email was kind\Nof somebody he ran into in random,
Dialogue: 0,0:46:55.01,0:46:59.00,Default,,0000,0000,0000,,but there was enough things in the mail\Nthat looked like it was real, you know.
Dialogue: 0,0:46:59.00,0:47:04.06,Default,,0000,0000,0000,,It was the daughter's name was right, there was\Nactually a photograph and so they double-clicked
Dialogue: 0,0:47:04.06,0:47:10.00,Default,,0000,0000,0000,,and they opened up the photograph and\Nthat compromised their machine and ended
Dialogue: 0,0:47:10.00,0:47:13.01,Default,,0000,0000,0000,,up compromising the network\Nfrom there on, right?
Dialogue: 0,0:47:13.01,0:47:18.01,Default,,0000,0000,0000,,Now that was not a virus in the\Ntraditional sense of a virus.
Dialogue: 0,0:47:18.01,0:47:23.07,Default,,0000,0000,0000,,That was something that was custom\Ncrafted just for that one individual
Dialogue: 0,0:47:23.07,0:47:30.06,Default,,0000,0000,0000,,because the person trying to brake-in\Nhad a clear idea who this person was,
Dialogue: 0,0:47:30.06,0:47:35.10,Default,,0000,0000,0000,,they were trying to penetrate, they\Nunderstood that that person likely had access
Dialogue: 0,0:47:35.10,0:47:41.08,Default,,0000,0000,0000,,to other important resources inside of the\Ncompany's corporate network, got through.
Dialogue: 0,0:47:41.08,0:47:48.04,Default,,0000,0000,0000,,So, they had antivirus on their computer,\Nbut this was not the traditional virus,
Dialogue: 0,0:47:48.04,0:47:54.08,Default,,0000,0000,0000,,this was an attack just aimed\Nat you, individually.
Dialogue: 0,0:47:54.08,0:47:58.09,Default,,0000,0000,0000,,>> Brian: Thank you and getting back to the\Nbotnet protection package from your ISP,
Dialogue: 0,0:47:58.09,0:48:01.05,Default,,0000,0000,0000,,at a basic level what does that provide?
Dialogue: 0,0:48:01.05,0:48:06.10,Default,,0000,0000,0000,,We heard the story of how your own computer\Ncan become an unwitting zombie participating
Dialogue: 0,0:48:06.10,0:48:11.08,Default,,0000,0000,0000,,in a botnet attack, is it designed to\Npresent that from happening, or other things?
Dialogue: 0,0:48:11.08,0:48:16.08,Default,,0000,0000,0000,,That was a follow-up for Ram.
Dialogue: 0,0:48:16.08,0:48:19.09,Default,,0000,0000,0000,,>> Ram: Oh, for me specifically.
Dialogue: 0,0:48:19.09,0:48:26.01,Default,,0000,0000,0000,,Okay, yeah there are many things that this piece\Nof software or these pieces of software do,
Dialogue: 0,0:48:26.01,0:48:32.10,Default,,0000,0000,0000,,but often they look at patterns, they look\Nat where the attacks may be coming from.
Dialogue: 0,0:48:32.10,0:48:38.07,Default,,0000,0000,0000,,They also look at what's happening on your\Nown device and where it's trying to connect to
Dialogue: 0,0:48:38.07,0:48:41.03,Default,,0000,0000,0000,,and typically you've got certain patterns.
Dialogue: 0,0:48:41.03,0:48:47.07,Default,,0000,0000,0000,,You go to a certain set of sites or you send\Nemails, you know you connect to a known set
Dialogue: 0,0:48:47.07,0:48:55.03,Default,,0000,0000,0000,,of places for the most part and if your device\Nhas been compromised, often your device is going
Dialogue: 0,0:48:55.03,0:48:59.01,Default,,0000,0000,0000,,to places that you normally don't go to
Dialogue: 0,0:48:59.01,0:49:04.07,Default,,0000,0000,0000,,and your ISP typically has an\Nidea of that stored up over time.
Dialogue: 0,0:49:04.07,0:49:05.00,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,0:49:05.00,0:49:08.09,Default,,0000,0000,0000,,So let's dig a little bit deeper on that.
Dialogue: 0,0:49:08.09,0:49:14.06,Default,,0000,0000,0000,,What was in your answer was, how do we\Nidentify where this problem is coming from?
Dialogue: 0,0:49:14.06,0:49:19.08,Default,,0000,0000,0000,,I think it's an important piece of the puzzle\Nhere and you and your service provider capacity,
Dialogue: 0,0:49:19.08,0:49:23.08,Default,,0000,0000,0000,,let's turn deeper on preventative measures.
Dialogue: 0,0:49:23.08,0:49:27.01,Default,,0000,0000,0000,,How can we identify where these\Nmalicious attacks are coming from?
Dialogue: 0,0:49:27.01,0:49:30.07,Default,,0000,0000,0000,,Is that an easy thing to solve\Nfor, or a harder thing to solve
Dialogue: 0,0:49:30.07,0:49:33.08,Default,,0000,0000,0000,,for from the service provider\Nperspective and also from the user?
Dialogue: 0,0:49:33.08,0:49:35.09,Default,,0000,0000,0000,,I think Ram just started to touch on that.
Dialogue: 0,0:49:35.09,0:49:37.06,Default,,0000,0000,0000,,Anybody want to take that on?
Dialogue: 0,0:49:37.06,0:49:40.02,Default,,0000,0000,0000,,So, Danny?
Dialogue: 0,0:49:40.02,0:49:44.02,Default,,0000,0000,0000,,>> Danny: Yeah this is Danny, I'll say\Nsomething about that and then move on to others,
Dialogue: 0,0:49:44.02,0:49:49.04,Default,,0000,0000,0000,,but one of the things I think I would touch on\Ninitially is that if you're on the receiving end
Dialogue: 0,0:49:49.04,0:49:52.01,Default,,0000,0000,0000,,of even a moderate sized DDoS attack,
Dialogue: 0,0:49:52.01,0:49:56.01,Default,,0000,0000,0000,,a lot of some of the bigger networks\Nhave the capacity to absorb the attack.
Dialogue: 0,0:49:56.01,0:50:00.10,Default,,0000,0000,0000,,What many ISPs or services in the\Ninfrastructure offer is the capability
Dialogue: 0,0:50:00.10,0:50:05.00,Default,,0000,0000,0000,,to absorb the large-scale bits of\Nmalicious traffic and surgically mitigate
Dialogue: 0,0:50:05.00,0:50:07.07,Default,,0000,0000,0000,,and preserve the availability of the services
Dialogue: 0,0:50:07.07,0:50:10.06,Default,,0000,0000,0000,,that someone may be concerned\Nwith, so that's sort of one aspect.
Dialogue: 0,0:50:10.06,0:50:16.01,Default,,0000,0000,0000,,From an ISP side, one of the\Ninteresting things is that IP is a sort
Dialogue: 0,0:50:16.01,0:50:23.01,Default,,0000,0000,0000,,of hop-by-hap packet forwarding paradigm\Nfor communications networks and anyone,
Dialogue: 0,0:50:23.01,0:50:29.10,Default,,0000,0000,0000,,largely anyone on the internet can emit a packet\Nin the infrastructure that has a source address
Dialogue: 0,0:50:29.10,0:50:34.00,Default,,0000,0000,0000,,of anyone else on that infrastructure and so\Nthis is known as IP source address booping.
Dialogue: 0,0:50:34.00,0:50:38.01,Default,,0000,0000,0000,,And it's a common attack factor, it's\Nnot the only attack factor and a lot
Dialogue: 0,0:50:38.01,0:50:41.01,Default,,0000,0000,0000,,of times spotted hosts don't\Nspoof packets at all,
Dialogue: 0,0:50:41.01,0:50:45.02,Default,,0000,0000,0000,,but trace back in large networks\Nis fairly complex.
Dialogue: 0,0:50:45.02,0:50:49.08,Default,,0000,0000,0000,,There are a lot of techniques people use\Nfrom some things like commercial tools
Dialogue: 0,0:50:49.08,0:50:53.08,Default,,0000,0000,0000,,that do net-flow and flow-based analysis to\Ntrace back to the ingress of their network.
Dialogue: 0,0:50:53.08,0:50:57.02,Default,,0000,0000,0000,,The problem is you then have to have\Nthe capability to say, the upstream
Dialogue: 0,0:50:57.02,0:51:00.02,Default,,0000,0000,0000,,or the adjacent network that\Nattack flows I'm seeing from you.
Dialogue: 0,0:51:00.02,0:51:01.08,Default,,0000,0000,0000,,Can you trace these back on your network?
Dialogue: 0,0:51:01.08,0:51:04.00,Default,,0000,0000,0000,,Hope that they have the same\Ncapability and so forth.
Dialogue: 0,0:51:04.00,0:51:08.04,Default,,0000,0000,0000,,And so it's non-trivial when the\Nfact that any sort of advisory
Dialogue: 0,0:51:08.04,0:51:13.04,Default,,0000,0000,0000,,on the internet has global projection capability\Nand you could be on the receiving end of a lot
Dialogue: 0,0:51:13.04,0:51:16.02,Default,,0000,0000,0000,,of packet lull as a result of\Nthat, right, you know what I mean,
Dialogue: 0,0:51:16.02,0:51:19.00,Default,,0000,0000,0000,,and these could be broadly\Ndistributed or single-source attacks.
Dialogue: 0,0:51:19.00,0:51:23.01,Default,,0000,0000,0000,,So, tracing these attacks back is one aspect.
Dialogue: 0,0:51:23.01,0:51:28.00,Default,,0000,0000,0000,,So you would certainly want to trace back\Nflow-based tools other things and then ideally
Dialogue: 0,0:51:28.00,0:51:31.01,Default,,0000,0000,0000,,if you could find sources that were\Nparticipating in an attack, then you could try
Dialogue: 0,0:51:31.01,0:51:35.01,Default,,0000,0000,0000,,and identify command and control\Ninfrastructure that's used a command
Dialogue: 0,0:51:35.01,0:51:41.01,Default,,0000,0000,0000,,or took control those attack sources or those\Nbotnet hosts and then you would step back
Dialogue: 0,0:51:41.01,0:51:46.02,Default,,0000,0000,0000,,from there, but that's an extremely complex\Nthing and unfortunately what most people do,
Dialogue: 0,0:51:46.02,0:51:50.07,Default,,0000,0000,0000,,and to Jillian's point actually, is that a\Nlot of the controls some people put in place
Dialogue: 0,0:51:50.07,0:51:54.09,Default,,0000,0000,0000,,through data mitigate DDoS attacks is actually\Nto effectively complete those attacks.
Dialogue: 0,0:51:54.09,0:51:59.00,Default,,0000,0000,0000,,It's like hey, there's a large-scale attack\Nof 10 gigabytes per second going toward one
Dialogue: 0,0:51:59.00,0:52:07.01,Default,,0000,0000,0000,,of the smaller hosts on my network so, what\Nan ISP may do is actually say I'm going
Dialogue: 0,0:52:07.01,0:52:10.01,Default,,0000,0000,0000,,to drop all the traffic towards that\Ndestination at the ingress of my network.
Dialogue: 0,0:52:10.01,0:52:13.02,Default,,0000,0000,0000,,So they do is effectively complete the attack.
Dialogue: 0,0:52:13.02,0:52:16.06,Default,,0000,0000,0000,,That's why it's so important to have\Ncontrols in place to be able to identify
Dialogue: 0,0:52:16.06,0:52:20.06,Default,,0000,0000,0000,,and surgically mitigate those attacks,\Nbefore the attacks occur, so anyway.
Dialogue: 0,0:52:20.06,0:52:21.06,Default,,0000,0000,0000,,>> Brian: Thank you, very interesting.
Dialogue: 0,0:52:21.06,0:52:23.07,Default,,0000,0000,0000,,Anybody else want to pick-up on this point?
Dialogue: 0,0:52:23.07,0:52:24.08,Default,,0000,0000,0000,,Miguel.
Dialogue: 0,0:52:24.08,0:52:30.02,Default,,0000,0000,0000,,>> Miguel: Just adding to what Danny is\Nsaying, collaboration to try to figure
Dialogue: 0,0:52:30.02,0:52:34.04,Default,,0000,0000,0000,,out what the attacks those sources\Nare is key and it's not something
Dialogue: 0,0:52:34.04,0:52:37.02,Default,,0000,0000,0000,,that happens very well currently.
Dialogue: 0,0:52:37.02,0:52:42.10,Default,,0000,0000,0000,,It's something that the internet community is\Ntrying to improve on but we're nowhere near
Dialogue: 0,0:52:42.10,0:52:48.00,Default,,0000,0000,0000,,where we need to be and to be able to do some\Nof the things that Danny is referring to,
Dialogue: 0,0:52:48.00,0:52:52.03,Default,,0000,0000,0000,,you kind of have to have backchannel\Ncommunications between providers.
Dialogue: 0,0:52:52.03,0:52:56.00,Default,,0000,0000,0000,,You have to be able to have\Nsomebody on the inside,
Dialogue: 0,0:52:56.00,0:53:01.09,Default,,0000,0000,0000,,somewhere that you can share intelligence\Nwith and that's something that's difficult.
Dialogue: 0,0:53:01.09,0:53:07.03,Default,,0000,0000,0000,,The last thing I'll say about\Nit is that sometimes,
Dialogue: 0,0:53:07.03,0:53:16.02,Default,,0000,0000,0000,,where are who it is that's doing it is not\Nnecessarily that important potentially.
Dialogue: 0,0:53:16.02,0:53:20.00,Default,,0000,0000,0000,,When these things are happening,\Na lot of people might be focused
Dialogue: 0,0:53:20.00,0:53:25.08,Default,,0000,0000,0000,,on getting their infrastructure back online,\Nbut you do have to temper that with the fact
Dialogue: 0,0:53:25.08,0:53:30.00,Default,,0000,0000,0000,,that as Jeff was alluding to\Nearlier, this might be something
Dialogue: 0,0:53:30.00,0:53:34.00,Default,,0000,0000,0000,,that an organization is doing\Nwhile they're doing something else.
Dialogue: 0,0:53:34.00,0:53:36.06,Default,,0000,0000,0000,,It could very well be a diversionary tactic.
Dialogue: 0,0:53:36.06,0:53:41.07,Default,,0000,0000,0000,,>> Brian: Let me pick-up on one point there\NMiguel, you know you mentioned the collaboration
Dialogue: 0,0:53:41.07,0:53:45.07,Default,,0000,0000,0000,,between and across network\Noperators being a challenge.
Dialogue: 0,0:53:45.07,0:53:49.09,Default,,0000,0000,0000,,Is that a resource challenge, it\Nis a communications challenge,
Dialogue: 0,0:53:49.09,0:53:54.01,Default,,0000,0000,0000,,is it a technical sophistication challenge,\Nbecause it is understood from Danny's comment
Dialogue: 0,0:53:54.01,0:53:57.09,Default,,0000,0000,0000,,that this is complex investigation\Nthat has to cross a number
Dialogue: 0,0:53:57.09,0:54:00.07,Default,,0000,0000,0000,,of different network operators\Nto get to the answer.
Dialogue: 0,0:54:00.07,0:54:02.06,Default,,0000,0000,0000,,What's the issue there?
Dialogue: 0,0:54:02.06,0:54:10.07,Default,,0000,0000,0000,,>> Miguel: I would say that there's a\Ncorporate privacy challenge that a lot
Dialogue: 0,0:54:10.07,0:54:18.01,Default,,0000,0000,0000,,of organizations don't really want their\Ntechnical staff or the staff that are dealing
Dialogue: 0,0:54:18.01,0:54:23.09,Default,,0000,0000,0000,,with this problem to be collaborating with other\Noperators and that's a significant roadblock.
Dialogue: 0,0:54:23.09,0:54:24.07,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,0:54:24.07,0:54:26.04,Default,,0000,0000,0000,,Jillian-- oh go ahead Damian?
Dialogue: 0,0:54:26.04,0:54:29.06,Default,,0000,0000,0000,,>> Damian: I also wanted to say that I\Nthink that the 3 things that you mentioned,
Dialogue: 0,0:54:29.06,0:54:32.01,Default,,0000,0000,0000,,Brian it being resources and technical issues
Dialogue: 0,0:54:32.01,0:54:38.02,Default,,0000,0000,0000,,and communication are also significant\Nchallenges even if you do get
Dialogue: 0,0:54:38.02,0:54:42.03,Default,,0000,0000,0000,,through the communication barrier\Nto talking to somebody at the ISP,
Dialogue: 0,0:54:42.03,0:54:46.05,Default,,0000,0000,0000,,they might not have the technical\Ncapability to track it further back
Dialogue: 0,0:54:46.05,0:54:50.08,Default,,0000,0000,0000,,or they might not have the resources to spend\Ntime on spending an hour to track it back.
Dialogue: 0,0:54:50.08,0:54:56.05,Default,,0000,0000,0000,,Just knowing that it will just go to yet\Nanother ISP that won't have time to communicate
Dialogue: 0,0:54:56.05,0:54:59.01,Default,,0000,0000,0000,,with you or track it back or anything.
Dialogue: 0,0:54:59.01,0:55:00.01,Default,,0000,0000,0000,,>> Brian: Right, thank you.
Dialogue: 0,0:55:00.01,0:55:00.10,Default,,0000,0000,0000,,Jillian.
Dialogue: 0,0:55:00.10,0:55:03.00,Default,,0000,0000,0000,,>> Jillian: Sure, I'm just\Ngoing to make my point again
Dialogue: 0,0:55:03.00,0:55:05.01,Default,,0000,0000,0000,,to the sort of smaller organizations.
Dialogue: 0,0:55:05.01,0:55:09.07,Default,,0000,0000,0000,,I think that it's important for them to sort of\Nassess beforehand, before this is even an issue,
Dialogue: 0,0:55:09.07,0:55:12.05,Default,,0000,0000,0000,,both what their risk is, if they can do that,
Dialogue: 0,0:55:12.05,0:55:16.01,Default,,0000,0000,0000,,as well as what their priorities\Nare in the event of a DDoS attack.
Dialogue: 0,0:55:16.01,0:55:20.05,Default,,0000,0000,0000,,And so, for a lot of these organizations\Nthat I'm thinking of, I'm thinking of sort
Dialogue: 0,0:55:20.05,0:55:23.06,Default,,0000,0000,0000,,of the human right sites in embattled countries.
Dialogue: 0,0:55:23.06,0:55:28.07,Default,,0000,0000,0000,,A lot of times there priority is just to stay\Nup and to keep their content on the internet
Dialogue: 0,0:55:28.07,0:55:32.01,Default,,0000,0000,0000,,in the event of an attack and sometimes these\Nattacks are coming during say, election periods,
Dialogue: 0,0:55:32.01,0:55:38.05,Default,,0000,0000,0000,,or periods of protest and so a lot of times\Nwhat that means is choosing their host wisely,
Dialogue: 0,0:55:38.05,0:55:43.10,Default,,0000,0000,0000,,so we talked about that a little bit but knowing\Nwhat their host can do to mitigate an attack,
Dialogue: 0,0:55:43.10,0:55:47.06,Default,,0000,0000,0000,,but also if they're high-risk,\Nconsidering a DDoS Resistant Hosting
Dialogue: 0,0:55:47.06,0:55:49.07,Default,,0000,0000,0000,,or some programs that are starting to come up.
Dialogue: 0,0:55:49.07,0:55:53.08,Default,,0000,0000,0000,,Some of these are pretty cost prohibitive for\Nsmaller organizations but, there are a couple
Dialogue: 0,0:55:53.08,0:55:56.02,Default,,0000,0000,0000,,that are a little bit more affordable.
Dialogue: 0,0:55:56.02,0:55:57.04,Default,,0000,0000,0000,,One of them is called Virtual Road.
Dialogue: 0,0:55:57.04,0:56:02.03,Default,,0000,0000,0000,,It's hosted by the international--\NI forget the acronym-- IMS--
Dialogue: 0,0:56:02.03,0:56:04.09,Default,,0000,0000,0000,,forget that but based in Denmark.
Dialogue: 0,0:56:04.09,0:56:08.06,Default,,0000,0000,0000,,Another thing is to, you know really\Neasy stuff, keep backups of your site.
Dialogue: 0,0:56:08.06,0:56:11.02,Default,,0000,0000,0000,,I know that seems so simple,\Nbut that's something that a lot
Dialogue: 0,0:56:11.02,0:56:15.06,Default,,0000,0000,0000,,of these sites are not thinking of and so when\Nthere site goes down, it goes down forever.
Dialogue: 0,0:56:15.06,0:56:17.07,Default,,0000,0000,0000,,And then another thing is\Njust mirroring their site.
Dialogue: 0,0:56:17.07,0:56:21.06,Default,,0000,0000,0000,,If we're talking about a site that's\Nsay in Iran that's going to come
Dialogue: 0,0:56:21.06,0:56:26.02,Default,,0000,0000,0000,,under attack during elections or something like\Nthat, you know making sure that that content is
Dialogue: 0,0:56:26.02,0:56:28.04,Default,,0000,0000,0000,,up somewhere else can be really important.
Dialogue: 0,0:56:28.04,0:56:32.03,Default,,0000,0000,0000,,You know URLs don't matter as much as\Nthey used to, thanks to social media.
Dialogue: 0,0:56:32.03,0:56:36.01,Default,,0000,0000,0000,,And so just making sure that that content\Nis still up and available is a lot
Dialogue: 0,0:56:36.01,0:56:41.02,Default,,0000,0000,0000,,of times more important than actually\Nimmediately mitigating the attack.
Dialogue: 0,0:56:41.02,0:56:42.08,Default,,0000,0000,0000,,>> Brian: Jeff?
Dialogue: 0,0:56:42.08,0:56:46.05,Default,,0000,0000,0000,,>> Jeff: Real briefly, I would say in\Nparticular, if you have limited resources,
Dialogue: 0,0:56:46.05,0:56:49.06,Default,,0000,0000,0000,,figure out what your purpose\Nin tracking back is.
Dialogue: 0,0:56:49.06,0:56:53.09,Default,,0000,0000,0000,,If there's a technical side of it and as smarter\Nfolks up here may appear to have explained it.
Dialogue: 0,0:56:53.09,0:56:58.05,Default,,0000,0000,0000,,It's very difficult to get to the end but\Nlet's say you get through all those hurdles
Dialogue: 0,0:56:58.05,0:57:03.01,Default,,0000,0000,0000,,and you find out where it's actually coming\Nfrom, then you walk into a human problem.
Dialogue: 0,0:57:03.01,0:57:04.07,Default,,0000,0000,0000,,Do you really care what the motivation is?
Dialogue: 0,0:57:04.07,0:57:10.05,Default,,0000,0000,0000,,I mean, if your goal is to stay up, you may\Nonly want to track back far enough to be able
Dialogue: 0,0:57:10.05,0:57:15.10,Default,,0000,0000,0000,,to protect yourself and even if you get to the\Nend, you know it's a bunch of computers sitting
Dialogue: 0,0:57:15.10,0:57:21.09,Default,,0000,0000,0000,,in country x, you'd have to get to those\Npeople to figure out is it a nation state act,
Dialogue: 0,0:57:21.09,0:57:24.08,Default,,0000,0000,0000,,is it a bunch of individuals,\Nis it somehow loosely connected?
Dialogue: 0,0:57:24.08,0:57:29.00,Default,,0000,0000,0000,,So the track back, you know I would say\Njust from my perspective thinking about this
Dialogue: 0,0:57:29.00,0:57:32.08,Default,,0000,0000,0000,,when I was up on the hill, there is a techno\Nside, but there's very much the political
Dialogue: 0,0:57:32.08,0:57:36.10,Default,,0000,0000,0000,,and security side and you get into human\Nlitigations there which are even harder
Dialogue: 0,0:57:36.10,0:57:41.08,Default,,0000,0000,0000,,to track back than some of the techno stuff.
Dialogue: 0,0:57:41.08,0:57:42.09,Default,,0000,0000,0000,,>> Brian: Thank you Jeff.
Dialogue: 0,0:57:42.09,0:57:45.04,Default,,0000,0000,0000,,Let me ask a slightly different question.
Dialogue: 0,0:57:45.04,0:57:51.10,Default,,0000,0000,0000,,When an attack is happening, does it matter what\Nthe targeted platform is from your perspective
Dialogue: 0,0:57:51.10,0:57:53.06,Default,,0000,0000,0000,,and how you react to it, how do you manage it?
Dialogue: 0,0:57:53.06,0:57:58.02,Default,,0000,0000,0000,,For example if it's an attack against the banks\Nas we've been seeing recently, versus an attack,
Dialogue: 0,0:57:58.02,0:58:02.05,Default,,0000,0000,0000,,versus a social media site or a small-user site.
Dialogue: 0,0:58:02.05,0:58:07.07,Default,,0000,0000,0000,,Does the nature of the target affect\Nthe way you address the problem,
Dialogue: 0,0:58:07.07,0:58:08.09,Default,,0000,0000,0000,,try to mitigate the problem?
Dialogue: 0,0:58:08.09,0:58:12.01,Default,,0000,0000,0000,,Can you give us some dimension on that front?
Dialogue: 0,0:58:12.01,0:58:13.05,Default,,0000,0000,0000,,
Dialogue: 0,0:58:13.05,0:58:16.00,Default,,0000,0000,0000,,Miguel, do you want to go first?
Dialogue: 0,0:58:16.00,0:58:17.05,Default,,0000,0000,0000,,>> Danny: Yeah, sure.
Dialogue: 0,0:58:17.05,0:58:20.09,Default,,0000,0000,0000,,Yeah so what I would say is that if\Nyou're trying to mitigate an attack,
Dialogue: 0,0:58:20.09,0:58:23.02,Default,,0000,0000,0000,,what you're really trying to\Ndo is preserve the availability
Dialogue: 0,0:58:23.02,0:58:24.06,Default,,0000,0000,0000,,of the services that you care about.
Dialogue: 0,0:58:24.06,0:58:29.00,Default,,0000,0000,0000,,And so you've really got to flip and say you\Nknow, I really want to scrub out the bad stuff
Dialogue: 0,0:58:29.00,0:58:30.09,Default,,0000,0000,0000,,and try and be able to absorb this attack.
Dialogue: 0,0:58:30.09,0:58:34.08,Default,,0000,0000,0000,,One of the interesting things, when you see\Nnumbers thrown around on scale, frequency,
Dialogue: 0,0:58:34.08,0:58:39.01,Default,,0000,0000,0000,,duration, attack factors, all those things,\Nyou might see 10 gigabyte per second attack.
Dialogue: 0,0:58:39.01,0:58:45.01,Default,,0000,0000,0000,,Well what 10 gigabytes per second attack is on a\Nwebserver or on a DNS server is very different.
Dialogue: 0,0:58:45.01,0:58:49.05,Default,,0000,0000,0000,,That means 10 gigabytes per second\Nof transaction servicing capacity.
Dialogue: 0,0:58:49.05,0:58:54.02,Default,,0000,0000,0000,,Right, that's basically I've got to be able to\Nprocess 10 gigabytes per second of DNS packets
Dialogue: 0,0:58:54.02,0:58:59.05,Default,,0000,0000,0000,,or of web-service packets or SSL packets or\Nwhatever the service is you're concerned with
Dialogue: 0,0:58:59.05,0:59:02.02,Default,,0000,0000,0000,,and that's the only way you can\Npreserve the availability of that.
Dialogue: 0,0:59:02.02,0:59:05.05,Default,,0000,0000,0000,,So when it gets more and more complex,\Nis when you have more stay-based
Dialogue: 0,0:59:05.05,0:59:08.06,Default,,0000,0000,0000,,and more complex applications
Dialogue: 0,0:59:08.06,0:59:13.00,Default,,0000,0000,0000,,that more sophisticated attacks\Nbecome problematic in that manner.
Dialogue: 0,0:59:13.00,0:59:18.02,Default,,0000,0000,0000,,So I think it absolutely\Ndepends on the attack factor.
Dialogue: 0,0:59:18.02,0:59:22.08,Default,,0000,0000,0000,,One of the challenges is that sort of\Ncommodity, off the shelf routers and firewalls
Dialogue: 0,0:59:22.08,0:59:25.04,Default,,0000,0000,0000,,and those things don't do\Napplication [inaudible] mitigation.
Dialogue: 0,0:59:25.04,0:59:27.01,Default,,0000,0000,0000,,They don't provide certain capabilities.
Dialogue: 0,0:59:27.01,0:59:30.05,Default,,0000,0000,0000,,On the other hand, if it's\Nsome services it may be simpler
Dialogue: 0,0:59:30.05,0:59:34.05,Default,,0000,0000,0000,,to simply absorb a high-rate per second attack
Dialogue: 0,0:59:34.05,0:59:38.03,Default,,0000,0000,0000,,or to just drop bad traffic that's\Nnot target a production service.
Dialogue: 0,0:59:38.03,0:59:42.00,Default,,0000,0000,0000,,So, yeah in short the answer is\Nyes to your question, I think.
Dialogue: 0,0:59:42.00,0:59:44.01,Default,,0000,0000,0000,,>> Brian: Thank you, Miguel.
Dialogue: 0,0:59:44.01,0:59:47.01,Default,,0000,0000,0000,,>> Miguel: Danny mentioned\Nthat the type of infrastructure
Dialogue: 0,0:59:47.01,0:59:50.01,Default,,0000,0000,0000,,that is being attacked matters,\NI absolutely agree.
Dialogue: 0,0:59:50.01,0:59:55.00,Default,,0000,0000,0000,,The type of organization that is being\Nattacked also plays a factor potentially
Dialogue: 0,0:59:55.00,1:00:00.10,Default,,0000,0000,0000,,and how you're dealing with the\Nproblem of mitigating the attack.
Dialogue: 0,1:00:00.10,1:00:04.04,Default,,0000,0000,0000,,I think Jeff alluded to the fact\Nearlier that there are attacks
Dialogue: 0,1:00:04.04,1:00:06.03,Default,,0000,0000,0000,,that are potentially, for example extortion.
Dialogue: 0,1:00:06.03,1:00:11.08,Default,,0000,0000,0000,,There's activist-type attacks;\NI'll use the activists' example.
Dialogue: 0,1:00:11.08,1:00:15.02,Default,,0000,0000,0000,,These people that are protesting\Nand attacking your site,
Dialogue: 0,1:00:15.02,1:00:21.00,Default,,0000,0000,0000,,they're most likely discussing it online, so\Nthey're congregating on twitter, on Facebook,
Dialogue: 0,1:00:21.00,1:00:25.03,Default,,0000,0000,0000,,Payspin, whatever site it is that\Nthey're using to IRC relay chip,
Dialogue: 0,1:00:25.03,1:00:31.10,Default,,0000,0000,0000,,you know internet relay chat rooms,\Nthey're discussing attack strategies there.
Dialogue: 0,1:00:31.10,1:00:36.07,Default,,0000,0000,0000,,So, what kind of an attack it is, and\Nwhich organization is being attacked,
Dialogue: 0,1:00:36.07,1:00:42.01,Default,,0000,0000,0000,,it does matter because you do want to factor\Nin how your monitoring social media based
Dialogue: 0,1:00:42.01,1:00:48.09,Default,,0000,0000,0000,,on the particular attack because it can\Nhelp you determine what it is that you need
Dialogue: 0,1:00:48.09,1:00:51.07,Default,,0000,0000,0000,,to do and what you need to focus on.
Dialogue: 0,1:00:51.07,1:00:52.10,Default,,0000,0000,0000,,
Dialogue: 0,1:00:52.10,1:00:54.05,Default,,0000,0000,0000,,>> Brian: Anyone else?
Dialogue: 0,1:00:54.05,1:00:55.09,Default,,0000,0000,0000,,
Dialogue: 0,1:00:55.09,1:00:58.06,Default,,0000,0000,0000,,Let me shift gears here.
Dialogue: 0,1:00:58.06,1:01:03.01,Default,,0000,0000,0000,,I think by now, hopefully we've got a\Nfairly good picture of the dimensions
Dialogue: 0,1:01:03.01,1:01:06.09,Default,,0000,0000,0000,,of DDoS attacks both from website operator,
Dialogue: 0,1:01:06.09,1:01:10.09,Default,,0000,0000,0000,,individual user, service\Nprovider, civil society.
Dialogue: 0,1:01:10.09,1:01:13.07,Default,,0000,0000,0000,,It's an important problem.
Dialogue: 0,1:01:13.07,1:01:16.04,Default,,0000,0000,0000,,It's a growing problem, there's\Nno doubt about that.
Dialogue: 0,1:01:16.04,1:01:19.03,Default,,0000,0000,0000,,It gets bigger each year,\Nit's a big cat and mouse came,
Dialogue: 0,1:01:19.03,1:01:23.00,Default,,0000,0000,0000,,we have a hard time identifying\Nthe bad guys, tracking them down,
Dialogue: 0,1:01:23.00,1:01:25.08,Default,,0000,0000,0000,,stopping them from doing what they're doing.
Dialogue: 0,1:01:25.08,1:01:27.08,Default,,0000,0000,0000,,Who should fix this problem?
Dialogue: 0,1:01:27.08,1:01:29.07,Default,,0000,0000,0000,,
Dialogue: 0,1:01:29.07,1:01:35.01,Default,,0000,0000,0000,,Private sector, government,\Nhow do we fix this problem?
Dialogue: 0,1:01:35.01,1:01:39.02,Default,,0000,0000,0000,,Collaboration is important, we've heard\Nthat but it seems like it's a game
Dialogue: 0,1:01:39.02,1:01:41.06,Default,,0000,0000,0000,,that we're not necessarily winning.
Dialogue: 0,1:01:41.06,1:01:43.00,Default,,0000,0000,0000,,Anyone want to take that on?
Dialogue: 0,1:01:43.00,1:01:45.01,Default,,0000,0000,0000,,Pros and cons, Damian?
Dialogue: 0,1:01:45.01,1:01:46.07,Default,,0000,0000,0000,,
Dialogue: 0,1:01:46.07,1:01:48.04,Default,,0000,0000,0000,,>> Damian: I'll start off the discussion.
Dialogue: 0,1:01:48.04,1:01:55.08,Default,,0000,0000,0000,,So I think a lot of the difficulty we have\Nis that nobody feels actually responsible
Dialogue: 0,1:01:55.08,1:02:01.04,Default,,0000,0000,0000,,so the attacks are often being\Nsourced from compromised machines
Dialogue: 0,1:02:01.04,1:02:04.03,Default,,0000,0000,0000,,and people are saying well it's not\Nmy fault, my machine is compromised.
Dialogue: 0,1:02:04.03,1:02:09.03,Default,,0000,0000,0000,,You know they don't know it, it's an\Nend user, they don't actually know how
Dialogue: 0,1:02:09.03,1:02:12.06,Default,,0000,0000,0000,,to secure their machine, they're not even aware
Dialogue: 0,1:02:12.06,1:02:16.03,Default,,0000,0000,0000,,that there machine is participating\Nin the attack.
Dialogue: 0,1:02:16.03,1:02:19.05,Default,,0000,0000,0000,,Then it goes from that machine\Nthrough an ISP and the ISP says well,
Dialogue: 0,1:02:19.05,1:02:24.01,Default,,0000,0000,0000,,we're just providing network\Ntransit to our customers.
Dialogue: 0,1:02:24.01,1:02:26.09,Default,,0000,0000,0000,,We don't actually look at what that content is.
Dialogue: 0,1:02:26.09,1:02:32.02,Default,,0000,0000,0000,,And then it might go through multiple\NISPs and eventually get to the victim
Dialogue: 0,1:02:32.02,1:02:37.01,Default,,0000,0000,0000,,who really doesn't have any choice\Nbut to just receive this traffic.
Dialogue: 0,1:02:37.01,1:02:43.09,Default,,0000,0000,0000,,So I think the root issue here is to figure\Nout who you would actually hold responsible
Dialogue: 0,1:02:43.09,1:02:48.07,Default,,0000,0000,0000,,for these attacks and then maybe figure out\Nin what way they would be held responsible.
Dialogue: 0,1:02:48.07,1:02:52.00,Default,,0000,0000,0000,,You know clearly, we don't want\Nto hold the home user responsible
Dialogue: 0,1:02:52.00,1:02:58.05,Default,,0000,0000,0000,,for an attack they weren't aware that they were\Ncommitting, however, if we could inform them
Dialogue: 0,1:02:58.05,1:03:02.08,Default,,0000,0000,0000,,and they refuse to fix their machine,\Nmaybe after they've had that opportunity
Dialogue: 0,1:03:02.08,1:03:06.09,Default,,0000,0000,0000,,to fix their machine and they refuse to,\Nor after we inform a hosting provider
Dialogue: 0,1:03:06.09,1:03:10.00,Default,,0000,0000,0000,,that has compromised webservers\Nthat are attacking you.
Dialogue: 0,1:03:10.00,1:03:13.06,Default,,0000,0000,0000,,If they don't fix those machines after\Na month and they're still attacking,
Dialogue: 0,1:03:13.06,1:03:16.03,Default,,0000,0000,0000,,maybe there should be some responsibility there.
Dialogue: 0,1:03:16.03,1:03:20.04,Default,,0000,0000,0000,,>> Brian: So that's an interesting thought\NDamian because you all do have terms of service
Dialogue: 0,1:03:20.04,1:03:24.01,Default,,0000,0000,0000,,and abuse policies that users agree\Nto when they use your service,
Dialogue: 0,1:03:24.01,1:03:25.08,Default,,0000,0000,0000,,so that's an interesting thought.
Dialogue: 0,1:03:25.08,1:03:30.00,Default,,0000,0000,0000,,Jeff, I want to throw this to you and I\Nknow this is part of your past experience,
Dialogue: 0,1:03:30.00,1:03:34.08,Default,,0000,0000,0000,,but having been in the Senate and House\NCommittee, can you bring a little bit
Dialogue: 0,1:03:34.08,1:03:37.02,Default,,0000,0000,0000,,of the government perspective\Nto the question I asked
Dialogue: 0,1:03:37.02,1:03:40.01,Default,,0000,0000,0000,,of who should be fixing this problem and how?
Dialogue: 0,1:03:40.01,1:03:41.05,Default,,0000,0000,0000,,>> Jeff: So I guess I would step back
Dialogue: 0,1:03:41.05,1:03:47.05,Default,,0000,0000,0000,,and say that we can't define\Nthis problem as just dos attacks.
Dialogue: 0,1:03:47.05,1:03:50.07,Default,,0000,0000,0000,,You know you phrase it as, it's\Nnot a game of winning, well,
Dialogue: 0,1:03:50.07,1:03:53.01,Default,,0000,0000,0000,,in my mind it's not a game that will ever end.
Dialogue: 0,1:03:53.01,1:03:58.03,Default,,0000,0000,0000,,To the extent it's more of a constant\Nrace, how far ahead or behind are we
Dialogue: 0,1:03:58.03,1:04:02.04,Default,,0000,0000,0000,,of the people developing new ways to attack?
Dialogue: 0,1:04:02.04,1:04:08.00,Default,,0000,0000,0000,,And to my first point about, it's a\Nbroader problem, if someone has a computer
Dialogue: 0,1:04:08.00,1:04:12.09,Default,,0000,0000,0000,,that is being used as part of a botnet\Nfor a DDoS attack or something else,
Dialogue: 0,1:04:12.09,1:04:17.03,Default,,0000,0000,0000,,it's very likely that the folks who are on\Nthat computer could do a lot of other things
Dialogue: 0,1:04:17.03,1:04:21.04,Default,,0000,0000,0000,,with that computer or to that person's\Nidentity or steel their banking credentials,
Dialogue: 0,1:04:21.04,1:04:26.01,Default,,0000,0000,0000,,so it is a much broader problem and I think\NDamian made a good point is everyone kind
Dialogue: 0,1:04:26.01,1:04:29.05,Default,,0000,0000,0000,,of pushes it back but at\Nsome level it needs to start
Dialogue: 0,1:04:29.05,1:04:34.08,Default,,0000,0000,0000,,with users taking more control\Nover their computers.
Dialogue: 0,1:04:34.08,1:04:37.06,Default,,0000,0000,0000,,Not just looking at antivirus\Nbut broader protections.
Dialogue: 0,1:04:37.06,1:04:42.10,Default,,0000,0000,0000,,The government's role from my perspective\Nand that's something that we worked
Dialogue: 0,1:04:42.10,1:04:47.00,Default,,0000,0000,0000,,on the projects I worked on the hill are\Nmuch more critical infrastructure focused,
Dialogue: 0,1:04:47.00,1:04:51.04,Default,,0000,0000,0000,,but if it's true there, I think it's even\Nmore true with a much more commercial side.
Dialogue: 0,1:04:51.04,1:04:56.00,Default,,0000,0000,0000,,It's got to be private sector laden and\Nthe government can play a role facilitating
Dialogue: 0,1:04:56.00,1:05:02.05,Default,,0000,0000,0000,,and educating and punishing and perhaps in some\Nareas where there is significant possibility
Dialogue: 0,1:05:02.05,1:05:06.09,Default,,0000,0000,0000,,of major national impact requiring\Nsome standards, you're not going to do
Dialogue: 0,1:05:06.09,1:05:11.08,Default,,0000,0000,0000,,that for John Smith who has his\Ncomputer at home, you're not going to say
Dialogue: 0,1:05:11.08,1:05:15.00,Default,,0000,0000,0000,,that there is a minimum security\N[inaudible] that you have to have
Dialogue: 0,1:05:15.00,1:05:17.08,Default,,0000,0000,0000,,in order to log into the internet.
Dialogue: 0,1:05:17.08,1:05:19.08,Default,,0000,0000,0000,,Were you even to try that, it would never pass.
Dialogue: 0,1:05:19.08,1:05:24.00,Default,,0000,0000,0000,,But the government can play a\Nsignificant role educating folks;
Dialogue: 0,1:05:24.00,1:05:29.01,Default,,0000,0000,0000,,simple things as patching whatever software\Napplications you have, making it the easiest way
Dialogue: 0,1:05:29.01,1:05:30.03,Default,,0000,0000,0000,,for someone to get into your computer.
Dialogue: 0,1:05:30.03,1:05:33.10,Default,,0000,0000,0000,,The patch comes out, someone is out there\Ntrying to figure out what was patched
Dialogue: 0,1:05:33.10,1:05:36.05,Default,,0000,0000,0000,,and how can we take advantage\Nof the people who don't patch.
Dialogue: 0,1:05:36.05,1:05:41.04,Default,,0000,0000,0000,,So the government, I think the role, sort\Nof hopefully I'm answering the question.
Dialogue: 0,1:05:41.04,1:05:43.08,Default,,0000,0000,0000,,The role the government is going to play is\Ngoing to depend on what you're talking about.
Dialogue: 0,1:05:43.08,1:05:46.06,Default,,0000,0000,0000,,If it's an attack on water, electrical,\Nother systems the government is going
Dialogue: 0,1:05:46.06,1:05:49.07,Default,,0000,0000,0000,,to have a very active role,\Nhopefully ahead of time, protecting
Dialogue: 0,1:05:49.07,1:05:51.09,Default,,0000,0000,0000,,and assisting in developing protections.
Dialogue: 0,1:05:51.09,1:05:55.03,Default,,0000,0000,0000,,The government will also have a role in\Nthe backend where possible prosecuting,
Dialogue: 0,1:05:55.03,1:05:57.07,Default,,0000,0000,0000,,investigating and that's\Nwhere your earlier question
Dialogue: 0,1:05:57.07,1:06:00.09,Default,,0000,0000,0000,,about does it matter who is being attacked?
Dialogue: 0,1:06:00.09,1:06:04.00,Default,,0000,0000,0000,,Maybe it shouldn't, but the government is going\Nto be much more focused when you have a series
Dialogue: 0,1:06:04.00,1:06:08.03,Default,,0000,0000,0000,,of major banks attacked, looking whether\Nthere's another type of attack going on
Dialogue: 0,1:06:08.03,1:06:11.08,Default,,0000,0000,0000,,or there are more laws that\Napply [inaudible] after that.
Dialogue: 0,1:06:11.08,1:06:18.05,Default,,0000,0000,0000,,Then if it is, you're attacking someone's speech\Non block spy, so the government's role is going
Dialogue: 0,1:06:18.05,1:06:23.03,Default,,0000,0000,0000,,to vary, I think depending upon where you are\Nbut ultimately it can't be government lead
Dialogue: 0,1:06:23.03,1:06:28.06,Default,,0000,0000,0000,,because it will end up being less\Neffective and more [inaudible], in my view.
Dialogue: 0,1:06:28.06,1:06:29.07,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,1:06:29.07,1:06:37.05,Default,,0000,0000,0000,,Let me ask for the service providers, you all\Nrun services that are globally accessible.
Dialogue: 0,1:06:37.05,1:06:43.09,Default,,0000,0000,0000,,You all have network footprints\Nthat are global to some extent.
Dialogue: 0,1:06:43.09,1:06:48.00,Default,,0000,0000,0000,,Specifically, engaging with law\Nenforcement which I'm sure you do,
Dialogue: 0,1:06:48.00,1:06:53.06,Default,,0000,0000,0000,,you all work for law abiding companies who\Nunder the proper circumstances collaborate
Dialogue: 0,1:06:53.06,1:06:57.05,Default,,0000,0000,0000,,with law enforcement to address\Nlegitimate concerns.
Dialogue: 0,1:06:57.05,1:07:02.06,Default,,0000,0000,0000,,What are you seeing in your\Ninteractions with law enforcement
Dialogue: 0,1:07:02.06,1:07:05.08,Default,,0000,0000,0000,,that provides the good seeds for collaboration?
Dialogue: 0,1:07:05.08,1:07:09.06,Default,,0000,0000,0000,,What do you think might be missing in\Nyour interactions with law enforcement?
Dialogue: 0,1:07:09.06,1:07:13.04,Default,,0000,0000,0000,,I'd like the service providers\Nto address that point.
Dialogue: 0,1:07:13.04,1:07:18.04,Default,,0000,0000,0000,,Who wants to go first, Ram?
Dialogue: 0,1:07:18.04,1:07:19.04,Default,,0000,0000,0000,,>> Ram: Let me start.
Dialogue: 0,1:07:19.04,1:07:24.04,Default,,0000,0000,0000,,One of the things that is striking\Nin interactions with law enforcement,
Dialogue: 0,1:07:24.04,1:07:30.02,Default,,0000,0000,0000,,one of the fundamentals here is that\Nthis is essential a borderless problem
Dialogue: 0,1:07:30.02,1:07:34.04,Default,,0000,0000,0000,,and law enforcement has a broader problem.
Dialogue: 0,1:07:34.04,1:07:34.10,Default,,0000,0000,0000,,>> Brian: Okay.
Dialogue: 0,1:07:34.10,1:07:38.04,Default,,0000,0000,0000,,>> Ram: Not a problem, they have to work
Dialogue: 0,1:07:38.04,1:07:41.06,Default,,0000,0000,0000,,within the jurisdictions of\Nthe borders that they're in.
Dialogue: 0,1:07:41.06,1:07:46.00,Default,,0000,0000,0000,,So often when you're collaborating\Nand working on uncovering,
Dialogue: 0,1:07:46.00,1:07:52.07,Default,,0000,0000,0000,,you know somebody is running a botnet that's\Ngot some significant problems behind it
Dialogue: 0,1:07:52.07,1:07:56.03,Default,,0000,0000,0000,,and if you start to do trace-backs,\Nyou'll find that the folks
Dialogue: 0,1:07:56.03,1:08:02.05,Default,,0000,0000,0000,,in law enforcement would rather work\Nwith you informally than formally
Dialogue: 0,1:08:02.05,1:08:10.09,Default,,0000,0000,0000,,because if they go formal, then you go\Nthrough a method where you then have
Dialogue: 0,1:08:10.09,1:08:17.00,Default,,0000,0000,0000,,to involve every law enforcement agency at\Nevery boarder that is crossed on the internet.
Dialogue: 0,1:08:17.00,1:08:20.02,Default,,0000,0000,0000,,It's pretty damn easy to cross those boarders.
Dialogue: 0,1:08:20.02,1:08:27.01,Default,,0000,0000,0000,,So, that's a, I think that's an\Nessential thing and the real-world hasn't
Dialogue: 0,1:08:27.01,1:08:31.04,Default,,0000,0000,0000,,yet caught-up to that reality online.
Dialogue: 0,1:08:31.04,1:08:39.04,Default,,0000,0000,0000,,That attacks come from multiple boarders,\Nfrom across multiple boarders and the morph
Dialogue: 0,1:08:39.04,1:08:50.05,Default,,0000,0000,0000,,in real-time, depending what the response looks\Nlike, and so that's a very significant factor
Dialogue: 0,1:08:50.05,1:08:58.03,Default,,0000,0000,0000,,when we work for instance on, a year and a\Nhalf ago, we worked on pulling together part
Dialogue: 0,1:08:58.03,1:09:06.06,Default,,0000,0000,0000,,of an industry or in a taskforce on child abuse\Nset of sites that were focused on child abuse
Dialogue: 0,1:09:06.06,1:09:17.01,Default,,0000,0000,0000,,and they were using that to infect the\Ncomputers of those who had the bad stuff on it
Dialogue: 0,1:09:17.01,1:09:19.10,Default,,0000,0000,0000,,to make them part of a zombie network.
Dialogue: 0,1:09:19.10,1:09:28.02,Default,,0000,0000,0000,,And it got very snarled up in various\Njurisdictions legal restrictions,
Dialogue: 0,1:09:28.02,1:09:34.05,Default,,0000,0000,0000,,the necessity to preserve evidence,\Nversus the imperative to solve the problem
Dialogue: 0,1:09:34.05,1:09:37.06,Default,,0000,0000,0000,,and make sure it doesn't become very large.
Dialogue: 0,1:09:37.06,1:09:38.10,Default,,0000,0000,0000,,>> Brian: Interesting.
Dialogue: 0,1:09:38.10,1:09:42.00,Default,,0000,0000,0000,,Anyone else, Danny?
Dialogue: 0,1:09:42.00,1:09:44.10,Default,,0000,0000,0000,,>> Danny: Yeah so I'll point out\Nagain, some of the work that you know
Dialogue: 0,1:09:44.10,1:09:48.06,Default,,0000,0000,0000,,with public/private sector\Npartnerships, I think that's so important.
Dialogue: 0,1:09:48.06,1:09:51.07,Default,,0000,0000,0000,,Certainly I don't think you're going to\Nregulate your way out of this, right?
Dialogue: 0,1:09:51.07,1:09:58.00,Default,,0000,0000,0000,,From a controls perspective there are 869\Nthings that I have to do in my day job just
Dialogue: 0,1:09:58.00,1:10:01.00,Default,,0000,0000,0000,,to check boxes and those give me\Nmarginally more secure, right,
Dialogue: 0,1:10:01.00,1:10:06.00,Default,,0000,0000,0000,,82% of IT security span goes towards\Ncompliance and regulatory controls
Dialogue: 0,1:10:06.00,1:10:08.07,Default,,0000,0000,0000,,and then people try and get\Nsecure on top of that.
Dialogue: 0,1:10:08.07,1:10:13.09,Default,,0000,0000,0000,,Those sorts of things are like antivirus\Nsoftware and there's 10 new pieces
Dialogue: 0,1:10:13.09,1:10:17.08,Default,,0000,0000,0000,,of male-code a second on the\Ninternet, yet AV is a frontline defense
Dialogue: 0,1:10:17.08,1:10:23.07,Default,,0000,0000,0000,,to protect the residential user or maybe even\Na corporate machine, and so I think education
Dialogue: 0,1:10:23.07,1:10:28.06,Default,,0000,0000,0000,,of the threat vector, some of the very\Nfundamental stuff like patching systems
Dialogue: 0,1:10:28.06,1:10:33.01,Default,,0000,0000,0000,,and software and collaboration and information\Nsharing and putting these things in place.
Dialogue: 0,1:10:33.01,1:10:36.03,Default,,0000,0000,0000,,From a law enforcement perspective,\NI think that some
Dialogue: 0,1:10:36.03,1:10:40.05,Default,,0000,0000,0000,,of the most successful stuff we've seen\Ninvolves multilateral teaming agreements
Dialogue: 0,1:10:40.05,1:10:44.01,Default,,0000,0000,0000,,and collaboration, those sorts of\Nthings where there is some coordination
Dialogue: 0,1:10:44.01,1:10:47.10,Default,,0000,0000,0000,,and some effort in trying to work together.
Dialogue: 0,1:10:47.10,1:10:51.03,Default,,0000,0000,0000,,In general though, in particular with\NDDoS attack we've always seen this sort
Dialogue: 0,1:10:51.03,1:10:56.05,Default,,0000,0000,0000,,of fragmented response where one ISP on\Nthe receiving end, or along the projectory
Dialogue: 0,1:10:56.05,1:11:00.01,Default,,0000,0000,0000,,of an attack will drop all the traffic\Ntowards the destination and cause,
Dialogue: 0,1:11:00.01,1:11:02.03,Default,,0000,0000,0000,,you know effectively completing\Nthe attack for that network,
Dialogue: 0,1:11:02.03,1:11:08.05,Default,,0000,0000,0000,,and another one will security research will\Ninfiltrate the command [inaudible] structure
Dialogue: 0,1:11:08.05,1:11:12.00,Default,,0000,0000,0000,,and law enforcement may be there and then\Nsomeone will break one of their connections
Dialogue: 0,1:11:12.00,1:11:16.09,Default,,0000,0000,0000,,to the C&C infrastructure and all of a\Nsudden, you can't even disable the attack
Dialogue: 0,1:11:16.09,1:11:20.03,Default,,0000,0000,0000,,because you've got all these headless machines\Nout there that are attacking something
Dialogue: 0,1:11:20.03,1:11:23.02,Default,,0000,0000,0000,,and depending on where those systems\Nreside and where they're coming from.
Dialogue: 0,1:11:23.02,1:11:28.03,Default,,0000,0000,0000,,I mean we've seen attacks with\Nattack sources in 100s of countries
Dialogue: 0,1:11:28.03,1:11:30.02,Default,,0000,0000,0000,,and you're breaking lots of laws.
Dialogue: 0,1:11:30.02,1:11:36.01,Default,,0000,0000,0000,,I mean just if you were to try and disable\Nan attack if you had the keys to the command
Dialogue: 0,1:11:36.01,1:11:39.02,Default,,0000,0000,0000,,and control infrastructure, that sort of thing.
Dialogue: 0,1:11:39.02,1:11:43.04,Default,,0000,0000,0000,,So it's really problematic and there needs\Nto be a lot of collaboration and cooperation
Dialogue: 0,1:11:43.04,1:11:47.06,Default,,0000,0000,0000,,and I don't think regulations a way,\Nbut I do think harmonizing and working
Dialogue: 0,1:11:47.06,1:11:52.00,Default,,0000,0000,0000,,on the international aspects and the information\Nsharing and collaboration, you know those sort
Dialogue: 0,1:11:52.00,1:11:56.02,Default,,0000,0000,0000,,of things are the only way we're going\Nto be in a better spot collectively.
Dialogue: 0,1:11:56.02,1:12:00.08,Default,,0000,0000,0000,,We're playing a lot of wackemall\Ntoday and I'm not sure it's effective.
Dialogue: 0,1:12:00.08,1:12:05.07,Default,,0000,0000,0000,,>> Brian: Jillian, let me ask you, from your\Nperspective, from a civil society perspective,
Dialogue: 0,1:12:05.07,1:12:11.00,Default,,0000,0000,0000,,what more should industry and government\Nin their roles, be doing to address this?
Dialogue: 0,1:12:11.00,1:12:16.04,Default,,0000,0000,0000,,And what in their collaboration\Nwould you hope that they avoid?
Dialogue: 0,1:12:16.04,1:12:20.04,Default,,0000,0000,0000,,>> Jillian: So in terms of what more,\NI mean I think it's hard for me to say.
Dialogue: 0,1:12:20.04,1:12:24.10,Default,,0000,0000,0000,,I mean I think one of the problems\Nhere is that as others have mentioned,
Dialogue: 0,1:12:24.10,1:12:30.07,Default,,0000,0000,0000,,law enforcement is going after the folks\Nwho are going after the big targets.
Dialogue: 0,1:12:30.07,1:12:34.04,Default,,0000,0000,0000,,And I understand that, but it's not really\Never going to help these smaller targets.
Dialogue: 0,1:12:34.04,1:12:38.06,Default,,0000,0000,0000,,I mean you don't see law enforcement going after\Nthe perpetrators of small attacks and a lot
Dialogue: 0,1:12:38.06,1:12:41.05,Default,,0000,0000,0000,,of the attacks that I'm looking at\Nare happening in other countries
Dialogue: 0,1:12:41.05,1:12:44.00,Default,,0000,0000,0000,,where sometimes the perpetrators\Nare in other countries
Dialogue: 0,1:12:44.00,1:12:49.00,Default,,0000,0000,0000,,and so from my perspective I'm not\Nthinking so much about U.S. law enforcement,
Dialogue: 0,1:12:49.00,1:12:53.06,Default,,0000,0000,0000,,but in terms of what people can be doing\Nmore about and what they should avoid.
Dialogue: 0,1:12:53.06,1:13:01.01,Default,,0000,0000,0000,,I think that a lot of it is about raising\Nawareness as folks at the other end
Dialogue: 0,1:13:01.01,1:13:05.04,Default,,0000,0000,0000,,of the table said in the beginning,\NI think that making people aware,
Dialogue: 0,1:13:05.04,1:13:09.06,Default,,0000,0000,0000,,not only of what might be going on in their\Nown systems that they can avoid becoming part
Dialogue: 0,1:13:09.06,1:13:17.07,Default,,0000,0000,0000,,of a botnet, but also what they can be\Ndoing as individuals and as organizations
Dialogue: 0,1:13:17.07,1:13:21.07,Default,,0000,0000,0000,,to mitigate the potential of DDoS attacks.
Dialogue: 0,1:13:21.07,1:13:24.09,Default,,0000,0000,0000,,And then as far as industry,\NI think adding that layer
Dialogue: 0,1:13:24.09,1:13:26.10,Default,,0000,0000,0000,,of civil society is really important as well.
Dialogue: 0,1:13:26.10,1:13:32.06,Default,,0000,0000,0000,,Making sure that industry is collaborating\Nwith civil society to make more
Dialogue: 0,1:13:32.06,1:13:37.00,Default,,0000,0000,0000,,of these systems available to\Nthe smaller user would be great.
Dialogue: 0,1:13:37.00,1:13:42.01,Default,,0000,0000,0000,,And as far as what law enforcement\Nshould avoid, I think a lot of it
Dialogue: 0,1:13:42.01,1:13:47.03,Default,,0000,0000,0000,,for me is addressing whether DDoS attack\Nare a useful form of civil disobedience.
Dialogue: 0,1:13:47.03,1:13:51.00,Default,,0000,0000,0000,,I think it kind of comes down to that and my\Npersonal opinion, this is really not the view
Dialogue: 0,1:13:51.00,1:13:53.08,Default,,0000,0000,0000,,of my organization which does\Nnot have a stated view on this,
Dialogue: 0,1:13:53.08,1:13:59.04,Default,,0000,0000,0000,,but it's just that I don't think it's a\Nparticularly useful form of civil disobedience.
Dialogue: 0,1:13:59.04,1:14:04.02,Default,,0000,0000,0000,,I think that in the United States we have\Nmany other paths of recourse to protest
Dialogue: 0,1:14:04.02,1:14:07.04,Default,,0000,0000,0000,,and then I think that when you look\Nat the example like I gave before,
Dialogue: 0,1:14:07.04,1:14:11.08,Default,,0000,0000,0000,,attacks against Syrian government\Nwebsites, it's a bit of a different thing.
Dialogue: 0,1:14:11.08,1:14:19.06,Default,,0000,0000,0000,,But nonetheless, I think that the effect of\Nthese attacks on smaller websites is so great
Dialogue: 0,1:14:19.06,1:14:22.04,Default,,0000,0000,0000,,that we should really sort of\Ntry to look at the whole picture
Dialogue: 0,1:14:22.04,1:14:25.00,Default,,0000,0000,0000,,and realize how much damage this is doing.
Dialogue: 0,1:14:25.00,1:14:29.05,Default,,0000,0000,0000,,And so I guess in thinking about that, I\Nthink that that should also sort of inform
Dialogue: 0,1:14:29.05,1:14:31.07,Default,,0000,0000,0000,,where we think about law enforcement.
Dialogue: 0,1:14:31.07,1:14:32.01,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,1:14:32.01,1:14:32.03,Default,,0000,0000,0000,,Danny [inaudible]?
Dialogue: 0,1:14:32.03,1:14:35.05,Default,,0000,0000,0000,,>> Danny: Yeah I just wanted to make\None other comment, something she touched
Dialogue: 0,1:14:35.05,1:14:39.00,Default,,0000,0000,0000,,on which I think is really actually\Nis, one of the things we see a lot
Dialogue: 0,1:14:39.00,1:14:42.01,Default,,0000,0000,0000,,of is the internet itself\Nis inherently multi-tenant.
Dialogue: 0,1:14:42.01,1:14:47.05,Default,,0000,0000,0000,,And then you see a lot of, in particular\Na lot of the smaller folks can aggregate
Dialogue: 0,1:14:47.05,1:14:50.09,Default,,0000,0000,0000,,and there's these really high tenant\Ndensities on certain pieces of infrastructure
Dialogue: 0,1:14:50.09,1:14:55.08,Default,,0000,0000,0000,,and what ends up happening is that someone\Non the infrastructure gets attacked
Dialogue: 0,1:14:55.08,1:14:58.03,Default,,0000,0000,0000,,and there's a lot of collateral\Ndamage that everybody is impacted.
Dialogue: 0,1:14:58.03,1:15:01.10,Default,,0000,0000,0000,,Or a really large attack along\Na trajectory fills some links
Dialogue: 0,1:15:01.10,1:15:06.05,Default,,0000,0000,0000,,and not only is the intended target impacted\Nbut there's collateral damage to other people
Dialogue: 0,1:15:06.05,1:15:07.08,Default,,0000,0000,0000,,that utilize that infrastructure.
Dialogue: 0,1:15:07.08,1:15:15.05,Default,,0000,0000,0000,,And most of the attacks that the folks have been\Non the receiving end of seeing is that it's hard
Dialogue: 0,1:15:15.05,1:15:20.04,Default,,0000,0000,0000,,for an attacker to gage how much firepower they\Nactually have and to surgically attack a target
Dialogue: 0,1:15:20.04,1:15:26.00,Default,,0000,0000,0000,,with a DDoS attack on the internet, usually they\Nsort brute-force flood a whole bunch of traffic
Dialogue: 0,1:15:26.00,1:15:29.07,Default,,0000,0000,0000,,of a particular type and there\Nis collateral damage in that.
Dialogue: 0,1:15:29.07,1:15:32.09,Default,,0000,0000,0000,,And that's an important artifact\Nthat you're highlighting there
Dialogue: 0,1:15:32.09,1:15:36.05,Default,,0000,0000,0000,,and if you have high-tenant\Ndensities on cloud infrastructure
Dialogue: 0,1:15:36.05,1:15:43.02,Default,,0000,0000,0000,,or lots of people behind small links then\Nit does have a really devastating impact
Dialogue: 0,1:15:43.02,1:15:46.08,Default,,0000,0000,0000,,and not just on the target, but maybe on\Nother people that utilize that infrastructure.
Dialogue: 0,1:15:46.08,1:15:49.03,Default,,0000,0000,0000,,And so I think that's important highlight.
Dialogue: 0,1:15:49.03,1:15:50.05,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,1:15:50.05,1:15:51.02,Default,,0000,0000,0000,,Damian?
Dialogue: 0,1:15:51.02,1:15:55.04,Default,,0000,0000,0000,,>> Damian: Yeah just to follow-up\Non that, Jillian had mentioned
Dialogue: 0,1:15:55.04,1:15:59.00,Default,,0000,0000,0000,,that law enforcement doesn't go\Nafter the very small attacks.
Dialogue: 0,1:15:59.00,1:16:00.07,Default,,0000,0000,0000,,They tend to focus on the large attacks.
Dialogue: 0,1:16:00.07,1:16:04.02,Default,,0000,0000,0000,,But I do see the large attacks\Nas the most damaging,
Dialogue: 0,1:16:04.02,1:16:09.00,Default,,0000,0000,0000,,largely because of what Danny said\Nof, it causes collateral damage.
Dialogue: 0,1:16:09.00,1:16:12.05,Default,,0000,0000,0000,,If there's collateral damage on other sites\Nthat they have no other way to mitigate,
Dialogue: 0,1:16:12.05,1:16:15.03,Default,,0000,0000,0000,,they will kill the small\Nvictim, they'll completely attack
Dialogue: 0,1:16:15.03,1:16:17.05,Default,,0000,0000,0000,,by just turning off everything to that site.
Dialogue: 0,1:16:17.05,1:16:23.04,Default,,0000,0000,0000,,So by basically preventing any very large\Nattacks by having law enforcement focus
Dialogue: 0,1:16:23.04,1:16:28.09,Default,,0000,0000,0000,,on those we at least give the smaller sites a\Nchange of getting some dos mitigation service
Dialogue: 0,1:16:28.09,1:16:35.04,Default,,0000,0000,0000,,to help them and basically that\Nboundary is probably around 10 gigabyte.
Dialogue: 0,1:16:35.04,1:16:41.05,Default,,0000,0000,0000,,You know once you get up over 100 gig, there's\Nvery few organizations that are going to be able
Dialogue: 0,1:16:41.05,1:16:45.02,Default,,0000,0000,0000,,to help and most are just\Ngoing to turn off the site.
Dialogue: 0,1:16:45.02,1:16:49.08,Default,,0000,0000,0000,,>> Brian: So right now on this issue,\Nit's the rule of the submarine captain
Dialogue: 0,1:16:49.08,1:16:54.02,Default,,0000,0000,0000,,that is the compartment flooding, and their\Nsailors in there shut it off to save the rest.
Dialogue: 0,1:16:54.02,1:16:55.00,Default,,0000,0000,0000,,And that's where we are.
Dialogue: 0,1:16:55.00,1:16:59.10,Default,,0000,0000,0000,,So, this is interesting and I think\Nwe've all been very polite so far,
Dialogue: 0,1:16:59.10,1:17:03.08,Default,,0000,0000,0000,,so allow me to play devil's advocate and put\Nyour feet to the fire a little bit folks.
Dialogue: 0,1:17:03.08,1:17:09.00,Default,,0000,0000,0000,,So what I'm hearing at a high level to pull some\Nthreads together, is there is some coordination
Dialogue: 0,1:17:09.00,1:17:14.09,Default,,0000,0000,0000,,across law enforcement which is key\Nto this solution in collaboration,
Dialogue: 0,1:17:14.09,1:17:17.02,Default,,0000,0000,0000,,but it's not nearly what it needs to be.
Dialogue: 0,1:17:17.02,1:17:21.04,Default,,0000,0000,0000,,It itself is a barrier to our\Nability, at least in the industry,
Dialogue: 0,1:17:21.04,1:17:24.01,Default,,0000,0000,0000,,to work on these problems with law enforcement.
Dialogue: 0,1:17:24.01,1:17:28.00,Default,,0000,0000,0000,,We're hearing that there is some collaboration\Nacross network operators but not as good
Dialogue: 0,1:17:28.00,1:17:32.08,Default,,0000,0000,0000,,as it needs to be all the\Nway up and down the stream.
Dialogue: 0,1:17:32.08,1:17:40.04,Default,,0000,0000,0000,,And some lack of sense of responsibility\Ncoloring that part of the puzzle.
Dialogue: 0,1:17:40.04,1:17:46.08,Default,,0000,0000,0000,,We all in this industry trumpet the fact that\Nthe internet is critical global infrastructure.
Dialogue: 0,1:17:46.08,1:17:51.06,Default,,0000,0000,0000,,We all in this industry trumpet the\Nfact that the infrastructure of nations
Dialogue: 0,1:17:51.06,1:17:58.09,Default,,0000,0000,0000,,of countries have come to rely on the\Ninternet, banking systems, electric grids soon,
Dialogue: 0,1:17:58.09,1:18:04.06,Default,,0000,0000,0000,,governments have a clear interest in this\Ncritical infrastructure and if I listen to all
Dialogue: 0,1:18:04.06,1:18:07.06,Default,,0000,0000,0000,,of this and piece together,\NI could come at this from,
Dialogue: 0,1:18:07.06,1:18:11.05,Default,,0000,0000,0000,,this is a fiddling while Rome burns\Ndynamic going on between industry
Dialogue: 0,1:18:11.05,1:18:14.00,Default,,0000,0000,0000,,and governments and civil society.
Dialogue: 0,1:18:14.00,1:18:20.04,Default,,0000,0000,0000,,So, putting your feet back to the fire, what\Nneeds to happen in terms of collaboration,
Dialogue: 0,1:18:20.04,1:18:27.06,Default,,0000,0000,0000,,in concrete terms to break through at the\Nindustry level, at the government level
Dialogue: 0,1:18:27.06,1:18:31.01,Default,,0000,0000,0000,,and across those levels and with\Nthe civil society perspective.
Dialogue: 0,1:18:31.01,1:18:32.00,Default,,0000,0000,0000,,Let's get to it.
Dialogue: 0,1:18:32.00,1:18:37.09,Default,,0000,0000,0000,,Who wants to take it on?
Dialogue: 0,1:18:37.09,1:18:38.01,Default,,0000,0000,0000,,Pause.
Dialogue: 0,1:18:38.01,1:18:39.06,Default,,0000,0000,0000,,>> Ram: Sure I'll jump on the grenade.
Dialogue: 0,1:18:39.06,1:18:47.05,Default,,0000,0000,0000,,Look I think everyone who is here and everyone\Nwho is up here is not part of the problem.
Dialogue: 0,1:18:47.05,1:18:51.01,Default,,0000,0000,0000,,When you take it to the global\Nlevel of the impact on society
Dialogue: 0,1:18:51.01,1:18:56.06,Default,,0000,0000,0000,,and the fiddling while Rome burns and the\Nimplication that there's an existential or close
Dialogue: 0,1:18:56.06,1:19:03.05,Default,,0000,0000,0000,,to a threat to us, everyone up here and I\Nassume because you're here, you all get it.
Dialogue: 0,1:19:03.05,1:19:08.07,Default,,0000,0000,0000,,The problem we have are the sectors\Nthat you mentioned that use technology
Dialogue: 0,1:19:08.07,1:19:15.05,Default,,0000,0000,0000,,but are not technology sectors and going back\Nto my government experiences, often, not always
Dialogue: 0,1:19:15.05,1:19:23.00,Default,,0000,0000,0000,,but often, the difficulty in those sectors to\Nget nontechnical executives to spend the money
Dialogue: 0,1:19:23.00,1:19:26.07,Default,,0000,0000,0000,,or the time to put in place the protections.
Dialogue: 0,1:19:26.07,1:19:33.01,Default,,0000,0000,0000,,You know Danny, I thought talked earlier\Nabout the need of a mitigation plan in place.
Dialogue: 0,1:19:33.01,1:19:36.09,Default,,0000,0000,0000,,If you're under a major denial service\Nattack and you're then figuring oh,
Dialogue: 0,1:19:36.09,1:19:38.06,Default,,0000,0000,0000,,how do I deal with a denial service attack?
Dialogue: 0,1:19:38.06,1:19:45.05,Default,,0000,0000,0000,,You're toast, you need to have things in place\Nahead of time and that's where going back
Dialogue: 0,1:19:45.05,1:19:49.04,Default,,0000,0000,0000,,to the question about where the government\Ncan play a role, my personal view
Dialogue: 0,1:19:49.04,1:19:52.01,Default,,0000,0000,0000,,and what we were trying to do on\Nthe hill was create an environment
Dialogue: 0,1:19:52.01,1:19:58.01,Default,,0000,0000,0000,,where the truly critical\Ninfrastructure systems are required
Dialogue: 0,1:19:58.01,1:20:00.02,Default,,0000,0000,0000,,to meet some base-level of security.
Dialogue: 0,1:20:00.02,1:20:04.04,Default,,0000,0000,0000,,Not a technology specific but more\Nif you're talking about computers
Dialogue: 0,1:20:04.04,1:20:07.08,Default,,0000,0000,0000,,that control big machines,\Nwater pumps, electric grids,
Dialogue: 0,1:20:07.08,1:20:09.09,Default,,0000,0000,0000,,those shouldn't be connected to the internet.
Dialogue: 0,1:20:09.09,1:20:11.01,Default,,0000,0000,0000,,A lot of them are.
Dialogue: 0,1:20:11.01,1:20:17.09,Default,,0000,0000,0000,,Some of them are connected with open connections\Nusing default passwords available through,
Dialogue: 0,1:20:17.09,1:20:19.08,Default,,0000,0000,0000,,no offense, Google searches.
Dialogue: 0,1:20:19.08,1:20:26.05,Default,,0000,0000,0000,,So, what needs to happen, I think is some\Nimpetus, some general understanding of the type
Dialogue: 0,1:20:26.05,1:20:33.07,Default,,0000,0000,0000,,of threat that the country faces both in\Nthe digital realm and in the physical realm.
Dialogue: 0,1:20:33.07,1:20:40.07,Default,,0000,0000,0000,,But again, I think going back to what I said\Nearlier a lot of it starts with the individual
Dialogue: 0,1:20:40.07,1:20:45.01,Default,,0000,0000,0000,,and I used to be very skeptical as to\Nwhether we could actually get most people
Dialogue: 0,1:20:45.01,1:20:50.03,Default,,0000,0000,0000,,to do basic hygiene things on their computer\Nand then one of the things that we also covered,
Dialogue: 0,1:20:50.03,1:20:54.06,Default,,0000,0000,0000,,the committee worked on was swine flu and\Nas soon as big bird told everyone to cough
Dialogue: 0,1:20:54.06,1:20:58.08,Default,,0000,0000,0000,,into their elbows, you have a fast majority\Nof American's, you see people coughing
Dialogue: 0,1:20:58.08,1:21:00.00,Default,,0000,0000,0000,,or sneezing into their elbows now.
Dialogue: 0,1:21:00.00,1:21:04.06,Default,,0000,0000,0000,,We change behavior very quickly and I\Nthink there can be an education campaign
Dialogue: 0,1:21:04.06,1:21:11.04,Default,,0000,0000,0000,,that could change enough behavior to help stop\Nthe problem, but without some type of push,
Dialogue: 0,1:21:11.04,1:21:14.09,Default,,0000,0000,0000,,I think that we're all going to\Nkeep trying to do what we can,
Dialogue: 0,1:21:14.09,1:21:18.02,Default,,0000,0000,0000,,but the people who need to\Nmake the changes may not.
Dialogue: 0,1:21:18.02,1:21:20.01,Default,,0000,0000,0000,,>> Brian: Ram, thank you.
Dialogue: 0,1:21:20.01,1:21:25.08,Default,,0000,0000,0000,,>> Miguel: Thank you, so I'm a bit\Nof a skeptic on these push-measures.
Dialogue: 0,1:21:25.08,1:21:31.01,Default,,0000,0000,0000,,Folks do push-measures, governments do\Npush-measures all the time and decades go by
Dialogue: 0,1:21:31.01,1:21:35.04,Default,,0000,0000,0000,,and the basic problems don't get resolved.
Dialogue: 0,1:21:35.04,1:21:38.08,Default,,0000,0000,0000,,One thing that does seem to work is events.
Dialogue: 0,1:21:38.08,1:21:40.09,Default,,0000,0000,0000,,Events result in consequences.
Dialogue: 0,1:21:40.09,1:21:47.08,Default,,0000,0000,0000,,Michael Angelo, the virus got people to install\Nantivirus software, Y2K got people to focus
Dialogue: 0,1:21:47.08,1:21:53.08,Default,,0000,0000,0000,,on mitigation measures, 9/11\Ncaused a series of responses
Dialogue: 0,1:21:53.08,1:21:58.04,Default,,0000,0000,0000,,and the Georgian Cyber War\Ncaused another set of responses.
Dialogue: 0,1:21:58.04,1:22:04.06,Default,,0000,0000,0000,,We don't really have a global cyber event,\NI'm not asking for one, but I'm just saying
Dialogue: 0,1:22:04.06,1:22:09.07,Default,,0000,0000,0000,,that if you just look at human behavior and\Nyou want to affect human behavior and you want
Dialogue: 0,1:22:09.07,1:22:15.04,Default,,0000,0000,0000,,to get individuals, governments, civil\Nsociety, public sector, everybody together
Dialogue: 0,1:22:15.04,1:22:22.03,Default,,0000,0000,0000,,and the private sector together, you\Nneed to have something to unify around.
Dialogue: 0,1:22:22.03,1:22:30.03,Default,,0000,0000,0000,,The threat today doesn't feel real to me until\NI get attacked and if my friend got attacked,
Dialogue: 0,1:22:30.03,1:22:33.10,Default,,0000,0000,0000,,I kind of have some sympathy about\Nit but I kind of shrug my shoulders
Dialogue: 0,1:22:33.10,1:22:36.02,Default,,0000,0000,0000,,and say, "Ain't going to happen to me."
Dialogue: 0,1:22:36.02,1:22:43.06,Default,,0000,0000,0000,,And there is not the unifying\Nsense of impending doom.
Dialogue: 0,1:22:43.06,1:22:48.08,Default,,0000,0000,0000,,>> Danny: Can I just, I agree with everything\NRam said from the skepticism to the kind
Dialogue: 0,1:22:48.08,1:22:53.07,Default,,0000,0000,0000,,of work I was also trying to also do the\Nneed for an event and we would tell a lot
Dialogue: 0,1:22:53.07,1:22:58.00,Default,,0000,0000,0000,,of the skeptics who came in is, look you\Nhave Congress trying to act proactively.
Dialogue: 0,1:22:58.00,1:23:01.08,Default,,0000,0000,0000,,It may not fix everything now but when\Nsomething happens there will be better systems
Dialogue: 0,1:23:01.08,1:23:03.00,Default,,0000,0000,0000,,in place to respond to it.
Dialogue: 0,1:23:03.00,1:23:06.04,Default,,0000,0000,0000,,But more importantly, you want\Ngovernment to act proactively
Dialogue: 0,1:23:06.04,1:23:11.01,Default,,0000,0000,0000,,because when government acts reactively, it acts\Nstupidly and that's why there is a strong effort
Dialogue: 0,1:23:11.01,1:23:17.03,Default,,0000,0000,0000,,to get some type of performance-based,\Nnontechnology specific standards
Dialogue: 0,1:23:17.03,1:23:21.01,Default,,0000,0000,0000,,that are limited to really critical stuff in\Nplace, so hopefully some things will improve
Dialogue: 0,1:23:21.01,1:23:25.10,Default,,0000,0000,0000,,and if something happens, we have the framework\Nthat is not so regimented that the attempt
Dialogue: 0,1:23:25.10,1:23:28.00,Default,,0000,0000,0000,,to fix the problem actually enhances it.
Dialogue: 0,1:23:28.00,1:23:32.06,Default,,0000,0000,0000,,But I'm ultimately, because I'm a cynic\NI don't think we're going to do anything
Dialogue: 0,1:23:32.06,1:23:39.00,Default,,0000,0000,0000,,until we have something blowup and\Nthat's unfortunate to say the least.
Dialogue: 0,1:23:39.00,1:23:41.04,Default,,0000,0000,0000,,>> Brian: Danny, oh Damian thank you.
Dialogue: 0,1:23:41.04,1:23:47.06,Default,,0000,0000,0000,,>> Damian: Sure, yes I also sort of\Nagree with the cyber event being needed.
Dialogue: 0,1:23:47.06,1:23:56.01,Default,,0000,0000,0000,,Not needed but, [Laughter] if you look\Nat history, we've seen that there's
Dialogue: 0,1:23:56.01,1:24:00.04,Default,,0000,0000,0000,,like an email worm or virus that comes\Nout approximately once every 6 months
Dialogue: 0,1:24:00.04,1:24:04.05,Default,,0000,0000,0000,,because that's how long it takes people\Nto forget and start being stupid again.
Dialogue: 0,1:24:04.05,1:24:07.03,Default,,0000,0000,0000,,And you know click on everything they see but,
Dialogue: 0,1:24:07.03,1:24:09.05,Default,,0000,0000,0000,,you know once every 6 months\Neveryone gets infected,
Dialogue: 0,1:24:09.05,1:24:11.06,Default,,0000,0000,0000,,everyone is like oh yeah, I shouldn't do that.
Dialogue: 0,1:24:11.06,1:24:13.06,Default,,0000,0000,0000,,Fortunately no major damage has been caused.
Dialogue: 0,1:24:13.06,1:24:17.08,Default,,0000,0000,0000,,Nobody has ever actually-- there\Nhaven't been any large-scale cases
Dialogue: 0,1:24:17.08,1:24:19.03,Default,,0000,0000,0000,,where people have lost data.
Dialogue: 0,1:24:19.03,1:24:24.00,Default,,0000,0000,0000,,I see this as very similar\Nto how diseases spread.
Dialogue: 0,1:24:24.00,1:24:28.09,Default,,0000,0000,0000,,If you killed the person instantly,\Nlike if someone gets infected
Dialogue: 0,1:24:28.09,1:24:32.02,Default,,0000,0000,0000,,and you format their hard drive right\Naway, they don't have time to spread.
Dialogue: 0,1:24:32.02,1:24:36.07,Default,,0000,0000,0000,,They don't have time to pass it on to others\Nand so most of the malware that we've seen
Dialogue: 0,1:24:36.07,1:24:39.02,Default,,0000,0000,0000,,so far has been fairly benign\Nand that allows it to spread,
Dialogue: 0,1:24:39.02,1:24:41.09,Default,,0000,0000,0000,,but it also means it doesn't cause much damage.
Dialogue: 0,1:24:41.09,1:24:47.08,Default,,0000,0000,0000,,I also wanted to say, I think right\Nnow laws largely favor the attacker.
Dialogue: 0,1:24:47.08,1:24:54.02,Default,,0000,0000,0000,,There's a lot of constraints on information\Nsharing, all of the jurisdiction issues,
Dialogue: 0,1:24:54.02,1:24:59.00,Default,,0000,0000,0000,,and that also means that\Nthere's a very slow response.
Dialogue: 0,1:24:59.00,1:25:04.04,Default,,0000,0000,0000,,If somebody goes to law enforcement, law\Nenforcement might have to sit on it for weeks
Dialogue: 0,1:25:04.04,1:25:07.09,Default,,0000,0000,0000,,or months before they can actually\Ntake action against the attacker,
Dialogue: 0,1:25:07.09,1:25:09.06,Default,,0000,0000,0000,,if they can even get to the attacker.
Dialogue: 0,1:25:09.06,1:25:15.04,Default,,0000,0000,0000,,So, some things might need to change\Nin laws to allow the defenders
Dialogue: 0,1:25:15.04,1:25:19.03,Default,,0000,0000,0000,,to keep up with the pace of the attacks.
Dialogue: 0,1:25:19.03,1:25:23.00,Default,,0000,0000,0000,,And it's also important to note, you know\Nsometimes the attacker would actually know how
Dialogue: 0,1:25:23.00,1:25:28.00,Default,,0000,0000,0000,,to shut down the attack, it's just they're\Nnot legally able to and so there are a lot
Dialogue: 0,1:25:28.00,1:25:32.00,Default,,0000,0000,0000,,of inherent delays in the system.
Dialogue: 0,1:25:32.00,1:25:32.08,Default,,0000,0000,0000,,>> Brian: Thank you, Miguel.
Dialogue: 0,1:25:32.08,1:25:35.02,Default,,0000,0000,0000,,>> Miguel: Just adding to that,\Nit's worth noting that there's
Dialogue: 0,1:25:35.02,1:25:39.01,Default,,0000,0000,0000,,such a stigma associated\Nwith security incidence.
Dialogue: 0,1:25:39.01,1:25:43.07,Default,,0000,0000,0000,,Organizations are very unwilling to\Nadmit that something has happened.
Dialogue: 0,1:25:43.07,1:25:45.08,Default,,0000,0000,0000,,They don't want to admit so publically.
Dialogue: 0,1:25:45.08,1:25:52.05,Default,,0000,0000,0000,,They really, they don't want to collaborate\Nand to be effective, a lot of operators have
Dialogue: 0,1:25:52.05,1:25:55.01,Default,,0000,0000,0000,,to work, as I mentioned earlier, they\Nhave to work through back-channels,
Dialogue: 0,1:25:55.01,1:25:59.07,Default,,0000,0000,0000,,people they know where the person\Nthat you're potentially collaborating
Dialogue: 0,1:25:59.07,1:26:08.05,Default,,0000,0000,0000,,with would probably get slapped if other people\Nwere aware of this collaboration taking place.
Dialogue: 0,1:26:08.05,1:26:15.02,Default,,0000,0000,0000,,So, that needs to get formalized,\Npotentially more formal protocols
Dialogue: 0,1:26:15.02,1:26:17.03,Default,,0000,0000,0000,,for collaboration need to be developed.
Dialogue: 0,1:26:17.03,1:26:24.04,Default,,0000,0000,0000,,And from an international perspective,\Ngovernments need to do a better job at.
Dialogue: 0,1:26:24.04,1:26:28.03,Default,,0000,0000,0000,,They haven't caught up to the\Nfact that this is a big issue.
Dialogue: 0,1:26:28.03,1:26:35.01,Default,,0000,0000,0000,,So, some examples where we, as an\Noperator, we're seeing attacks happening
Dialogue: 0,1:26:35.01,1:26:41.08,Default,,0000,0000,0000,,on small government websites, Syria's\Nas an example, and you actually want
Dialogue: 0,1:26:41.08,1:26:45.09,Default,,0000,0000,0000,,to lend your resources and\Nexpertise to help these people,
Dialogue: 0,1:26:45.09,1:26:50.06,Default,,0000,0000,0000,,but because of their own\Nroadblocks, legislation,
Dialogue: 0,1:26:50.06,1:26:55.00,Default,,0000,0000,0000,,etcetera they actually can't receive the help
Dialogue: 0,1:26:55.00,1:26:57.04,Default,,0000,0000,0000,,that you are potentially\Nlooking at offering them.
Dialogue: 0,1:26:57.04,1:27:04.01,Default,,0000,0000,0000,,So we've been in situations where we've\Nseen protest attacks during elections,
Dialogue: 0,1:27:04.01,1:27:09.02,Default,,0000,0000,0000,,for example in smaller countries, and\Nwe are willing to help them but then,
Dialogue: 0,1:27:09.02,1:27:13.06,Default,,0000,0000,0000,,these governments have restrictions\Non where their data is etcetera while
Dialogue: 0,1:27:13.06,1:27:16.09,Default,,0000,0000,0000,,at the same time they don't\Nhave the infrastructure to deal
Dialogue: 0,1:27:16.09,1:27:21.06,Default,,0000,0000,0000,,with this problem themselves, but they're\Nhandcuffing themselves, so all of that has
Dialogue: 0,1:27:21.06,1:27:24.00,Default,,0000,0000,0000,,to change for us to be able\Nto be more effective.
Dialogue: 0,1:27:24.00,1:27:25.02,Default,,0000,0000,0000,,>> Brian: Danny?
Dialogue: 0,1:27:25.02,1:27:30.08,Default,,0000,0000,0000,,>> Danny: Yeah I think some of this sort\Nof the tragedy of the common sort of thing,
Dialogue: 0,1:27:30.08,1:27:32.06,Default,,0000,0000,0000,,the sheep on the commons I guess if you will.
Dialogue: 0,1:27:32.06,1:27:36.01,Default,,0000,0000,0000,,And what's the impact on\Nme or the investment on me?
Dialogue: 0,1:27:36.01,1:27:41.04,Default,,0000,0000,0000,,Actually the Internet Security Alliance did\Nsomething not long ago called a CFO's Guide
Dialogue: 0,1:27:41.04,1:27:45.06,Default,,0000,0000,0000,,to Cyber Risk and in that document they\Nintroduced the notion of a digital immigrant
Dialogue: 0,1:27:45.06,1:27:52.03,Default,,0000,0000,0000,,and they're talking about someone that didn't\Ngrow up digital native or wasn't prolific
Dialogue: 0,1:27:52.03,1:27:56.01,Default,,0000,0000,0000,,with electronic devices and the\Ninternet and the capabilities of those
Dialogue: 0,1:27:56.01,1:27:59.01,Default,,0000,0000,0000,,and they were discussing how in many places,
Dialogue: 0,1:27:59.01,1:28:02.03,Default,,0000,0000,0000,,they're the ones that control the purse\Nstrings or control the investments.
Dialogue: 0,1:28:02.03,1:28:06.01,Default,,0000,0000,0000,,Like people don't have problems investing in\Nfire suppression systems but if you ask about a,
Dialogue: 0,1:28:06.01,1:28:09.06,Default,,0000,0000,0000,,DDoS mitigation capability, well\Nnobody is going to invest in that
Dialogue: 0,1:28:09.06,1:28:14.02,Default,,0000,0000,0000,,until they've been attacked right, or\Nunless you're a very savvy organization
Dialogue: 0,1:28:14.02,1:28:16.02,Default,,0000,0000,0000,,or have a lot of the right folks that do that.
Dialogue: 0,1:28:16.02,1:28:21.05,Default,,0000,0000,0000,,And then people even question those investments\Nafter a long time of not being attacked.
Dialogue: 0,1:28:21.05,1:28:27.04,Default,,0000,0000,0000,,So I think definitely looking at what enables\Nyour business again or whatever size business,
Dialogue: 0,1:28:27.04,1:28:30.02,Default,,0000,0000,0000,,because it's all relative\Nright, I mean we've seen things
Dialogue: 0,1:28:30.02,1:28:34.00,Default,,0000,0000,0000,,from animal rights activists attacking zoos,
Dialogue: 0,1:28:34.00,1:28:42.02,Default,,0000,0000,0000,,to Jersy Joe's a local sports memorabilia\Nbeing attacked by a guy across the street
Dialogue: 0,1:28:42.02,1:28:44.03,Default,,0000,0000,0000,,for a gold watch and a pair of tennis shoes.
Dialogue: 0,1:28:44.03,1:28:46.07,Default,,0000,0000,0000,,And that's a decade old, right?
Dialogue: 0,1:28:46.07,1:28:49.09,Default,,0000,0000,0000,,And so, I think understanding what\Nthe impact of these things are
Dialogue: 0,1:28:49.09,1:28:51.06,Default,,0000,0000,0000,,in your business is extremely important.
Dialogue: 0,1:28:51.06,1:28:56.03,Default,,0000,0000,0000,,I think understanding the constraints\Ntoday as well, this is a global problem.
Dialogue: 0,1:28:56.03,1:29:02.07,Default,,0000,0000,0000,,The internet is loosely interconnected network\Nof networks and largely provides any kind
Dialogue: 0,1:29:02.07,1:29:04.02,Default,,0000,0000,0000,,of activity and that's a fantastic thing.
Dialogue: 0,1:29:04.02,1:29:08.05,Default,,0000,0000,0000,,You know the fact that you can launch\NDDoS attack might be considered a success
Dialogue: 0,1:29:08.05,1:29:12.10,Default,,0000,0000,0000,,of that substraight or that\Ninfrastructure, right I don't know.
Dialogue: 0,1:29:12.10,1:29:17.09,Default,,0000,0000,0000,,And so you certainly don't want\Nover-pivot either and compromise privacy,
Dialogue: 0,1:29:17.09,1:29:22.10,Default,,0000,0000,0000,,you're a regulator, put controls in place\Nthat might impact that global platform.
Dialogue: 0,1:29:22.10,1:29:28.05,Default,,0000,0000,0000,,That's something important as well, so\NI think that's why industry partnership,
Dialogue: 0,1:29:28.05,1:29:32.06,Default,,0000,0000,0000,,private sector with halook and things\Nlike information sharing and saying look,
Dialogue: 0,1:29:32.06,1:29:36.01,Default,,0000,0000,0000,,these things are impacting\Nreal people, real organizations
Dialogue: 0,1:29:36.01,1:29:40.09,Default,,0000,0000,0000,,and law enforcement government needs to go\Nafter that and accommodate those as appropriate.
Dialogue: 0,1:29:40.09,1:29:44.01,Default,,0000,0000,0000,,But at the same time, I think we do have\Nto be careful about over-pivoting as well.
Dialogue: 0,1:29:44.01,1:29:47.01,Default,,0000,0000,0000,,>> Brian: Thanks, Jillian.
Dialogue: 0,1:29:47.01,1:29:49.03,Default,,0000,0000,0000,,
Dialogue: 0,1:29:49.03,1:29:53.03,Default,,0000,0000,0000,,>> Jillian: Sure, you know I think I'll just\Ngive the civil society perspective what we can
Dialogue: 0,1:29:53.03,1:29:54.00,Default,,0000,0000,0000,,be doing better.
Dialogue: 0,1:29:54.00,1:29:59.04,Default,,0000,0000,0000,,For example, my organization has come under\Nseveral DDoS attacks at different points
Dialogue: 0,1:29:59.04,1:30:04.07,Default,,0000,0000,0000,,and we do have a big enough team in place\Nto try mitigate those pretty quickly
Dialogue: 0,1:30:04.07,1:30:06.01,Default,,0000,0000,0000,,and we've mostly been able\Nto do that successfully.
Dialogue: 0,1:30:06.01,1:30:11.08,Default,,0000,0000,0000,,But I think there's actually a pretty\Nstrong lack of information sharing
Dialogue: 0,1:30:11.08,1:30:15.08,Default,,0000,0000,0000,,across my type of NGO or NGOs in general.
Dialogue: 0,1:30:15.08,1:30:18.05,Default,,0000,0000,0000,,I'll give you an example of this, and\NI don't mean to pick on this group,
Dialogue: 0,1:30:18.05,1:30:21.01,Default,,0000,0000,0000,,but I think it's perfect\Nand quite public example.
Dialogue: 0,1:30:21.01,1:30:25.05,Default,,0000,0000,0000,,Avaz, which I'm sure you're familiar with, a\Nfew months back they came under DDoS attack
Dialogue: 0,1:30:25.05,1:30:29.07,Default,,0000,0000,0000,,and their first reaction was to send a message\Nout to their members asking for donations.
Dialogue: 0,1:30:29.07,1:30:33.07,Default,,0000,0000,0000,,But what they didn't do is they didn't\Nshare any of the details of the attack,
Dialogue: 0,1:30:33.07,1:30:35.07,Default,,0000,0000,0000,,not that they necessarily needed to publically
Dialogue: 0,1:30:35.07,1:30:38.06,Default,,0000,0000,0000,,but they actually straight-up\Nrefused to share the details.
Dialogue: 0,1:30:38.06,1:30:42.07,Default,,0000,0000,0000,,We have a group of technologists who had\Nbeen asking for that information and I think
Dialogue: 0,1:30:42.07,1:30:46.02,Default,,0000,0000,0000,,that sometimes that information is actually\Nquite helpful for organizations to share
Dialogue: 0,1:30:46.02,1:30:50.01,Default,,0000,0000,0000,,with each other so that we can\Nunderstand what type of attacks our allies
Dialogue: 0,1:30:50.01,1:30:55.05,Default,,0000,0000,0000,,and friends are coming under and therefore what\Ntypes of attacks we might be at greater risk of.
Dialogue: 0,1:30:55.05,1:30:59.10,Default,,0000,0000,0000,,And so I think that that's a really\Ngood example of how not to respond.
Dialogue: 0,1:30:59.10,1:31:07.02,Default,,0000,0000,0000,,In the end they still didn't want to share, and\Nwe said okay, fine but I think that just sort
Dialogue: 0,1:31:07.02,1:31:10.08,Default,,0000,0000,0000,,of going and asking for donations\Nand not kind of collaborating
Dialogue: 0,1:31:10.08,1:31:14.05,Default,,0000,0000,0000,,with other civil site organization is not\Na particularly helpful way of responding
Dialogue: 0,1:31:14.05,1:31:18.10,Default,,0000,0000,0000,,and we'd be much better off if\Nwe were clearer with each other.
Dialogue: 0,1:31:18.10,1:31:19.07,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,1:31:19.07,1:31:21.03,Default,,0000,0000,0000,,So thank you for that.
Dialogue: 0,1:31:21.03,1:31:23.02,Default,,0000,0000,0000,,I'm going to draw this part to a close.
Dialogue: 0,1:31:23.02,1:31:27.09,Default,,0000,0000,0000,,Some takeaways for me in the\Nlast round of questions is
Dialogue: 0,1:31:27.09,1:31:32.02,Default,,0000,0000,0000,,that clearly there are some structural\Nbarriers to the level of collaboration
Dialogue: 0,1:31:32.02,1:31:35.06,Default,,0000,0000,0000,,that everyone seems to believe is\Nimportant to addressing the problem,
Dialogue: 0,1:31:35.06,1:31:39.03,Default,,0000,0000,0000,,both at the government level,\Nand at the operator level.
Dialogue: 0,1:31:39.03,1:31:46.00,Default,,0000,0000,0000,,I guess the understanding at senior management\Nlevel that investments in the security aspect
Dialogue: 0,1:31:46.00,1:31:49.05,Default,,0000,0000,0000,,of their business are as critical\Nas any other to their business
Dialogue: 0,1:31:49.05,1:31:51.08,Default,,0000,0000,0000,,and have to be central to their planning.
Dialogue: 0,1:31:51.08,1:31:56.02,Default,,0000,0000,0000,,And at the government level, clearly\Nexisting legislative structures
Dialogue: 0,1:31:56.02,1:32:01.08,Default,,0000,0000,0000,,and collaborative barriers between governments\Nneed to be broken down if we can get
Dialogue: 0,1:32:01.08,1:32:04.05,Default,,0000,0000,0000,,to the place where we can be more aggressively
Dialogue: 0,1:32:04.05,1:32:06.10,Default,,0000,0000,0000,,and effectively collaborating\Nto address the problem.
Dialogue: 0,1:32:06.10,1:32:11.01,Default,,0000,0000,0000,,So, we all knew that we weren't going to solve\Nthis problem with today's panel and I want
Dialogue: 0,1:32:11.01,1:32:15.01,Default,,0000,0000,0000,,to thank you all for giving us a lot\Nto think about and those are some
Dialogue: 0,1:32:15.01,1:32:18.03,Default,,0000,0000,0000,,of the takeaways that I've gotten for myself.
Dialogue: 0,1:32:18.03,1:32:26.07,Default,,0000,0000,0000,,So now, let's take a breath and for the next 35\Nminutes or so, try to have a little bit of fun,
Dialogue: 0,1:32:26.07,1:32:30.06,Default,,0000,0000,0000,,make it a little bit more dynamic for the\Npanelists by running through a scenario
Dialogue: 0,1:32:30.06,1:32:34.04,Default,,0000,0000,0000,,and then we'll have 30 minutes at the end\Nwhere we want to hear Q&A again from folks
Dialogue: 0,1:32:34.04,1:32:36.06,Default,,0000,0000,0000,,in the room and from the folks online.
Dialogue: 0,1:32:36.06,1:32:41.01,Default,,0000,0000,0000,,So, shift your mindset now on\Nthe panel, we're going to walk
Dialogue: 0,1:32:41.01,1:32:44.07,Default,,0000,0000,0000,,through a scenario of a DDoS attack.
Dialogue: 0,1:32:44.07,1:32:49.10,Default,,0000,0000,0000,,What I'd like you to think about\Nis what your specific role would be
Dialogue: 0,1:32:49.10,1:32:55.09,Default,,0000,0000,0000,,within the scenario and how would you react?
Dialogue: 0,1:32:55.09,1:33:02.01,Default,,0000,0000,0000,,What would be the things that would be important\Nto you in addressing your part of the problem?
Dialogue: 0,1:33:02.01,1:33:04.06,Default,,0000,0000,0000,,There's a clear understanding\Nand appreciation for the fact
Dialogue: 0,1:33:04.06,1:33:10.04,Default,,0000,0000,0000,,that good security also means not divulging\Nall of your good effective practices.
Dialogue: 0,1:33:10.04,1:33:14.01,Default,,0000,0000,0000,,So I'm not asking you to say anything\Nthat you wouldn't want to say publically.
Dialogue: 0,1:33:14.01,1:33:15.07,Default,,0000,0000,0000,,Let's get that clear.
Dialogue: 0,1:33:15.07,1:33:20.05,Default,,0000,0000,0000,,But I want you to take this on as a\Nreal-time event and then in your proper role,
Dialogue: 0,1:33:20.05,1:33:24.10,Default,,0000,0000,0000,,tell the audience what's important to\Nyou, what do you need, and in a direction
Dialogue: 0,1:33:24.10,1:33:31.06,Default,,0000,0000,0000,,of how would you see or design a best\Npractices reaction to this scenario.
Dialogue: 0,1:33:31.06,1:33:34.00,Default,,0000,0000,0000,,So let's start this part of the program.
Dialogue: 0,1:33:34.00,1:33:39.01,Default,,0000,0000,0000,,So the scenario we've developed is as follows.
Dialogue: 0,1:33:39.01,1:33:45.09,Default,,0000,0000,0000,,The citizens of small country A,\Nlet's call it the Kingdom of Genovia,
Dialogue: 0,1:33:45.09,1:33:48.08,Default,,0000,0000,0000,,my 14-year-old daughter insisted that I do that.
Dialogue: 0,1:33:48.08,1:33:54.01,Default,,0000,0000,0000,,Kingdom of Genovia has been criticizing\Nan economic embargo put in place
Dialogue: 0,1:33:54.01,1:34:04.04,Default,,0000,0000,0000,,by a regional Hodgeman, let's call it Mordor,\Nagainst its neighbor, a small country Gilder.
Dialogue: 0,1:34:04.04,1:34:10.01,Default,,0000,0000,0000,,The citizens of Genovia who have a long\Nstanding alliance with Gilder are very upset
Dialogue: 0,1:34:10.01,1:34:12.08,Default,,0000,0000,0000,,about Mordor's embargo against Gilder.
Dialogue: 0,1:34:12.08,1:34:17.02,Default,,0000,0000,0000,,Condemnations include mass rallies as well
Dialogue: 0,1:34:17.02,1:34:22.02,Default,,0000,0000,0000,,as increasingly critical posts\Non blogs and social media sites.
Dialogue: 0,1:34:22.02,1:34:27.01,Default,,0000,0000,0000,,While the government of Genovia itself\Nshows no public support for the protestors,
Dialogue: 0,1:34:27.01,1:34:31.01,Default,,0000,0000,0000,,neither does it criticize them for\Nexercising their freedom of expression rights,
Dialogue: 0,1:34:31.01,1:34:35.00,Default,,0000,0000,0000,,fueling speculation that it\Nactually condones the protests
Dialogue: 0,1:34:35.00,1:34:38.10,Default,,0000,0000,0000,,and may even be behind some of them.
Dialogue: 0,1:34:38.10,1:34:43.02,Default,,0000,0000,0000,,Large-scale DDoS attacks begin against Genovia.
Dialogue: 0,1:34:43.02,1:34:46.09,Default,,0000,0000,0000,,They are aimed primarily at the social\Nmedia sites posting the criticisms
Dialogue: 0,1:34:46.09,1:34:50.07,Default,,0000,0000,0000,,but also at Genovia's financial sector.
Dialogue: 0,1:34:50.07,1:34:57.08,Default,,0000,0000,0000,,Researchers indicate that the attacks are coming\Nfrom botnets of comprised end-user machines.
Dialogue: 0,1:34:57.08,1:35:03.06,Default,,0000,0000,0000,,The financial attacks are perceived to\Nbe an attempt to weaken Genovia's economy
Dialogue: 0,1:35:03.06,1:35:08.01,Default,,0000,0000,0000,,because the core issue, after all is an embargo\Nand that the financial sector has showed itself
Dialogue: 0,1:35:08.01,1:35:14.07,Default,,0000,0000,0000,,to susceptible to other kinds of\Nsecurity incidence and breaches.
Dialogue: 0,1:35:14.07,1:35:19.05,Default,,0000,0000,0000,,Traces show the attacks originating\Nprimarily in Mordor.
Dialogue: 0,1:35:19.05,1:35:23.09,Default,,0000,0000,0000,,Some of which could be locations\Nunder government control.
Dialogue: 0,1:35:23.09,1:35:27.05,Default,,0000,0000,0000,,Some however, appear to come\Nfrom unrelated countries.
Dialogue: 0,1:35:27.05,1:35:31.00,Default,,0000,0000,0000,,Mordor predictably, denies any responsibility.
Dialogue: 0,1:35:31.00,1:35:37.00,Default,,0000,0000,0000,,With those facts, in your respective\Nroles and responsibilities,
Dialogue: 0,1:35:37.00,1:35:42.07,Default,,0000,0000,0000,,start off with what's important to you\Nin your given role and then we'll move
Dialogue: 0,1:35:42.07,1:35:44.04,Default,,0000,0000,0000,,on to what actions you might take.
Dialogue: 0,1:35:44.04,1:35:50.09,Default,,0000,0000,0000,,Jeff, do you want to tee it up?
Dialogue: 0,1:35:50.09,1:35:56.03,Default,,0000,0000,0000,,>> Jeff: I guess the first thing, you know I'm\Nbeing the least technical guy up here I think,
Dialogue: 0,1:35:56.03,1:36:03.10,Default,,0000,0000,0000,,you're going to want to really figure out, you\Nknow you talked about the attacks originating
Dialogue: 0,1:36:03.10,1:36:08.10,Default,,0000,0000,0000,,from Mordor, but does that mean\Nthe commanding control is there?
Dialogue: 0,1:36:08.10,1:36:11.00,Default,,0000,0000,0000,,Are the machines all over the place?
Dialogue: 0,1:36:11.00,1:36:18.02,Default,,0000,0000,0000,,If you're going to respond, you need to figure\Nout first what is your first goal in responding?
Dialogue: 0,1:36:18.02,1:36:21.04,Default,,0000,0000,0000,,Are you going to try to stabilize\Nyour systems or are you going to try
Dialogue: 0,1:36:21.04,1:36:26.02,Default,,0000,0000,0000,,to somehow get attribution\Nand then seek retribution?
Dialogue: 0,1:36:26.02,1:36:33.02,Default,,0000,0000,0000,,So, I guess my first council would be look at\Nwhat you have in place to respond and figure
Dialogue: 0,1:36:33.02,1:36:34.05,Default,,0000,0000,0000,,out what your ultimate goals are.
Dialogue: 0,1:36:34.05,1:36:37.09,Default,,0000,0000,0000,,You need to know what you're driving\Nat so you're not wasting resources,
Dialogue: 0,1:36:37.09,1:36:47.06,Default,,0000,0000,0000,,pursuing answers to questions that don't\Nhelp you achieve your ultimate goal.
Dialogue: 0,1:36:47.06,1:36:50.01,Default,,0000,0000,0000,,>> Brian: Thank you, Ram.
Dialogue: 0,1:36:50.01,1:36:51.08,Default,,0000,0000,0000,,>> Ram: Four things.
Dialogue: 0,1:36:51.08,1:36:55.09,Default,,0000,0000,0000,,One, get contact lists together\Nbecause you know people
Dialogue: 0,1:36:55.09,1:36:58.09,Default,,0000,0000,0000,,but there are other people involved\Nhere, so you've got to get that.
Dialogue: 0,1:36:58.09,1:37:01.09,Default,,0000,0000,0000,,That's in some ways the top thing.
Dialogue: 0,1:37:01.09,1:37:04.06,Default,,0000,0000,0000,,Second is to setup an analysis stream work.
Dialogue: 0,1:37:04.06,1:37:13.02,Default,,0000,0000,0000,,Once you identify the scope of the problem, then\Nyou need a framework in which to actually work
Dialogue: 0,1:37:13.02,1:37:16.09,Default,,0000,0000,0000,,as new data comes in and you need a structure.
Dialogue: 0,1:37:16.09,1:37:19.07,Default,,0000,0000,0000,,So create a structure for it.
Dialogue: 0,1:37:19.07,1:37:27.03,Default,,0000,0000,0000,,Third thing is to begin working with upstream\Nproviders, folks who are connecting you
Dialogue: 0,1:37:27.03,1:37:29.06,Default,,0000,0000,0000,,and connecting others to the internet.
Dialogue: 0,1:37:29.06,1:37:36.04,Default,,0000,0000,0000,,Start working with them because you need to\Nhave information sharing and also the ability
Dialogue: 0,1:37:36.04,1:37:42.09,Default,,0000,0000,0000,,to take mitigation measures, to\Ntake steps if and when you have to.
Dialogue: 0,1:37:42.09,1:37:51.01,Default,,0000,0000,0000,,And the fourth is to setup alerts based\Non pattern recognition or traffic analysis
Dialogue: 0,1:37:51.01,1:37:54.10,Default,,0000,0000,0000,,that your analytical team is already doing.
Dialogue: 0,1:37:54.10,1:37:58.02,Default,,0000,0000,0000,,Those are the first four things to do.
Dialogue: 0,1:37:58.02,1:38:01.02,Default,,0000,0000,0000,,>> Brian: Thank you, Damian.
Dialogue: 0,1:38:01.02,1:38:08.01,Default,,0000,0000,0000,,>> Damian: So the first thing I would ask about\Nthis would be what style of attack is this?
Dialogue: 0,1:38:08.01,1:38:13.00,Default,,0000,0000,0000,,Depending on some attacks can be\Nspoofed with the sources, some cannot.
Dialogue: 0,1:38:13.00,1:38:19.07,Default,,0000,0000,0000,,So if the sources are definitively like, you\Nknow they're definitively coming from Mordor
Dialogue: 0,1:38:19.07,1:38:25.00,Default,,0000,0000,0000,,or you know what these sources are, that\Ncan help a lot more than if it's an attack
Dialogue: 0,1:38:25.00,1:38:28.05,Default,,0000,0000,0000,,where you don't really know where\Nit's coming from, you just know--
Dialogue: 0,1:38:28.05,1:38:32.08,Default,,0000,0000,0000,,you don't know which machine\Nit's coming from in Mordor.
Dialogue: 0,1:38:32.08,1:38:36.00,Default,,0000,0000,0000,,You know that it's just coming from\Nthat country in general, maybe.
Dialogue: 0,1:38:36.00,1:38:40.00,Default,,0000,0000,0000,,And I think that's the key\Nthing to focus on here.
Dialogue: 0,1:38:40.00,1:38:44.06,Default,,0000,0000,0000,,I mean, I agree with what other's said,\Nbut I think it's important to start
Dialogue: 0,1:38:44.06,1:38:50.02,Default,,0000,0000,0000,,by understanding the details of the\Nattack, figuring out what you actually know
Dialogue: 0,1:38:50.02,1:38:54.05,Default,,0000,0000,0000,,and versus what you are assuming\Nor guessing about the attack.
Dialogue: 0,1:38:54.05,1:39:01.09,Default,,0000,0000,0000,,And then I would also start thinking about\Nwhat type of collateral damage is acceptable.
Dialogue: 0,1:39:01.09,1:39:08.07,Default,,0000,0000,0000,,If you really only care about financial services\Nin Genovia being accessible to people living
Dialogue: 0,1:39:08.07,1:39:15.05,Default,,0000,0000,0000,,in Genovia, they could at the boarder of their\Ncountry, just block all traffic from Mordor and
Dialogue: 0,1:39:15.05,1:39:19.04,Default,,0000,0000,0000,,yet people who happen to be on\Nvacation to Mordor might not be able
Dialogue: 0,1:39:19.04,1:39:22.00,Default,,0000,0000,0000,,to access their bank account,\Nand that would be pretty bad.
Dialogue: 0,1:39:22.00,1:39:28.00,Default,,0000,0000,0000,,But you could at least partition the\Nproblem and keep your own country up.
Dialogue: 0,1:39:28.00,1:39:31.04,Default,,0000,0000,0000,,>> Brian: Thanks for that point and just\Nto note, people on vacation in Mordor
Dialogue: 0,1:39:31.04,1:39:34.05,Default,,0000,0000,0000,,to my understanding, no one walks into Mordor.
Dialogue: 0,1:39:34.05,1:39:35.09,Default,,0000,0000,0000,,Miguel, please.
Dialogue: 0,1:39:35.09,1:39:40.05,Default,,0000,0000,0000,,>> Miguel: I might actually repeat some of\Nthe things that my colleagues here have said.
Dialogue: 0,1:39:40.05,1:39:45.04,Default,,0000,0000,0000,,From the perspective of an operator\Nthat focuses on mitigation and defense,
Dialogue: 0,1:39:45.04,1:39:50.02,Default,,0000,0000,0000,,I would probably start by\Nlooking at the affected entities.
Dialogue: 0,1:39:50.02,1:39:56.00,Default,,0000,0000,0000,,Get a good scope on what the\Ntargets are, what's being affected.
Dialogue: 0,1:39:56.00,1:39:59.05,Default,,0000,0000,0000,,Move to start looking at determining\Nwhat the attack vectors are
Dialogue: 0,1:39:59.05,1:40:01.06,Default,,0000,0000,0000,,that are being used for this particular attack.
Dialogue: 0,1:40:01.06,1:40:06.05,Default,,0000,0000,0000,,You can do this in a variety of ways\Nand then I'd probably start focusing
Dialogue: 0,1:40:06.05,1:40:12.03,Default,,0000,0000,0000,,on starting the mitigation techniques and\Nthe defense against these affected systems.
Dialogue: 0,1:40:12.03,1:40:20.00,Default,,0000,0000,0000,,As Damian said earlier, I'd look at prioritizing\Nand trying to determine or trying to gauge
Dialogue: 0,1:40:20.00,1:40:27.06,Default,,0000,0000,0000,,which affected resources are acceptable\Ncollateral damage which are priorities and need
Dialogue: 0,1:40:27.06,1:40:33.00,Default,,0000,0000,0000,,to be available and need to be in place.
Dialogue: 0,1:40:33.00,1:40:38.10,Default,,0000,0000,0000,,I'd be sharing information as much as possible\Nwith both, the public and private sector,
Dialogue: 0,1:40:38.10,1:40:42.08,Default,,0000,0000,0000,,the operators in question that manage\Nthe assets that are being attacked.
Dialogue: 0,1:40:42.08,1:40:46.00,Default,,0000,0000,0000,,So definitely start reaching out to people.
Dialogue: 0,1:40:46.00,1:40:49.07,Default,,0000,0000,0000,,Another thing that I would be doing\Nis heavily monitoring social media.
Dialogue: 0,1:40:49.07,1:40:59.01,Default,,0000,0000,0000,,Typically with an attack on Mordor, let's\Nsay and suspected political motivations
Dialogue: 0,1:40:59.01,1:41:02.00,Default,,0000,0000,0000,,for the attack, I would be looking at\NFacebook, I'd be looking at Twitter,
Dialogue: 0,1:41:02.00,1:41:04.08,Default,,0000,0000,0000,,I'd be looking at internet relay chat rooms.
Dialogue: 0,1:41:04.08,1:41:10.04,Default,,0000,0000,0000,,Anywhere where these attackers could potentially\Ncongregate to organize, I'd be monitoring that
Dialogue: 0,1:41:10.04,1:41:14.00,Default,,0000,0000,0000,,and I'd be trying to agleam\Nas much information as I can
Dialogue: 0,1:41:14.00,1:41:16.10,Default,,0000,0000,0000,,from that activity that is going on online.
Dialogue: 0,1:41:16.10,1:41:19.03,Default,,0000,0000,0000,,So those are some of the\Nthings that I'd be doing.
Dialogue: 0,1:41:19.03,1:41:21.01,Default,,0000,0000,0000,,>> Brian: Thank you, Danny.
Dialogue: 0,1:41:21.01,1:41:26.08,Default,,0000,0000,0000,,>> Danny: So yeah I guess there's both a luxury\Nin going last and not having much [inaudible],
Dialogue: 0,1:41:26.08,1:41:29.02,Default,,0000,0000,0000,,but there are a few things\NI could offer actually.
Dialogue: 0,1:41:29.02,1:41:31.06,Default,,0000,0000,0000,,I think these guys are all\Nspot-on with a lot of this.
Dialogue: 0,1:41:31.06,1:41:35.08,Default,,0000,0000,0000,,I think it certainly, whatever\Ndetection capabilities you have for this,
Dialogue: 0,1:41:35.08,1:41:40.07,Default,,0000,0000,0000,,whether it was a phone call, hopefully\Nnot, or an alert or some capability,
Dialogue: 0,1:41:40.07,1:41:43.10,Default,,0000,0000,0000,,engage your incident response\Ncapability which you should have now
Dialogue: 0,1:41:43.10,1:41:45.08,Default,,0000,0000,0000,,because you've been alerted to that.
Dialogue: 0,1:41:45.08,1:41:49.02,Default,,0000,0000,0000,,And the figure out what controls\Nfor that sort of attack factor,
Dialogue: 0,1:41:49.02,1:41:51.00,Default,,0000,0000,0000,,right, exactly as these guys have said.
Dialogue: 0,1:41:51.00,1:41:56.08,Default,,0000,0000,0000,,You certainly want to continue with continuous\Nmonitoring and make sure that other devices,
Dialogue: 0,1:41:56.08,1:42:02.02,Default,,0000,0000,0000,,other things aren't impacted in particular\Nwith sort of multi-vector attacks,
Dialogue: 0,1:42:02.02,1:42:05.09,Default,,0000,0000,0000,,especially such as this which we\Nhave seen empirically in the past.
Dialogue: 0,1:42:05.09,1:42:10.08,Default,,0000,0000,0000,,One of the things that you have to be really\Ncareful about and we've actually seen this
Dialogue: 0,1:42:10.08,1:42:15.02,Default,,0000,0000,0000,,in the past and learned from that, is Genovia\Nshould have learned from is that you've got
Dialogue: 0,1:42:15.02,1:42:19.00,Default,,0000,0000,0000,,to be really careful about what kind of\Ncontrols you put in place for attacks as well
Dialogue: 0,1:42:19.00,1:42:22.07,Default,,0000,0000,0000,,because you may say, I'm going to bring\Neverything back into my organization,
Dialogue: 0,1:42:22.07,1:42:25.06,Default,,0000,0000,0000,,under control and then I'll\Nturn my internet access back up
Dialogue: 0,1:42:25.06,1:42:27.07,Default,,0000,0000,0000,,or inside my nation, or whatever it is.
Dialogue: 0,1:42:27.07,1:42:31.08,Default,,0000,0000,0000,,And we've literally seen this at the\Nnational level and so you decide you're going
Dialogue: 0,1:42:31.08,1:42:35.03,Default,,0000,0000,0000,,to break all your connectivity and then you\Nrealize you don't have a root name server,
Dialogue: 0,1:42:35.03,1:42:37.09,Default,,0000,0000,0000,,or you realize your CCTLD is hosted in Mordor.
Dialogue: 0,1:42:37.09,1:42:42.05,Default,,0000,0000,0000,,Or you realize that your emails over\Nthere, your authentication service,
Dialogue: 0,1:42:42.05,1:42:47.05,Default,,0000,0000,0000,,your CA that issues your searcher there\Nor, some other resource that you need.
Dialogue: 0,1:42:47.05,1:42:49.05,Default,,0000,0000,0000,,So you really need to numerate those things
Dialogue: 0,1:42:49.05,1:42:53.08,Default,,0000,0000,0000,,and understand what enables your\Nbusiness before these attacks occur.
Dialogue: 0,1:42:53.08,1:42:59.06,Default,,0000,0000,0000,,I think I use this statement in the past\Nbut kind of goes back to Mike Tyson's,
Dialogue: 0,1:42:59.06,1:43:03.10,Default,,0000,0000,0000,,"Everyone's got a plan until they\Nget hit," sort of mentality, right.
Dialogue: 0,1:43:03.10,1:43:07.09,Default,,0000,0000,0000,,And so I think that if you haven't done\Nthis and you're on the receiving end
Dialogue: 0,1:43:07.09,1:43:14.04,Default,,0000,0000,0000,,of a large-scale attack, it could be really\Nproblematic so certainly absorbing an attack
Dialogue: 0,1:43:14.04,1:43:18.09,Default,,0000,0000,0000,,and then refining your controls and mitigating\Nas surgically as possible and then trying
Dialogue: 0,1:43:18.09,1:43:22.03,Default,,0000,0000,0000,,to move those controls further and further\Nupstream and then collaborate as much
Dialogue: 0,1:43:22.03,1:43:25.10,Default,,0000,0000,0000,,as possible is pretty much what you can do today
Dialogue: 0,1:43:25.10,1:43:30.02,Default,,0000,0000,0000,,and then protect any forensics information\Nassociated with that for whatever it is
Dialogue: 0,1:43:30.02,1:43:32.10,Default,,0000,0000,0000,,that you might intend to\Ndo with that information.
Dialogue: 0,1:43:32.10,1:43:34.02,Default,,0000,0000,0000,,>> Brian: Thank you, Jillian.
Dialogue: 0,1:43:34.02,1:43:36.10,Default,,0000,0000,0000,,>> Jillian: There is almost\Nnothing left for me to add here.
Dialogue: 0,1:43:36.10,1:43:39.03,Default,,0000,0000,0000,,It is the great thing about going last.
Dialogue: 0,1:43:39.03,1:43:44.04,Default,,0000,0000,0000,,But since you did ask what my organization\Nmight do, I suspect that after the leaks
Dialogue: 0,1:43:44.04,1:43:47.05,Default,,0000,0000,0000,,to the Mordor times come out that Mordor\Ngovernment officials had something to do
Dialogue: 0,1:43:47.05,1:43:50.02,Default,,0000,0000,0000,,with the attacks, we would probably\Ncondemn the government of Mordor
Dialogue: 0,1:43:50.02,1:43:55.09,Default,,0000,0000,0000,,for having double standards-- no\NI'm just kidding, sort of, but yeah,
Dialogue: 0,1:43:55.09,1:44:00.01,Default,,0000,0000,0000,,nothing that I can add from\Na technical perspective.
Dialogue: 0,1:44:00.01,1:44:04.01,Default,,0000,0000,0000,,>> Brian: Okay, well from-- you know what I'm\Ngoing to reverse order here, so you'll go first
Dialogue: 0,1:44:04.01,1:44:08.03,Default,,0000,0000,0000,,and Jeff you're going to have to\Ndeal with Danny's problem next.
Dialogue: 0,1:44:08.03,1:44:14.04,Default,,0000,0000,0000,,So this is good and very helpful in terms of\Nthe first priorities, the first analytical
Dialogue: 0,1:44:14.04,1:44:19.00,Default,,0000,0000,0000,,and reaction priorities from your\Nperspectives very clear and interesting--
Dialogue: 0,1:44:19.00,1:44:22.01,Default,,0000,0000,0000,,not interesting but a lot of\Nconsistency across the board there.
Dialogue: 0,1:44:22.01,1:44:29.03,Default,,0000,0000,0000,,Now let's take it from the point of view\Nof, if this were an ideal scenario in terms
Dialogue: 0,1:44:29.03,1:44:35.06,Default,,0000,0000,0000,,of effective mitigation techniques, effective\Ncollaboration with network operators,
Dialogue: 0,1:44:35.06,1:44:39.06,Default,,0000,0000,0000,,effective collaboration with\Ngovernment law enforcement resources.
Dialogue: 0,1:44:39.06,1:44:46.01,Default,,0000,0000,0000,,Walk us through how you would get to that good\Noutcome from that perspective and Jillian,
Dialogue: 0,1:44:46.01,1:44:48.08,Default,,0000,0000,0000,,from your own point of view, kick it off.
Dialogue: 0,1:44:48.08,1:44:50.01,Default,,0000,0000,0000,,>> Jillian: I'm not sure\NI can kick that one off.
Dialogue: 0,1:44:50.01,1:44:56.00,Default,,0000,0000,0000,,Like I said, this is a wonderful\Nand probably very likely scenario
Dialogue: 0,1:44:56.00,1:45:00.01,Default,,0000,0000,0000,,but it's also it's not the level at which\Nwe're generally dealing with these things
Dialogue: 0,1:45:00.01,1:45:03.04,Default,,0000,0000,0000,,and so I'd actually love it if\Nsomebody else wants to kick it off
Dialogue: 0,1:45:03.04,1:45:04.05,Default,,0000,0000,0000,,and I'll keep thinking through that.
Dialogue: 0,1:45:04.05,1:45:07.00,Default,,0000,0000,0000,,>> Brian: All right, Danny, you're first up.
Dialogue: 0,1:45:07.00,1:45:10.07,Default,,0000,0000,0000,,>> Danny: Wow, an ideal scenario\Nis that it's not my problem anymore
Dialogue: 0,1:45:10.07,1:45:16.02,Default,,0000,0000,0000,,and so having the capability to either certainly\Nstop these things from being launched at me
Dialogue: 0,1:45:16.02,1:45:19.07,Default,,0000,0000,0000,,with some sort of capability or\Ncollaboration with law enforcement,
Dialogue: 0,1:45:19.07,1:45:24.03,Default,,0000,0000,0000,,other folks which in this case\Nmight be very problematic so,
Dialogue: 0,1:45:24.03,1:45:28.02,Default,,0000,0000,0000,,at the sort of ultimate ingress point of\Nyour network, putting controls in place
Dialogue: 0,1:45:28.02,1:45:34.00,Default,,0000,0000,0000,,that minimize collateral damage or even scope\Nthe distribution of reachability information
Dialogue: 0,1:45:34.00,1:45:36.08,Default,,0000,0000,0000,,in a certain place on the\Ninfrastructure, that sort of thing
Dialogue: 0,1:45:36.08,1:45:39.01,Default,,0000,0000,0000,,so that you have some sustainable\Ncontrols in place
Dialogue: 0,1:45:39.01,1:45:46.04,Default,,0000,0000,0000,,and you're not continuously simply filling links\Nand absorbing that and causing collateral damage
Dialogue: 0,1:45:46.04,1:45:48.10,Default,,0000,0000,0000,,to other services or people\Nthat may use those links.
Dialogue: 0,1:45:48.10,1:45:55.07,Default,,0000,0000,0000,,It's really problematic if there inter-media\Nnetworks with other eyeballs or content
Dialogue: 0,1:45:55.07,1:45:58.02,Default,,0000,0000,0000,,or other things that you may or\Nmay not want on your infrastructure
Dialogue: 0,1:45:58.02,1:46:01.08,Default,,0000,0000,0000,,and so if it's an adjacent\Nnetwork, it's a lot simpler, right,
Dialogue: 0,1:46:01.08,1:46:06.04,Default,,0000,0000,0000,,it simply if you've done your homework\Nbefore and then simply shut those links off
Dialogue: 0,1:46:06.04,1:46:12.07,Default,,0000,0000,0000,,and you may be fine, but if I'm a\Nsmaller network and this is someone,
Dialogue: 0,1:46:12.07,1:46:18.05,Default,,0000,0000,0000,,somewhere that's nonadjacent to me, it could be\Nmuch more problematic because I may have to work
Dialogue: 0,1:46:18.05,1:46:22.08,Default,,0000,0000,0000,,with them to push controls further and further\Nupstream and that's about their capabilities,
Dialogue: 0,1:46:22.08,1:46:26.05,Default,,0000,0000,0000,,the lulls, what sort of technical\Nor legal framework
Dialogue: 0,1:46:26.05,1:46:29.00,Default,,0000,0000,0000,,that they operate under,\Ntime scales and other things.
Dialogue: 0,1:46:29.00,1:46:38.04,Default,,0000,0000,0000,,And so, it's sort of all relative to perspective\Nand why the broad variance of attack factors
Dialogue: 0,1:46:38.04,1:46:42.03,Default,,0000,0000,0000,,that occur today, why it's so problematic\Nto just get your cookie cutter out
Dialogue: 0,1:46:42.03,1:46:46.08,Default,,0000,0000,0000,,and say this is a solution for that\Nand so, it's nontrivial I think,
Dialogue: 0,1:46:46.08,1:46:49.10,Default,,0000,0000,0000,,so it entirely depends on\Nvectors and other things.
Dialogue: 0,1:46:49.10,1:46:52.09,Default,,0000,0000,0000,,I'm not sure if I said anything\Nthat was actually useful, but--
Dialogue: 0,1:46:52.09,1:46:54.10,Default,,0000,0000,0000,,>> Brian: That's fine, Miguel please.
Dialogue: 0,1:46:54.10,1:46:59.00,Default,,0000,0000,0000,,>> Miguel: In an ideal scenario\Nwhere information is being shared,
Dialogue: 0,1:46:59.00,1:47:05.04,Default,,0000,0000,0000,,where we've quickly been able to determine what\Nthe attack vector is, we are looking at ensuring
Dialogue: 0,1:47:05.04,1:47:08.04,Default,,0000,0000,0000,,that we can put really precise filters in place
Dialogue: 0,1:47:08.04,1:47:12.08,Default,,0000,0000,0000,,to lob off attack traffic while\Nletting good traffic through.
Dialogue: 0,1:47:12.08,1:47:15.00,Default,,0000,0000,0000,,It's easier said than done a lot of the time.
Dialogue: 0,1:47:15.00,1:47:19.02,Default,,0000,0000,0000,,As I said, it's in an ideal\Nsituation we understand the attack,
Dialogue: 0,1:47:19.02,1:47:25.02,Default,,0000,0000,0000,,and we can put the right mitigation\Nstrategies in place to deal with it.
Dialogue: 0,1:47:25.02,1:47:31.08,Default,,0000,0000,0000,,So in that ideal situation, most likely\Nwe should be able to get to availability
Dialogue: 0,1:47:31.08,1:47:34.07,Default,,0000,0000,0000,,within minutes if people\Nare cooperating correctly
Dialogue: 0,1:47:34.07,1:47:37.01,Default,,0000,0000,0000,,and we have the information that we need.
Dialogue: 0,1:47:37.01,1:47:41.05,Default,,0000,0000,0000,,The problem is that we don't\Nlive in an ideal world
Dialogue: 0,1:47:41.05,1:47:45.10,Default,,0000,0000,0000,,and beyond that, attackers are smart, right?
Dialogue: 0,1:47:45.10,1:47:54.01,Default,,0000,0000,0000,,So they try one thing and then you\Nscramble and get the sites available again
Dialogue: 0,1:47:54.01,1:47:58.00,Default,,0000,0000,0000,,and put the right mitigation strategy in place,
Dialogue: 0,1:47:58.00,1:48:01.02,Default,,0000,0000,0000,,but then potentially they might\Nstart trying something else.
Dialogue: 0,1:48:01.02,1:48:05.07,Default,,0000,0000,0000,,You know if that's not being effected, they'll\Ngo route B and then potentially will go right
Dialogue: 0,1:48:05.07,1:48:14.04,Default,,0000,0000,0000,,to route C, so it's a cat and mouse game and\Nit's far from ideal and it's starting over again
Dialogue: 0,1:48:14.04,1:48:18.05,Default,,0000,0000,0000,,in some sense in terms of putting together\Nanother mitigation strategy to deal
Dialogue: 0,1:48:18.05,1:48:23.02,Default,,0000,0000,0000,,with the new attack vector or signature\Nthat comes in and unfortunately,
Dialogue: 0,1:48:23.02,1:48:29.07,Default,,0000,0000,0000,,the ideal scenarios never happen and\Nattackers have gotten smart and they know how
Dialogue: 0,1:48:29.07,1:48:34.00,Default,,0000,0000,0000,,to [inaudible] it up and do the damage,\Nand put the damage that they need
Dialogue: 0,1:48:34.00,1:48:36.00,Default,,0000,0000,0000,,to for the people that are unprepared.
Dialogue: 0,1:48:36.00,1:48:38.00,Default,,0000,0000,0000,,>> Brian: Thank you, Damian just let\Nme interject before you go there.
Dialogue: 0,1:48:38.00,1:48:44.10,Default,,0000,0000,0000,,So hearing Danny and Miguel,\Nclearly understanding that again,
Dialogue: 0,1:48:44.10,1:48:49.08,Default,,0000,0000,0000,,the problem of the upstream operator and\Nwhat their sophistication capabilities are
Dialogue: 0,1:48:49.08,1:48:55.05,Default,,0000,0000,0000,,in helping you diagnose the problem across\Nnetworks, if you will you pointed out.
Dialogue: 0,1:48:55.05,1:48:58.04,Default,,0000,0000,0000,,And also the clear understanding\Nof needing to kind
Dialogue: 0,1:48:58.04,1:49:02.01,Default,,0000,0000,0000,,of secure your resources and\Nprevent collateral damage.
Dialogue: 0,1:49:02.01,1:49:09.04,Default,,0000,0000,0000,,But Damian, Ram, Jeff, bring in also how do\Nwe work effectively with law enforcement?
Dialogue: 0,1:49:09.04,1:49:13.10,Default,,0000,0000,0000,,What can they do to help, what can\Nyou do together and the good scenario
Dialogue: 0,1:49:13.10,1:49:19.07,Default,,0000,0000,0000,,when it works well with the upstream\Nprovider, what does that look like?
Dialogue: 0,1:49:19.07,1:49:23.09,Default,,0000,0000,0000,,>> Damian: Yes I'll start by saying\Nwithout bringing in law enforcement,
Dialogue: 0,1:49:23.09,1:49:28.02,Default,,0000,0000,0000,,ideally you would be able to work directly with\Nthe network operator, they do want to track it
Dialogue: 0,1:49:28.02,1:49:32.05,Default,,0000,0000,0000,,through their network and\Nstop the attack upstream.
Dialogue: 0,1:49:32.05,1:49:39.03,Default,,0000,0000,0000,,There are situations as Miguel was\Nsaying; sometimes it's a little tricky.
Dialogue: 0,1:49:39.03,1:49:45.07,Default,,0000,0000,0000,,In this case we don't know if the\Ngovernment of Mordor is behind these attacks.
Dialogue: 0,1:49:45.07,1:49:50.07,Default,,0000,0000,0000,,So, it's sticking with the scenario\Nit's never going to be entirely idea
Dialogue: 0,1:49:50.07,1:49:56.00,Default,,0000,0000,0000,,because you don't necessarily want to tell\Nthe ISP in Mordor what your fingerprint
Dialogue: 0,1:49:56.00,1:50:01.04,Default,,0000,0000,0000,,of the attack is which maybe would help them\Nfilter it because they might just turn around
Dialogue: 0,1:50:01.04,1:50:04.06,Default,,0000,0000,0000,,and tell the government, the government\Nwill modify the attack to not match
Dialogue: 0,1:50:04.06,1:50:07.04,Default,,0000,0000,0000,,that fingerprint anymore and then you're\Nin bigger trouble than you were before.
Dialogue: 0,1:50:07.04,1:50:15.02,Default,,0000,0000,0000,,So, depending on how paranoid you want\Nto be, I'm a security person so I'm paid
Dialogue: 0,1:50:15.02,1:50:21.05,Default,,0000,0000,0000,,to be paranoid but, you have to be a little\Ncautious about what information you're sharing.
Dialogue: 0,1:50:21.05,1:50:26.04,Default,,0000,0000,0000,,Try to share information that's\Nuseful for stopping the attack but,
Dialogue: 0,1:50:26.04,1:50:30.01,Default,,0000,0000,0000,,not sharing everything you know about\Nthe attack so you can still trace it.
Dialogue: 0,1:50:30.01,1:50:38.02,Default,,0000,0000,0000,,In terms of law enforcement since we're\Nin the U.S., U.S. CERT is a good resource.
Dialogue: 0,1:50:38.02,1:50:41.05,Default,,0000,0000,0000,,They have contacts at CERTs.
Dialogue: 0,1:50:41.05,1:50:44.03,Default,,0000,0000,0000,,CERT is Computer Emergency Response Team.
Dialogue: 0,1:50:44.03,1:50:48.09,Default,,0000,0000,0000,,They have contacts at CERTs at every\Nother country and so that's very helpful
Dialogue: 0,1:50:48.09,1:50:51.03,Default,,0000,0000,0000,,because they're sort of a central point.
Dialogue: 0,1:50:51.03,1:50:56.02,Default,,0000,0000,0000,,They might be able to recognize that\Nyou're not the only victim of an attack,
Dialogue: 0,1:50:56.02,1:51:01.09,Default,,0000,0000,0000,,so they might be able to correlate events\Nthat you perhaps were not aware of.
Dialogue: 0,1:51:01.09,1:51:04.01,Default,,0000,0000,0000,,And they can also assist with language issues.
Dialogue: 0,1:51:04.01,1:51:09.09,Default,,0000,0000,0000,,You know it's very difficult for me\Npersonally to email an ISP in Asia
Dialogue: 0,1:51:09.09,1:51:15.01,Default,,0000,0000,0000,,because I don't speak any of the Asian languages\Nwhereas U.S. CERT probably has the ability
Dialogue: 0,1:51:15.01,1:51:19.07,Default,,0000,0000,0000,,to handle that translation a little bit better
Dialogue: 0,1:51:19.07,1:51:23.10,Default,,0000,0000,0000,,than Google Translate which\Nis my fallback option.
Dialogue: 0,1:51:23.10,1:51:24.01,Default,,0000,0000,0000,,[Laughter]
Dialogue: 0,1:51:24.01,1:51:26.09,Default,,0000,0000,0000,,>> Brian: Thank you, Ram.
Dialogue: 0,1:51:26.09,1:51:34.07,Default,,0000,0000,0000,,>> Ram: Thanks, so in this ideal scenario\Nperhaps one of the things that have to be worked
Dialogue: 0,1:51:34.07,1:51:38.02,Default,,0000,0000,0000,,on is the formation of an\Nalliance for data sharing.
Dialogue: 0,1:51:38.02,1:51:43.08,Default,,0000,0000,0000,,Especially identifying who the next\NGenovia might be and you go work
Dialogue: 0,1:51:43.08,1:51:49.09,Default,,0000,0000,0000,,out who those next Genovia's might be and\Nthis kind of an alliance cannot be government
Dialogue: 0,1:51:49.09,1:51:56.09,Default,,0000,0000,0000,,to governments, it's got to be public, private,\Na combination of that and that takes time to do
Dialogue: 0,1:51:56.09,1:51:59.00,Default,,0000,0000,0000,,but this is the time to start\Ndoing it [inaudible].
Dialogue: 0,1:51:59.00,1:52:04.07,Default,,0000,0000,0000,,The second, you know we're talking about this\Nideal scenario and there is rapid availability.
Dialogue: 0,1:52:04.07,1:52:08.08,Default,,0000,0000,0000,,The attack happened, mitigation\Nhappened, everything came back
Dialogue: 0,1:52:08.08,1:52:14.09,Default,,0000,0000,0000,,but remember this might simply Mordor\Nprofiling you for a bigger attack to come
Dialogue: 0,1:52:14.09,1:52:20.06,Default,,0000,0000,0000,,and they've now learned how you countered it\Nand their building counter-measures right now
Dialogue: 0,1:52:20.06,1:52:23.05,Default,,0000,0000,0000,,for your counters and that's likely to happen
Dialogue: 0,1:52:23.05,1:52:27.07,Default,,0000,0000,0000,,if this is really a serious\Nact coming up against you.
Dialogue: 0,1:52:27.07,1:52:33.00,Default,,0000,0000,0000,,So, you may leave everything\Non the floor at this time
Dialogue: 0,1:52:33.00,1:52:37.04,Default,,0000,0000,0000,,and you may just get killed\Nreally online the next time.
Dialogue: 0,1:52:37.04,1:52:46.03,Default,,0000,0000,0000,,On the third is law enforcement, this is a case\Nwhere most often this is a source less crime,
Dialogue: 0,1:52:46.03,1:52:51.03,Default,,0000,0000,0000,,there is no one to prosecute, there's no\None to really go after for the most part.
Dialogue: 0,1:52:51.03,1:52:58.05,Default,,0000,0000,0000,,Most of the people along the way are in\Ntransit and are trying to help to some extent.
Dialogue: 0,1:52:58.05,1:53:02.07,Default,,0000,0000,0000,,They're just doing their job passing\Npackets along, passing information along
Dialogue: 0,1:53:02.07,1:53:09.08,Default,,0000,0000,0000,,and they got coopted into something that\Nwas initially beyond their understanding
Dialogue: 0,1:53:09.08,1:53:13.05,Default,,0000,0000,0000,,and eventually beyond their\Nability to solve individually.
Dialogue: 0,1:53:13.05,1:53:19.03,Default,,0000,0000,0000,,So you have to start to change a little bit of\Nlaw enforcement's mindset of who are we going
Dialogue: 0,1:53:19.03,1:53:25.09,Default,,0000,0000,0000,,after because this is not so much about\Na counter attack, this is often much more
Dialogue: 0,1:53:25.09,1:53:33.01,Default,,0000,0000,0000,,about prevention and you have to start\Nthinking about the online equivalence
Dialogue: 0,1:53:33.01,1:53:42.07,Default,,0000,0000,0000,,of a neighborhood watch and one doesn't\Nreally exist in any coordinated way today.
Dialogue: 0,1:53:42.07,1:53:43.03,Default,,0000,0000,0000,,>> Brian: Thanks, Jeff.
Dialogue: 0,1:53:43.03,1:53:46.01,Default,,0000,0000,0000,,>> Jeff: I definitely like going last.
Dialogue: 0,1:53:46.01,1:53:50.05,Default,,0000,0000,0000,,I have more time to think about what I'm going\Nto say and I bounced around with a few ideas
Dialogue: 0,1:53:50.05,1:53:52.07,Default,,0000,0000,0000,,but you know they say don't fight the scenario
Dialogue: 0,1:53:52.07,1:53:54.07,Default,,0000,0000,0000,,but I was always the kid\Nwho fought the scenario.
Dialogue: 0,1:53:54.07,1:53:58.07,Default,,0000,0000,0000,,So I guess I would start kind of where\NDamian went, if you're an ideal scenario
Dialogue: 0,1:53:58.07,1:54:06.04,Default,,0000,0000,0000,,that means Mordor is helping and helping\Nyou willingly and with no ill intent
Dialogue: 0,1:54:06.04,1:54:09.02,Default,,0000,0000,0000,,in actually wanting to stop their\Nown citizens who [inaudible]
Dialogue: 0,1:54:09.02,1:54:11.04,Default,,0000,0000,0000,,and probably something they believe in.
Dialogue: 0,1:54:11.04,1:54:16.02,Default,,0000,0000,0000,,Which leads me to point two, I think Ram hit\Nwell, if everything is really going that well,
Dialogue: 0,1:54:16.02,1:54:20.08,Default,,0000,0000,0000,,that's when you should really start being\Nscared because things never go that well.
Dialogue: 0,1:54:20.08,1:54:23.06,Default,,0000,0000,0000,,So question everything that worked\Nand try to figure out why it worked
Dialogue: 0,1:54:23.06,1:54:27.00,Default,,0000,0000,0000,,and is someone just letting you think it worked?
Dialogue: 0,1:54:27.00,1:54:33.05,Default,,0000,0000,0000,,In terms of what does it look like to be\Nsuccessful on the legal and governmental side,
Dialogue: 0,1:54:33.05,1:54:36.03,Default,,0000,0000,0000,,there are a lot of things you need to work.
Dialogue: 0,1:54:36.03,1:54:39.07,Default,,0000,0000,0000,,Governments that are willing to share\Ninformation, that have relationships,
Dialogue: 0,1:54:39.07,1:54:42.10,Default,,0000,0000,0000,,that trust each other, but then\Neven beyond that you need laws
Dialogue: 0,1:54:42.10,1:54:47.00,Default,,0000,0000,0000,,that will allow the information sharing both\Nbetween the private sector and the government
Dialogue: 0,1:54:47.00,1:54:49.07,Default,,0000,0000,0000,,within each country and then\Nbetween the various governments.
Dialogue: 0,1:54:49.07,1:54:52.02,Default,,0000,0000,0000,,But then you also need laws\Nthat protect the privacy
Dialogue: 0,1:54:52.02,1:54:56.08,Default,,0000,0000,0000,,of the individuals whose information is\Nbeing shared and assuming you have all that
Dialogue: 0,1:54:56.08,1:55:00.08,Default,,0000,0000,0000,,and you get the information that allows\Nyou to find the actual source of the crime
Dialogue: 0,1:55:00.08,1:55:05.04,Default,,0000,0000,0000,,which as Ram said is very difficult, you\Nactually have both resources and laws
Dialogue: 0,1:55:05.04,1:55:11.08,Default,,0000,0000,0000,,that allow prosecution and not in medieval ways\Nof people who are doing these types of acts.
Dialogue: 0,1:55:11.08,1:55:18.02,Default,,0000,0000,0000,,So going back to, you really need\Nto figure out what your end-goal is
Dialogue: 0,1:55:18.02,1:55:22.06,Default,,0000,0000,0000,,out of this before you figure\Nout, it would be great
Dialogue: 0,1:55:22.06,1:55:24.03,Default,,0000,0000,0000,,if you'd actually prosecute the people doing it.
Dialogue: 0,1:55:24.03,1:55:27.05,Default,,0000,0000,0000,,It would be better if you could get\Nall your systems back up really quickly
Dialogue: 0,1:55:27.05,1:55:32.00,Default,,0000,0000,0000,,and try to develop better relationships\Nto prevent them in the future.
Dialogue: 0,1:55:32.00,1:55:33.06,Default,,0000,0000,0000,,>> Brian: So Jeff, just picking\Nup at that point,
Dialogue: 0,1:55:33.06,1:55:38.00,Default,,0000,0000,0000,,this will be the last round then we'll\Nturn it over to Q&A for the audience
Dialogue: 0,1:55:38.00,1:55:41.01,Default,,0000,0000,0000,,and Ram mentioned the notion of an alliance.
Dialogue: 0,1:55:41.01,1:55:45.01,Default,,0000,0000,0000,,Danny the scizrick work that\Nmentioned at the FCC.
Dialogue: 0,1:55:45.01,1:55:52.03,Default,,0000,0000,0000,,Very interesting industry, government but\Nclearly, just uniquely ISP focused in terms
Dialogue: 0,1:55:52.03,1:55:58.00,Default,,0000,0000,0000,,of best practices or a potential code\Nof conduct if you will in that exercise.
Dialogue: 0,1:55:58.00,1:56:04.09,Default,,0000,0000,0000,,Where is this collaboration happening today or\Nthe seeds of this collaboration between industry
Dialogue: 0,1:56:04.09,1:56:10.02,Default,,0000,0000,0000,,and government specifically that\Nclearly has to be globally oriented.
Dialogue: 0,1:56:10.02,1:56:13.06,Default,,0000,0000,0000,,That has to be cross-cutting across boundaries.
Dialogue: 0,1:56:13.06,1:56:16.04,Default,,0000,0000,0000,,Where is that happening, where should it begin
Dialogue: 0,1:56:16.04,1:56:19.10,Default,,0000,0000,0000,,to happen more deeply and\Nhow can we make that happen?
Dialogue: 0,1:56:19.10,1:56:21.01,Default,,0000,0000,0000,,I'll open to the entire panel.
Dialogue: 0,1:56:21.01,1:56:23.00,Default,,0000,0000,0000,,Danny.
Dialogue: 0,1:56:23.00,1:56:32.02,Default,,0000,0000,0000,,>> Danny: So yeah there are a lot of national\Nlevel stuff that I mentioned certainly as some
Dialogue: 0,1:56:32.02,1:56:37.01,Default,,0000,0000,0000,,of the countries that blazing the trail\Nthere from Australia, to Germany, to Finland,
Dialogue: 0,1:56:37.01,1:56:43.09,Default,,0000,0000,0000,,to the U.S. I mean some of the work that\Nthe FCC and others have done which is
Dialogue: 0,1:56:43.09,1:56:46.01,Default,,0000,0000,0000,,about educating folks and sharing information.
Dialogue: 0,1:56:46.01,1:56:51.05,Default,,0000,0000,0000,,A lot of this as you'll notice, even though\Nthese scenarios comes back to international laws
Dialogue: 0,1:56:51.05,1:56:58.06,Default,,0000,0000,0000,,or even national laws or disclosure laws or fair\Ndisclosure laws, right I mean what is the extent
Dialogue: 0,1:56:58.06,1:57:03.06,Default,,0000,0000,0000,,of where I can share information and who I can\Nget help from and where can we get collaboration
Dialogue: 0,1:57:03.06,1:57:07.08,Default,,0000,0000,0000,,from a nation state versus send in a\Nsnatch team or not do anything, right?
Dialogue: 0,1:57:07.08,1:57:14.00,Default,,0000,0000,0000,,And so, what are the kinds of capabilities that\Nyou have, and then you'd really like to operate
Dialogue: 0,1:57:14.00,1:57:18.02,Default,,0000,0000,0000,,in meet space and prosecute people that\Nhave real impacts on real businesses
Dialogue: 0,1:57:18.02,1:57:22.06,Default,,0000,0000,0000,,and break walls internationally,\Nbut how do you balance
Dialogue: 0,1:57:22.06,1:57:26.00,Default,,0000,0000,0000,,that internationally with\Nthe privacy for example?
Dialogue: 0,1:57:26.00,1:57:30.01,Default,,0000,0000,0000,,I mean that's a tough balance because if you\Ncan attribute every transaction on the internet,
Dialogue: 0,1:57:30.01,1:57:34.06,Default,,0000,0000,0000,,then no one has any privacy or\N[inaudible] and what does that mean
Dialogue: 0,1:57:34.06,1:57:36.02,Default,,0000,0000,0000,,for censorship or for other things.
Dialogue: 0,1:57:36.02,1:57:39.07,Default,,0000,0000,0000,,So all these sort of things together is,
Dialogue: 0,1:57:39.07,1:57:43.08,Default,,0000,0000,0000,,it is definitely needs more\Nleadership from the government.
Dialogue: 0,1:57:43.08,1:57:46.00,Default,,0000,0000,0000,,I think they've certainly\Ndone a humungous amount,
Dialogue: 0,1:57:46.00,1:57:51.04,Default,,0000,0000,0000,,and from local law enforcement folks\Nwe work with, to national level folks,
Dialogue: 0,1:57:51.04,1:57:54.01,Default,,0000,0000,0000,,and certainly Jeff and some\Nof the places he'd been.
Dialogue: 0,1:57:54.01,1:57:57.07,Default,,0000,0000,0000,,A lot of the folks looking for ways\Nto collaborate and to put frameworks
Dialogue: 0,1:57:57.07,1:58:05.05,Default,,0000,0000,0000,,in place allowing information sharing and enable\Nin a sort of protections of private sector
Dialogue: 0,1:58:05.05,1:58:11.00,Default,,0000,0000,0000,,and industry and you know that the government's\Ngot your back for this and that they're going
Dialogue: 0,1:58:11.00,1:58:15.04,Default,,0000,0000,0000,,to pull the levers and turn the\Nsteam valves they to make sure
Dialogue: 0,1:58:15.04,1:58:18.10,Default,,0000,0000,0000,,that if someone is attacking someone on\Nthis infrastructure and have an impact
Dialogue: 0,1:58:18.10,1:58:24.05,Default,,0000,0000,0000,,that it's having a real impact and\Nrepresent their citizens wherever they are.
Dialogue: 0,1:58:24.05,1:58:28.00,Default,,0000,0000,0000,,So I think it sort of goes all the way back\Nto that from the international perspective
Dialogue: 0,1:58:28.00,1:58:32.01,Default,,0000,0000,0000,,because of the projection capability\Nthat advisories have on the internet
Dialogue: 0,1:58:32.01,1:58:39.03,Default,,0000,0000,0000,,and there are a lot of alliances, a lot are\Nprivate sector, public sector, partnerships,
Dialogue: 0,1:58:39.03,1:58:42.06,Default,,0000,0000,0000,,everything from internet security alliance,\Nonline trust alliance, stop bad ware.
Dialogue: 0,1:58:42.06,1:58:44.09,Default,,0000,0000,0000,,I mean there's no shortage.
Dialogue: 0,1:58:44.09,1:58:49.05,Default,,0000,0000,0000,,I mean a lot of the outreach that we\Ntalked about, the work that [inaudible]
Dialogue: 0,1:58:49.05,1:58:53.10,Default,,0000,0000,0000,,and anti-phishing working group and\Nsome of the other folks have done.
Dialogue: 0,1:58:53.10,1:59:00.02,Default,,0000,0000,0000,,So I think that a lot of this is happening but\Nit certainly, the industry level leadership
Dialogue: 0,1:59:00.02,1:59:05.07,Default,,0000,0000,0000,,with the recognition by governments\Nthat they're captive to this.
Dialogue: 0,1:59:05.07,1:59:07.07,Default,,0000,0000,0000,,We're all sort of captive to\Nthis and the only way we're going
Dialogue: 0,1:59:07.07,1:59:10.00,Default,,0000,0000,0000,,to get there is if we collaborate.
Dialogue: 0,1:59:10.00,1:59:12.05,Default,,0000,0000,0000,,>> Brian: Thanks, anybody else?
Dialogue: 0,1:59:12.05,1:59:13.08,Default,,0000,0000,0000,,
Dialogue: 0,1:59:13.08,1:59:17.00,Default,,0000,0000,0000,,>> You know there are many more\Nacronyms we could throw out there
Dialogue: 0,1:59:17.00,1:59:21.02,Default,,0000,0000,0000,,about the various public/private\Ncollaboration partnerships.
Dialogue: 0,1:59:21.02,1:59:23.04,Default,,0000,0000,0000,,Some doing great work, some doing work.
Dialogue: 0,1:59:23.04,1:59:29.02,Default,,0000,0000,0000,,[Laughter] But I want to get back to\Nsomething I think Miguel touched on earlier
Dialogue: 0,1:59:29.02,1:59:34.01,Default,,0000,0000,0000,,about information sharing and the need to share\Ninformation and most folks who would go ahead
Dialogue: 0,1:59:34.01,1:59:35.06,Default,,0000,0000,0000,,and share will get slapped down for it.
Dialogue: 0,1:59:35.06,1:59:43.02,Default,,0000,0000,0000,,There are two reasons for it, one\Ncorporate strategic secret issues,
Dialogue: 0,1:59:43.02,1:59:45.06,Default,,0000,0000,0000,,but also the lawyers will\Noften slap you down because,
Dialogue: 0,1:59:45.06,1:59:47.00,Default,,0000,0000,0000,,well can we really share that information.
Dialogue: 0,1:59:47.00,1:59:53.02,Default,,0000,0000,0000,,That's an area where I think we need change\Nand we need it soon is changing the laws
Dialogue: 0,1:59:53.02,1:59:58.03,Default,,0000,0000,0000,,that limit the ability of companies who want to\Nshare information with other companies, ECPA,
Dialogue: 0,1:59:58.03,2:00:04.05,Default,,0000,0000,0000,,Electronic Communication Privacy Act, antitrust\Nlaws, all these don't need to be gutted,
Dialogue: 0,2:00:04.05,2:00:07.09,Default,,0000,0000,0000,,they need to be reformed and\Nfrankly we got to a very weird place
Dialogue: 0,2:00:07.09,2:00:10.00,Default,,0000,0000,0000,,in the [inaudible] legislative cycle\Nthis year where you had the head
Dialogue: 0,2:00:10.00,2:00:15.09,Default,,0000,0000,0000,,of the national security agency and you had\Nprivacy groups all saying this is something we
Dialogue: 0,2:00:15.09,2:00:18.00,Default,,0000,0000,0000,,need to do and here's the framework\Nthat we all think actually can work.
Dialogue: 0,2:00:18.00,2:00:23.01,Default,,0000,0000,0000,,It based our own idea of sharing cyber\Nsecurity information narrowly defined
Dialogue: 0,2:00:23.01,2:00:25.09,Default,,0000,0000,0000,,for cyber security purposes, narrowly defined,
Dialogue: 0,2:00:25.09,2:00:30.03,Default,,0000,0000,0000,,but Congress in its infinite\Nwisdom got you have the NSA
Dialogue: 0,2:00:30.03,2:00:34.05,Default,,0000,0000,0000,,and the privacy groups essentially\Nagreeing, so Congress chose not to act.
Dialogue: 0,2:00:34.05,2:00:38.06,Default,,0000,0000,0000,,And that is something that I think is not\Ngoing to solve the problem but would be a step
Dialogue: 0,2:00:38.06,2:00:41.04,Default,,0000,0000,0000,,in the right direction to\Nallow information sharing
Dialogue: 0,2:00:41.04,2:00:43.04,Default,,0000,0000,0000,,and maybe breakdown some of those barriers.
Dialogue: 0,2:00:43.04,2:00:49.06,Default,,0000,0000,0000,,Make it happen 5, 10, 15, minutes an hour\Nsoon, sooner or even won't happen at all
Dialogue: 0,2:00:49.06,2:00:53.00,Default,,0000,0000,0000,,so that's something that within all these\Ngroups there are still these limitations
Dialogue: 0,2:00:53.00,2:00:57.08,Default,,0000,0000,0000,,that are illegal and need to\Nbe changed by the politicians.
Dialogue: 0,2:00:57.08,2:00:59.00,Default,,0000,0000,0000,,>> Brian: Thanks, Damian.
Dialogue: 0,2:00:59.00,2:01:03.06,Default,,0000,0000,0000,,>> Damian: I wanted to mention there are\Nsome ways that collaboration can occur
Dialogue: 0,2:01:03.06,2:01:09.02,Default,,0000,0000,0000,,without needing to necessarily involve\Nlawyers or worry about user privacy.
Dialogue: 0,2:01:09.02,2:01:14.01,Default,,0000,0000,0000,,Some of the attacks that we see there's\Njust sharing information and about the fact
Dialogue: 0,2:01:14.01,2:01:17.01,Default,,0000,0000,0000,,that we're seeking an attack,\Nthe size of the attack,
Dialogue: 0,2:01:17.01,2:01:19.01,Default,,0000,0000,0000,,the type of the attack can be helpful to others.
Dialogue: 0,2:01:19.01,2:01:27.04,Default,,0000,0000,0000,,So as a recent example the dos attacks\Nthat hit the banks recently hit us actually
Dialogue: 0,2:01:27.04,2:01:32.02,Default,,0000,0000,0000,,about a week before it started hitting all\Nof the banks and we sent a quick heads-up
Dialogue: 0,2:01:32.02,2:01:38.01,Default,,0000,0000,0000,,to a security list of people\Njust letting them know,
Dialogue: 0,2:01:38.01,2:01:41.00,Default,,0000,0000,0000,,hey we're getting this surprisingly\Nlarge attack.
Dialogue: 0,2:01:41.00,2:01:44.04,Default,,0000,0000,0000,,This is a bit unusual; this\Nis what it looks like.
Dialogue: 0,2:01:44.04,2:01:47.04,Default,,0000,0000,0000,,You might want to watch out, be prepared.
Dialogue: 0,2:01:47.04,2:01:51.08,Default,,0000,0000,0000,,Unfortunately two days later, we wrote\Nback and said it just doubled in size,
Dialogue: 0,2:01:51.08,2:01:56.01,Default,,0000,0000,0000,,but there are things that you\Ncan do to give out information.
Dialogue: 0,2:01:56.01,2:02:00.04,Default,,0000,0000,0000,,We're not giving out necessarily like\Nthe IP addresses that it's coming
Dialogue: 0,2:02:00.04,2:02:05.02,Default,,0000,0000,0000,,from because we have talk to lawyers\Nabout the privacy implications of that,
Dialogue: 0,2:02:05.02,2:02:09.09,Default,,0000,0000,0000,,but even just the basic information about the\Ntype of attack that you're getting and the size
Dialogue: 0,2:02:09.09,2:02:16.01,Default,,0000,0000,0000,,and maybe the general area of the world it's\Ncoming from can be very helpful to others.
Dialogue: 0,2:02:16.01,2:02:19.09,Default,,0000,0000,0000,,>> Brian: Thanks, any last remarks?
Dialogue: 0,2:02:19.09,2:02:22.05,Default,,0000,0000,0000,,Okay, thank you panelists\Nvery much for playing along
Dialogue: 0,2:02:22.05,2:02:25.06,Default,,0000,0000,0000,,and for the great information\Nyou provide with us so far.
Dialogue: 0,2:02:25.06,2:02:30.03,Default,,0000,0000,0000,,So let's get to the real important folks here\Ntoday, the audience both here and online.
Dialogue: 0,2:02:30.03,2:02:35.07,Default,,0000,0000,0000,,At least for the next 30 minutes, we'll\Nhave an open mic in the middle of the room.
Dialogue: 0,2:02:35.07,2:02:40.02,Default,,0000,0000,0000,,I think we have some questions\Nfrom online, so if you would,
Dialogue: 0,2:02:40.02,2:02:49.07,Default,,0000,0000,0000,,please [inaudible] we have--\N[Pause]-- it doesn't work?
Dialogue: 0,2:02:49.07,2:02:50.08,Default,,0000,0000,0000,,
Dialogue: 0,2:02:50.08,2:02:55.01,Default,,0000,0000,0000,,Why don't you come up and use this\Nmicrophone if you would to pose your question.
Dialogue: 0,2:02:55.01,2:02:56.01,Default,,0000,0000,0000,,[Pause]
Dialogue: 0,2:02:56.01,2:03:03.00,Default,,0000,0000,0000,,>> David: I'm David Thaumenal [phonetic]\NPresident of The Internet Society of New York
Dialogue: 0,2:03:03.00,2:03:07.06,Default,,0000,0000,0000,,and just as we have software as a\Nservice and infrastructure as a service,
Dialogue: 0,2:03:07.06,2:03:13.02,Default,,0000,0000,0000,,there's now crime-ware as a service so if I'm a\Nbad person, rather than going to all the trouble
Dialogue: 0,2:03:13.02,2:03:16.07,Default,,0000,0000,0000,,of actually attacking somebody\NI don't like on the internet,
Dialogue: 0,2:03:16.07,2:03:23.01,Default,,0000,0000,0000,,I can actually pay a service\Nprovider to do it for me
Dialogue: 0,2:03:23.01,2:03:29.06,Default,,0000,0000,0000,,and they're using a commercial business model\Nso I can have warranties, guarantees of quality
Dialogue: 0,2:03:29.06,2:03:33.03,Default,,0000,0000,0000,,of service, support contracts\Nand everything else.
Dialogue: 0,2:03:33.03,2:03:41.01,Default,,0000,0000,0000,,So my question is wouldn't it make sense\Nfor whether it's industry or law enforcement
Dialogue: 0,2:03:41.01,2:03:49.08,Default,,0000,0000,0000,,or whatever to focus on identifying these\Ncrime-ware service providers infiltrating them,
Dialogue: 0,2:03:49.08,2:03:55.02,Default,,0000,0000,0000,,targeting them, purchasing their\Nsoftware and reverse engineering it
Dialogue: 0,2:03:55.02,2:04:01.10,Default,,0000,0000,0000,,to disable it, that type of thing?
Dialogue: 0,2:04:01.10,2:04:05.09,Default,,0000,0000,0000,,>> Brian: Anyone on the panel want to take that?
Dialogue: 0,2:04:05.09,2:04:12.01,Default,,0000,0000,0000,,>> Danny: Absolutely in if you go back\Nto the scenario of an ideal world,
Dialogue: 0,2:04:12.01,2:04:16.07,Default,,0000,0000,0000,,but a lot of these are happening offshore in\Ncountries that aren't particularly mendable
Dialogue: 0,2:04:16.07,2:04:23.00,Default,,0000,0000,0000,,to working with our law enforcement\Nto arrest or prosecute.
Dialogue: 0,2:04:23.00,2:04:28.10,Default,,0000,0000,0000,,Reverse engineering I think goes on, but the\Nproblem is that the software morph so quickly
Dialogue: 0,2:04:28.10,2:04:33.04,Default,,0000,0000,0000,,that the signatures old as soon as you know it.
Dialogue: 0,2:04:33.04,2:04:37.04,Default,,0000,0000,0000,,And there are other efforts, other\Ntechniques for protecting against it
Dialogue: 0,2:04:37.04,2:04:41.03,Default,,0000,0000,0000,,and I think that's actively underway, but\Nin terms of infiltrating, breaking up,
Dialogue: 0,2:04:41.03,2:04:44.07,Default,,0000,0000,0000,,prosecuting, they'd just go somewhere else.
Dialogue: 0,2:04:44.07,2:04:50.01,Default,,0000,0000,0000,,>> So I was going to add just there\Nis one aspect to this certainly lots
Dialogue: 0,2:04:50.01,2:04:53.06,Default,,0000,0000,0000,,of folks are looking at when you try to\Nmove it back to meet space and the place
Dialogue: 0,2:04:53.06,2:04:57.10,Default,,0000,0000,0000,,where law enforcement usually operates\Nin a more productive way and better
Dialogue: 0,2:04:57.10,2:05:04.03,Default,,0000,0000,0000,,than most information security folks and there\Nhas been a lot more work on follow the money
Dialogue: 0,2:05:04.03,2:05:07.09,Default,,0000,0000,0000,,and use that angle for the\Nattribution side of this.
Dialogue: 0,2:05:07.09,2:05:12.08,Default,,0000,0000,0000,,I mean some of the recent things you may\Nhave seen from spam campaigns to phishing
Dialogue: 0,2:05:12.08,2:05:15.03,Default,,0000,0000,0000,,and mal-code distribution\Nand those sorts of things.
Dialogue: 0,2:05:15.03,2:05:20.03,Default,,0000,0000,0000,,Some recent work actually by Steph and\NSavage and some of the folks at UCSB
Dialogue: 0,2:05:20.03,2:05:25.03,Default,,0000,0000,0000,,and was particularly enlightening in that\Narea for those of you that haven't seen that.
Dialogue: 0,2:05:25.03,2:05:28.09,Default,,0000,0000,0000,,And I know that law enforcement is certainly\Ntaking note and very good at those kind
Dialogue: 0,2:05:28.09,2:05:37.07,Default,,0000,0000,0000,,of things and so, I suspect that\Nbeing aware of that and seeing more
Dialogue: 0,2:05:37.07,2:05:40.00,Default,,0000,0000,0000,,on that side I would follow the\Nmoney and work on the attribution
Dialogue: 0,2:05:40.00,2:05:45.00,Default,,0000,0000,0000,,and the prosecution associated with malicious\Nactivity, that sort is certainly something
Dialogue: 0,2:05:45.00,2:05:49.03,Default,,0000,0000,0000,,that we're going to see more of\Nfrom a prosecution perspective.
Dialogue: 0,2:05:49.03,2:05:53.03,Default,,0000,0000,0000,,>> Brian: And the FBI has had\Nsome big take downs recently.
Dialogue: 0,2:05:53.03,2:05:57.06,Default,,0000,0000,0000,,There was one in [inaudible]\Nearly this year, late last year.
Dialogue: 0,2:05:57.06,2:05:59.07,Default,,0000,0000,0000,,>> Last year.
Dialogue: 0,2:05:59.07,2:06:00.04,Default,,0000,0000,0000,,>> Brian: Thank you.
Dialogue: 0,2:06:00.04,2:06:02.02,Default,,0000,0000,0000,,I've got two questions from online,
Dialogue: 0,2:06:02.02,2:06:05.06,Default,,0000,0000,0000,,I'll go to one of them first\Nand then come back to the room.
Dialogue: 0,2:06:05.06,2:06:09.07,Default,,0000,0000,0000,,From Vanda [phonetic] the reality\Nthat people don't think it will happen
Dialogue: 0,2:06:09.07,2:06:11.07,Default,,0000,0000,0000,,with them is a fact here too.
Dialogue: 0,2:06:11.07,2:06:18.00,Default,,0000,0000,0000,,So how can I convince people that they\Nneed to take preventative measures?
Dialogue: 0,2:06:18.00,2:06:19.02,Default,,0000,0000,0000,,
Dialogue: 0,2:06:19.02,2:06:20.07,Default,,0000,0000,0000,,Jillian?
Dialogue: 0,2:06:20.07,2:06:25.09,Default,,0000,0000,0000,,>> Jillian: Sure, so I don't know\Nwhat "here" means in that sentence
Dialogue: 0,2:06:25.09,2:06:30.05,Default,,0000,0000,0000,,but nonetheless I would say in\Nthinking about how to convince people,
Dialogue: 0,2:06:30.05,2:06:36.10,Default,,0000,0000,0000,,there is a wealth of information on what sort\Nof attacks occurred and who they've targeted
Dialogue: 0,2:06:36.10,2:06:40.01,Default,,0000,0000,0000,,and one of the things that this\NBerkman Center study found was
Dialogue: 0,2:06:40.01,2:06:43.09,Default,,0000,0000,0000,,that there's really no associated\Nideology with attacks.
Dialogue: 0,2:06:43.09,2:06:49.09,Default,,0000,0000,0000,,There's one example where some\Nconservative Muslim groups outside
Dialogue: 0,2:06:49.09,2:06:52.08,Default,,0000,0000,0000,,of the U.S. were attacking\NU.S. Conservative website.
Dialogue: 0,2:06:52.08,2:06:57.10,Default,,0000,0000,0000,,The U.S. Conservative Groups were then attacking\Nthese Muslim websites outside the U.S. And so on
Dialogue: 0,2:06:57.10,2:07:02.05,Default,,0000,0000,0000,,and so forth and sort of in a circle\Nand so, anyone can be a victim.
Dialogue: 0,2:07:02.05,2:07:07.02,Default,,0000,0000,0000,,Any type of group, any type ideology and\Nso I think that's where we start looking
Dialogue: 0,2:07:07.02,2:07:13.03,Default,,0000,0000,0000,,at previous attacks and educating people\Nabout those various desperate targets,
Dialogue: 0,2:07:13.03,2:07:15.01,Default,,0000,0000,0000,,that's another way that we can raise awareness.
Dialogue: 0,2:07:15.01,2:07:20.02,Default,,0000,0000,0000,,And then like I said just sort of thinking\Nabout risk assessments not an easy thing
Dialogue: 0,2:07:20.02,2:07:26.01,Default,,0000,0000,0000,,in these cases and like I said with having\Ndesperate ideologies be the target of attacks,
Dialogue: 0,2:07:26.01,2:07:31.06,Default,,0000,0000,0000,,it's not easy to really assess what\Nyour actual risk is and so to assume
Dialogue: 0,2:07:31.06,2:07:34.10,Default,,0000,0000,0000,,that you could potentially be a target\Nof an attack is the first thing.
Dialogue: 0,2:07:34.10,2:07:41.07,Default,,0000,0000,0000,,But then to sort of weigh your risk and figure\Nout what you might want to think about in terms
Dialogue: 0,2:07:41.07,2:07:44.10,Default,,0000,0000,0000,,of what's important to you\Nand keeping your site up.
Dialogue: 0,2:07:44.10,2:07:46.06,Default,,0000,0000,0000,,>> Brian: Sure, Miguel.
Dialogue: 0,2:07:46.06,2:07:49.03,Default,,0000,0000,0000,,>> Miguel: Thank you Brian.
Dialogue: 0,2:07:49.03,2:07:55.08,Default,,0000,0000,0000,,What the question refers to is sort of how\Nto make the business case for protection
Dialogue: 0,2:07:55.08,2:07:58.06,Default,,0000,0000,0000,,or mitigation against this kind of a threat.
Dialogue: 0,2:07:58.06,2:08:04.03,Default,,0000,0000,0000,,Danny actually talked about some of these\Nthings previously in the conversation in terms
Dialogue: 0,2:08:04.03,2:08:08.05,Default,,0000,0000,0000,,of really evaluating your\Ninfrastructure and your needs and kind
Dialogue: 0,2:08:08.05,2:08:13.08,Default,,0000,0000,0000,,of asking yourself some basic questions.
Dialogue: 0,2:08:13.08,2:08:20.04,Default,,0000,0000,0000,,What would it mean to you if your, let's\Nsay for example your website was down?
Dialogue: 0,2:08:20.04,2:08:24.03,Default,,0000,0000,0000,,What are some of the things that could\Npotentially happen if that was the case
Dialogue: 0,2:08:24.03,2:08:26.09,Default,,0000,0000,0000,,and what would the impact to you be
Dialogue: 0,2:08:26.09,2:08:30.04,Default,,0000,0000,0000,,if your infrastructure was\Ndown for 12 hours for example?
Dialogue: 0,2:08:30.04,2:08:33.10,Default,,0000,0000,0000,,I'll use some private sector examples\Nto just kind of illustrate this.
Dialogue: 0,2:08:33.10,2:08:37.08,Default,,0000,0000,0000,,Maybe obviously there's potentially\Nthe revenue component.
Dialogue: 0,2:08:37.08,2:08:39.04,Default,,0000,0000,0000,,Maybe you're making money off your website
Dialogue: 0,2:08:39.04,2:08:46.01,Default,,0000,0000,0000,,so there's some tangible result\Nin terms of not having revenue.
Dialogue: 0,2:08:46.01,2:08:51.05,Default,,0000,0000,0000,,But from a customer service perspective for\Nexample, what happens if your website is
Dialogue: 0,2:08:51.05,2:08:53.02,Default,,0000,0000,0000,,down for a certain amount of time?
Dialogue: 0,2:08:53.02,2:08:58.02,Default,,0000,0000,0000,,Maybe your call center gets\Nflooded, gets into code red.
Dialogue: 0,2:08:58.02,2:09:03.01,Default,,0000,0000,0000,,People are waiting an hour-and-a-half\Nto have the phone answered.
Dialogue: 0,2:09:03.01,2:09:07.01,Default,,0000,0000,0000,,Maybe your email boxes start getting flooded\Nand maybe it's going to take weeks potentially
Dialogue: 0,2:09:07.01,2:09:11.04,Default,,0000,0000,0000,,to dig yourself out of that hole.
Dialogue: 0,2:09:11.04,2:09:17.04,Default,,0000,0000,0000,,Another thing to kind of think about is,\Nas you make the business case for this
Dialogue: 0,2:09:17.04,2:09:25.09,Default,,0000,0000,0000,,or to have some kind of a plan to mitigate the\Nattacks is how long would it actually take you
Dialogue: 0,2:09:25.09,2:09:30.05,Default,,0000,0000,0000,,to get your core infrastructure or the\Ninfrastructure you need to be online,
Dialogue: 0,2:09:30.05,2:09:34.05,Default,,0000,0000,0000,,back online if something like this happened?
Dialogue: 0,2:09:34.05,2:09:38.01,Default,,0000,0000,0000,,Potentially it would take you a\Nsignificant amount of time just to figure
Dialogue: 0,2:09:38.01,2:09:44.06,Default,,0000,0000,0000,,out what's actually happening let alone figuring\Nout what the path is going to be in terms
Dialogue: 0,2:09:44.06,2:09:47.08,Default,,0000,0000,0000,,of what the best strategy is to deal\Nwith the problem when it happens.
Dialogue: 0,2:09:47.08,2:09:51.09,Default,,0000,0000,0000,,And then on top of that, after that\Nis once you actually know what to do,
Dialogue: 0,2:09:51.09,2:09:55.00,Default,,0000,0000,0000,,actually putting the plan\Nin place to do what needs
Dialogue: 0,2:09:55.00,2:09:57.08,Default,,0000,0000,0000,,to be done to get the threat under control.
Dialogue: 0,2:09:57.08,2:10:01.04,Default,,0000,0000,0000,,So when you start asking yourself\Nsome of these fundamental questions
Dialogue: 0,2:10:01.04,2:10:04.05,Default,,0000,0000,0000,,and it's not just a private\Nsector thing where you're worried
Dialogue: 0,2:10:04.05,2:10:08.02,Default,,0000,0000,0000,,about your revenue potentially\Nor your brand equity.
Dialogue: 0,2:10:08.02,2:10:11.02,Default,,0000,0000,0000,,You know the public sector faces this as well
Dialogue: 0,2:10:11.02,2:10:14.01,Default,,0000,0000,0000,,because it obviously, there's\Nsome tangible stuff.
Dialogue: 0,2:10:14.01,2:10:20.10,Default,,0000,0000,0000,,It looks really bad when a government website\Nis down or a free speech NGO website is down.
Dialogue: 0,2:10:20.10,2:10:23.10,Default,,0000,0000,0000,,So there are fundamental questions\Nthat you can start asking yourself
Dialogue: 0,2:10:23.10,2:10:28.07,Default,,0000,0000,0000,,and when you start asking yourself\Nthese question and really look
Dialogue: 0,2:10:28.07,2:10:31.09,Default,,0000,0000,0000,,at what the impact is going to\Nbe, both short-term and long-term,
Dialogue: 0,2:10:31.09,2:10:34.01,Default,,0000,0000,0000,,you really have to think about\Nthe long-term impact too.
Dialogue: 0,2:10:34.01,2:10:40.06,Default,,0000,0000,0000,,At that point you start to look at that\Nand the business case for DDoS protection
Dialogue: 0,2:10:40.06,2:10:45.09,Default,,0000,0000,0000,,or for having a plan in place to deal\Nwith this particular issue if it happens,
Dialogue: 0,2:10:45.09,2:10:50.01,Default,,0000,0000,0000,,it starts to become quite apparent that\Nthis something that is worth doing.
Dialogue: 0,2:10:50.01,2:10:54.08,Default,,0000,0000,0000,,>> Brian: Sounds like good common\Nsense, anybody else, yeah, Damian.
Dialogue: 0,2:10:54.08,2:11:01.00,Default,,0000,0000,0000,,>> Damian: So I want to highlight like in\Naddition to just the business financial impact,
Dialogue: 0,2:11:01.00,2:11:03.07,Default,,0000,0000,0000,,there is a very strong PR impact to going down.
Dialogue: 0,2:11:03.07,2:11:09.04,Default,,0000,0000,0000,,We saw user comments during the bank\Nattacks, you know comments and articles
Dialogue: 0,2:11:09.04,2:11:13.02,Default,,0000,0000,0000,,of our users saying things like, if\Nmy bank can't handle a dos attack,
Dialogue: 0,2:11:13.02,2:11:16.04,Default,,0000,0000,0000,,how do I trust that they\Nknow how to secure my money?
Dialogue: 0,2:11:16.04,2:11:20.01,Default,,0000,0000,0000,,They're completely unrelated things but\Nthe average person doesn't understand that
Dialogue: 0,2:11:20.01,2:11:24.07,Default,,0000,0000,0000,,and so there can be a significant PR impact\Nto your organization if it goes down even
Dialogue: 0,2:11:24.07,2:11:29.01,Default,,0000,0000,0000,,if it doesn't directly affect\Nthem like with banking yes,
Dialogue: 0,2:11:29.01,2:11:32.06,Default,,0000,0000,0000,,some people couldn't do online banking\Nfor a day, ATMs were still fine.
Dialogue: 0,2:11:32.06,2:11:40.01,Default,,0000,0000,0000,,Like there was no actual real risk there but I\Nalso want to point out that I think the going
Dialogue: 0,2:11:40.01,2:11:43.06,Default,,0000,0000,0000,,down is actually a viable option.
Dialogue: 0,2:11:43.06,2:11:48.00,Default,,0000,0000,0000,,We're all talking about it as if\Nthe ultimate goal is to stay online,
Dialogue: 0,2:11:48.00,2:11:52.04,Default,,0000,0000,0000,,but economically that might\Nnot make sense for you and even
Dialogue: 0,2:11:52.04,2:11:54.08,Default,,0000,0000,0000,,from a PR standpoint it may not make sense.
Dialogue: 0,2:11:54.08,2:11:59.02,Default,,0000,0000,0000,,If you're a human rights organization and\Nyou can get an article in New York Times
Dialogue: 0,2:11:59.02,2:12:02.07,Default,,0000,0000,0000,,about how you went down due to a dos attack,
Dialogue: 0,2:12:02.07,2:12:04.10,Default,,0000,0000,0000,,that's the best publicity\Nyou can possibly imagine.
Dialogue: 0,2:12:04.10,2:12:09.00,Default,,0000,0000,0000,,Nobody is thinking about human\Nrights until they see this article.
Dialogue: 0,2:12:09.00,2:12:16.06,Default,,0000,0000,0000,,So, it's something to keep in mind, staying up\Nat all costs isn't necessarily the end goal.
Dialogue: 0,2:12:16.06,2:12:17.07,Default,,0000,0000,0000,,>> Brian: Yeah, Danny.
Dialogue: 0,2:12:17.07,2:12:21.08,Default,,0000,0000,0000,,>> Danny: So I was going to add a little\Nbit to both of what they said actually,
Dialogue: 0,2:12:21.08,2:12:24.06,Default,,0000,0000,0000,,and to Vanda's question, how\Ndo sort of get ahead of these.
Dialogue: 0,2:12:24.06,2:12:27.05,Default,,0000,0000,0000,,One of the comments that I made\Nearlier is somewhere between 80%
Dialogue: 0,2:12:27.05,2:12:31.08,Default,,0000,0000,0000,,and 85% of IT securities span\Ngoes toward regulatory compliance.
Dialogue: 0,2:12:31.08,2:12:36.00,Default,,0000,0000,0000,,Things you have to do just to check boxes\Nlike these fire suppression systems right,
Dialogue: 0,2:12:36.00,2:12:42.05,Default,,0000,0000,0000,,and this is the sort of thing where most of the\Ntraditional controls that are on our network,
Dialogue: 0,2:12:42.05,2:12:48.02,Default,,0000,0000,0000,,the 100s and 100s that we have are about keeping\Nprivate information private and more and more
Dialogue: 0,2:12:48.02,2:12:50.10,Default,,0000,0000,0000,,so many organizations, particularly\Nfor internet facing services,
Dialogue: 0,2:12:50.10,2:12:54.04,Default,,0000,0000,0000,,the availability of those services,\Nas opposed to just the confidentiality
Dialogue: 0,2:12:54.04,2:12:58.05,Default,,0000,0000,0000,,of the data contained therein\Nis more and more of an issue
Dialogue: 0,2:12:58.05,2:13:02.02,Default,,0000,0000,0000,,and so making sure you understand\Nthat, to Miguel's point.
Dialogue: 0,2:13:02.02,2:13:07.07,Default,,0000,0000,0000,,Risk management 101, basic business resilience\Nsays take the asset, take what one minute
Dialogue: 0,2:13:07.07,2:13:14.01,Default,,0000,0000,0000,,of downtime with that asset may cost you,\Ntalk about how long a particular outage may be
Dialogue: 0,2:13:14.01,2:13:17.02,Default,,0000,0000,0000,,and then you come up with\Nyour single lost expectancy
Dialogue: 0,2:13:17.02,2:13:19.01,Default,,0000,0000,0000,,and then take how many times this\Nmay occur in a year something known
Dialogue: 0,2:13:19.01,2:13:25.02,Default,,0000,0000,0000,,as annualize loss expectancy and you\Nmultiply annualize rate of occurance
Dialogue: 0,2:13:25.02,2:13:27.01,Default,,0000,0000,0000,,with single loss expectancy\Nand you know in a year,
Dialogue: 0,2:13:27.01,2:13:30.03,Default,,0000,0000,0000,,this much downtime could cost you\Nthis much in your organization.
Dialogue: 0,2:13:30.03,2:13:34.00,Default,,0000,0000,0000,,And if you don't do that, and then say okay\Nwhat are we willing to invest in proactively
Dialogue: 0,2:13:34.00,2:13:40.01,Default,,0000,0000,0000,,to get residual risk to some level\Nthat we [inaudible] or go buy insurance
Dialogue: 0,2:13:40.01,2:13:42.04,Default,,0000,0000,0000,,or ignore it and hope that it doesn't happen.
Dialogue: 0,2:13:42.04,2:13:44.06,Default,,0000,0000,0000,,And so you really need to think about this.
Dialogue: 0,2:13:44.06,2:13:49.08,Default,,0000,0000,0000,,Actually, I'll reference again the\Ninternet security lines documents.
Dialogue: 0,2:13:49.08,2:13:53.08,Default,,0000,0000,0000,,It's a little hefty but it's a really great\Nread for folks asking just that question.
Dialogue: 0,2:13:53.08,2:13:59.01,Default,,0000,0000,0000,,It's a CFO's guide to cyber risk and it sort\Nof talks about some of these sorts of things.
Dialogue: 0,2:13:59.01,2:14:04.08,Default,,0000,0000,0000,,I definitely recommend that you have a\Nlook at that and try to get ahead of it.
Dialogue: 0,2:14:04.08,2:14:06.00,Default,,0000,0000,0000,,So, I'm done now so--
Dialogue: 0,2:14:06.00,2:14:08.07,Default,,0000,0000,0000,,>> Brian: Okay do we have other\Nquestions from inside the room?
Dialogue: 0,2:14:08.07,2:14:10.02,Default,,0000,0000,0000,,Please, okay.
Dialogue: 0,2:14:10.02,2:14:18.01,Default,,0000,0000,0000,,>> You were talking about the PR aspect of\Nit and I took Jill's comment to heart earlier
Dialogue: 0,2:14:18.01,2:14:22.00,Default,,0000,0000,0000,,about she doesn't think it's\Na good idea and we know
Dialogue: 0,2:14:22.00,2:14:27.09,Default,,0000,0000,0000,,that Pirate Bay went anonymous\N[inaudible] the whole Pirate Bay came
Dialogue: 0,2:14:27.09,2:14:33.00,Default,,0000,0000,0000,,out against it saying they were for free\Nspeech and this was against it and I wonder
Dialogue: 0,2:14:33.00,2:14:40.01,Default,,0000,0000,0000,,about how much embarrassment and the moral\Nargument and basically if you've got governments
Dialogue: 0,2:14:40.01,2:14:43.02,Default,,0000,0000,0000,,who are doing it, can there be kind\Nof treaties between governments
Dialogue: 0,2:14:43.02,2:14:46.03,Default,,0000,0000,0000,,that say this is not acceptable behavior.
Dialogue: 0,2:14:46.03,2:14:50.05,Default,,0000,0000,0000,,And in the activist world,\Nalso the same kind of thing
Dialogue: 0,2:14:50.05,2:14:57.08,Default,,0000,0000,0000,,so [inaudible] technical solutions\Nare where social solutions?
Dialogue: 0,2:14:57.08,2:15:01.06,Default,,0000,0000,0000,,>> Jillian: Sure so I'll just give my quick\Ntwo cents because I'm actually more curious
Dialogue: 0,2:15:01.06,2:15:03.06,Default,,0000,0000,0000,,to hear others responses to this.
Dialogue: 0,2:15:03.06,2:15:08.08,Default,,0000,0000,0000,,So using our example of Mordor and not getting\Ninto real life, let's say that the governor
Dialogue: 0,2:15:08.08,2:15:12.04,Default,,0000,0000,0000,,of Mordor was partly behind\Nthe attacks against Genovia.
Dialogue: 0,2:15:12.04,2:15:17.06,Default,,0000,0000,0000,,And so in cases like that,\Nit's really difficult.
Dialogue: 0,2:15:17.06,2:15:21.07,Default,,0000,0000,0000,,I'm assuming that Mordor also\Nprosecutes citizens for hacking
Dialogue: 0,2:15:21.07,2:15:27.05,Default,,0000,0000,0000,,and for their own DDoS perpitrations and\Nso it's really difficult to look at that
Dialogue: 0,2:15:27.05,2:15:31.02,Default,,0000,0000,0000,,and say that Mordor has any\Nmoral ground to stand
Dialogue: 0,2:15:31.02,2:15:34.01,Default,,0000,0000,0000,,on when it does prosecute its own\Ncitizens for being behind those attacks.
Dialogue: 0,2:15:34.01,2:15:37.07,Default,,0000,0000,0000,,And I think that we have seen,\NI'm sure you're aware of them,
Dialogue: 0,2:15:37.07,2:15:39.01,Default,,0000,0000,0000,,real life examples where this exists.
Dialogue: 0,2:15:39.01,2:15:42.09,Default,,0000,0000,0000,,Where you know governments are doing one thing\Nwith one hand and something with the other.
Dialogue: 0,2:15:42.09,2:15:50.00,Default,,0000,0000,0000,,But to the point about [inaudible] example\Nis a great one and I agreed with them
Dialogue: 0,2:15:50.00,2:15:53.06,Default,,0000,0000,0000,,and I think John Perry Barlow one of the\Nfounders of [inaudible] said the same thing
Dialogue: 0,2:15:53.06,2:15:57.10,Default,,0000,0000,0000,,that DDoS attacks are essentially\Nan attack on free expression.
Dialogue: 0,2:15:57.10,2:16:00.03,Default,,0000,0000,0000,,I do agree with that.
Dialogue: 0,2:16:00.03,2:16:05.04,Default,,0000,0000,0000,,Like I said I think that there are some\Ncircumstances where it's much more difficult
Dialogue: 0,2:16:05.04,2:16:09.10,Default,,0000,0000,0000,,to condemn and those are circumstances\Nwhere you're up against a government
Dialogue: 0,2:16:09.10,2:16:15.05,Default,,0000,0000,0000,,that is stifling its own citizens free\Nexpression and so you're getting into sort
Dialogue: 0,2:16:15.05,2:16:21.03,Default,,0000,0000,0000,,of irregular warfare, online warfare in those\Ncases, but generally speaking I do think
Dialogue: 0,2:16:21.03,2:16:26.01,Default,,0000,0000,0000,,that it would be a lot easier if\Nwe all viewed this as something
Dialogue: 0,2:16:26.01,2:16:28.03,Default,,0000,0000,0000,,that was not morally acceptable\Nin terms of free expression.
Dialogue: 0,2:16:28.03,2:16:32.06,Default,,0000,0000,0000,,It would certainly be a lot easier\Nto go after the actual bad guys.
Dialogue: 0,2:16:32.06,2:16:34.05,Default,,0000,0000,0000,,>> Brian: Others, Jeff?
Dialogue: 0,2:16:34.05,2:16:39.07,Default,,0000,0000,0000,,>> Jeff: I would say I think that\Nthere are things that can be improved
Dialogue: 0,2:16:39.07,2:16:43.03,Default,,0000,0000,0000,,through international cooperation,\Npotentially international treaties.
Dialogue: 0,2:16:43.03,2:16:47.08,Default,,0000,0000,0000,,There's a pretty healthy debate over\Nwhether that's even possible and enforceable
Dialogue: 0,2:16:47.08,2:16:51.03,Default,,0000,0000,0000,,and I think we at least have to try.
Dialogue: 0,2:16:51.03,2:16:55.02,Default,,0000,0000,0000,,Maybe some of that will filter down\Ninto day-to-day conduct with people,
Dialogue: 0,2:16:55.02,2:16:59.05,Default,,0000,0000,0000,,but people still commit crimes all\Nthe time even though they're illegal
Dialogue: 0,2:16:59.05,2:17:05.05,Default,,0000,0000,0000,,so I think there's a limitation to how far\Nthat will go to stop the groups that think
Dialogue: 0,2:17:05.05,2:17:08.02,Default,,0000,0000,0000,,that they're above the law or independent of law
Dialogue: 0,2:17:08.02,2:17:11.09,Default,,0000,0000,0000,,or have a separate obligation\Nthat's different to it.
Dialogue: 0,2:17:11.09,2:17:16.04,Default,,0000,0000,0000,,But I think you will see more\Neffort in the future to try
Dialogue: 0,2:17:16.04,2:17:23.09,Default,,0000,0000,0000,,out some negotiated agreements remains to\Nbe seen if they're actually verifiable.
Dialogue: 0,2:17:23.09,2:17:25.10,Default,,0000,0000,0000,,>> Brian: We have an interesting\Nquestion from online.
Dialogue: 0,2:17:25.10,2:17:27.01,Default,,0000,0000,0000,,I know we've got another\Ncouple from in the room.
Dialogue: 0,2:17:27.01,2:17:29.06,Default,,0000,0000,0000,,This one is from Mikey.
Dialogue: 0,2:17:29.06,2:17:37.03,Default,,0000,0000,0000,,What about a global simulation of cyber event\Nwith a goal of beginning to build a global,
Dialogue: 0,2:17:37.03,2:17:40.01,Default,,0000,0000,0000,,who can I call for immediate\Nhelp type mechanism?
Dialogue: 0,2:17:40.01,2:17:46.07,Default,,0000,0000,0000,,I know that in certain countries table\Ntop exercises take place with a number
Dialogue: 0,2:17:46.07,2:17:50.02,Default,,0000,0000,0000,,of different participants that create\Nscenarios, what about this idea
Dialogue: 0,2:17:50.02,2:17:53.00,Default,,0000,0000,0000,,of a global simulated cyber event?
Dialogue: 0,2:17:53.00,2:17:55.01,Default,,0000,0000,0000,,Is the feasible, would that be helpful?
Dialogue: 0,2:17:55.01,2:17:59.09,Default,,0000,0000,0000,,
Dialogue: 0,2:17:59.09,2:18:01.03,Default,,0000,0000,0000,,Ram-- oh sorry, Danny.
Dialogue: 0,2:18:01.03,2:18:11.08,Default,,0000,0000,0000,,>> Ram: I was just going to; I think\Nit was Miguel that quoted Mike Tyson.
Dialogue: 0,2:18:11.08,2:18:19.08,Default,,0000,0000,0000,,All the simulations are great but reality is\Noften very different so, we'd have to think
Dialogue: 0,2:18:19.08,2:18:22.06,Default,,0000,0000,0000,,about whether the simulation\Nis actually helpful.
Dialogue: 0,2:18:22.06,2:18:25.03,Default,,0000,0000,0000,,Certainly it helps to get people to be aware
Dialogue: 0,2:18:25.03,2:18:29.04,Default,,0000,0000,0000,,of who they should be contacting\Nand who to work with.
Dialogue: 0,2:18:29.04,2:18:34.09,Default,,0000,0000,0000,,But the real life scenario is\Nprobably going to be fairly different.
Dialogue: 0,2:18:34.09,2:18:36.08,Default,,0000,0000,0000,,>> Brian: Fair enough, Danny.
Dialogue: 0,2:18:36.08,2:18:38.04,Default,,0000,0000,0000,,>> Danny: Yeah this is working now.
Dialogue: 0,2:18:38.04,2:18:43.06,Default,,0000,0000,0000,,I would just add there are some multinational\Nsimulations today, everything from cyber storm
Dialogue: 0,2:18:43.06,2:18:47.01,Default,,0000,0000,0000,,to you name it, lots of national\Nlevel exercises,
Dialogue: 0,2:18:47.01,2:18:50.01,Default,,0000,0000,0000,,international exercises that sort of thing.
Dialogue: 0,2:18:50.01,2:18:54.03,Default,,0000,0000,0000,,I think from a global scale\Nperspective, we have those every day,
Dialogue: 0,2:18:54.03,2:18:57.04,Default,,0000,0000,0000,,[Laughter] so I'm not sure we actually need one.
Dialogue: 0,2:18:57.04,2:19:03.07,Default,,0000,0000,0000,,Certainly we're on the receiving\Nend of a lot of love and so I think
Dialogue: 0,2:19:03.07,2:19:17.00,Default,,0000,0000,0000,,that exercising [audio issue] and\Nunderstanding those sorts of things,
Dialogue: 0,2:19:17.00,2:19:22.10,Default,,0000,0000,0000,,but [audio issue] final turn of attack vectors.
Dialogue: 0,2:19:22.10,2:19:25.09,Default,,0000,0000,0000,,>> Brian: Okay in the room, I\Nthink we have at least 3 more.
Dialogue: 0,2:19:25.09,2:19:28.08,Default,,0000,0000,0000,,Okay come on up to the mic-- oh\Nis that one working now Joley?
Dialogue: 0,2:19:28.08,2:19:29.00,Default,,0000,0000,0000,,>> Joley: No.
Dialogue: 0,2:19:29.00,2:19:31.00,Default,,0000,0000,0000,,>> Brian: Okay come on up to the mic please
Dialogue: 0,2:19:31.00,2:19:33.09,Default,,0000,0000,0000,,and if you'd introduce yourself\Nbefore the question please.
Dialogue: 0,2:19:33.09,2:19:41.04,Default,,0000,0000,0000,,>> My name is Anthony Bargese [phonetic] and\NI'm from John J College of Criminal Justice.
Dialogue: 0,2:19:41.04,2:19:48.06,Default,,0000,0000,0000,,You guys covered some of the parties that\NDDoS and users and also the government,
Dialogue: 0,2:19:48.06,2:19:54.10,Default,,0000,0000,0000,,and also the providers and how\Nto be responsible and proactive.
Dialogue: 0,2:19:54.10,2:20:00.04,Default,,0000,0000,0000,,But what about software vendors or some of\Nthe vendors that are putting their products
Dialogue: 0,2:20:00.04,2:20:06.03,Default,,0000,0000,0000,,out there with all these security holes\Nand that's where it starts and ends
Dialogue: 0,2:20:06.03,2:20:08.07,Default,,0000,0000,0000,,with the NS providers, the ISP providers
Dialogue: 0,2:20:08.07,2:20:18.01,Default,,0000,0000,0000,,who sometimes host these command\Ncontrol servers for these DDoS attack.
Dialogue: 0,2:20:18.01,2:20:21.02,Default,,0000,0000,0000,,Should there be a change\Nof mentality on their side?
Dialogue: 0,2:20:21.02,2:20:29.06,Default,,0000,0000,0000,,I know that Google does something that's\Ncalled bug bounties; they offer you money
Dialogue: 0,2:20:29.06,2:20:32.03,Default,,0000,0000,0000,,if you find a bug on their software.
Dialogue: 0,2:20:32.03,2:20:39.01,Default,,0000,0000,0000,,Should this be applied across the\Nboard for all the software vendors
Dialogue: 0,2:20:39.01,2:20:41.08,Default,,0000,0000,0000,,and of these providers of products?
Dialogue: 0,2:20:41.08,2:20:43.06,Default,,0000,0000,0000,,>> Brian: [inaudible]
Dialogue: 0,2:20:43.06,2:20:47.04,Default,,0000,0000,0000,,>> Damian: I guess I have to start.
Dialogue: 0,2:20:47.04,2:20:57.00,Default,,0000,0000,0000,,So we do find-- what he was referring to is\NGoogle has a program where we actually pay
Dialogue: 0,2:20:57.00,2:21:03.05,Default,,0000,0000,0000,,for people to find bugs in our\Nproducts so for security critical bugs.
Dialogue: 0,2:21:03.05,2:21:08.07,Default,,0000,0000,0000,,So we found that there's a lot of college\Nkids or independent security researchers
Dialogue: 0,2:21:08.07,2:21:12.03,Default,,0000,0000,0000,,who are very interested in\Nlooking for security holes
Dialogue: 0,2:21:12.03,2:21:19.02,Default,,0000,0000,0000,,and when they previously basically had no\Noption but they could give it to us privately,
Dialogue: 0,2:21:19.02,2:21:24.00,Default,,0000,0000,0000,,hope that we'd fix it or to\Nwhatever vendor of the software was.
Dialogue: 0,2:21:24.00,2:21:28.06,Default,,0000,0000,0000,,It could be Microsoft or Adobe,\Nand hope that they would fix it,
Dialogue: 0,2:21:28.06,2:21:34.01,Default,,0000,0000,0000,,but then if the company could just\Ntake no action and they could just wait
Dialogue: 0,2:21:34.01,2:21:38.00,Default,,0000,0000,0000,,and let this vulnerability remain\Nand eventually this kid might say,
Dialogue: 0,2:21:38.00,2:21:42.08,Default,,0000,0000,0000,,the security researcher would\Nsay why am I waiting on this?
Dialogue: 0,2:21:42.08,2:21:46.06,Default,,0000,0000,0000,,Everyone is vulnerable to this thing\Nand they would publish this exploit
Dialogue: 0,2:21:46.06,2:21:51.02,Default,,0000,0000,0000,,and then you could see lots\Nof attacks targeting that.
Dialogue: 0,2:21:51.02,2:21:58.07,Default,,0000,0000,0000,,So what Google has done is basically start\Noffering money for bugs to compensate their time
Dialogue: 0,2:21:58.07,2:22:04.05,Default,,0000,0000,0000,,in finding them so, if you compromise, if\Nyou find a vulnerability in Google Chrome,
Dialogue: 0,2:22:04.05,2:22:10.03,Default,,0000,0000,0000,,the web browser, we'll pay you for information\Non that vulnerability with the agreement
Dialogue: 0,2:22:10.03,2:22:13.08,Default,,0000,0000,0000,,that you're going to keep it quiet until\Nwe fix it which could take a few days.
Dialogue: 0,2:22:13.08,2:22:22.05,Default,,0000,0000,0000,,And that way we're able to protect everyone\Nand also compensate the security researcher.
Dialogue: 0,2:22:22.05,2:22:25.02,Default,,0000,0000,0000,,>> Brian: Interesting, Miguel.
Dialogue: 0,2:22:25.02,2:22:29.07,Default,,0000,0000,0000,,>> Miguel: The thing that kind of complicates\Nthis a little bit also is that there is a lot
Dialogue: 0,2:22:29.07,2:22:36.06,Default,,0000,0000,0000,,of the internet runs on open source software\Nwhich is it gets a little bit more difficult
Dialogue: 0,2:22:36.06,2:22:40.10,Default,,0000,0000,0000,,to be able to put these mechanisms in place.
Dialogue: 0,2:22:40.10,2:22:47.01,Default,,0000,0000,0000,,With the recent bank attacks,\Nwe saw vulnerabilities exploited
Dialogue: 0,2:22:47.01,2:22:51.04,Default,,0000,0000,0000,,with open source content management\Nsystems that are widely deployed
Dialogue: 0,2:22:51.04,2:22:55.05,Default,,0000,0000,0000,,like a [inaudible] etcetera at word press.
Dialogue: 0,2:22:55.05,2:23:02.04,Default,,0000,0000,0000,,These are open source software that is\Nout there that is used significantly
Dialogue: 0,2:23:02.04,2:23:05.00,Default,,0000,0000,0000,,and so it gets a little bit harder.
Dialogue: 0,2:23:05.00,2:23:11.07,Default,,0000,0000,0000,,Unfortunately it's difficult for operators\Nnecessarily to control the content that is
Dialogue: 0,2:23:11.07,2:23:18.01,Default,,0000,0000,0000,,on their system, especially the shared hosting\Noperators etcetera and it's hard to push people
Dialogue: 0,2:23:18.01,2:23:24.06,Default,,0000,0000,0000,,to update their software and as for\Nsoftware developers, as much as they'll try
Dialogue: 0,2:23:24.06,2:23:29.06,Default,,0000,0000,0000,,to make things as secure as they can, there's\Nalways going to be some kind of a bug,
Dialogue: 0,2:23:29.06,2:23:37.03,Default,,0000,0000,0000,,you can't get it all and it's the fact that\Nthere's so much open source software out there,
Dialogue: 0,2:23:37.03,2:23:41.03,Default,,0000,0000,0000,,it's not like you can point a\Nfigure and you are responsible.
Dialogue: 0,2:23:41.03,2:23:43.05,Default,,0000,0000,0000,,It's quite difficult to do.
Dialogue: 0,2:23:43.05,2:23:45.02,Default,,0000,0000,0000,,>> Brian: Yeah, Ram.
Dialogue: 0,2:23:45.02,2:23:46.02,Default,,0000,0000,0000,,
Dialogue: 0,2:23:46.02,2:23:53.09,Default,,0000,0000,0000,,>> Ram: You know one thing that software\Nmanufacturers and the developers of software,
Dialogue: 0,2:23:53.09,2:23:59.02,Default,,0000,0000,0000,,some of them have to start thinking about\Nand changing their mindset is due to come
Dialogue: 0,2:23:59.02,2:24:04.02,Default,,0000,0000,0000,,to the understanding that many of the devices
Dialogue: 0,2:24:04.02,2:24:09.06,Default,,0000,0000,0000,,on which the software is running are\Nalways on and they're always online.
Dialogue: 0,2:24:09.06,2:24:15.07,Default,,0000,0000,0000,,There's still a lot of software that\Ndoes not incorporate automatic updating
Dialogue: 0,2:24:15.07,2:24:18.09,Default,,0000,0000,0000,,and regular downloads of patches.
Dialogue: 0,2:24:18.09,2:24:24.06,Default,,0000,0000,0000,,That should be the baseline, that should be\Nthe very fundamental thing and that's the kind
Dialogue: 0,2:24:24.06,2:24:29.09,Default,,0000,0000,0000,,of thing that ought to be taught in schools\Nfor folks learning how to write code.
Dialogue: 0,2:24:29.09,2:24:35.02,Default,,0000,0000,0000,,It's not enough to just learn to do the\Ncode, but to have that mechanism in there.
Dialogue: 0,2:24:35.02,2:24:38.10,Default,,0000,0000,0000,,It ought to be trivial and\Nit ought to become regular.
Dialogue: 0,2:24:38.10,2:24:45.00,Default,,0000,0000,0000,,Unfortunately, it's more the exception than\Nthe norm today and I think if you'd get
Dialogue: 0,2:24:45.00,2:24:51.01,Default,,0000,0000,0000,,to that point that will solve some\Npart of the problem significantly.
Dialogue: 0,2:24:51.01,2:24:52.04,Default,,0000,0000,0000,,>> Brian: Danny.
Dialogue: 0,2:24:52.04,2:24:56.07,Default,,0000,0000,0000,,>> Danny: So yeah I think I would be\Nremiss in not mentioning Versign's,
Dialogue: 0,2:24:56.07,2:25:00.03,Default,,0000,0000,0000,,I Defense Vulnerability Contribution Program\Nas well and we do something very similar
Dialogue: 0,2:25:00.03,2:25:06.01,Default,,0000,0000,0000,,for any vulnerability that fall within a very\Nbroad spectrum that are multivendor and try
Dialogue: 0,2:25:06.01,2:25:10.02,Default,,0000,0000,0000,,and do responsible disclosure\Nassociated with those.
Dialogue: 0,2:25:10.02,2:25:15.08,Default,,0000,0000,0000,,To the topic in general, I think bounties are\Ncertainly valuable things in general for people
Dialogue: 0,2:25:15.08,2:25:21.02,Default,,0000,0000,0000,,that want to apply exploits in a positive way\Nand contribute in a positive way to industry.
Dialogue: 0,2:25:21.02,2:25:25.02,Default,,0000,0000,0000,,I think anybody that's paying\Nattention certainly realizes a lot
Dialogue: 0,2:25:25.02,2:25:30.01,Default,,0000,0000,0000,,of the commercial vendors while they're\Nalways going to be a long way to go,
Dialogue: 0,2:25:30.01,2:25:34.06,Default,,0000,0000,0000,,are leaps and bounds from where\Nwe were with worm able systems
Dialogue: 0,2:25:34.06,2:25:40.05,Default,,0000,0000,0000,,or even patch management systems of that\Nwe were vulnerable of a few years ago.
Dialogue: 0,2:25:40.05,2:25:43.01,Default,,0000,0000,0000,,And so I think Microsoft is an\Nexample, but lots of others as well,
Dialogue: 0,2:25:43.01,2:25:50.04,Default,,0000,0000,0000,,and so I think we are making progress\Nbut, secure coding practices, application,
Dialogue: 0,2:25:50.04,2:25:53.05,Default,,0000,0000,0000,,software security, those things and all\Nthe fundamentals are certainly thing
Dialogue: 0,2:25:53.05,2:25:56.10,Default,,0000,0000,0000,,that we're going to have to\Ncontinue to do a much better job at.
Dialogue: 0,2:25:56.10,2:25:59.02,Default,,0000,0000,0000,,>> Brian: Thank you, I know we've\Ngot two more questions in the room.
Dialogue: 0,2:25:59.02,2:26:06.00,Default,,0000,0000,0000,,Go here first and then please identify yourself.
Dialogue: 0,2:26:06.00,2:26:08.00,Default,,0000,0000,0000,,>> [Inaudible] New York Technology Council.
Dialogue: 0,2:26:08.00,2:26:10.08,Default,,0000,0000,0000,,I was wondering if you could\Nput this perspective.
Dialogue: 0,2:26:10.08,2:26:17.04,Default,,0000,0000,0000,,Are DDoS attacks the one thing we should be\Nfocusing, are there other like SYN floods,
Dialogue: 0,2:26:17.04,2:26:24.08,Default,,0000,0000,0000,,other attacks that are similar in nature that\Nthere should be conferences on and keep you
Dialogue: 0,2:26:24.08,2:26:30.00,Default,,0000,0000,0000,,up at night or is this where\Nmost of your energy goes?
Dialogue: 0,2:26:30.00,2:26:38.07,Default,,0000,0000,0000,,>> Ram: Yeah this, the single biggest\Nthing that keeps me up at night.
Dialogue: 0,2:26:38.07,2:26:48.01,Default,,0000,0000,0000,,Lots of other things end up becoming part\Nof this much larger stream and it used to be
Dialogue: 0,2:26:48.01,2:26:53.05,Default,,0000,0000,0000,,that it was a dos attack and then it became a\NDDoS attack and then you had command and control
Dialogue: 0,2:26:53.05,2:26:59.08,Default,,0000,0000,0000,,and then you have crowd sourced, it's evolving,\Nit's not the same beast as was many years ago.
Dialogue: 0,2:26:59.08,2:27:04.09,Default,,0000,0000,0000,,So the definitions from multiple\Nyears ago, is not what it is today.
Dialogue: 0,2:27:04.09,2:27:12.00,Default,,0000,0000,0000,,What really scares me about this is the\Nasymmetric nature of the ability for an attacker
Dialogue: 0,2:27:12.00,2:27:18.00,Default,,0000,0000,0000,,to mount a significant attack in a very\Nshort amount of time and keep it sustained
Dialogue: 0,2:27:18.00,2:27:23.02,Default,,0000,0000,0000,,for a long period of time and really\Ndrain you on the responding side
Dialogue: 0,2:27:23.02,2:27:28.03,Default,,0000,0000,0000,,of your critical attention resources.
Dialogue: 0,2:27:28.03,2:27:33.07,Default,,0000,0000,0000,,That really worries me and I think you\Nlook at SYN floods or any of those things;
Dialogue: 0,2:27:33.07,2:27:39.03,Default,,0000,0000,0000,,those kind of are subsumed into\Nthe larger scale of this phenomenon
Dialogue: 0,2:27:39.03,2:27:47.04,Default,,0000,0000,0000,,that left unchecked I think has\Na significant negative impact.
Dialogue: 0,2:27:47.04,2:27:48.07,Default,,0000,0000,0000,,>> Brian: Anyone else?
Dialogue: 0,2:27:48.07,2:27:49.00,Default,,0000,0000,0000,,Yes Jillian.
Dialogue: 0,2:27:49.00,2:27:53.01,Default,,0000,0000,0000,,>> Jillian: Yeah just I actually\Nagree with what Ram just said.
Dialogue: 0,2:27:53.01,2:27:58.10,Default,,0000,0000,0000,,I would add to that to say just say,\Nand if you're thinking about the scale,
Dialogue: 0,2:27:58.10,2:28:01.02,Default,,0000,0000,0000,,the most recent stat that I\Nhave off the top of my head is
Dialogue: 0,2:28:01.02,2:28:08.08,Default,,0000,0000,0000,,that in 2010 Arbor Networks was detecting\Nroughly 1300 attacks per day and I guessing
Dialogue: 0,2:28:08.08,2:28:13.06,Default,,0000,0000,0000,,that it's much higher than that, the real\Nnumber and so I do think this is a big concern
Dialogue: 0,2:28:13.06,2:28:15.02,Default,,0000,0000,0000,,because of the impact that it has.
Dialogue: 0,2:28:15.02,2:28:22.01,Default,,0000,0000,0000,,I mean there are certainly plenty of other\Ntypes of attacks but the sort of inability
Dialogue: 0,2:28:22.01,2:28:28.04,Default,,0000,0000,0000,,to protect oneself, coupled with everything that\NRam just said, makes this a much bigger issue
Dialogue: 0,2:28:28.04,2:28:33.08,Default,,0000,0000,0000,,than some of the other things\Nthat we're looking at.
Dialogue: 0,2:28:33.08,2:28:38.07,Default,,0000,0000,0000,,>> Danny: I was going to add that DDoS\Nthe two primary vectors volumetric,
Dialogue: 0,2:28:38.07,2:28:41.09,Default,,0000,0000,0000,,in other words attacks are getting\Nbigger, more frequent, longer duration,
Dialogue: 0,2:28:41.09,2:28:47.00,Default,,0000,0000,0000,,so forth but the sophistication of those as well\Nwhere the right query string could drive a lot
Dialogue: 0,2:28:47.00,2:28:50.04,Default,,0000,0000,0000,,of backend transactions on the right\Npiece of [inaudible] those sorts of things
Dialogue: 0,2:28:50.04,2:28:55.04,Default,,0000,0000,0000,,from a denial service perspective\Nis the availability side
Dialogue: 0,2:28:55.04,2:28:57.01,Default,,0000,0000,0000,,of the information security [inaudible].
Dialogue: 0,2:28:57.01,2:29:03.04,Default,,0000,0000,0000,,The other two sides are the integrity\Nof the information on the infrastructure
Dialogue: 0,2:29:03.04,2:29:08.01,Default,,0000,0000,0000,,and the confidentiality and\NI think certainly for anyone
Dialogue: 0,2:29:08.01,2:29:13.07,Default,,0000,0000,0000,,in the information security field\Npersistent attackers, advance attackers,
Dialogue: 0,2:29:13.07,2:29:19.09,Default,,0000,0000,0000,,even general attackers and mobile devices\Nand bring your own device and sort
Dialogue: 0,2:29:19.09,2:29:24.01,Default,,0000,0000,0000,,of a squishy perimeter and soft\Nunder belly inside an enterprise
Dialogue: 0,2:29:24.01,2:29:25.03,Default,,0000,0000,0000,,or at Starbucks or whatever.
Dialogue: 0,2:29:25.03,2:29:29.07,Default,,0000,0000,0000,,All those things for information leakage\Nand so forth certainly is something
Dialogue: 0,2:29:29.07,2:29:33.02,Default,,0000,0000,0000,,that you should be concerned with as well\Nbut the availability side for a lot of folks
Dialogue: 0,2:29:33.02,2:29:37.09,Default,,0000,0000,0000,,that are in the network services business is\Na very big piece of that but also the sort
Dialogue: 0,2:29:37.09,2:29:42.10,Default,,0000,0000,0000,,of more concerted attackers that might want\Nto control the right keyboard as opposed
Dialogue: 0,2:29:42.10,2:29:47.09,Default,,0000,0000,0000,,to simply disabling is also something\Nthat has some pretty far reaching effects.
Dialogue: 0,2:29:47.09,2:29:48.06,Default,,0000,0000,0000,,>> Brian: Damian.
Dialogue: 0,2:29:48.06,2:29:51.09,Default,,0000,0000,0000,,>> Damian: So I wanted to say\Nfrom a defender standpoint,
Dialogue: 0,2:29:51.09,2:29:57.06,Default,,0000,0000,0000,,yeah DDoS is sort of the largest concern\Nright now but from a global view,
Dialogue: 0,2:29:57.06,2:30:02.03,Default,,0000,0000,0000,,I think dos attacks are really a symptom of a\Nlarger problem which is that there are a lot
Dialogue: 0,2:30:02.03,2:30:04.03,Default,,0000,0000,0000,,of infected machines on the internet.
Dialogue: 0,2:30:04.03,2:30:09.07,Default,,0000,0000,0000,,I think at one point I heard an ISP say is they\Nestimated 10% of their customers are infected.
Dialogue: 0,2:30:09.07,2:30:15.08,Default,,0000,0000,0000,,So when you take that into account, if we could\Nactually stop having so many infected machines
Dialogue: 0,2:30:15.08,2:30:18.06,Default,,0000,0000,0000,,on the internet or so many\Nvulnerable machines at least,
Dialogue: 0,2:30:18.06,2:30:23.06,Default,,0000,0000,0000,,then that would largely reduce\Nthe scope of these dos attacks
Dialogue: 0,2:30:23.06,2:30:26.02,Default,,0000,0000,0000,,and for that we basically\Nneed what Ram was saying
Dialogue: 0,2:30:26.02,2:30:29.02,Default,,0000,0000,0000,,of automatic updates have\Nto be the normal thing.
Dialogue: 0,2:30:29.02,2:30:33.05,Default,,0000,0000,0000,,You should never have any client side\Nsoftware that doesn't automatically update.
Dialogue: 0,2:30:33.05,2:30:34.06,Default,,0000,0000,0000,,Brian: Thanks, Miguel.
Dialogue: 0,2:30:34.06,2:30:41.00,Default,,0000,0000,0000,,Miguel: Just adding to one thing that Damian\Nis saying, I absolutely agree with all of that
Dialogue: 0,2:30:41.00,2:30:47.04,Default,,0000,0000,0000,,in terms of automatic updates and especially for\Nend user computers which form a significant part
Dialogue: 0,2:30:47.04,2:30:50.00,Default,,0000,0000,0000,,of the botnet paradigm these days.
Dialogue: 0,2:30:50.00,2:30:54.02,Default,,0000,0000,0000,,When it comes to enterprises, it\Ngets a little bit more difficult.
Dialogue: 0,2:30:54.02,2:31:06.01,Default,,0000,0000,0000,,I think as much as I would love to say\Nautomatically update my production software,
Dialogue: 0,2:31:06.01,2:31:11.05,Default,,0000,0000,0000,,unfortunately, especially for a large-scale\Noperators, they're running infrastructure
Dialogue: 0,2:31:11.05,2:31:15.05,Default,,0000,0000,0000,,that services a lot of people, you\Ndon't really know what's going to happen
Dialogue: 0,2:31:15.05,2:31:19.02,Default,,0000,0000,0000,,when you make an update potentially and\Nthat has to be very carefully controlled,
Dialogue: 0,2:31:19.02,2:31:20.09,Default,,0000,0000,0000,,it's got to be regression tested.
Dialogue: 0,2:31:20.09,2:31:27.00,Default,,0000,0000,0000,,It's got to go through extensive QA and are we\Never going to get to a point where it's going
Dialogue: 0,2:31:27.00,2:31:34.01,Default,,0000,0000,0000,,to be easy for enterprises to be\Nable to push out security fixes?
Dialogue: 0,2:31:34.01,2:31:40.03,Default,,0000,0000,0000,,The idealist in me says I hope so, but I'm\Nskeptical that that's going to be the case
Dialogue: 0,2:31:40.03,2:31:47.04,Default,,0000,0000,0000,,because the day-to-day aspects of ensuring\Nbusiness operations, continuity and making sure
Dialogue: 0,2:31:47.04,2:31:52.08,Default,,0000,0000,0000,,that assets are available are most likely for\Nthe foreseeable future, going to trump the need
Dialogue: 0,2:31:52.08,2:31:55.06,Default,,0000,0000,0000,,to push out updates as quickly as possible.
Dialogue: 0,2:31:55.06,2:31:58.07,Default,,0000,0000,0000,,Brian: Actually we do have two more questions.
Dialogue: 0,2:31:58.07,2:32:01.05,Default,,0000,0000,0000,,This gentleman here first and we do\Nhave time for two more questions.
Dialogue: 0,2:32:01.05,2:32:06.09,Default,,0000,0000,0000,,So will you come up please?
Dialogue: 0,2:32:06.09,2:32:07.04,Default,,0000,0000,0000,,>> I am [inaudible].
Dialogue: 0,2:32:07.04,2:32:10.08,Default,,0000,0000,0000,,I run a software company called QCD Systems.
Dialogue: 0,2:32:10.08,2:32:13.03,Default,,0000,0000,0000,,So the question is actually\Nvery similar to the previous one
Dialogue: 0,2:32:13.03,2:32:15.07,Default,,0000,0000,0000,,but I'll go a little more in detail.
Dialogue: 0,2:32:15.07,2:32:21.07,Default,,0000,0000,0000,,So when it comes to security, [inaudible]\Nsecurity off of just data itself.
Dialogue: 0,2:32:21.07,2:32:25.02,Default,,0000,0000,0000,,So there's an attack to intellectual\Nproperty and then we've heard of cases
Dialogue: 0,2:32:25.02,2:32:28.07,Default,,0000,0000,0000,,that intellectual property got\Nstolen [inaudible] of that.
Dialogue: 0,2:32:28.07,2:32:32.01,Default,,0000,0000,0000,,Movie companies always have their trailers\Nleaked and pieces of movies leaked,
Dialogue: 0,2:32:32.01,2:32:35.02,Default,,0000,0000,0000,,so that's one kind of attack out there.
Dialogue: 0,2:32:35.02,2:32:38.00,Default,,0000,0000,0000,,Then there's other things;\Nlike the phishing kind of thing
Dialogue: 0,2:32:38.00,2:32:39.08,Default,,0000,0000,0000,,like [inaudible] scams and all that.
Dialogue: 0,2:32:39.08,2:32:43.02,Default,,0000,0000,0000,,I'm talking about things that\Neffect users and companies.
Dialogue: 0,2:32:43.02,2:32:50.01,Default,,0000,0000,0000,,And then there's also the risk that your\Nbank account may have been compromised,
Dialogue: 0,2:32:50.01,2:32:53.01,Default,,0000,0000,0000,,your passwords might have been\Nstolen or is easy to guess.
Dialogue: 0,2:32:53.01,2:32:58.07,Default,,0000,0000,0000,,So in the scheme of all these different things,\Nwhere will you place the denial of service
Dialogue: 0,2:32:58.07,2:33:02.08,Default,,0000,0000,0000,,for a company or for a consumer because\Nthey have plenty of things to deal
Dialogue: 0,2:33:02.08,2:33:05.01,Default,,0000,0000,0000,,with right now when it comes to security?
Dialogue: 0,2:33:05.01,2:33:11.03,Default,,0000,0000,0000,,So I was just trying to get a perspective\Non where this distributed denial service,
Dialogue: 0,2:33:11.03,2:33:16.08,Default,,0000,0000,0000,,where it fits into the larger scheme of things\Nand how relevant it is and the other part is
Dialogue: 0,2:33:16.08,2:33:19.05,Default,,0000,0000,0000,,where do you see things going\Nlet's say five years from now?
Dialogue: 0,2:33:19.05,2:33:23.04,Default,,0000,0000,0000,,Is this going to be the single biggest thing\Nto worry about or do we have other things also
Dialogue: 0,2:33:23.04,2:33:26.08,Default,,0000,0000,0000,,that we should be concerned about?
Dialogue: 0,2:33:26.08,2:33:27.09,Default,,0000,0000,0000,,
Dialogue: 0,2:33:27.09,2:33:29.01,Default,,0000,0000,0000,,>> Brian: Thanks.
Dialogue: 0,2:33:29.01,2:33:29.00,Default,,0000,0000,0000,,Danny.
Dialogue: 0,2:33:29.00,2:33:34.04,Default,,0000,0000,0000,,>> Danny: I would just say that you\Nknow for your organization it's going
Dialogue: 0,2:33:34.04,2:33:36.01,Default,,0000,0000,0000,,to be specific to your organization.
Dialogue: 0,2:33:36.01,2:33:38.09,Default,,0000,0000,0000,,You're going to say here's our\Nrisk tolerance for these things,
Dialogue: 0,2:33:38.09,2:33:43.04,Default,,0000,0000,0000,,for these internet facing properties,\Nthis information security or data privacy
Dialogue: 0,2:33:43.04,2:33:47.08,Default,,0000,0000,0000,,or data retention, or digital rights management,\Nwhatever it is you're concerned with.
Dialogue: 0,2:33:47.08,2:33:51.08,Default,,0000,0000,0000,,I don't think that there's a one size fits\Nall, I think it's all about risk management
Dialogue: 0,2:33:51.08,2:33:53.08,Default,,0000,0000,0000,,for your organization because\Nif you don't have a lot
Dialogue: 0,2:33:53.08,2:33:56.07,Default,,0000,0000,0000,,of internet facing services,\Nit may not be a problem.
Dialogue: 0,2:33:56.07,2:33:59.01,Default,,0000,0000,0000,,More than likely you have some things today.
Dialogue: 0,2:33:59.01,2:34:01.09,Default,,0000,0000,0000,,You wouldn't be here if you weren't\Nrelying on the internet in some way
Dialogue: 0,2:34:01.09,2:34:03.07,Default,,0000,0000,0000,,so what does that mean to your business?
Dialogue: 0,2:34:03.07,2:34:07.09,Default,,0000,0000,0000,,As opposed to some piece of information\Nfrom either your personal bank records
Dialogue: 0,2:34:07.09,2:34:12.06,Default,,0000,0000,0000,,or your corporate information being actually\Ntraded to the wrong person what would that mean?
Dialogue: 0,2:34:12.06,2:34:17.01,Default,,0000,0000,0000,,So I think it all goes back to what are\Nthe critical assets your organization,
Dialogue: 0,2:34:17.01,2:34:21.00,Default,,0000,0000,0000,,what enables those and how do\Nyou balance risk to those assets?
Dialogue: 0,2:34:21.00,2:34:22.01,Default,,0000,0000,0000,,>> Brian: Yeah, Ram.
Dialogue: 0,2:34:22.01,2:34:29.00,Default,,0000,0000,0000,,>> Ram: So the way I advise folks or provide\Nsome suggestion is, you really have to think
Dialogue: 0,2:34:29.00,2:34:32.03,Default,,0000,0000,0000,,about this and look at it as a matrix.
Dialogue: 0,2:34:32.03,2:34:35.08,Default,,0000,0000,0000,,You have to think about, which is\Nfurther to what Danny is saying,
Dialogue: 0,2:34:35.08,2:34:41.04,Default,,0000,0000,0000,,you have to worry about confidentiality,\Nor integrity, or availability and you have
Dialogue: 0,2:34:41.04,2:34:45.00,Default,,0000,0000,0000,,to figure out which of those\Nmatter more for you.
Dialogue: 0,2:34:45.00,2:34:51.02,Default,,0000,0000,0000,,You can't have one versus the other, in many\Ncases you want to have all of the above,
Dialogue: 0,2:34:51.02,2:34:57.04,Default,,0000,0000,0000,,but you have to decide which of those matter\Nmore for you, and then devote your time,
Dialogue: 0,2:34:57.04,2:35:00.05,Default,,0000,0000,0000,,effort and resources towards that.
Dialogue: 0,2:35:00.05,2:35:03.09,Default,,0000,0000,0000,,But picking just one, just\Nhaving great availability,
Dialogue: 0,2:35:03.09,2:35:09.08,Default,,0000,0000,0000,,DDoS mitigation ensure availability\Nbut if you have a site that is running
Dialogue: 0,2:35:09.08,2:35:12.02,Default,,0000,0000,0000,,on software has not been updated and is prone
Dialogue: 0,2:35:12.02,2:35:15.08,Default,,0000,0000,0000,,to buffer overflow attacks then\Nall the availability is going
Dialogue: 0,2:35:15.08,2:35:18.07,Default,,0000,0000,0000,,to be fantastic for you to get hacked.
Dialogue: 0,2:35:18.07,2:35:23.04,Default,,0000,0000,0000,,[Laughter] So you have to figure out\Nwhere it is on the spectrum and devote it.
Dialogue: 0,2:35:23.04,2:35:31.05,Default,,0000,0000,0000,,One reality is that no matter what the budget\Nthat is allocated, if you're a corporation,
Dialogue: 0,2:35:31.05,2:35:34.03,Default,,0000,0000,0000,,if you're an entity, the\Nbudget that is allocated to it,
Dialogue: 0,2:35:34.03,2:35:40.05,Default,,0000,0000,0000,,it seems that it remains the\Nsame, it suddenly doesn't reduce
Dialogue: 0,2:35:40.05,2:35:44.00,Default,,0000,0000,0000,,and you simply reallocate the pie depending
Dialogue: 0,2:35:44.00,2:35:49.04,Default,,0000,0000,0000,,on what you think your biggest\Nvulnerability is, your biggest risk is.
Dialogue: 0,2:35:49.04,2:35:50.02,Default,,0000,0000,0000,,>> Brian: Anybody else, Jeff.
Dialogue: 0,2:35:50.02,2:35:54.07,Default,,0000,0000,0000,,>> Jeff: I would just say you know you asked\Nabout what's important to a crump company
Dialogue: 0,2:35:54.07,2:35:56.08,Default,,0000,0000,0000,,or [inaudible], I mean it totally depends.
Dialogue: 0,2:35:56.08,2:36:01.07,Default,,0000,0000,0000,,I think Brian talked about some guy from\NOhio, more likely to have a problem,
Dialogue: 0,2:36:01.07,2:36:04.09,Default,,0000,0000,0000,,it may be inconvenienced by DDoS because\Nthey can't get to whatever website,
Dialogue: 0,2:36:04.09,2:36:06.08,Default,,0000,0000,0000,,but they're more likely to\Nhave their computer compromised
Dialogue: 0,2:36:06.08,2:36:08.05,Default,,0000,0000,0000,,or identity stolen or other activity.
Dialogue: 0,2:36:08.05,2:36:14.07,Default,,0000,0000,0000,,That's going to hit them deeper and for a\Nlonger period so it's totally situational.
Dialogue: 0,2:36:14.07,2:36:19.00,Default,,0000,0000,0000,,In terms of where we going in 5 years,
Dialogue: 0,2:36:19.00,2:36:24.05,Default,,0000,0000,0000,,my guess is that we'll see new\Nnefarious uses for the same old tools.
Dialogue: 0,2:36:24.05,2:36:29.03,Default,,0000,0000,0000,,There's some new stuff out there but\Nit's a lot of variations on a theme
Dialogue: 0,2:36:29.03,2:36:35.04,Default,,0000,0000,0000,,and just find a new creative bad ways\Nto use them for bad purposes or profit.
Dialogue: 0,2:36:35.04,2:36:40.07,Default,,0000,0000,0000,,So I think the down service attacks are here to\Nstay but how they're used will probably morph
Dialogue: 0,2:36:40.07,2:36:45.01,Default,,0000,0000,0000,,and change and cycle back,\Nwhat's old is new again.
Dialogue: 0,2:36:45.01,2:36:46.00,Default,,0000,0000,0000,,>> Brian: Miguel.
Dialogue: 0,2:36:46.00,2:36:48.09,Default,,0000,0000,0000,,>> Miguel: The thing that troubles me a\Nlittle bit about the future when it comes
Dialogue: 0,2:36:48.09,2:36:55.01,Default,,0000,0000,0000,,to DDoS attack is that there is because\Nit's been in the news a little bit more
Dialogue: 0,2:36:55.01,2:36:59.10,Default,,0000,0000,0000,,because it's been publicized a little\Nbit more, you look at what happened
Dialogue: 0,2:36:59.10,2:37:04.02,Default,,0000,0000,0000,,on the bank attacks lately, there's kind\Nof a blueprint now that is out there
Dialogue: 0,2:37:04.02,2:37:09.01,Default,,0000,0000,0000,,that people can potentially follow\Nto launch these large-scale attacks.
Dialogue: 0,2:37:09.01,2:37:14.05,Default,,0000,0000,0000,,You've got what happened with the banks\Nrecently it's at least at a high level,
Dialogue: 0,2:37:14.05,2:37:22.01,Default,,0000,0000,0000,,its public knowledge how it was sort of done\Nfrom a high level, that information is out there
Dialogue: 0,2:37:22.01,2:37:26.03,Default,,0000,0000,0000,,and those attacks kind of\Nproved yes, it's possible.
Dialogue: 0,2:37:26.03,2:37:31.06,Default,,0000,0000,0000,,They provide a blueprint for people to\Nfollow for doing it again and the fact
Dialogue: 0,2:37:31.06,2:37:35.08,Default,,0000,0000,0000,,that that was done scares the heck out of me.
Dialogue: 0,2:37:35.08,2:37:38.07,Default,,0000,0000,0000,,>> Brian: Thank you and we have one\Nfinal question from the room, please.
Dialogue: 0,2:37:38.07,2:37:41.08,Default,,0000,0000,0000,,[Pause]
Dialogue: 0,2:37:41.08,2:37:46.00,Default,,0000,0000,0000,,>> Hi, it's Lucas from [inaudible].
Dialogue: 0,2:37:46.00,2:37:51.07,Default,,0000,0000,0000,,Just following up similarly to the previous\Nquestion, based on the trends that you've seen
Dialogue: 0,2:37:51.07,2:37:56.01,Default,,0000,0000,0000,,to date, where do you see these attacks heading\Nboth from like an attacker perspective as well
Dialogue: 0,2:37:56.01,2:37:57.05,Default,,0000,0000,0000,,as from a mitigation perspective?
Dialogue: 0,2:37:57.05,2:38:02.02,Default,,0000,0000,0000,,Do you see one side winning\Nthe cat versus mouse game?
Dialogue: 0,2:38:02.02,2:38:03.06,Default,,0000,0000,0000,,
Dialogue: 0,2:38:03.06,2:38:05.07,Default,,0000,0000,0000,,>> Brian: Great question, Damian?
Dialogue: 0,2:38:05.07,2:38:11.04,Default,,0000,0000,0000,,>> Damian: Yeah so attacks are basically growing\Nexponentially I think if you look at most
Dialogue: 0,2:38:11.04,2:38:16.08,Default,,0000,0000,0000,,of the data on this you'll see that the size\Nof the attacks roughly doubles every year.
Dialogue: 0,2:38:16.08,2:38:22.05,Default,,0000,0000,0000,,I have graphs that track this back\Nlike 8 years and it's kind of scary
Dialogue: 0,2:38:22.05,2:38:26.06,Default,,0000,0000,0000,,that it's actually continuing, that exponential\Ngrowth but I think it's important to realize
Dialogue: 0,2:38:26.06,2:38:31.06,Default,,0000,0000,0000,,that that's just the internet is\Ngrowing exponentially as the consumers,
Dialogue: 0,2:38:31.06,2:38:35.00,Default,,0000,0000,0000,,as the end users, bandwidth\Nincreases, their home,
Dialogue: 0,2:38:35.00,2:38:41.03,Default,,0000,0000,0000,,the website bandwidth is also increasing so,\Nyou can kind of keep up but I think that a lot
Dialogue: 0,2:38:41.03,2:38:47.06,Default,,0000,0000,0000,,of what we're going to run into is a very small\Nwebsite, you know especially the types of sites
Dialogue: 0,2:38:47.06,2:38:51.09,Default,,0000,0000,0000,,that Jillian is worried about are\Nsimply too small to possibly survive.
Dialogue: 0,2:38:51.09,2:38:56.03,Default,,0000,0000,0000,,So they're going to be forced to combined\Ntheir resources and pool with others
Dialogue: 0,2:38:56.03,2:39:00.09,Default,,0000,0000,0000,,so what I expect is probably going to happen\Nover the next five years is we're going
Dialogue: 0,2:39:00.09,2:39:05.02,Default,,0000,0000,0000,,to start seeing organizations\Nconsolidate into larger and larger pools
Dialogue: 0,2:39:05.02,2:39:08.04,Default,,0000,0000,0000,,until eventually we're going to have\Nonly like maybe five organizations
Dialogue: 0,2:39:08.04,2:39:12.01,Default,,0000,0000,0000,,that offer DDoS mitigation\Nin the cloud as a service.
Dialogue: 0,2:39:12.01,2:39:16.06,Default,,0000,0000,0000,,It's just my guess of where the world is headed.
Dialogue: 0,2:39:16.06,2:39:16.08,Default,,0000,0000,0000,,>> Brian: Ram.
Dialogue: 0,2:39:16.08,2:39:23.01,Default,,0000,0000,0000,,>> Ram: And my fear is that we get at that\Npoint and then they get too big to fail.
Dialogue: 0,2:39:23.01,2:39:26.06,Default,,0000,0000,0000,,>> Brian: Well, with that thought,\Nwe're going to bring this to a close.
Dialogue: 0,2:39:26.06,2:39:27.07,Default,,0000,0000,0000,,[Laughter] Well done.
Dialogue: 0,2:39:27.07,2:39:32.02,Default,,0000,0000,0000,,Fear and loathing in New York.
Dialogue: 0,2:39:32.02,2:39:37.09,Default,,0000,0000,0000,,Public Interest Registry of the New York\NTechnology Council, Internet Society
Dialogue: 0,2:39:37.09,2:39:39.08,Default,,0000,0000,0000,,and the Internet Society's New York Chapter want
Dialogue: 0,2:39:39.08,2:39:42.05,Default,,0000,0000,0000,,to offer our sincere thanks\Nto the panelist today.
Dialogue: 0,2:39:42.05,2:39:45.05,Default,,0000,0000,0000,,Thank you so much for your time, your dedication
Dialogue: 0,2:39:45.05,2:39:50.04,Default,,0000,0000,0000,,to helping us understand this really critical\Nissue and also to thank the audience here
Dialogue: 0,2:39:50.04,2:39:52.06,Default,,0000,0000,0000,,and the audience online for following along.
Dialogue: 0,2:39:52.06,2:39:57.06,Default,,0000,0000,0000,,We hope that today's event has been\Nhelpful and that the participants come away
Dialogue: 0,2:39:57.06,2:40:02.07,Default,,0000,0000,0000,,with a greater appreciation of the scope\Nof this problem, steps that should be taken
Dialogue: 0,2:40:02.07,2:40:08.02,Default,,0000,0000,0000,,to mitigate DDoS attacks, and the potential\Nfor significant unintended consequences.
Dialogue: 0,2:40:08.02,2:40:11.10,Default,,0000,0000,0000,,DDoS is a serious issue in\Ntoday's interconnect world,
Dialogue: 0,2:40:11.10,2:40:15.02,Default,,0000,0000,0000,,one that is not just going\Nto fade away as we've heard.
Dialogue: 0,2:40:15.02,2:40:20.01,Default,,0000,0000,0000,,Fortunately there are resources available to\Nhelp us confront the myriad of challenges.
Dialogue: 0,2:40:20.01,2:40:25.10,Default,,0000,0000,0000,,I would like to specifically thank Joley\NMcFee [phonetic] from iSoc, New York,
Dialogue: 0,2:40:25.10,2:40:30.02,Default,,0000,0000,0000,,Eric Grimmelman [phonetic] from New York Tech\Nand Paul Brigner [phonetic] from iSoc here
Dialogue: 0,2:40:30.02,2:40:33.06,Default,,0000,0000,0000,,for helping us make this happen in a real sense.
Dialogue: 0,2:40:33.06,2:40:40.05,Default,,0000,0000,0000,,Along those lines, we at PIR intend to make\Nthe recording of this event available online
Dialogue: 0,2:40:40.05,2:40:45.02,Default,,0000,0000,0000,,at our website and our social media sites\Nand push that out and we're also going
Dialogue: 0,2:40:45.02,2:40:49.02,Default,,0000,0000,0000,,to post additional background\Nmaterials and encourage anyone
Dialogue: 0,2:40:49.02,2:40:52.00,Default,,0000,0000,0000,,to recommend other helpful tools and information
Dialogue: 0,2:40:52.00,2:40:54.10,Default,,0000,0000,0000,,like the CFF Guideline to\Nkeeping your site alive.
Dialogue: 0,2:40:54.10,2:40:57.06,Default,,0000,0000,0000,,So again thank you to everyone\Nfor joining us today.
Dialogue: 0,2:40:57.06,2:40:59.00,Default,,0000,0000,0000,,Thank you so much.
Dialogue: 0,2:40:59.00,2:41:01.00,Default,,0000,0000,0000,,[ Applause ]
Dialogue: 0,2:41:01.00,9:59:59.99,Default,,0000,0000,0000,,