Wide World of Cyber: How the Trump admin is changing the cybersecurity landscape - Risky Business

Summary6 min read

Risky Business Podcast Summary Episode: Wide World of Cyber: How the Trump Admin Is Changing the Cybersecurity Landscape
Host: Patrick Gray
Guests: Chris Krebs (Director of Policy and Intelligence, SentinelOne), Alex Stamos (Chief Security Officer, SentinelOne)
Release Date: April 10, 2025

1. Introduction and Context

Patrick Gray opens the episode by addressing a notable timing detail: the podcast was recorded shortly before President Donald Trump signed a presidential memorandum targeting Chris Krebs. Gray emphasizes that this context is essential for understanding the discussion's limitations and omissions.

2. Changing Leadership at the NSA

The conversation delves into the recent dismissals of NSA Director Tim Hoare and Deputy Director Wendy Noble under the Trump administration. Gray questions the reasons behind their removal, citing sources that suggest it wasn't due to policy disagreements but rather a political purge.

Chris Krebs (03:48):
"Everyone works at the direction and discretion of the president. They serve at the pleasure of the president."

Krebs explains that leadership positions within the NSA are highly influenced by presidential directives, highlighting the potential shift towards appointing a Trump-aligned figure to head the NSA. He underscores the significance of the NSA's role in the intelligence community and criticizes the administration's decision to remove capable leaders like General Hawk and Joe Hartman.

3. Project 2025 and Its Implications

Gray brings up Project 2025, a policy roadmap for the Trump administration, and its possible influence on NSA leadership changes.

Chris Krebs (08:23):
"Both the intelligence and defense chapters say we got to call the ball here."

Krebs suggests that Project 2025 indicates a strategic move to split the NSA and Cyber Command, necessitating legislative action. He expresses concern over the removal of experienced leaders, implying that this is a prelude to significant organizational changes that may destabilize current cybersecurity efforts.

4. US Trade War and Its Impact on Global Cloud Computing

The discussion shifts to the United States' initiation of "Liberation Day" tariffs, effectively sparking a broad trade war affecting global relations, including with allies like Australia and European nations.

Alex Stamos (11:49):
"This time it's different because European policymakers now totally understand that their businesses run on the American cloud."

Stamos elaborates on Europe's intensified focus on developing independent cloud computing infrastructures. Unlike the previous focus on consumer data privacy (post-Snowden revelations), the current push is driven by the need for competitive independence in cloud services and AI development.

5. Europe's Response: Building Independent Cloud Infrastructure

Gray discusses the European Union's potential shift towards creating its own cloud computing stacks in response to US tariffs and mistrust.

Alex Stamos (17:19):
"European companies are not allowed to use American computers and American companies are not allowed to operate in Europe unless we have fully European compute stacks."

Stamos explains that Europe is considering stringent measures to ensure data sovereignty, which may involve developing or heavily regulating cloud services to comply with European Union Court decisions on data privacy.

6. Potential Models for European Cloud Providers

The conversation explores how Europe might establish its cloud infrastructure without replicating the complexity and security of American giants like AWS, Azure, or Google Cloud.

Alex Stamos (20:04):
"American companies could build European facilities that are okay to the Europeans by having a separation of control."

Stamos suggests joint ventures or partnerships with European tech firms (e.g., Deutsche Telekom, Siemens) to create cloud services that adhere to European regulations while leveraging existing American technologies.

7. Security Implications of Rapid Cloud Development

Gray raises concerns about the security robustness of hastily developed European cloud infrastructures compared to their American counterparts, which have evolved over two decades.

Alex Stamos (21:12):
"European companies will be paying twice as much per minute to use local data centers instead of US-based ones."

Stamos acknowledges that while Europe can develop its cloud services, matching the security and functionality of established American platforms will be challenging, potentially leading to vulnerabilities.

8. CISA's Staff Cuts and Future Role

The discussion turns to the substantial reduction in CISA's workforce, potentially up to a 40% headcount decrease, and its implications for national cybersecurity.

Chris Krebs (29:35):
"CISA as we knew it over the last several years is, at least for the foreseeable future, not a thing as we knew it."

Krebs explains that the Trump administration aims to streamline CISA to focus primarily on serving as the federal CISO for civilian agencies, reducing its broader mission that included public-private partnerships and information sharing, areas he critiques as having been ineffective.

9. Impact on Threat Environment and Chinese Cyber Threats

Gray and his guests analyze how these administrative and policy changes might influence the broader threat landscape, particularly concerning Chinese cyber activities.

Alex Stamos (34:40):
"There's no way she's going to say anything about that. That's like a fundamental problem."

Stamos expresses skepticism about whether European and American tech sectors can maintain integrated services amidst rising political tensions, likening potential separations to the bifurcated offerings seen with platforms like TikTok.

Chris Krebs (39:16):
"Adversaries worldwide are getting more active. We're only plugging more things in. We're only more interdependent."

Krebs emphasizes that increasing cyber interdependence and adversarial activities worldwide mean that cybersecurity threats will continue to escalate, exacerbated by the administrative shifts discussed.

10. Conclusions and Final Thoughts

As the episode wraps up, Krebs and Stamos reflect on the unpredictable nature of the current geopolitical climate and its implications for cybersecurity.

Chris Krebs (42:52):
"I'm actually of the mind that the invasion timeline moved up."

Krebs speculates that geopolitical tensions, such as China’s potential actions towards Taiwan, may be influenced by the altered US cybersecurity and trade policies, though he acknowledges the unpredictability of such events.

Alex Stamos (41:19):
"There's nothing going to be holding back Chinese threat actors."

Stamos concludes that the current policy environment provides little deterrence against aggressive cyber operations from China, stressing the urgency for robust cybersecurity measures.

Patrick Gray (43:21):
"Alex Stamos, Chris Krebs, thank you so much for joining me for another fascinating discussion."

Gray closes the episode by highlighting the critical insights shared, underscoring the complexity of the evolving cybersecurity landscape influenced by political and economic shifts.

Notable Quotes:

Chris Krebs (03:48):
"Everyone works at the direction and discretion of the president."
Alex Stamos (11:49):
"European policymakers now totally understand that their businesses run on the American cloud."
Chris Krebs (29:35):
"CISA as we knew it over the last several years is, at least for the foreseeable future, not a thing as we knew it."
Alex Stamos (34:40):
"There's no way she's going to say anything about that. That's like a fundamental problem."
Chris Krebs (39:16):
"Adversaries worldwide are getting more active. We're only plugging more things in. We're only more interdependent."

Key Takeaways:

Leadership Changes and Policy Shifts: The Trump administration is making significant changes in cybersecurity leadership, potentially signaling a shift towards more offensive cyber strategies and organizational restructuring.
Global Trade War Implications: The US-led tariffs are prompting Europe to consider developing independent cloud infrastructures, raising questions about data sovereignty, security, and the feasibility of competing with established American cloud providers.
CISA's Transformation: Massive staff cuts at CISA aim to streamline its operations, focusing more on serving as the federal CISO for civilian agencies, which may impact national threat visibility and response capabilities.
Heightened Cyber Threats: Increased geopolitical tensions and administrative changes are likely to exacerbate the global cyber threat landscape, with Chinese threat actors remaining a significant concern.
Future Outlook: The evolving intersection of politics, trade, and cybersecurity necessitates ongoing vigilance and adaptation within the industry to address emerging threats and maintain robust security postures.

This summary encapsulates the critical discussions and insights from the "Wide World of Cyber" episode, providing a comprehensive overview for those who have not listened to the podcast.

Loading summary

Transcript75 lines

[00:01]
Patrick Gray
Hey, everyone, Pat Gray here with a pre podcast note. This episode of Wide World of Cyber featuring Alex Thomas and Chris Krebs was recorded a few days ago, which means it was recorded before US President Donald Trump wrote and issued and signed a presidential memorandum instructing the Department of Justice to pursue Chris Krebs over. I don't even know. But I just wanted to put this note here so that people, when listening to this, understand why it's something that doesn't come up in the discussion. And that's because, as I say, this was recorded a couple of days ago. What a difference a couple of days make. Anyway, I'll leave you to the podcast now. I hope you enjoy it. Hi, everyone, and welcome to another edition of the Wide World of Cyber podcast. My name's Patrick Gray. For those who are unfamiliar, the Wide World of Cyber podcast is a podcast that we produce in conjunction with SentinelOne. It is a SentinelOne sponsored podcast. And that's great because we get to talk to our two guests here, Mr. Chris Krebs, the founding director of CISA, who these days serves as. I believe you're the Director of Policy and Intelligence with Sentinel One, is that correct?
[01:23]
Chris Krebs
You got it?
[01:24]
Patrick Gray
I got it. All right. Can finally remember everyone's titles. And we're also joined by Sentinel 1's Chief Security Officer, Mr. Alex Stamos, who is also known for being the former CISO of Facebook and Yahoo, and the Director of the Stanford Internet Observatory. G'day, Alex.
[01:42]
Alex Stamos
Hey, Patrick.
[01:44]
Patrick Gray
Now, we are not recording this at our originally scheduled time, and the story behind that is why we're having to do a do over is actually kind of appropriate for the topic of this conversation because we were all getting ready to record the podcast last time and Alex said, I'll just dip into my office at the Stanford Internet Observatory and set up my microphone. And he was like, got there and he's like, oh, my office is no longer there because of course, the Internet Observatory was defunded. And how did that work? That was the cancellation of a grant or something. How did the Internet Observatory wind up.
[02:19]
Alex Stamos
Going away again, Alex, it's more complicated than that. But yes, the Internet Observatory is no longer. I still teach at Stanford, but I have been relegated to the basement. So all my stuff was in boxes in the basement and I could not record.
[02:33]
Patrick Gray
So, yes, so now he is in a windowless room at Stanford, which wouldn't have made for a particularly attractive backdrop for this conversation. And what we're going to be talking about today is, I guess, the way the Trump administration is changing the world and, you know, the knock on effects that's going to have for technology and cybersecurity. And I guess a good point to begin this conversation is to sort of outlay some of those changes. Right. So we're seeing there are reports coming out of fairly significant layoffs that are going to happen at cisa. We're going to talk about them in a moment. But probably the big news over the last week is that the Trump administration has let go of Tim Hoare and Wendy Noble at nsa. That's the director and deputy director of nsa. Let's start with you, Chris. You know, being a former US Govy, you know, why do you think this has happened? We've seen reports that it was over the reluctance of NSA leadership to switch targeting onto Mexican drug cartels. My sources tell me that that's not accurate, that that's the quote, unquote, Fox News explanation and that really, you know, Horror and Noble were let go just because they weren't, they weren't Trump people. But what's your take here? I'm curious.
[03:49]
Chris Krebs
I mean, let me pick up where you, where you left off and that, you know, whatever, they're not Trump people means any way you cut it in at least the US Government form of management, leadership, whatever you want to call it, you know, everyone works at the, at the direction and the discretion of the president. They say you serve at the pleasure of the president. And you know, traditionally in military roles where you have general or flag officers in these leadership positions, which, by the way, there are still general officers and flag officers that were nominated and confirmed during the Biden administration, that are leading combatant commands and other organizations within the military. They're still there. I think what's different, though, specific to General Hawk is that he was in that dual hat role, that he was the chief of Cyber Command, commanding general of Cyber Command, as well as the director of the nsa. And the director of the NSA is an extremely powerful position. The NSA itself is a significant, you know, portion of the intelligence community, exceedingly powerful, lots of capabilities, resources. And, you know, there's an argument that I have heard that the administration is, is interested in putting a political appointee appointed by President Trump into that NSA director position. Now, of course, there's a bigger issue there, and one that Pat, we talked about in Sydney during the live taping was wither the duel had nature. What is going to happen with this position, the fact that NSA and Cyber Command are currently linked and governed by the same leader? That can be resolved. First, you have to have an administration decision that we want to split. And the second is the Congress has to pass a law that enables that, at least by the book, by statute, that's, that's required. And what we may have seen last week, I guess it was Thursday night, was that first kind of salvo in we're going to get rid of the leadership. We're going to make this determination. And you heard plenty on out of the Trump, you know, adviser camp suggesting it. And then you move on and you make the request up to the Congress and the Congress, you know, by the, again, by the book, passes that legislation and you split them up. Now we can talk about the wisdom of a removing General Hawk, who's an exceedingly capable leader. In fact, I'd probably say he is the one of the first general officers that really, truly grew up in this space. From almost the day he entered into military service, he has been at least in intelligence, but certainly in the signals in cyberspace. And so just extremely capable. I've worked with him in the past and again, I think he was the right leader for that organization. I'm, you know, I feel the same about Joe Hartman, who is the acting NSA director and CyberCom chief. But, but again, this is a distraction. It's a change up in leadership that we don't need right now. We had great stability, particularly at a time when, you know, when you do hear anything cyber out of this administration, it's about cyber offense. Cyber offense. Cyber offense. Well, where do you think that comes from? That tends to be U.S. cyber Command.
[07:26]
Patrick Gray
Yeah. Yeah. So, I mean, I'm not really hearing much, you know, from you in the, in the way of, well, this is the reason they did it. This is the logic. This is the outcome that they're going for here. Look, we've seen a couple of names like, kicked around just in, you know, among people I know in the United States for potential nominees. One would be Ezra Cohen, who's been, you know, floating around Nazi circles for quite a while. The other is Trey Stevens, who I think is, what is he on the board or a co founder of Anduril, the sort of defense contractor?
[07:55]
Chris Krebs
Yeah, he's a founder founders Fund guy. Yep.
[07:57]
Patrick Gray
Yeah, yeah. So linked to Peter Thiel and Elon Musk. But I guess, you know, at the moment we're drawing a bit of a blank on the reason behind this. One thing that you've pointed out several times when we've spoken is that Project 2025 has proved to be somewhat of a policy roadmap for policy and action roadmap for the Trump administration. Does it have anything to say about NSA leadership? Can we draw any lessons from looking at those parts of Project 2025?
[08:23]
Chris Krebs
Yeah, I mean again, you've got the intelligence chapter as well as the defense chapter that say in their own separate ways because again, they're written by different authors. There's not a whole lot of one voice writing throughout that document. So the styles are a little bit different. But yeah, both of them say we got to call the ball here. And I think both of them as well as dating back to the first Trump administration, there was a bias towards separating them. In fact, rumor mill has it that in the last weeks or months of the first Trump administration, there was a memo that was finalized and went up again. That's kind of NATSAC rumor mill inside the Beltway.
[09:06]
Patrick Gray
Well, I mean it was pretty widely reported at the time that those moves were underway. I do remember that.
[09:11]
Chris Krebs
So there's a bias to action, there's a bias to splitting here. I'm frankly a little, I mean honestly I'm a little surprised that it took them till April. I honestly would have expected this to be something particularly again with anything that's come out cyber from this administration thus far in any terms of cyber policy has been on cyber offense. And this is where it happens. You know, again, you know, you're seeing plenty of reasons, you know, dating back to, you know, the fact that General Hawk was, you know, some somehow in the, the General Mark Milley coaching tree, General Nakasone, acolyte, all these things which are apparently chalked up as negatives in, in certain camps that, that are being tied to it. But again, I, I just, I Occam's razor on this one. It's all a prelude to splitting NSA and cyber command for me.
[10:09]
Patrick Gray
Okay, fair enough. I mean, I don't quite understand why you would need to jettison the leadership to do that. But I'm not an expert in the way that the US system works. Alex, I want to bring you in on this now because, you know, while all of this is going on, we've got the, you know, so called Liberation Day tariffs kicking off. And you'll see why I'm bringing them in in a moment. You know, we've basically got the United States launching a trade war on everybody else, on the rest of the world. I mean even my country of Australia with a, with a trade surplus with the United States and no tariffs, is eating a 10% tariff. I don't believe that our government is going to retaliate there. We don't in fact do all that much trade with the United States. But obviously noses are out of joint everywhere. Right. And not just because of the tariffs. There's sort of a bit of a distrust of the current administration in some quarters in Europe in particular. And this has led to more and more policy people increasingly saying that Europe needs its own cloud computing stacks. Now. I was kind of dismissive of this up to about a month ago when I'm just sort of saying, well, look, the. They're committing hundreds of billions of dollars into new defense material. You know, they're going to develop all sorts of new military stuff and they're kicking in, you know, 1 or 2 billion for these sorts of purposes around cloud compute and AI. But I know that this is something that you've been tracking quite closely. You think this time it's different and the Europeans might actually follow through on spinning up, you know, their equivalent of, you know, gcp, Azure and aws. So, you know, walk us through your thinking there. Cause I think that's interesting.
[11:50]
Alex Stamos
I do think it's different this time. I think the last time there's a big blow up like this it was after the Stone disclosures. But in 2013, the big focus of the Europeans was around the social media companies and the consumer apps. So when they were concerned about privacy, they're really concerned about the privacy of consumer data. There was a lot less focus on what it meant for the competitiveness of European businesses and the fact that they were really reliant upon a American kind of cloud compute substrate for them to be competitive for the rest of the world. That has changed. And you know, that is both the rise of cloud computing and the fact that European policymakers now totally understand that their businesses run on the American cloud. But also obviously the rise of AI and AI has made it completely clear if you listen to any EU policymaker, and I think we've gone far enough along. Chris did a little name dropping. I can do some name dropping. So I was in dinner with Emmanuel Macron and he was talking about how far behind France and Europe are in AI. Right. If you listen to any leader of any European country, they will not go more than 10 minutes without talking about the fact that Europe, while having these great universities being the actual birthplace of some of the leaders of the AI field, that those leaders of the AI field, Europeans are doing most of their work in the United States. And so that is something they're incredibly aware of. And they realize that that is both the people are leaving Europe the companies are being formed outside of Europe and the actual compute is happening outside of Europe and that compute is often happening inside the large cloud. And so I do think the Europeans might see this as an opportunity because the United States is, as you said, instead of this being a trade war against China, which is what a lot of people thought this was going to be. Right. I think that was the assumption of a lot of Wall street types going into this, was that maybe we do, you know, the 10% tariffs people kind of expected globally, there's something like that the last time around. But then the really tough tariffs would be reserved for China and then to focus on pushing low cost industries out of China into the Cambodias and the Vietnams and the such, which is what we saw, we've seen under multiple administrations going way back to Obama. Right. Obama visiting Vietnam and such of trying to get America to move to non Chinese supply chains. Going to war against the entire world at once gives the Europeans an opportunity here to maybe make a break. And I think the way they might do that is through the data privacy framework because we're on kind of our third model of how European companies are supposed to be authorized to use American clouds. This is based upon, and not to get into too much of the weeds here, but there's been a, a whole series of court cases, post Snowden disclosures from the European Court of Justice where the European Court of Justice basically said under the European Constitution it is the US does not have adequate safeguards for the privacy of European citizens. You should not be able to utilize American computers to process the data of Europeans. This was a humongous deal. I believe it was like 2015 or something like that when they first did this. It was a humongous deal. When this decision first came down. It's called the Schrems decision after this kind of legal gadfly named Max Schrems. His target was Facebook, but it wasn't really about Facebook. It was really about the United States and American surveillance law. And at the time, all of the other parts of the European government, the European Commission, the European Parliament did not want anything to happen because they knew would be economically disastrous for Europe to be cut off from all American compute facilities. And so the European Commission, European Parliament put together what was first called the safe harbor agreements that fell apart. There was a bunch of other fights. There's a Schrems 2 decision. There's a thing called the EU US Privacy Shield that fell apart. We're now under this thing called the Data Privacy framework, which was agreed to between the EU and the Biden administration that is yet to be tested in the European courts. And so far all of the fine parts have not been worked out. And so it'd be really, really easy for the Europeans basically to let this go because effectively you've got two parts of the three part European government fighting actively to say the US Is good. So all you have to do is the European Commission and European Parliament just have to be like, we're just going to let this one go and let the European Court of Justice kind of grind things out. And the outcome of that would be European companies are not allowed to use American computers and American companies are not allowed to operate American tech companies, they're not allowed to operate in Europe unless we American companies have basically fully European compute stacks. And I think that is, that has become much, much, much more likely in the last week.
[17:19]
Patrick Gray
So it's interesting what you just said because I would have thought the obvious remedy here would be for, you know, Amazon, Google, Microsoft to somehow spin up subsidiaries in Europe that are subject to European laws, regulations and whatnot and just sort of change the way that they structure their businesses to sort of soothe the Europeans a little bit. Right. But everybody I talk to about that says, well, that won't work. And the reasoning is, I think, fascinating because ultimately they're worried about who is controlling these companies, which really reminds me of the US concerns around the control of Chinese companies. So we're coming back to this issue where state leverage on tech firms, which has been something we've worried about with China, is now something the rest of the world is starting to worry about with the United States. I mean, is that, do you see that or am I like wildly off base?
[18:19]
Alex Stamos
No, I think you're totally right. And they already have. Right. So like Microsoft, aws, I'm not sure about Google, but I know aws, for example, their European services are like actually a Luxembourg company.
[18:29]
Patrick Gray
They have European and, and TikTok host everything on Oracle in the United States. But it's not enough. Right. So isn't it strange that it's the sort of same paradigm? Right. It just blows my mind.
[18:39]
Alex Stamos
It's exactly the same. Yes, it exactly same. I mean, and this is, this is really the globalization of the Internet started years ago. What will be interesting to see is whether or to what extent do you have to. Could, could American companies go to make the Europeans happy? Is there a model in which AWS can build European facilities that are okay to the Europeans? I think the answer probably is yes, because realistically, you're not going to have Deutsche Telekom, honestly, build a cloud stack top to bottom that competes with aws.
[19:16]
Patrick Gray
Well, this was going to be my next line of questioning, right? Which is when you look at. So you know, we use DigitalOcean for a bunch of stuff. And the thing that's amazing about DigitalOcean is it's just like time warp AWS from like a decade ago, Right. It's just offering that basic cloud compute, which is what got all of the cloud majors started. But these days, you know, the cloud computing platforms are much more, much more complicated. They've got all of these advanced functions and serverless and ra ra, ra ra, everything as a service. Whereas if you just want to throw down an image, you know, like old school AWS, EC2, you know, you can do that with, with DigitalOcean these days. And I sort of feel like if the Europeans were going to try to reinvent these fabulous, frankly fabulous American cloud platforms, you know, it's, they're not going to be very good, they're just not.
[20:04]
Chris Krebs
Going to be very good.
[20:05]
Alex Stamos
Right. And so. But they would get what they wanted if they had a system in which they forced Amazon to use Deutsche Telecom data centers to utilize European staff and to effectively have a separation of control that employees in the US never have access to that data.
[20:25]
Patrick Gray
So you think that that's workable? You think that that might be the way that this shakes out rather than, yeah, Deutsche Telekom or effectively like a.
[20:32]
Alex Stamos
Or it might be a joint venture. Right. It might be like what the Chinese require, which is for American companies operate in China, you end up with a 51% joint venture that's controlled by the peer. Now, it wouldn't be just like, it wouldn't be the Chinese Communist Party, Right. So it wouldn't be like, you know, the German Labor Party, you know, or the Christian Democrats or whatever. It would be a Deutsche Telekom or, you know, some equivalent orange or somebody. Right. Siemens. But you might see that overseen by.
[20:57]
Patrick Gray
A regulator backed by new laws, blah, blah, blah.
[21:00]
Alex Stamos
So which they have. Yeah.
[21:01]
Patrick Gray
So if you had to guess, that's the way this will shake out as opposed to the Europeans developing their own. I mean, you know, honestly, that's, that's sort of like what I was getting at before. Like why can't they, you know, operate these things a little bit more independently?
[21:13]
Alex Stamos
I think that would, and I think that would meet with their, that would probably meet with the ECJ equivalency discussion because you would have, it would effectively be a European entity that is licensing American technology but is operating it domestically in Europe. And the only thing that's flowing back to the United States is dollars. What that's going to kill though is the American companies like the Googles, the Facebooks, the consumer companies. Because a global product that needs data to flow across borders can't operate that way. The cloud can. Right, because you can have, here's AWS eu. It's just more expensive, they'll just charge you more. And European companies will be pissed because they'll be paying twice as much per minute, whatever, to use French nuclear atoms instead of US electrons to power the virtual machines. But Facebook can't operate that way because an American is supposed to be able to be a Facebook friend of a European. This was always a problem. And I was at Facebook during the first Schrems problem and this is an issue. We literally had this discussion with the French regulators. It was like, how do you expect a German and an American to be friends on Instagram if you don't want the German's data ever to flow to the United States? And they don't have an answer for that. Right. That's like a fundamental problem. Like, do you think consumer services should be able to bridge the Atlantic Ocean? And so if they go this direction, then it would be like the reason like TikTok and China don't work is that TikTok China and TikTok US are actually different products. They are different namespaces. You cannot be a friend. You cannot friend somebody across Douyin and TikTok US. That would be a really sad outcome for my, my Facebook friends in Europe all of a sudden to disappear.
[22:59]
Patrick Gray
Well, yeah, and probably Australia too. Boo. Yeah, we'll just have to chat on signal.
[23:05]
Alex Stamos
I want to record this on signal.
[23:07]
Patrick Gray
Chris. I want to, I want to bring you into this. Like, is this how you think it's all going to shake out as well?
[23:13]
Chris Krebs
I don't know. I'm not, I'm not ready to discount the Europeans ability to seize the moment. I mean, we've talked about it before, but the last time they really had this inflection point was immediately post Snowden. Granted, that was a different set of issues and they responded a little bit differently in going more of the enforcement angle. But I think if you combine the enforcement angle that Alex just walked through with some investment, but it's got to be pan European. You haven't seen from a tech perspective, individual countries really jump up. SAP of course, is, you know, everybody knows SAP, but beyond that, you start getting limited, limited Friction and there has been a lot of, a lot of excitement, whatever that means. And in an EU sense of, of a, of a Euro stack.
[24:07]
Patrick Gray
And I mean, look, let me, let me just inject something in here, given that this is a cybersecurity podcast ostensibly, which is that there's been a lot of hard lessons learned by the major cloud providers in United States over a very long period of time, like something like 20 years. You know, I do worry about the Europeans trying to speed run that process, right. And what that's going to mean for the security of those stacks once they spin them up. I mean, because that is, that is a non trivial effort. Like you could get a, you know, functional, you know, European cloud stack up and running with an API that does most of what you want it to do. But the behind the scenes machinery that keeps that safe is gargantuan. I mean, this could have some security implications. Sure.
[24:56]
Chris Krebs
Oh for sure. And you know, we, you know, we've talked to, and I'm sure you have too, Pat, different European private equity firms that are looking for European champions to invest in and they're kind of few and far between, certainly not on the scale of, of a US Company or an Israeli company. So again, maybe there's an opportunity to cobble something together that's multiple companies or countries rather. But, but again that Euro stack is, it's not just about the cloud, right? I mean this goes down, this goes to the chips and they've got a head start in certain places, asml for instance. But they're going to have to lock down critical minerals, they're going to have to get their arms around. I think they, from a connectivity perspective, they probably have that under control. But then you just kind of build it up from there. So there's a lot of unanswered questions, there's a lot of interest and excitement, but it's going to take political will and commitment that's all circling around the same outcome and pushing towards it. And I just don't know if, if Europe can pull that off right now, if you can get the countries together.
[26:02]
Alex Stamos
But, but I'm going to disagree here, Chris, in that this is the, this is the risk of the United States going to war with everybody at the same time.
[26:09]
Chris Krebs
I, so yes, I agree.
[26:11]
Alex Stamos
They now, they don't, they don't have to compete anymore against. It is now cheaper for European companies to buy Super Micro and other Taiwanese OEMs products. Right. Like this is, like this is a great time if you're, if you're France you're taking a bunch of your money and you're saying, I've got excess nuclear electrical capacity and I have the ability, you know, companies have 0% import tariffs on everything that's made by Quanta Computing and Supermicro and all those boards. Now's your time that you want to build out your data centers in France.
[26:44]
Patrick Gray
Well, and I think also there's, there's carve outs for some semiconductor stuff, particularly from Taiwan. I mean if there's not, there's going.
[26:49]
Alex Stamos
To be, it's only semiconductors. It's not the fully made servers. Right. It's not the fully made boards, it's not the PCBs. You know, like there's, it's not all the stuff that actually goes in the data center.
[26:57]
Patrick Gray
No, I understand, but the Nvidia bits are the important bits and they are going to be exempt because otherwise what you're going to see is like, otherwise, if they weren't going to do that, I'm taking my money, I'm putting it all into real estate investment trusts that do data centers in Canada and Mexico. Right. Because that's where the AI data centers are going to be. But look, I want to, I want to switch focus. Just.
[27:16]
Alex Stamos
Well, no, but it's, it's the, but the manufactured stuff, like you already saw that Nintendo is pausing Switch two because they're like their final manufacturing there is in Cambodia, which they moved it out of China into Cambodia specifically, I think around tariffs because they thought Cambodia was safe.
[27:31]
Chris Krebs
It's paused. I thought they paused pricing.
[27:33]
Alex Stamos
They paused. They paused the pre sales are supposed to start. They paused the pre sales because they haven't set the price.
[27:39]
Chris Krebs
Oh, I know my 15 year old is not happy.
[27:42]
Patrick Gray
Yeah. I just can't see the administration doing anything that's going to slow down the AI data centers being built within the United States. Right. So that's more what I was getting at there.
[27:52]
Chris Krebs
Pat, I know you want to move on, but just one more point here is that don't assume that whatever Europe does is kind of the final shot. Right. There's going to be a lot of action, reaction, so forth. And so how are, how broad can trade war, how broad can tariffs go from breaking up any sort of pivot within Europe to stand up their own tech stacks? Those are the sorts of things I'm sure they're playing out right now.
[28:22]
Patrick Gray
Now look, I just want to move on to another area where there's been change in the United States. And you know, you're the perfect person to speak about this, Chris, because you were the first director of cisa, we are seeing now that there's something like, what is it, 1200, 1300 staff cuts coming down the line. We've already seen a few hundred let go. I think, you know, all told, it's kind of hard to keep track of the numbers here, but I think all told, we're looking at maybe a 40% headcount reduction at CISA. Public reporting suggests that a lot of the capability that CISA is losing is going to be around threat hunt. Now, I think one thing that might not be known widely outside of people who are in this space is that nsa, while it does do threat hunt operations there for the Department of Defense and to a lesser degree the Defence industrial base, like nsa, doesn't do threat hunt at, like the State Department or the Department of Commerce or the Department of Justice. Like that is a SISA thing. Although I see, I see Chris's finger going up there. So I'll let you, I'll let you answer this in full in just a moment. You know, the question was really going to be like, what sort of impact is this? Is, are these staffing cuts likely to have on America's visibility into adversaries targeting, you know, it's civilian government?
[29:36]
Chris Krebs
So I think the way that we should all be looking at it is that the CISA that we knew over the last several years is, at least for the foreseeable future, not a thing as we knew it. And again, if you read Project 2025, if you listen to Secretary Noemi in her confirmation hearing, it was about a streamlined, nimble cisa. And so you might think, what does that mean? I don't even really know what CISA is. Keep in mind, CISA is not just cyber. Right. The second piece of that is infrastructure security. There's a physical security aspect that really dominated the mission of the predecessor organizations of cisa. It was all about chemical security, anti terrorism, securing sporting events and malls and all that stuff. But over time, the budget certainly grew to eclipse the physical side and also on the personnel side, it is predominantly a cybersecurity focused mission. I think what they're trying to do is really streamline the organization down to effectively serve as the federal CISO for civilian agencies. So to provide some of the EDR capabilities, some of, yes, the threat hunting capabilities, some of the Red Team capabilities, the incident response capabilities, but just for federal civilian networks, all the other stuff that is more about public private partnerships, about information sharing with industry, I think that is by what I'm kind of seeing how this playing out. They see that as, hey, this hadn't really worked over the last 15 years. We're getting our butts.
[31:28]
Patrick Gray
I mean, they might. Sorry to cut you off there, Chris, but they might have a point there. Some of the, you know, information sharing.
[31:34]
Chris Krebs
I'm just making the argument.
[31:36]
Patrick Gray
Yeah, yeah, yeah. No, I mean, I'm just saying, like some of that stuff has failed. Right. And you know, we've seen reporting over the years where some of these, you know, threat sharing, you know, exchange programs were set up and really no one was using them. And you know, I've even had DHS officials on the, on the show and they're like, oh yeah, it's going great, little bit bumpy. And then you see they, they'll shutter one of these programs a few weeks later. So, you know, I can, I can certainly understand that there's always going to be places you can cut. But I mean, I was specifically asking about that, you know, that threat sharing, threat hunting function, you know, has that been paired back to your knowledge?
[32:11]
Chris Krebs
I don't know right now. And what you're talking about is this again, 12, 13, 1400, personnel cut back. They just today opened up the deferred resignation program, which is that fork in the road email that went out from Doge earlier in the administration. They opened that back up again for the next week or so. And so they're hoping that people will opt in to leave. And from what I've seen, there is plenty of interest from across a number of different pieces of CISA that are looking for the exit, looking for an off ramp. So I don't know exactly just yet what the real impact is going to be on threat hunting. I do know though that is it a highly capable team, this is the team that has been in there looking for the MSS salt typhoon related actors over the last year. They've been very effective in finding them. They've been pretty good at rooting them out and they haven't leaked, you haven't heard any of this stuff. So I think it's, it's, it's a, it's a capability at a minimum for the federal networks that I hope we're retaining because the threat landscape's not getting any cleaner. And I really don't see a purely offensive strategy, which I'm not saying that's what they're doing, but a super heavy offensive, I don't, I just don't see it knocking the MSS back that much. I don't see it knocking the SVR back That much right now, which is.
[33:39]
Patrick Gray
Why that threat hunt function is important. But this is, this is actually the perfect segue into the last thing that I wanted to talk about with you two today, which is what all of this means. So we're talking about, you know, paring back cisa, changes of leadership and focus at nsa. I believe one thing NSA is being tasked with these days is actually going after Mexican cartels. So there's been, you know, eyes taken off some areas and focused on others, which is entirely within the. Within the purview of the. Of the US President and its and his advisors. But I guess my question is, and now we've got this trade war kicking off. What does all this mean for the threat environment? And specifically, what does it mean for the Chinese threat? Right. Because we've got the United States and China, which have always had, you know, a pretty bumpy relationship, let us say they've been, you know, adversaries. Now we've got all of this stuff kicking off. Alex, you have feelings. Please share them with the group.
[34:40]
Alex Stamos
Yeah. So I mean, the real question is, does this, we've talked about here, that there's been lots of discussion on whether or not China was preparing one way or another for possible invasion of Taiwan in the next five, six years. Does this accelerate that? And I think the answer is possibly in that.
[35:06]
Patrick Gray
One.
[35:07]
Alex Stamos
You just have anger with the US Administration. You have several thousand, I believe, Chinese companies hit the circuit breakers in the Chinese stock exchange. So this is causing massive economic dislocation inside of China. At the same time, a trade war. I don't think anybody wins a trade war. This is going to be bad both inside the United States and inside the prc. And so, you know, you both have the possible economic damage that causes, but also possibly a need for Xi and the CCP to rally the population in that situation. So you might have domestic political needs.
[35:50]
Patrick Gray
I mean, the counterpoint there is that they're dealing with an adversary in Donald Trump who is quite unpredictable, which would be one of the reasons that they may choose to wait.
[36:00]
Alex Stamos
And that would be a reason to wait. Yeah. So, I mean, that would be on the con side for them is that you don't know exactly how he would act. But you also have the US Having alienated our allies in a way that was not true. Right. Both Pacific allies and NATO allies. So the odds of the US Having backup in this situation have gone down a lot. So I think it's hard to judge for a, a big war, certainly. I think there's absolutely nothing going to Be holding back Chinese threat actors. Right. Like there's no way she is going to say anything about, you know, for. I think it is quite possible that we're going to see a lessening of Russian threat just because right now you have the Russians trying to get what they want out of a deal, you know, over Ukraine.
[36:51]
Patrick Gray
Well, the Russians, mind you. I'll just, I'll just inject one thing here, interject with one thing here, which is that with oil below 70 a barrel, the Russians are in a world of hurt right now. Like it's. If you can think of a silver lining to this whole thing, which obviously, you know, viewers can probably tell and listeners can probably tell. I don't think tariffs are great personally. But if there is a silver lining, it's that Russia is going to be in a very tricky position if these oil prices continue.
[37:16]
Alex Stamos
I mean, you have to look hard for a silver lining. People are like, oh look, interest rates are down, like mortgages are cheaper because the economy's crashing and therefore interest rates are down. But okay, sure.
[37:24]
Patrick Gray
Well my joke about that was when people are talking about these better interest rates, it's like sort of cutting off your feet so you don't have to cut your toenails anymore. It's just not. You've solved a problem, sure, but you kind of have a new set of problems. But go on with what you were saying about the threat.
[37:42]
Alex Stamos
Yeah, so I think it's very hard, like you said, on both sides. You could see arguments for what could possibly happen over Taiwan. But for actual cyber, for non Taiwan related cyber action, I would expect that there should be very little limit on Chinese activity.
[38:02]
Patrick Gray
But is there much of a limit now? I mean it seems like they're pretty, no holes barred. I mean, I think they're only constrained by their capacity. We've got the MSS hacking into, you know, civilian arms of the, of the US Federal government, probably military as well. You know, they're doing all sorts of operations targeting companies still like they're everywhere. So. So, you know, aren't they just constrained by their capacity? Does this actually change anything?
[38:25]
Alex Stamos
What we have not seen is we haven't seen intentionally damaging attacks. So I think one question, one change that we should be looking for is to see whether or not they start to raise the pressure by utilizing some of these mechanisms. Like we know they've had access to critical infrastructure and we have yet to see that access to critical infrastructure utilized to cause actual damage. So that's one thing we should be watching for.
[38:51]
Patrick Gray
And who am I to disagree with you, but I don't see it. And the reason I don't see it is because that would be an escalation. And if there's one thing that this administration does not mind doing, it's exercising state power in ways that defy norms. You know, and I would expect that if you saw the Chinese pull the trigger on a destructive cyber attack, you would. They would get it back tenfold. Chris, I want to get your thoughts on that. Where do you sit on all of this?
[39:16]
Chris Krebs
I'm actually of the mind that the invasion timeline moved up. I think they see an increasingly populist and isolationist base of support for the administration that effectively is what got the president, at least a large contingent of his voting base is very much about no more foreign wars, about getting, you know, cutting off support to Ukraine and that. That same vein is, is pushing for cutting off support to Taiwan at this, you know, a little bit of a, of a contradiction, though. You do have a Pentagon that is focused on pivoting the entire military might from a deterrence perspective to, to the Pacific. So I, I don't know. I mean, I just, I've got, I've always been conflicted about whether they really do it just because I think the, the economic impact, the trade impact would be devastating. But hey, if a trigger has been already been pulled on kind of global economic devastation, and you kind of are picking up enough of the reading, enough of the tea leaves to say, hey, maybe there's not a whole lot of political support for Taiwan, which I don't think really there is, based on my conversations over the last several years of running mock war games and invasion drills. You know, you get to, you know, kinetic things flying, and just like that, political will evaporates. Because body bags, you know, 20,000 body bags of American service members showing up is not something that anybody wants to entertain right now, particularly for an island over there.
[40:58]
Alex Stamos
I think there's less economic damage for the Chinese now because the odds of the rest of the world following the US Into a boycott of China is extremely low. Right. You're not going to see even Pacific allies, and especially not Europe cut off both. If the US Is cutting off Europe, they're not going to also cut themselves off from China.
[41:19]
Patrick Gray
So let me just pick you up there, Chris, on the cyber component of this, do you agree with Alex that we might see, you know, more aggressive operations from the Chinese, including destructive attacks? Because that's the part where I'm like, I don't quite see it.
[41:33]
Chris Krebs
That's the theory behind everything the PLA was doing with Volt Typhoon. Now, again, you know, there are circuit breakers involved that the Chinese could say, hey, we're not going to do this if you guys just stay out of it. Otherwise, we gotcha. This is the whole holding at risk conversation. So they're always going to be off ramps there. They let us do our thing. Stay out of it. We won't come after you if you don't come after us. I think the bigger issue here, though, is adversaries worldwide are getting more active. Cyber offensive operations are getting baked more and more into military doctrine and strategies. We're only plugging more things in. We're only more interdependent. We only, you know, it's becoming more complicated and everyone's actually forgetting how all this shit got kind of stitched together. So I just see a lot more pain in the future. And it's going to keep pods like this busy. We're going to be wrong about a lot of stuff. We're going to be right about a lot of stuff. But these conversations aren't going away anytime soon.
[42:45]
Patrick Gray
That's Mr. Chris Bucket of Puppies. Sunshine crabs right there.
[42:51]
Chris Krebs
Catastrophic crabs. Yep.
[42:53]
Patrick Gray
Catastrophic crabs are rounding out this edition of Wide World of Cyber. I got to be honest, too. I think, you know, if Taiwan's gonna happen, I think the time it will happen is around the inauguration of the next US president in January 2029. I think that is. That is gonna be the time personally. But. Alex Stamos, Chris Krebs, thank you so much for joining me for another fascinating discussion here on the Wide World of Cyber podcast at Risky Business. Thank you.
[43:21]
Alex Stamos
Thanks, Andrew.
[43:22]
Chris Krebs
Thanks, guys.