Cybersecurity Expert Chris Krebs Warns of Risks to U.S.

[00:00:00] [SPEAKER_00]: With Ecolab Science Certified, we take cleaning off your plate so you can focus on what's most important to your restaurant, your guests, and having them switch from giving your restaurant a go to making it a go-to spot. Ecolab Science Certified. Count on a scientific clean. Learn more at sciencecertified.com.

[00:00:18] [SPEAKER_05]: Welcome to Tech News Briefing. It's Thursday, October 24th. I'm Zoe Thomas for The Wall Street Journal.

[00:00:25] [SPEAKER_05]: Are you a tech executive looking for a part-time job? What about signing up to be a military reservist?

[00:00:32] [SPEAKER_05]: The Defense Department is considering an initiative to bring some of Silicon Valley's top talent deeper into its folds.

[00:00:40] [SPEAKER_05]: And then, U.S. businesses are on the front lines as China hones its hacking capabilities.

[00:00:47] [SPEAKER_05]: That's according to Chris Krebs, Chief Intelligence and Public Policy Officer at cybersecurity firm SentinelOne.

[00:00:54] [SPEAKER_05]: At WSJ Tech Live, he described what he says is China honing its ability to turn off American critical infrastructure if it wanted to disrupt a U.S. response to a Chinese attack on Taiwan.

[00:01:07] [SPEAKER_05]: We'll have highlights from his conversation with our reporter, Rolf Winkler.

[00:01:14] [SPEAKER_05]: But first, the Defense Department is considering asking chief technology officers and other senior tech professionals to join its reserves in high-ranking positions.

[00:01:24] [SPEAKER_05]: The DOD is looking for experience in areas like cybersecurity, data analytics, and artificial intelligence, which are becoming increasingly significant for national security.

[00:01:36] [SPEAKER_05]: The details of the program are still being worked out, but here to tell us more is our reporter, Heather Somerville.

[00:01:42] [SPEAKER_05]: Heather, why do they want to bring these folks in?

[00:01:44] [SPEAKER_04]: Underpinning this effort is the need by the Defense Department to have greater access to all the various people skills that are out there in the country.

[00:01:56] [SPEAKER_04]: And so this gets beyond technology, but starting with technology, which is a pressing, pressing need within the DOD.

[00:02:03] [SPEAKER_04]: There is a desire to enable people to move more freely between the private sector and the military.

[00:02:12] [SPEAKER_04]: So, you know, in the case of a reservist, have your day job, have your primary job that you go to in an office.

[00:02:18] [SPEAKER_04]: And then one weekend a month, a few weeks a year, you become a uniformed officer in the military.

[00:02:24] [SPEAKER_04]: And you use those same skills to help the military further its goals.

[00:02:30] [SPEAKER_04]: And the broader context here is the pressing need for the U.S. military to become more technologically sophisticated, to get the tech skills needed to develop modern weapons of war.

[00:02:42] [SPEAKER_05]: What do we know about how this program would work?

[00:02:45] [SPEAKER_04]: This is really a program in the conceptual stage.

[00:02:48] [SPEAKER_04]: It hasn't launched yet.

[00:02:49] [SPEAKER_04]: The folks in charge of it, they hope to have kind of the first cohort of technology reservists ready to go by September or so.

[00:02:58] [SPEAKER_04]: And so this is really in the early stages, lots of details yet to hammer out.

[00:03:03] [SPEAKER_04]: But one thing that is probably pretty clear is that these technology reservists would not end up on tanks in the middle of a war zone.

[00:03:13] [SPEAKER_04]: That's not the point.

[00:03:14] [SPEAKER_04]: The point is they have skills in AI.

[00:03:16] [SPEAKER_04]: They have skills in data science.

[00:03:18] [SPEAKER_04]: They have skills in machine learning that the military wants to use.

[00:03:22] [SPEAKER_05]: What does the tech sector make of this reservist plan?

[00:03:25] [SPEAKER_04]: Well, based on my inbox, people are really excited about it.

[00:03:30] [SPEAKER_04]: I am flooded with inquiries about how do I sign up, even though there's really not a way to sign up yet.

[00:03:36] [SPEAKER_04]: What is really interesting is this initiative dials into a changing view and changing sentiment in Silicon Valley about the military.

[00:03:48] [SPEAKER_04]: For the past few decades, Silicon Valley has largely seen doing work for the military, working on projects that would have lethal force to be totally unpalatable.

[00:04:02] [SPEAKER_04]: That is not what tech companies, entrepreneurs, engineers wanted to do, generally speaking.

[00:04:09] [SPEAKER_04]: In the past couple of years, that has dramatically shifted.

[00:04:13] [SPEAKER_04]: And there's a number of reasons for that.

[00:04:15] [SPEAKER_04]: Ukraine, the wars in the Middle East, the threat of a rising China, the need for greater technology advancements in warfare,

[00:04:23] [SPEAKER_04]: and a lot of enthusiasm by venture capitalists for an area where they see great business opportunity.

[00:04:30] [SPEAKER_04]: Remember, war is also good for business.

[00:04:33] [SPEAKER_04]: It has really changed the sentiment.

[00:04:34] [SPEAKER_05]: That was our reporter, Heather Somerville.

[00:04:37] [SPEAKER_05]: Coming up, what keeps the former top cybersecurity official at the Department of Homeland Security up at night?

[00:04:45] [SPEAKER_05]: We'll find out after the break.

[00:04:57] [SPEAKER_01]: Exchanges.

[00:04:58] [SPEAKER_01]: The Goldman Sachs podcast featuring exchanges on rates, inflation, and U.S. recession risk.

[00:05:06] [SPEAKER_01]: Exchanges on the market impact of AI.

[00:05:09] [SPEAKER_01]: For the sharpest analysis on forces driving the markets and the economy, count on exchanges between the leading minds at Goldman Sachs.

[00:05:18] [SPEAKER_01]: New episodes every week.

[00:05:20] [SPEAKER_01]: Listen now.

[00:05:28] [SPEAKER_05]: Chris Krebs was the top cybersecurity official at the Department of Homeland Security during the Trump administration.

[00:05:34] [SPEAKER_05]: Now he's chief intelligence and public policy officer at the cybersecurity firm Sentinel-1.

[00:05:40] [SPEAKER_05]: At WSJ Tech Live, Krebs spoke with our reporter, Rolf Winkler, about cyber threats posed by China and about tackling risks to the upcoming U.S. election.

[00:05:51] [SPEAKER_05]: Here are highlights from their conversation.

[00:05:54] [SPEAKER_02]: You are at a cybersecurity firm, Sentinel-1.

[00:05:57] [SPEAKER_02]: Yep.

[00:05:58] [SPEAKER_02]: And the thing that keeps you up at night is the attacks that have come out of China.

[00:06:04] [SPEAKER_03]: Yeah.

[00:06:04] [SPEAKER_02]: The typhoons that are washing ashore.

[00:06:07] [SPEAKER_02]: That's what we're calling them.

[00:06:08] [SPEAKER_02]: Salt typhoon, volt typhoon, flax typhoon.

[00:06:10] [SPEAKER_03]: Crimson, gingham.

[00:06:12] [SPEAKER_03]: Keep going.

[00:06:13] [SPEAKER_02]: Oh, I didn't know about those.

[00:06:13] [SPEAKER_02]: Okay.

[00:06:14] [SPEAKER_02]: Well, maybe give us the highlights and tell us which are the ones we need to be most worried about and why.

[00:06:19] [SPEAKER_03]: So in the last several years, there's been a marked shift in the aggressiveness of China, not just in cybersecurity, but in general military buildup and preparedness.

[00:06:31] [SPEAKER_03]: In fact, the CIA director, Bill Burns, has said that based on their analysis, that President Xi has directed his military to be ready for a takeover of Taiwan by 2027.

[00:06:43] [SPEAKER_03]: Now, the political decision to invade or not to invade has not necessarily been made, but the preparedness, the readiness for that invasion, 2027, that has been issued.

[00:06:53] [SPEAKER_03]: Therefore, the U.S. national security establishment, so this was General Milley previously, now the current leadership, the director of the FBI, Chris Wray, the director of national intelligence, has called China the pacing threat.

[00:07:07] [SPEAKER_03]: They're the ones by which we measure our capabilities.

[00:07:10] [SPEAKER_03]: And unfortunately, at this point, in cyber, at least, they're outstripping us.

[00:07:17] [SPEAKER_03]: 600,000 cyber offensive operators.

[00:07:21] [SPEAKER_03]: That's more than the U.S. and our allies.

[00:07:24] [SPEAKER_02]: When you say 600,000 operators, you mean-

[00:07:26] [SPEAKER_02]: Hands on keyboards.

[00:07:27] [SPEAKER_03]: Okay.

[00:07:28] [SPEAKER_03]: I'm talking hands on keyboards, that many between the Ministry of State Security, the People's Liberation Army.

[00:07:34] [SPEAKER_03]: I mean, it is a significant threat.

[00:07:37] [SPEAKER_03]: The amount of intellectual property theft, commercial espionage.

[00:07:40] [SPEAKER_03]: They're reaching into U.S. companies and Western companies, taking intellectual property and know-how and bringing it back, sharing it with national champions, operationalizing, subsequently supplanting companies in the market.

[00:07:53] [SPEAKER_02]: But it feels like we've moved past just the corporate espionage.

[00:07:55] [SPEAKER_03]: So they are, firstly, they are absolutely still in the steal everything phase.

[00:08:01] [SPEAKER_03]: Okay.

[00:08:01] [SPEAKER_03]: So they're coming in.

[00:08:02] [SPEAKER_03]: They're taking everything from health records to financial data, throwing it into a big data ocean, and then running tools, including some AI capabilities over the top, to look for correlations, patterns of life, to expose intelligence operatives and things like that.

[00:08:16] [SPEAKER_03]: But the most concerning thing is that they've also directed their military to start pre-positioning in critical infrastructure.

[00:08:26] [SPEAKER_03]: So they are getting into telecommunications firms.

[00:08:29] [SPEAKER_03]: They are getting into our military support and logistics outposts in Guam, in Okinawa, in Diego Garcia, in Honolulu, in Australia, on the West Coast here, ports of L.A. and Long Beach.

[00:08:44] [SPEAKER_03]: They want to be able to disrupt our ability to project force in support of Taiwan should they make that move.

[00:08:50] [SPEAKER_03]: So that in and of itself is concerning.

[00:08:52] [SPEAKER_02]: Is there any way for us to offensively counteract what they've done?

[00:08:57] [SPEAKER_02]: I mean, can we get into their infrastructure?

[00:08:59] [SPEAKER_02]: Are we doing that?

[00:09:00] [SPEAKER_03]: Well, from a military perspective, and look, I'm not going to comment on Cyber Command and other operations.

[00:09:06] [SPEAKER_03]: For one, you know, it's been a few years.

[00:09:08] [SPEAKER_03]: But we have significant capabilities.

[00:09:11] [SPEAKER_03]: The problem is, though, we have the glassiest house.

[00:09:13] [SPEAKER_03]: So we can have big rocks, but when the house is down the street, they're the glassiest.

[00:09:17] [SPEAKER_03]: Because from a digital perspective, I mean, this is what this entire event's about.

[00:09:22] [SPEAKER_03]: When you look at the top 10 most valuable companies in the world, what, eight of them are tech companies, seven of them are U.S. tech companies.

[00:09:31] [SPEAKER_03]: That's a great thing.

[00:09:33] [SPEAKER_03]: We've created enormous value by digitizing virtually everything.

[00:09:40] [SPEAKER_03]: Yeah.

[00:09:40] [SPEAKER_03]: We've also created enormous risk and enormous liability in doing so.

[00:09:46] [SPEAKER_03]: And for now, the kind of the gains and the losses of the ledger are still heavily in the favor of productivity across the economy.

[00:09:55] [SPEAKER_03]: But the risks are starting to build up.

[00:09:57] [SPEAKER_03]: And I think that is where we have to be thinking very, very clearly about what the foreign risk is, the Chinese in particular, and what that means to individual companies.

[00:10:08] [SPEAKER_03]: That can be looped into an operation and exploited by the Chinese.

[00:10:15] [SPEAKER_02]: I want to turn back to the present election.

[00:10:18] [SPEAKER_02]: What worries you about the election in two weeks?

[00:10:21] [SPEAKER_03]: I was watching CBS morning show this morning, and Jen Easterly, my successor, was on.

[00:10:27] [SPEAKER_03]: And she was saying it was like an out-of-body experience.

[00:10:31] [SPEAKER_03]: She's saying the exact same things I was saying four years ago.

[00:10:34] [SPEAKER_03]: The threats have not changed.

[00:10:36] [SPEAKER_03]: When you look at what the Russians did, it was primarily three things.

[00:10:39] [SPEAKER_03]: One is they were looking into election equipment.

[00:10:41] [SPEAKER_03]: The second is they were hacking political campaigns and leaking documentation.

[00:10:46] [SPEAKER_03]: And the third is they were launching a much broader information operation to destabilize public trust.

[00:10:52] [SPEAKER_03]: So on the first thread of going after election systems, we have seen the Russians, we've seen the Iranians make efforts to look into different counties and states across the U.S. to get into those systems.

[00:11:05] [SPEAKER_03]: But they are much more secure than they've ever been.

[00:11:07] [SPEAKER_03]: A lot of paper.

[00:11:08] [SPEAKER_03]: So that's a big, big deal, right?

[00:11:11] [SPEAKER_03]: So what he's talking about is votes cast in the United States.

[00:11:15] [SPEAKER_03]: At this point, for the 24 election, 98% of votes cast will have a paper record associated with it.

[00:11:22] [SPEAKER_03]: What's that good for?

[00:11:23] [SPEAKER_03]: Auditing.

[00:11:24] [SPEAKER_03]: You can go back and count.

[00:11:25] [SPEAKER_03]: You can count again.

[00:11:26] [SPEAKER_03]: In 2016, that was fewer than 80%.

[00:11:30] [SPEAKER_03]: So one of the big initiatives that we had after the 2016 election was to eliminate some of those touchscreen systems that came into vogue after what?

[00:11:41] [SPEAKER_03]: The 2000 election.

[00:11:42] [SPEAKER_03]: When they got rid of the, due to the hanging chads, they got rid of the pull arm system.

[00:11:47] [SPEAKER_03]: So we went to more digitized systems, but not necessarily as many with that sidecar that would spit out a ballot.

[00:11:55] [SPEAKER_02]: There aren't as many systems that they can hack into and change votes.

[00:11:58] [SPEAKER_03]: Well, yeah.

[00:11:59] [SPEAKER_03]: So first off, the systems that you touch to vote are not connected to the Internet, right?

[00:12:06] [SPEAKER_03]: And to get access to one of these systems, you need some time to spend with it, to crack it open.

[00:12:12] [SPEAKER_03]: And they are under lock and key.

[00:12:14] [SPEAKER_03]: They are supervised throughout.

[00:12:15] [SPEAKER_03]: But the most important thing is they are tested before, they are tested during, and they are tested after the election.

[00:12:21] [SPEAKER_03]: But again, the most important part is there is a ballot associated with your vote.

[00:12:26] [SPEAKER_02]: Okay, we've got to leave it there.

[00:12:27] [SPEAKER_02]: Thanks, everyone.

[00:12:28] [SPEAKER_02]: Thank you.

[00:12:29] [SPEAKER_05]: That was WSJ reporter Rolf Winkler speaking with Chris Krebs, chief intelligence and public policy officer at cybersecurity firm SentinelOne.

[00:12:39] [SPEAKER_05]: And that's it for Tech News Briefing.

[00:12:41] [SPEAKER_05]: Today's show was produced by Julie Chang with supervising producer Catherine Millsop.

[00:12:46] [SPEAKER_05]: I'm Zoe Thomas for The Wall Street Journal.

[00:12:48] [SPEAKER_05]: We'll be back this afternoon with TNB Tech Minute.

[00:12:51] [SPEAKER_05]: Thanks for listening.