Between Two Nerds: Why NATO and cyber don't mix - Risky Bulletin

Summary7 min read

Podcast Summary: Risky Bulletin – "Between Two Nerds: Why NATO and cyber don't mix"

Date: June 15, 2026
Hosts: Tom Muren (B), Gruk (A)
Location: Recorded in Tallinn, Estonia after the NATO Psychon conference

Episode Overview

In this episode of "Between Two Nerds," Tom Muren and Gruk reflect on their experiences and discussions from the NATO Psychon conference in Estonia. The conversation centers on the broader question: Can NATO, a traditional military-political alliance, effectively translate its historic strengths in conventional defense into the cyber domain? The hosts break down why cyber operations pose a unique challenge for NATO, with particular focus on interoperability, political consensus, intelligence sharing, and the realities of both defensive and offensive cyber strategy.

Key Discussion Points & Insights

1. NATO’s Traditional Strengths and Cyber Ambitions

NATO as a Political-Military Alliance [00:46 – 01:14]
- Historically, NATO’s collective defense model has worked very well — “It makes sense in the physical world... Everyone has to use this type of ammunition so that we can all interchange... It's hard to see that translating to cyber..." (A, 01:14)
- NATO’s structure allows for interoperability in tanks, ammunition, and logistics, solving real problems in kinetic warfare.
Cyber Doesn’t Map Neatly [01:14 – 01:50]
- Cyber lacks a clear “standard issue ammunition” — “I don’t think there’s a benefit that would come from a partnership that’s sort of... ‘Everyone has to use 2, 2, 3, you know, cyber rounds.’” (A, 01:28)

2. Defensive Cyber Cooperation: Promise and Reality

Information Sharing and Exercises [01:50 – 02:22]
- Potential for best practices, threat intel sharing, training, and exercises.
- Passive, defensive collaboration appears feasible, “From a passive defense, it seems like that could work very well.” (B, 02:22)
Not Fulfilling the Potential [02:28 – 02:42]
- Despite potential, execution lags behind — “My feeling from the conference is that that is not working as well as it could be... more a vibe than anything concrete.” (B, 02:30)
- Atmosphere of aspiration rather than achievement: “There’s been a lot of talks of like, ‘we could be doing this really well...’” (A, 02:42)

3. The Russian Threat and Motivation [03:07 – 04:10]

Russian cyber aggression (e.g. attacks on the Polish grid) acts as a motivator for defensive coordination, even if tangible progress is lacking.
“Even if nothing happens, like, that’s a reason to want to do something...” (B, 03:07)

4. Offensive Cyber: Political and Practical Hurdles

Problems of Equity & Trust [04:10 – 07:21]
- Sharing offensive capabilities (e.g., 0-days) creates high-value targets and trust issues: “If it becomes like, ‘here are all of my Chrome O-days’... we're making a new high value target to be hacked.” (A, 04:10)
- Issues of talent allocation: “Countries will be shuffling off their, not their most capable actors... dead wood and... bright-eyed and bushy tailed people...” (A, 06:16)
NATO Consensus and Inaction [07:21 – 08:52]
- Offensive action requires unanimity — “NATO is not an offensive organization... they’d need every single member to vote on it... get unanimous consensus...” (A, 07:23)
- Subgroups ("coalitions of the willing") may move forward, but trust and sovereignty get in the way.

5. Lessons from Real-World Operations

Dutch Operations & National Interests [09:46 – 10:50]
- Example: Dutch intelligence reportedly gaining access to GRU/FSB CCTV feeds: “If it’s a Dutch capability, they’ll use it for Dutch interests.” (B, 10:37)
- NATO as a coordinator adds little—national interests come first.
Trickle-Down Benefits and Equity Dilemmas [10:54 – 12:30]
- “If they happen to align with NATO interests, which a lot of the time they will, then great. But... if they don’t align...” (A, 10:44)
- Tension between those wanting disruption and those preferring steady intelligence collection.

6. Structuring NATO Cyber Cooperation: An Unsolved Problem

Military Analogies Break Down [13:41 – 15:29]
- Specialization works for jets, tanks, navies—but what is cyber’s equivalent? “I don't know what you would do with cyber because... none of the systems are so expensive... We're just going to do C2. Right.” (A, 15:29)
Pipe Dream Solutions and the Reality Check [15:55 – 18:17]
- Proposal: Assign each member nation a threat actor to hunt/disrupt—“You've just deconflicted, not coordinated.” (B, 17:02)
- Hosts agree this is “a terrible idea” but lament the lack of creative thinking at the conference.

7. The Practitioner-Aspirational Gap in NATO [18:17 – 19:28]

Countries are at very different places: "There’s a pool of practitioners... and a pool of... aspirational or non-practitioners... we’re at the very beginning..." (B, 18:17)

8. The Fear Factor and Changing Attitudes [19:31 – 22:05]

“There is this idea that if we start doing cyber, everyone will start doing cyber... We don’t want to live in that world where the Internet is unsafe...” (A, 19:34)
Caution may have hampered both defense and offense: “It’s created this fear of how powerful cyber is and not wanting to unleash that on the world.” (A, 20:16)
Reality: “You have to be doing things all the time... cyber... is a skill that decays and atrophies if you don’t use it.” (A, 20:38)

9. Bureaucracy, Creativity, and the Nature of Cyber [23:26 – 24:28]

NATO’s Cold War processes are “not optimal for whatever cyber contest or conflict.” (B, 23:26)
“Cyber is a domain that rewards creativity, that rewards speed, rapid reaction, rapid action, innovative thinking, lateral approaches...” (A, 23:45)
Good bureaucracy enables cooperation; red tape stifles action.

10. Summary & Future Outlook [25:09 – 27:54]

Defensive collaboration: Progress is slow, but there’s room for improvement.
Question remains: “What is it that NATO can do that only NATO can do that addresses an issue that we would have with cyber.” (A, 25:28)
Hunt forward: Useful, but perhaps not NATO’s natural fit — could help upskill allies (A & B, 26:08–27:54).
Active disruption: Unresolved, collaborative offensive action unlikely to progress soon.
Conference insight: “I feel like I’ve got a much richer idea of what is actually going on or not going on and what the problems actually are.” (B, 22:49)

Memorable Quotes & Moments

“It’s hard to see that [NATO model] translating to cyber… I don’t think there’s a benefit that would come from a partnership that’s sort of… ‘Everyone has to use [the same] cyber rounds.’” (A, 01:14)
“If it becomes like, ‘here are all of my Chrome O-days,’ all that’s happening is we’re making a new high value target to be hacked.” (A, 04:10)
“NATO is not an offensive organization… [Offensive action] needs unanimous consensus.” (A, 07:23)
“If it’s a Dutch capability, they’ll use it for Dutch interests.” (B, 10:37)
“Cyber is a domain that rewards creativity, that rewards speed, rapid reaction, innovative thinking, lateral approaches to things... There’s a lot of stuff with cyber that does not go into, like, do we have the bureaucracy in place to process this thing?” (A, 23:45)
“What is it that NATO can do that only NATO can do that addresses an issue that we would have with cyber?” (A, 25:28)
“It almost feels like it’s a solution waiting for a problem.” (B, 25:43)

Notable Exchange:

“So I think that's at least an innovative idea. And now to get a little bit less rah rah. That is literally the most innovative idea I've heard for NATO in the last three days. So I'm a little bit worried that maybe they're not doing enough creative thinking along those lines.” (A, 17:26)
“There's too much of the how could we do offensive together? You know, you first.” (A, 17:44)

Important Segment Timestamps

[01:14] – Problems translating NATO's kinetic models to cyber
[02:30] – Defensive cyber collaboration shortcomings
[04:10] – Risks of sharing offensive capabilities
[07:23] – Unanimity required for offensive NATO cyber ops
[10:09] – National interests trumping collective NATO cyber action
[13:41] – Military specialization vs. cyber collaboration
[17:26] – On the lack of innovative cyber thinking in NATO
[20:38] – The need for constant cyber engagement
[23:45] – On bureaucracy, creativity, and cyber’s unique demands
[25:28] – Questioning NATO’s cyber value-add
[27:54] – Collaborative active disruption as an unsolved challenge

Tone & Atmosphere

Candid, analytical, and sometimes irreverent. The hosts blend skepticism, dry humor, and nuanced experience. They approach NATO and cyber not as adversaries, but as fundamentally mismatched—the politics, processes, and trust models that make NATO effective in conventional domains stumble in the faster, more secretive, and more individualistic terrain of cyber operations.

Final Takeaways

Defensive cyber cooperation among NATO members is possible, but difficult to scale or make truly effective.
Offensive cyber cooperation faces high hurdles — political, practical, and technical — that make meaningful progress unlikely.
Current models for collective security do not translate well to cyberspace, especially as national interests, talent protection, and trust undermine the prospect of shared action.
Creativity and speed are at a premium in cyber defense and offense, but NATO’s bureaucratic structures may stifle both.
There is a gap between the aspiration for collective action and the reality of what the alliance can realistically achieve, especially given uneven cyber capabilities among members.
The best hope for NATO cyber action may lie in defensive exercises, selective "hunt forward" operations, and frameworks for trust — not in grand unified offensive cyber efforts.

Loading summary

Transcript119 lines

[00:04]
A
Hello, everyone.
[00:05]
B
This is Tom Muren, and I have with me an edition of Between Two Nerds that we recorded in Tallinn, Estonia, where we reflected on the NATO Psychon conference that the Gruk and I spoke at. Before we get to that, I'd just like to thank the sponsor of today's episode, which is ENT Security. You can find them at ENT AI. I'll drop you into the conversation just as Grak is talking about how he's found the conference.
[00:32]
A
Yeah, it's. It's been different. It's not what I'm used to. So I typically go to a more practitioner technical conference. And this is a lot more of, I guess, leadership, political relationship building.
[00:47]
B
Yep, yep. So let's. Let's dive into the issues. So I think it's. Well, let's step back. So NATO is a. I would describe it as a political organization. It's the North Atlantic Treaty Organization. It is a collective defense arrangement. And for something like conventional military forces, it's acted. It's worked really well for 40 years, 50 years.
[01:14]
A
Yeah, a long time. And it makes sense in the physical world in a way because it's. You could say everyone has to use this type of ammunition so that we can all interchange, or our tanks have to meet these standards so that there's accepted whatever. It's hard to see that translating to cyber, that doesn't. I don't think there's a benefit that would come from a partnership that's sort of. Everyone has to use 2, 2, 3, you know, cyber rounds.
[01:50]
B
What I was thinking is that there's a big difference between defense and offensive cyber. So the. From a defensive point of view, it seems like, yeah, we could all get together and we could, like, share information, share threat intelligence. We could come up with best practices.
[02:09]
A
We could do training exercises on, like, you know, how to do threat hunting and how to collect information. You know, how. How we configure these sorts of software to detect these sorts of things that we're seeing. That's sort of.
[02:22]
B
Yeah. So from a passive defense, it seems like that could work very well. My kind of.
[02:29]
A
I don't know if it is working very well. Right.
[02:31]
B
Yeah, that's right. My feeling from the conference is that that is not working as well as it could be. And that's just more a vibe than anything concrete that someone has actually said to me. Right.
[02:42]
A
They haven't come out and said, you know, what the problem is? You know, these things are not working. But it's certainly. I guess the way I put it is there's been a lot of talks of like, we could be doing this really well. We need to be focusing on these things to really knock this out of the park as opposed to looking back at the lessons learned of how we've been, you know, exceptionally good in these areas.
[03:07]
B
So the motivating factor I think is that Russia in particular has become quite aggressive. It's unclear to me how much of that is like directly focused at Europe. But we've had, for example, we spoke a while ago about attacks on the Polish electricity grid. Those things are very concerning. Like, even if nothing happens, like, that's a reason to want to do something. Right, Right. So that's the underlying driver. It seems like the defensive part still has a way to go, but then like, we also like talking about offensive side of stuff. So stuff that is colloquially would be going on the front foot. It might be taking action against Russian threat actors or what the US calls hunt forward operations and that sort of thing. And that it strikes me after having been at the conference that that or at least some of those things are actually a lot more problematic than the defensive part.
[04:11]
A
Yeah. So I'm pretty sure we've talked about this before in that, like, if, if I do intelligence sharing with you of like, here are some IOCs, that's fine. But on the other hand, if it becomes like, let's do intelligence sharing, here are all of my Chrome O days, you know, like, essentially all that's happening is we're making a new high value target to be hacked. And similarly there's going to be the issue of like, I am all in favor of sharing Ode's you first.
[04:42]
B
I kind of feel there's this point of the spear type problem where, say, I don't know, you are the most capable cyber actor in Europe. I don't know if it is the Dutch, but they're certainly a good one. Right.
[04:58]
A
They're definitely top three.
[05:00]
B
Yeah. So the common conception is that intelligence agencies are almost unbelievably powerful. It's like they're supermen or women super people. But the problem is when you get those pointy tip of the spear capabilities, they're actually incredibly limited because you've got to point them somewhere. Like you can only point the very best of the very best at a few limited places. And from a Dutch point of view,
[05:27]
A
hypothetically, you could do that in Dutch national. Like in the national interests of the Netherlands or in the national interests of 32.
[05:38]
B
Yeah. And so I think that that is problematic.
[05:43]
A
My suspicion is what would happen is you'd fall into two camps. There'd be countries that go, we want cyber to be good. We now have this opportunity to cooperate with our allies. We can learn a lot. Let's send our top guys to really absorb everything and get all this stuff. And then you'll get other countries going like finally we can get this guy out of the house for two years. And so they'll be shuffling off their, not their most capable actors.
[06:14]
B
Well, I mean it makes sense that you'd want to keep the best people for yourself.
[06:17]
A
Right. And then you'd sort of have the, either the second tier or maybe it's literally just like this guy is such a problem but we can't get rid of him. Like what's a billet that we can shove him to where he's just out of our hair for a while and you know, so you'll end up with, you know, dead wood and you know, bright eyed and bushy tailed people. And it's unclear to me what that ratio would be. But it's also sort of unclear what like it sort of doesn't matter what the ratio is. Could you accomplish anything? You've got a bunch of people who are sent there because they're the worst officers available and some of the people who want to learn the most and sort of stick them in. I kind of feel like it's a no win environment either. Right. Like you're going to be like, let's learn about offensive stuff but not do any offensive operations. Right, right. So like I feel like that would be very frustrating to be, you know, let's train and develop and all this stuff but then never do anything. Just sit on our hands and.
[07:21]
B
But why would they never do anything?
[07:24]
A
Because. Well, for one, NATO is not an offensive organization. And for two, I think in order for them to agree to do anything, they'd need every single member to vote on it as like they did a unanimous consensus of like let's do these offensive operations.
[07:44]
B
Right. So I did have a discussion with someone and they said that there was a way forward where you can get subgroups that can move forward. However, it's like totally unclear to me. So going back there's gradations, right? And so I think like purely desensitive, operating within your own networks. There's still a way to go. Then you could do things like what the US calls hunt forward, which is you go into someone else's network and you look for adversaries. And that seems like, that actually seems to me pretty promising in that you can use that as a training opportunity, more capable countries could go into help assist other countries and they'd be training
[08:31]
A
them up at the same time as well.
[08:32]
B
And then, you know, we've taught you how to do this, you can go do it by yourself. There's a lot of trust issues involved in that exercise. And so having an indigenous European capability to do that would be really.
[08:47]
A
That seems like an attractable problem. Right. It's the. And then you could find people, you could do it. Yeah.
[08:53]
B
And then at the sort of top level. And like, you know, to be honest, maybe we're talking about this because we like talking about it rather than. It's the most practical or useful thing. It's totally unclear to me how, like, any sort of NATO coordination would make any difference to what the problem is in the first place.
[09:12]
A
Right, right, right. Going back to, like, it makes a lot of sense to have someone say, these are the bullets we're all using, everyone get on board. Because that sort of logistics is a serious problem, and solving it from a central standardization point of view, that solves a real issue. I don't know what that is with cyber. I don't know what the problems are that would be solved by having a central authority imposing their will on everyone. And they're like, here's how we do things.
[09:46]
B
Yeah. So it feels like if Russian threat actors are the problem, you know, probably there's a number of countries that are acting against them. Like, there's that story about the AIVD getting onto. Was it the security cameras, the CCTV
[10:03]
A
of the GRU or FSB or whomever, but inside their offices and that's very funny. Yeah.
[10:09]
B
So presumably, at least the Dutch. Aggressive enough and capable enough to do something, and you would like to think that they're doing something to disrupt those groups, and if they're disrupting those groups, everyone wins. And there's no need for like a NATO process to be sort of all coordination or whatever, to be stuck on top. Right.
[10:31]
A
Having Luxembourg and Lichtenstein sitting in the same room is not necessarily going to change anything in that.
[10:38]
B
Yeah. And if it's a Dutch capability, they'll use it for the Dutch interests. Right. But.
[10:44]
A
Right. And if they happen to align with NATO interests, which a lot of the time they will, then great.
[10:50]
B
But I guess we've identified it. The problem is that if they don't
[10:54]
A
align with NATO interests, then it's not that they don't align, it's if they're like 80, 20.
[11:01]
B
Right.
[11:01]
A
So 80% Dutch benefit and 20% NATO. I mean they're on the same side as the Dutch so they get some sort of like runoff or whatever trickle down benefits. Right.
[11:14]
B
I guess what I'm thinking maybe is that my understanding of that particular operation, the AIVD one, it was intelligence collection that informed something else. Right. And it could be that for the Dutch intelligence, correct collection or whatever hypothetical country intelligence collection is enough, but for a variety of other countries they would maybe like a bit of disruption splattered in as well. So that may be the tension there. Right. The equity between.
[11:44]
A
I was about to say that's exactly as soon as you bring that up. That's exactly what I'm thinking. And it might even just be risk appetite. Not even that. The, let's say the rotating inside NATO have access to Russian GRU networks and the retainings are happy with the intelligence and they are terrified that if they do something it will escalate and come back on them. Whereas the Germans and the French in this case would be very, very happy
[12:19]
B
for the Ruritanians to lose their access because they've done something for them.
[12:23]
A
Yeah, it's. Yeah. In terms of equities, it's like look, I would love to spend your money on stuff that benefits me.
[12:30]
B
I wonder if actually the risk appetite actually works the other way because it seems like the countries with the highest risk appetite are the ones that do more cyber operations.
[12:39]
A
Right.
[12:39]
B
Like so certainly you look at China, Russia, well, the U.S. five eyes, they do a lot of operations and they seem to be much more aggressive than other countries. Right. And that also seems to be my vibe. Just listening to some of the panels that I've. That I've been at.
[12:56]
A
That's sort of how I'm thinking as well. Now that you put it that way. The people who have access would also be the same people who want to do something beyond that. But then I'd say now you'd have again, the risk appetite would be the other way around as we've said and it would be a problem because you're not the pointy tip of the spear for the Dutch, you're the pointy tip of the spear for NATO. You have one, one side going rah, rah, let's go for it. And 30 people going well hold on a minute, let's think this through, let's evaluate what's going. Is this going to be escalatory? Will it cause problems? We're still trying to do this or the other. Getting sign off and doing something I think would be quite difficult regardless of who happens to be.
[13:41]
B
Yeah. And to contrast with conventional forces, I think Ruritanians can have a few tanks. Right. And they can exercise with other armed forces and they can sort out their, you know, communications, whatever. And adding a few tanks is like, it's a nice to have. It's, it's. And it's kind of an investment against like a conventional war.
[14:03]
A
Right, right.
[14:04]
B
Whereas in cyber, it's kind of flipped around where the conventional conflict, competition is happening all the time. And so you want to be able to contribute something meaningful from the get go all the time. But it's. What is that even? I don't know.
[14:21]
A
Well, I was just thinking because. So like, one of the ways that Europe tries to work with NATO is the individual countries are just, they're not all that big compared to the US in terms of their budgets and things like that. So they don't try and build the biggest army they can and then contribute gears, our tanks, our IFVs, our Air Force, our navy and all that. Because it's going to be like two tanks, one plane, whatever. Instead they'll say, look, we're going to focus on the Air Force. So we're going to have a bunch of really capable aircraft that do refueling and fighter bomber stuff. And so when it comes to a collective action, we are augmenting and supplying strength in this one area that we can invest in and really focus and develop. And then as long as you're doing that for tanks and you're doing that for Special Forces and you're doing that for Navy, when everyone combines, it's sort
[15:25]
B
of synergistic rather than. But duplicative.
[15:30]
A
Right. Where you'd have a whole bunch of mediocre stuff, but a lot of it, as opposed to a whole bunch of excellent stuff that works together. And I don't know what you would do with cyber because none of the, in terms of cost, none of the systems are so expensive that it's better if someone focuses on like, oh man, like we've only got a few million dollars. We're just going to do C2. Right. Like we're going to be hiring, you know, VPs.
[15:56]
B
Okay, here's an idea which I think is probably a pipe dream, but let's say you take all the Russian threat actors, however you define a threat actor. Sure. And I think we've spoken before and you've said that there's now hundreds of groups.
[16:13]
A
Yeah. There's a lot of them.
[16:15]
B
And you rank them in order of most to least problematic and you say Ruritania. I hope that's not a Real country. No, you can have threat actor 101 and you go out and research that and disrupt it if you can. And you know, if you succeed, that's wonderful. And if you don't, nothing lost. And then say whoever is the most
[16:39]
A
capable goes over to the top two or three and. Yeah.
[16:44]
B
Now that to me seems like a pipe dream, but I sort of kind of like it. I don't know.
[16:49]
A
So it seems like a good way of divvying things up, but.
[16:53]
B
And then you're sort of acting like NATO as a coordinated force, which without acting like a coordinated force, you've just deconflicted, not coordinated.
[17:03]
A
Does it mean that because of the different pressures on different areas, it changes the threat landscape in a way that's unpredictable and not necessarily to your benefit?
[17:18]
B
I don't even know that there's the political appetite to do it in that way.
[17:24]
A
This is a terrible idea.
[17:25]
B
Just as a throw it out there
[17:26]
A
thought experiment, doing this NATO. Yeah. So I think that's at least an innovative idea. And now to get a little bit less rah rah. That is literally the most innovative idea I've heard for NATO in the last three days. So I'm a little bit worried that maybe they're not doing enough creative thinking along those lines. There's too much of the how could we do offensive together? You know, you first. And that they're sort of getting like, let's do offensive together. Why don't we all pull our exploits and they sort of get trapped in these. Well, like. But they're not like, I haven't seen any of them talking about that. I've seen them talking about, you know, very exciting things.
[18:17]
B
There's a lot of commitment to do better. So some of the panels I've been not been on watched, it seems very much like there's a pool of practitioners who are doing things all the time. And some of those things include disruptive cyber operations and then a pool of, I would call aspirational or non practitioners who. And maybe we're just. It's just too early. Right. There's been some countries that are like way ahead of the game in NATO. The U.S. clearly, the U.K. yep.
[18:59]
A
I mean, the Dutch are quite good, but I don't know that they're like, I don't know that their military cyber, for example, is the same as their intelligence.
[19:08]
B
Yep. And I think what is happening now, and maybe that's part of the reason we've been invited to this conference, is that people are realizing this is a thing that should Be, like, normalized, that countries should be thinking about and doing it. And it's just that we're at the very beginning of whatever that looks like in, I don't know, 10, 20 years, hopefully sooner.
[19:29]
A
I'd like to.
[19:31]
B
You'd like to see this through? Yes, exactly. Like, I want to see this, and
[19:34]
A
then I want to see what comes next as well. I think one of the things is, for a very long time, there is this idea that if we start doing cyber, everyone will start doing cyber. And that's going to be like a lot of cyber Pearl Harbors, a lot of the genie's out of the bottle. There's no going back. We don't want to live in that world where the Internet is unsafe and our infrastructure keeps blowing up. And so there's been this real. At the same time of building up the mythos of how powerful cyber is, it's created this fear of how powerful cyber is and not wanting to unleash that on the world.
[20:15]
B
Open Pandora's box, right?
[20:17]
A
Yeah, yeah. And so I think it's sort of coming to the realization that, one, there are other actors
[20:25]
B
who have different opinions
[20:26]
A
or who don't necessarily follow the exact same thought process, but also that it's not as terrible.
[20:37]
B
There is no Pandora's book, right?
[20:39]
A
Yeah, There is no there, there. And even now, the realization that you have to be sort of like the persistence, engagement stuff, like, you have to be doing things all the time. It's not something that you can. It's not like a kinetic thing where you can decide to do an evasion at a particular time and you can practice for it and all this other stuff on your own territory and then go and do it with cyber. It's a skill that decays and atrophies if you don't use it and if you're not. So there's that side, but there's also the. If you're not on your enemy's networks looking at what they're doing, you're ceding the initiative to them, and they will steamroll you because. And, yeah, I think that changing attitude is sort of what's leading to the idea of, like, okay, maybe we should be looking at this sort of progression beyond just purely defensive stuff. And I mean, I sort of hope so. Right. Like, I hope that there's a stuff like your ideas of how to partition things and go forward are things that they're talking about, even if it's not your idea. If it's, you know, like, I mean, even if it's not the idea of this Tom Uran right here, this particular man. You know, like, even if that's not
[22:02]
B
one, there is some idea that we'll get traction is what you're saying.
[22:06]
A
Or at least they're spitballing and trying to get ideas of, like, what are things we could do other than what we see isn't working.
[22:12]
B
Right.
[22:13]
A
Because I'm, you know, it's not working with the. Like, why don't we all get together and make one big offensive cyber thing that we all pull our resources and we all.
[22:21]
B
Yeah, that's going to work. No, that'll never work.
[22:24]
A
Right, right. And so stop planning for that and, you know, find something exciting and different and do that. Like.
[22:31]
B
Yeah, so I. What I found really interesting is that just being at the conference and listening to different panels is illuminating. And not necessarily because of what people say, it's sometimes because of what they don't say, or even just the different. Like, you get a vibe from a panel.
[22:48]
A
Yeah, yeah, yeah.
[22:49]
B
The way people talk and answer questions that I think is, like, very useful. And I feel like I've got a much richer idea of what is actually going on or not going on and what the problems actually are.
[23:03]
A
Similarly, I felt that one of the things I've picked up is just the mentality, the way that the thinking goes, the thought processes, and on the one hand, it seems sort of very clean, very sophisticated and very developed, but also very rigid and very.
[23:26]
B
I mean, it's probably no surprise that an organization that is designed for the Cold War and develop processes for the Cold War is maybe not optimal for whatever cyber contest or conflict or whatever. Right?
[23:46]
A
Yeah, very much so. Like, cyber is a domain that rewards creativity, that rewards speed, rapid reaction, rapid action, you know, innovative thinking, lateral approaches to things. Like, there's a lot of stuff with cyber that does not go into, like, do we have the bureaucracy in place to process this thing? And we're a pro bureaucracy, friend of the pod, you know, But I. I feel this is less bureaucracy and more red tape, I think.
[24:21]
B
Right, right, yeah, yeah. So the bureaucracy as a way of organizing people to work together.
[24:25]
A
Right, right.
[24:26]
B
So not a way of organizing paperwork.
[24:28]
A
Right, exactly. There's the way of structuring things so that you can cooperate and achieve stuff in a repeatable fashion versus make sure you do things in triplicate so that everyone has their ass covered, so that, et cetera. Right. Like, that's where for good bureaucracy, not bad bureaucracy, which is, you know, very easy to tell apart. Overall, I'd say this has Been interesting. I've seen a lot of good things. I've seen some of the bad as well. I don't know where I feel if I'm optimistic or not about it because I've only been to this once. I don't know with a single data point, I don't know what the trajectory is. It could be going in any direction.
[25:10]
B
So I guess to sum up then, we're kind of thinking that there's like on the sort of very defensive end, there's still room. Seems like there's still room for improvement.
[25:20]
A
Right. And they're doing something as well. So they are improving as well.
[25:25]
B
So that seems to be like the easy part.
[25:28]
A
I'm not sure what NATO brings to the table that solves problems with cyber specifically. Right. Like what is it that NATO can do that only NATO can do that addresses an issue that we would have with cyber.
[25:43]
B
Right. So it almost feels like it's a solution waiting for a problem.
[25:50]
A
Right. And so I think, you know, if you say, you know, hunt forward, that's a problem that you could define and it's a thing that NATO might not be the best fit, but it's certainly not a bad fit.
[26:05]
B
Right.
[26:06]
A
Like it certainly does work.
[26:08]
B
And so to be clear, the US has been doing hunt forward operations there. People from, I believe it's Cyber Command go into an allies networks, whatever network the ally is happy with and they look for threat actor activity and then they. I don't know if it's a report, but there's some collaborative working together. And then the idea is that that ally is upskilled or educated.
[26:40]
A
Anything that happened to be on the network does get cleaned out. So there's. Yep, yeah.
[26:45]
B
And so it's a win for the Cyber Command because they get to discover new malware, new TDPs, et cetera, et cetera. It's win for the ally. I suppose that in the context of current politics there's a bit of mistrust of the US at times. And so having a NATO facilitated.
[27:06]
A
Right. If they could be a different ally. But yeah, no, very much like if it's the Dutch or the Germans or the. I mean are the Germans going to invite the French into their networks?
[27:18]
B
So that is also problematic.
[27:19]
A
Right. But maybe NATO can solve that. Maybe they. I know that seems like the sort of thing that a NATO framework.
[27:27]
B
So instead of being a US Cyber Command centric Cuban spoke network, it would be more of a peer to peer sort of.
[27:34]
A
Yeah, yeah. Many to many.
[27:38]
B
Yep, sort of. And if you're not happy with the US Then maybe you are happy with
[27:43]
A
the Netherlands or the Richtenstein or whomever. Yeah, yeah, certainly. And, and that seems like a tractable problem that can be solved with the tools that NATO has available. Right.
[27:54]
B
And then we've got the vast. Vast The. Well, we like to think it's vast.
[28:00]
A
But the space, the more important than the exciting. The better part, if you will.
[28:06]
B
But the better part, that never happens where people are actively disrupting adversaries. And that seems like it's a TBD space. And it's not going to be solved by one conference. It's not going to be solved by us talking about it.
[28:22]
A
Right.
[28:23]
B
No.
[28:23]
A
We're not going to stop. So, you know. That's right. Yeah.
[28:26]
B
Thanks a lot.
[28:28]
A
Thanks a lot, Tom.