Podcast Summary: Newt’s World Episode 817
Title: A Former CIA Hacker on the “Cyber Crisis”
Date: March 2, 2025
Host: Newt Gingrich
Guest: Dr. Eric Cole, Cybersecurity Expert and Former CIA Hacker
Overview
In this episode, Newt Gingrich interviews Dr. Eric Cole, a top cybersecurity expert, entrepreneur, and former CIA hacker. The discussion centers on the increasing severity of cyber threats facing the United States and the world, the lack of effective legislative response, and the urgent need for a complete paradigm shift in how both individuals and governments approach digital security. Dr. Cole underscores that America is already in the midst of a digital “World War 3,” characterized not by physical attacks but by constant, largely invisible cyber intrusions and data theft.
Key Discussion Points
1. Recent Government Breaches and Persistent Vulnerabilities
-
Chinese Cyber Attack on US Treasury Vendor
- Dr. Cole explains that such breaches are "happening all the time," often undetected due to poor awareness and inadequate structural protections.
- Quote: “Most security vendors, most companies, most organizations have been compromised or penetrated by the Chinese, the Russians or the Iranians. And we just didn't detect it...” (03:21)
-
Third-Party Vulnerabilities
- High risk due to reliance on external vendors without sufficient security vetting.
- Advocates for federal, not just state, laws to mandate cybersecurity standards.
- “[...] The United States is one of the few countries that don't have federal laws on cybersecurity and federal laws on data privacy.” (04:18)
2. Why the US Lags on Cybersecurity Regulation
- Misconceptions about Cybersecurity and Freedom
- Many believe robust cybersecurity restricts information in ways incompatible with democracy, conflating it with censorship measures seen in countries like North Korea or Russia.
- Dr. Cole refutes this, emphasizing cybersecurity can defend democratic systems, not limit them.
- Quote: “Cybersecurity is actually a compliment to democracy. It's not adverse to it.” (05:25)
- Political Gridlock
- Any cybersecurity initiatives become partisan, when in reality, “Cybersecurity impacts America as a whole.” (05:59)
3. Risks of Poor Implementation: The Elon Musk Example
-
Potential Mishandling of Sensitive Data
- Discusses a recent situation where Elon Musk requested federal workers to email weekly bullet-point lists of their activities, raising concerns about non-governmental storage of sensitive information.
- Highlights that Musk’s Doge website itself was recently hacked, presenting a live example of flawed security.
- Quote: “If these emails from government employees [...] are stored on public servers. What happens if foreign adversaries get access to it?” (08:04)
-
Cybersecurity as an Afterthought
- Implementers often prioritize speed and data collection, leaving security as an afterthought, with devastating consequences.
- Quote: “Elon didn't sit down and say, okay, how can we do this in a secure manner? What are the cybersecurity protocols [...] He basically just said, I need the data. We'll figure out cyber later.” (09:24)
4. The Reality of Cyber Warfare: Digital World War 3
- Invisible and Persistent Threats
- Dr. Cole characterizes current global cyber conflict as a “world war” – subtle, data-centric, and ongoing.
- Notable breach examples: Colonial Pipeline (2021), Solar Winds vendor compromise, etc.
- Unlike kinetic wars, the consequences are “data leakage”—constant, unnoticed drain of personal and organizational information.
- Quote: “In this war, every single country is involved, and every single country is both being attacked and attacking other countries.” (10:48)
- Quote: “Most people's bank accounts or credit cards are compromised [...] The attacker is stealing a dollar a month. [...] it turns into a billion dollar industry.” (14:32)
5. Practical Advice for Personal Cybersecurity
-
Device Setup and App Management
- Buy paid apps whenever possible; free apps often track and exploit user data.
- Remove any app you haven’t used in 45 days.
- Quote: “A free app is tracking your location. [...] Delete any apps that are not needed or required.” (16:00)
-
Two-Factor Authentication & Account Alerts
- Enable two-factor for all sensitive logins; turn on transaction notifications.
- Quote: “Do you want a short term annoyance with two factor or a long term annoyance of being vulnerable?” (18:13)
-
Phishing and Suspicious Links
- Never click on links or attachments in emails or texts—always use the official app or navigate directly.
-
Banking Apps vs. Websites
- Contrary to some advice, Cole recommends using official apps over browsers for e-commerce and banking, as they are generally more secure.
- Quote: "Apps are much more secure than websites. Apps are much more secure than clicking links." (19:39)
6. The Borderless, Lawless Nature of Cyberspace
-
Absence of National Boundaries
- On the internet, attackers can strike from anywhere, without passing through borders or customs.
- Even if US privacy laws existed, they might not apply if data is stored in foreign data centers.
- Quote: “There are no national and international borders on the Internet [...] Because even when they're going to E-Commerce sites or banks, those servers are often not in the United States.” (23:05)
-
International Law Enforcement Challenges
- US authorities can identify foreign criminal organizations but have little recourse if they aren't breaking their own country's laws.
- Quote: “[...] There’s really little we can do to stop them, which, as you said, every individual has to realize they're a target.” (24:54)
7. Counteroffensive Capabilities and Structural Disadvantages
-
US Offensive Operations
- Since President Trump’s executive order, the Department of Defense can launch cyberattacks without direct presidential sign-off, bringing the US closer to adversaries’ capabilities.
- Quote: "Trump... was actually the first president that actually allowed Department of Defense to launch cyber attacks without executive approval." (25:48)
-
Commercial-Government Relations
- China blurs lines between state and corporate espionage; the US, by contrast, lacks legal frameworks to share defense or offense-derived intelligence with private companies.
- Quote: “If other countries, their governments are working on behalf of local companies to help and support them, we need to do the same thing.” (26:42)
8. Global Cybercrime Ecosystems
- Comparing National Models
- North Korea: State-run cyber crime operations.
- China: Tight government-corporation collaboration.
- Russia, Nigeria: Collusion between government and criminal syndicates.
- Quote: "Imagine in the United States if we had generals and government officials actually sitting on commercial boards that are doing offensive operations..." (28:25)
- These models place the US at a disadvantage due to stricter domestic laws and less integration.
9. Persistent Failures and Need for New Infrastructure
-
Learning from Major Breaches
- Office of Personnel Management breach and similar events have made sensitive identifiers (SSNs, drivers licenses) essentially public, undermining their value as secure credentials.
- Push for new, secure, possibly biometric-based, citizen identification.
- Quote: “Our Social Security number is public, our driver's license is public. Yet that's what we're using to authenticate and verify.” (29:54)
-
Cyber Hygiene and Awareness
- Public must accept being a target and practice good cyber hygiene: two-factor authentication, mindful data sharing, awareness of app permissions.
- Quote: “Passwords are a thing of the past. Right. Passwords are no longer strong. I can crack any password.” (32:03)
10. Massive Economic Impact of Cybercrime
- Funding Adversary States Through Cybercrime
- Countries like North Korea and Russia derive billions in annual revenue from ransomware and cyber attacks on US businesses.
- Quote: “Last year in 2024 ransomware attacks just in the United States against US companies was over $42 billion. [...] Now take 20 billion of that, give that to North Korea.” (35:04)
11. Call for Rethinking National Cyber Infrastructure
- Outdated, Vulnerable US Architecture
- Need for a comprehensive, multi-trillion-dollar investment to separate and secure critical systems from the open internet, akin to recent US investments in physical infrastructure.
- US internet connectedness is a double-edged sword: Unlike Russia or North Korea, America can’t simply unplug itself from the outside world.
- Quote: “The Internet is the United States. We can't disconnect, we can't isolate, we can't protect.” (38:50)
- Suggests the next administration must secure a legacy by establishing federal cyber laws and overhauling the nation’s digital backbone.
- Quote: “To me, if they want to go down and sort of be remembered and have a legacy... it's going to be, could this be the first administration that actually passes federal cyber security laws? [...] a trillion dollar cyber infrastructure bill” (40:34)
Notable Quotes & Memorable Moments
-
On the nature of the current global cyber environment:
“Our nation is currently at war. Whether we realize it or not, we're in the middle of World War 3. The reason why many people don't recognize it is because it's a different type of world war.”
— Dr. Eric Cole (10:41) -
On individual responsibility:
“Most people's bank accounts or credit cards are compromised. The attacker is stealing a dollar a month. [...] If you steal a dollar from every person every single month, that starts turning into a billion dollar industry.”
— Dr. Eric Cole (14:32) -
On recommendations for the average user:
"If you have the choice between a free app or a paid version, use the paid version... Delete any apps that are not needed or required."
— Dr. Eric Cole (16:00) -
On the U.S. need for aggressive cyber reform:
"We need a trillion dollar bill on rebuilding our cyber infrastructure... We need to create isolated countries just like Russia and North Korea, where we can protect, secure, and limit who can access and what can access our information."
— Dr. Eric Cole (38:18) -
On the future of authentication:
"Passwords are a thing of the past. Right. Passwords are no longer strong. I can crack any password... we need to really embrace what we call two factor or multi factor."
— Dr. Eric Cole (32:03)
Important Timestamps
| Segment | Timestamp | |---------------------------------------------------------|-----------| | Introduction & Overview of Guest | 02:09 | | US Government Cyber Breach & Third-Party Risks | 03:04 | | US Lagging on Federal Legislation | 04:32 | | The Elon Musk Email Example & Cybersecurity Oversights | 07:13 | | “World War 3” Is Now Digital | 10:41 | | How to Protect Yourself (Cyber Hygiene) | 15:47 | | Why Apps Are Safer than Websites | 19:39 | | Borderless Nature of Cyber Threats | 23:05 | | The US Approach vs Other Nations | 27:28 | | OPM Breach: Loss of Privacy | 29:35 | | What Ordinary Americans Must Do | 31:25 | | International Cybercrime Revenue | 35:04 | | America’s Infrastructure Challenge | 38:10 | | Host/Guest Wrap-Up | 41:29 |
Conclusion
This episode of Newt’s World delivers a sobering exploration of the cyber crisis—and the United States’ inadequate preparedness for it. Dr. Eric Cole stresses that robust federal legislation, a new approach to infrastructure, public awareness, and everyday cyber hygiene are all imperative as the boundaries between national, criminal, and corporate cyber actors continue to blur. The conversation prompts listeners to recognize the profound gravity of the threat—and the urgent need for systemic and individual action.
Further resources and Dr. Cole’s book, “Cyber Crisis,” can be found at drericcohl.org.
