EXCLUSIVE: Google's President of Global Affairs on AI, Cyber Attacks and Silicon Valley - The Rest Is Classified

Summary5 min read

Episode Overview

Theme:
This special bonus episode of "The Rest Is Classified," hosted by Gordon Corera in Google's London HQ, offers an insider look at the intersection of big tech, cybersecurity, and global affairs. The featured guest is Kent Walker, President of Global Affairs at Alphabet (Google's parent company). The conversation delves into Google's response to major cyber attacks, particularly Operation Aurora, the evolution of cyber defense, the company’s fraught relationship with China, and reflections on the early days of hacking.

Key Discussion Points and Insights

1. Operation Aurora: A Defining Moment for Google

Timestamps: 01:31 – 03:25

Google’s Reaction:
Kent Walker recounts the intensity of the response to Operation Aurora, the major China-linked breach in 2009-2010.
- Quote:
  “We went on 24/7 round the clock focus on this... Senior management was there, Sergey Brin, others were very focused on understanding this in a deep way. And it also then set the framework for a lot of our cybersecurity work for the decade to come.”
  — Kent Walker, [01:36]
Long-term Impact:
Aurora catalyzed a transformation in Google’s approach to cybersecurity, emphasizing a shift from traditional perimeter defenses (“crunchy on the outside, chewy in the middle”) to layered, “zero trust” models.
- Quote:
  “Even in an open environment like the Internet, you can still have defense in depth. You can have what's called zero trust... you have to validate who you are at every step of the process.”
  — Kent Walker, [02:42]

2. The Bold Decision to Go Public About Being Hacked

Timestamps: 03:25 – 04:21

Breaking Industry Norms:
Google was among the first major tech companies to publicly acknowledge a breach and attribute it to nation-state actors, a move rarely seen at that time.
- Quote:
  “One of the challenges we had was getting companies to go public... Security is a team sport; we're all only as secure as the least secure vendor or the person in your ecosystem.”
  — Kent Walker, [03:37]
Industry-Wide Alert:
Google’s disclosure helped alert scores of other companies involved in the same campaign.

3. Pulling Out of China: The Aftermath of Aurora

Timestamps: 04:21 – 04:52

China Exit Decision:
The combination of cyber intrusions and censorship issues led to Google relocating its consumer services outside the Chinese firewall, fundamentally altering its presence in the Chinese market.
- Quote:
  “We had for years been engaged with China and had made the decision ultimately as a result of this, to move our consumer oriented products outside of the Chinese firewall.”
  — Kent Walker, [04:24]
- Continued Business:
  Google’s advertising business continues in China, but its major services remain closed off to Chinese consumers.

4. Kent Walker’s Early Career and the Birth of Cybersecurity

Timestamps: 04:52 – 06:38

Tech-Crime Prosecution:
As a former federal prosecutor in Silicon Valley, Walker helped launch one of the earliest U.S. High Tech Crime Task Forces in the 1980s-90s, focusing on cases ranging from floppy disk piracy to high-profile hackers like Kevin Mitnick.
- Quote:
  “Even the sound comes across as, you know, 1980s, 1990s vintage. We were at that time looking at things like the hacking of software, which was back on disks, or in the counterfeiting of some of these materials.”
  — Kent Walker, [04:58]
The Early Hacker Era:
Anecdotes include exploits by Kevin Mitnick, the notorious phone phreaks, and the famous incident that crashed "America’s Most Wanted" tip hotline:
- “When they did an episode about Kevin Mitnick, for the first and only time in the history of the show, the toll free line went dead for three hours.” — Kent Walker, [06:27]
Move from Playful Mischief to Real Crime:
The conversation draws a line from the technically clever, often mischievous early exploits to the more serious criminal and privacy-violating hacks of today.

Notable Quotes & Memorable Moments

On the Intensity of Operation Aurora:
“We went on 24/7 round the clock focus on this... Senior management was there, Sergey Brin, others were very focused on understanding this in a deep way.”
— Kent Walker, [01:36]
On Shifting Cybersecurity Paradigms:
“Back in the day, the notion was we were crunchy on the outside, chewy in the middle... We've learned that even in an open environment like the Internet, you can still have defense in depth.”
— Kent Walker, [02:24]
On Transparency in Security:
“Security is a team sport; we're all only as secure as the least secure vendor or the person in your ecosystem.”
— Kent Walker, [03:40]
On Early Hacking Culture:
“America back in the day had a show called America's Most Wanted... When they did an episode about Kevin Mitnick, for the first and only time in the history of the show, the toll free line went dead for three hours.”
— Kent Walker, [06:25]

Important Timestamps

00:26 — Episode intro; Gordon Corera sets the stage from Google London HQ.
01:31 — Kent Walker recounts the Aurora hack and Google’s response.
02:24 — Discussion of the evolution in Google’s cyber defense post-Aurora.
03:37 — Disclosure decision and the challenge of industry-wide transparency.
04:24 — Kent Walker on Google’s exit from China.
04:58 – 06:38 — Walker’s reflections on early cybersecurity cases and hacker folklore.

Tone and Style

The conversation is candid, insightful, and occasionally laced with dry humor. Gordon Corera’s questions and asides bring in levity (“I've walked past a Dalek on my way in...”), while Kent Walker mixes technical authority with storytelling, making the world of cyber-espionage accessible to both experts and lay audiences.

Summary

This episode offers a rare view from inside a major corporation grappling with state-sponsored hacking and the ethical dilemmas of transparency. Guided by Kent Walker’s unique vantage point—as both a senior tech executive and former prosecutor—it covers the real-life dramas behind the headlines, the evolution of cybersecurity, and the ongoing struggle for digital security and openness in an era of global cyber conflict.

Loading summary

Transcript25 lines

[00:04]
A
For exclusive interviews, bonus episodes, ad free listening, early access to series first look at live show tickets, a weekly newsletter and discounted books. Join the Declassified club@therestisclassified.com.
[00:26]
B
Okay, welcome everybody. Welcome club members to this bonus episode. No David here this time. It's far too busy promoting his new book in America, the Persian. Not sure if he's mentioned he's had a book coming out, but there we go. Actually, that's not the real reason he's not here. We're doing something a bit different anyway, this episode. Hopefully you've heard the two part series we've just done this week on the events around Aurora, the cyber hack of Google linked to China back in 2009, 2010. Well, I'm actually currently in Google's London headquarters. I've walked past a Dalek on my way in from the Doctor who series, which is very impressive, as well as some other kind of features which tell you you're in a tech company. I think I'm in a room called Beachroot as well, which is a kind of interesting name. But most importantly with me is Kent Walker, who's president of Global affairs at Alphabet, which is now of course the parent company of Google. Welcome, Kent.
[01:15]
A
Delighted to be with you and thanks.
[01:16]
B
For taking the time to talk to us about the kind of, not just what happened in the past, but the world we're in today. Some of the security issues, including around AI and things like that and how they look from a big tech company. Now. Kent, you started Google back in 2006.
[01:30]
A
That's right.
[01:32]
B
So you were there when Aurora happened. What do you remember of it? Was it a big deal at the time?
[01:37]
A
It was indeed. We went on 247 round the clock focus on this. It was a building that was really just concentrated on identifying exactly what was happening and getting on top of it and then ultimately warning other companies that had also been affected. Senior management was there, Sergey Brin, others were very focused on understanding this in a deep way. And it also then set the framework for a lot of our cybersecurity work for the day decade to come. We really pivoted in a pretty dramatic way, recognizing that the Internet has incredible possibilities but also vulnerabilities and you need to be on the lookout because at.
[02:10]
B
That time, I guess it sounds as if Google had experienced obviously, you know, hackers trying to get into the company and things like that before, but nothing quite of that scale or sophistication.
[02:20]
A
That's right. I mean, as a large website, we take pride in the fact that today we keep more people safe than any other company in the world. That's in part because of our experience of being hacked as much as any company in the world. Or at least people have temptations to hack our services, they attack us. We have derived from Aurora and from other learnings a whole shift in the way we go at cyber defense. It's no longer. Back in the day, the notion was we were crunchy on the outside, chewy in the middle. Once you got, what does that mean? Once you got over the high outside wall, there was a lot of access internally because engineers wanted to have access to lots of different code repositories and the like. We've learned that even in an open environment like the Internet, you can still have defense in depth. You can have what's called zero trust approach approaches to security where you have to validate who you are at every step of the process. Now the key of course, is to do that easily with a touch of a button or a fingertip. So that's not burdensome for people working through the system. But as a result of that, we think we offer remarkable levels of security across the cloud, across the Internet, while maintaining this openness.
[03:26]
B
And just back on Aurora, the decision to go public was that a kind of difficult decision because at that time very few companies went public about being hacked. And actually Google was saying, we've been hacked and we're going to point the finger.
[03:37]
A
So I, I had been a federal prosecutor in the United States specializing in technology crime. And one of the challenges we had was getting companies to go public from their perspective. They didn't want to publicize their vulnerabilities, they didn't want to let the outside world know that they had had an incident. So it was a little bit like pulling teeth. We wanted to remind people that security is a team sport, that we're all only as secure as the least secure vendor or the person in your ecosystem. So when we discovered that had been scores of other companies that had infiltrated.
[04:09]
B
As part of the same campaign, part.
[04:10]
A
Of the same campaign, government actors, commercial actors, etc. We felt a little bit of an obligation to notify them, to work with their security teams and to publicly disclose that we had been hacked.
[04:22]
B
And it did lead to Google effectively pulling out of China at that time.
[04:24]
A
There were challenges around that because we had for years been engaged with China and had made the decision ultimately as a result of this, to move our consumer oriented products outside of the Chinese firewall.
[04:37]
B
Because some of the issues of censorship were just Too difficult.
[04:39]
A
It was a constellation of issues around cybersecurity, censorship, et cetera. But we continue to operate our advertising business in China and think we operate and have a very secure system outside of China, serving the rest of the world.
[04:53]
B
So you said you started as a prosecutor. Early days of cybersecurity, I guess. Was it even called cybersecurity?
[04:59]
A
I grew up in the Silicon Valley. I was working in the San Francisco Federal Prosecutor's Office. I and a fellow down in the San Jose office co founded what was called the High Tech Crime Task Force. Even the sound comes across as, you know, 1980s, 1990s vintage. We were at that time looking at things like the hacking of software, which was back on disks, or in the counterfeiting of some of these materials. But we also had cases like Kevin Mitnick, who was very famous hacker. He was well known for a number of different exploits. This was slightly after the days of phone freaking where people were using codes and whistles to be able to make phone calls anywhere in the world. And they had graduated to doing things like being able to access government databases, California's Department of Motor Vehicles to find out information about people. Or being the 103rd caller to a radio call in show where the 103rd caller won a prize by diverting the first 102 calls.
[05:56]
B
Nice. That's quite clever.
[05:57]
A
It was quite clever.
[05:57]
B
This is the world of kind of war games. I'm imagining this is kind of 80s 90s kind of bedroom hackers playing games.
[06:03]
A
Yes, well, although there were some serious and, and, and real criminal attributes here. Because there was a theft of intellectual property, there was unauthorized access to online communities and the like. America back in the day had a show called America's Most Wanted. Profiles of criminals who had done a variety of different things. At the end of the show, they would run a toll free call in line for three hours. When they did an episode about Kevin Mitnick, for the first and only time in the history of the show, the toll free line went dead for three hours.
[06:34]
B
So he took down the. Well, you assume so. Y a good guess.
[06:38]
A
You never know.