Randy Quarrels, Adam Aisles, Randy Quarrel discussed on Balance of Power
Banking Committee Chairman Sherrod Brown on whether vice chairman Randy Quarrels should step down at the end of his term in October. Plus I get his views on Fed policy. I think the feds concerned about inflation. Most of the Fed members think it's transitory that the pent up demand and so many things from housing to other things. It means that there will be temporary, maybe short term but not long, long term price increases. But first this week, we learned of yet another computer hack originating from Russia, this one on the Republican National Committee coming on the heels of that massive hack of Casillas software that may have hit some 1500 companies for an update on what we You know, and what could come next? I talked to Adam Aisles, head of the cyber practice at Chertoff Group. First of all, it's not surprising that we would see you know an attempt by a state actor to compromise or organization like the Republican National Committee, right. I mean, it's kind of a classic. Espionage target. You know, the news reporting focuses on SVR, You know, which is, you know, one Foreign Intelligence agency within the Russian Federation. There was reporting last week that the G R U is conducting kind of a. You know what's known as a Global brute force campaign, so So the idea that someone was trying to access the RNC, I don't think is surprising. What the What we understand in terms of actual facts is, you know there's been a comment that your NC's it vendor had potentially been compromised, but the RNC itself has said You know that No data has been accessed at least as so far as they know what's the common thread here in the comments right here is the technology supply chain. Right and what we're seeing rate you know whether we're focused on RNC or say rate is a variety of threat actors using a weaknesses in the technology supply chain. Basically stepping stones into their ultimate targets. So was that version also what we saw on solar winds going all the way back to solar winds? That was that was a supply chain issue as well. Was it not absolutely absolutely. Solar winds was essentially used as a stepping stone into you know the ultimate targets of the SVR. Um it's solar wind is slightly different than in cassia in the sense that solar winds Involved Actually, a compromise of the code, Right? You know, software code had malware inserted into it. Whereas in the case of to say, as far as we know, it appears, though, there was a vulnerability that was exploited that essentially allowed the threat actors to stand in the shoes of a legitimate user. I mean, in both cases, we're talking about the software. Being used, You know, essentially as a puppeteer by threat actors to accomplish their objectives. Explain if you could manage service providers because one thing I read suggested that part of it is the structure of the way. An entity controls a lot of different computer systems. Yeah, I mean, you know, we talk about puppeteers. We managed service providers writer commonly used across sectors to outsource the operation. Maintenance of networks of storage of Laptops, desktops and another. It functions and so in a sense, um you know they're a they're kind of a common pathway into many different companies. And they're you know they're used for efficiency for cost savings. And for greater it effectiveness purposes by large and small companies will like. Is there any way to change that structure to defend without fundamentally changing the way we get our I T services. Well, look, I think this involves looking, you know, taking a threat and form defense approach. Um, you know, both within the suppliers of technology and within the buyers of it, so from the suppliers perspective You know, as we look at Cassie and others, you know whether the kind of a hero than this is, you know, the Dutch Institute of Vulnerability Disclosure Right, which had been actually identified the vulnerability to issue and was was working with cassette to try and address it. Unfortunately, they weren't successful in dealing with it before the attack a crew but you they've they've warned, and, you know, more and more of the products. You know they're supposed to be keeping network safe and secure showing structural weaknesses. So from the supplier perspective, right? We need more focused around what is good software Lifecycle security look like From a buyer perspective. You know, we need to assume this is not stuff that changes overnight. We need to assume, you know, risk in in the technology we're buying and a player an approach that says You know what? At some point, we could have a machine that's compromised. What then? What is a defensive strategy look like that says, you know, let's work to make sure that if a machine is compromised, it doesn't you know kind of lead to a takedown of the entire network. Is there any prospect realistic prospect of trying to cut this off at the source and assuming for the moment that these did originate from Russia, and there's just been too many reports that they have for me not to believe that's the likely answer. We talked with the Russian ambassador. Antonov on balance power, and he said, Don't know what if we figure out where this comes from, will help you shut it down. We want to do this in a bilateral way. Is that sincere? Or could this be? Who was it? That said that war is the art of diplomacy by other means. Is it possible? This is a way of getting leverage in the United States for other things that Russia might want. Well, look, I'm not a Russia expert. But when I talked to colleagues of mine here that are I mean, you know, the timing here is remarkable, right? I mean, President Biden, you know, hands, you know, list of, you know, critical infrastructure sectors They're supposed to be, you know, off limits. And you know, and you know what we're seeing here right is, um you know a compromise. It's impacting shopping malls in schools and organizations that are decidedly not critical infrastructure. I don't know that there is an exact cause and effect, But I don't think that Russia is yet shedding any tears that we're seeing an impact. You know, in the United States and across our allies, So, um, you know The challenge, of course, is that threat actors even assuming that they're not directly controlled by by the Russian government, operating with level of impunity, and and something needs to change. To make that stop well and as President Biden, if not put down a red line, at least put down a marker that has to deliver on now, with President Putin. Having having delivered that message does he have to follow through? Yes, In a word. Um, because otherwise you're sending a message that we're not serious about our red lines. So what are his options right now? Well, his options would be, um, you know, certainly there have been, you know, sanctions already leveled. Um and and you know those those you know, continue to be there. Um, Beyond that you have on offensive cyber capabilities, thanks to Adam miles of the Chertoff group Still to come this hour, the three days in August 50 years ago that changed the world of finance. And commerce with Jeffrey Garden of the Yale School of Management and my exclusive wide ranging interview with Senate Banking Committee Chairman Sherrod Brown on his views of Fed policy, and whether vice chairman Randy Quarrel should step down at the end of his term in October. But first President Trump sues social media firms for keeping him from his audience. Our case Will prove this censorship is unlawful. It's unconstitutional and it's completely un American. That's next. You're listening to balance of power on Bloomberg Radio. This is Bloomberg..