Tom Garrison: [00:15:47] You know, one of the things that’s being talked about now is, uh, infrastructure and this whole big infrastructure bill that’s working its way through Congress, I guess. And it strikes me that very few members of Congress are themselves sort of experts in technology. And yet we all like your, your example in healthcare, we consume healthcare, but we’re not really experts in healthcare, same with transportation and infrastructure. Um, and so how do you see this infrastructure when, and if it ever passes, um, actually moving us into the 21st century, as opposed to just replacing the, the, the infrastructure has worn out over the last three, four, five decades.
Will Hurd: [00:16:37] Yeah. So it’s hard is it has been, been increasingly hard for Congress to think about more than just the current two year cycle that they’re in. And so how do we get into a 21st century? One we have to all have come to some kind of shared accepted vision. And for the last six years, I was saying that infrastructure had to be more than just bridges, roads, locks, and dams. You need a digital infrastructure. The coronavirus pandemic made us realize that.
When you look at, um, some, some basics like, uh, you know, everybody talks about the digital divide. Well, the digital divide, I think has three elements to it. You got to have devices. Okay. You got to have that thing that, that you’re using. You got to have connectivity, right? That thing has to be able to connect to the internet in some form or fashion. And then the third piece is you have to know how to use that thing if it’s connected. Right. And so all three elements, um, are equally important.
Now, I believe it was the FCC did a study where they tried to figure out how many people actually weren’t connected and have high-speed internet access. I think they found it was, it was close to 30 million. Um, but I believe it was Microsoft that did a more robust study and found it as potentially like up 130 million. Almost a third of our country, not having access to high-speed internet.
Now the debate is happening in Congress right now about what is infrastructure. And everybody agrees, bridges, roads, locks, dams. Okay. That’s what most people would say. this digital stuff is there. In a number of the coronavirus packages uh, we passed a modernization fund to help the States improve digital infrastructure within their States. Um, one of the things that was passing the last National Defense Authorization Act it was this thing called the CHIPS Act. The CHIPS Act basically says we need to double down on the semiconductor industry and make sure that we have a indigenous to the United States of America, uh, capability. Now I would add indigenous to North America. Right? I think there’s some opportunities we can take advantage of with our partners in Canada and Mexico. We’re lucky to have Canada and Mexico as, as neighbors. And that’s the ultimate infrastructure, right? Because none of our devices would work if it wasn’t for a semiconductor, right. And the fact that a lot of it, you know, especially with under the 10 nanometers is done outside the United States.
Um, so how do you help and facilitate that kind of growth to ensure that you have all those kinds of factors of production in involved? Now the current problem. The current problem is a president of Biden and the Democrats in the House–and I’m not trying to get political here I’m just, I’m just making some, some, some statements I think everybody would agree with–are trying to turn infrastructure even broader right there. They’re taking it even broader than infrastructure. Like. The, um, you know, healthcare facilities that we have should that be considered infrastructure. And so the debate is going to be on what is infrastructure, and then of course, how do you, how do you pay for it? And there’s going to have to be some, some tough decisions on that.
Tom Garrison: [00:20:03] You know, I agree with all that, like what’s in the basket? You know, you can, you can argue about what is, is that infrastructure or not? Is that part of the basket or not? And then there’s a second element, which is once you even sort of agree, what’s in the basket, for example, What about IOT devices–Internet of Things device–and smart cities. Where is the vision for what is [00:20:30] in a smart city? And how do you get that sort of, uh, vision agreed to by obviously by Congress and then who know the people that are going to implement those visions?
I wonder if you can speak to that.
Will Hurd: [00:21:02] Well, you don’t want Congress making the decision on what’s going to be built. Right. You know, you, you, you want to say that, “Hey, um, the federal government has a role in interstate commerce and making sure that we’re transforming our society so that we can continue to provide for the general welfare of the American people. And that federal dollars are going to be allowed for certain things that, um, improve interstate commerce too include digital infrastructure” and then you leave it up for the States and the cities to decide what that is.
Like micro transit is something that would be valuable in, in some cities. Right. And how do you use your bus system to be a little bit more efficient and picking people up and decreasing wait times, getting people to work right? Or a small rural community that doesn’t have the last mile problem when it comes to, uh, providing internet access to somebody’s house that the school district could potentially play a role in solving that potential problem. Right. And potentially having access to federal funds to do that.
So the, the great thing about the system is, and what’s also frustrating about it. No, one’s going to be able to make a plan for the entire country, right? It’s impossible. Um, but saying. “We have to have digital transformation. Here is a here’s some federal dollars to be able to do it. These federal dollars can be used for these 15 things. Go!” That’s what you want right now. It does take some understanding of what the ultimate technology is going to be in order to conceptualize the importance of the federal role plays in that, in that process. Right.
Camille Morhardt: [ You represented a district that had many, many miles, uh, along the Mexico border. And I’m curious about your perspective on the intersection between cyber security and kind of classic border security.
Will Hurd: [00:23:22] When I look at, uh, cyber security and border security, it is, it is the ability to manipulate data that is trying to be used to catch bad people from coming into our country. And so, so, um, I I’ve always said, um, the only way you’re going to secure our borders is use of technology and manpower, and then also, uh, streamlining our legal immigration. Right.
And so if you’re using technology, um, and you’re using some kinds of, of monitoring capability, uh, you gotta have to make sure that adversarial AI is not being used in order to defeat those sensors. Right. You know, you always have a sensor. And then there’s always a potential defeat for that sensor. So how do you defeat the defeat? Right. And, and, and that is why you have to have this constant defense and depth mentality. Not only into your digital infrastructure, but to your physical infrastructure as well. So, um, that’s, that’s not a pure cyber security issue, but when you look at, um, could you manipulate the information to where I walk through it, let’s say I’m on a no-fly list. Right. And you know, you have all my, you know, my biometrics. I would able to get into your system and change my biometrics. You allow me to get through. Right. And that’s another thing that we’re going to have to prepare for, the ability to corrupt the data–to allow somebody to do something. I think that’s an area that when you start seeing our adversaries get more sophisticated, that we’re going to have to be, be mindful of.
Camille Morhardt: [00:24:57] Are you feeling like everything that we’re doing in the United States is intersecting with cyber security. Now, everything from the forefront of manufacturing to border security, to all of technology, if we’re going to implement Artificial Intelligence?
Will Hurd: [00:25:15] for sure, in an increasingly connected world, you increase your surface area of attack. And, and so Tom, you had mentioned IOT, right? We know that the IOT environment we’re already in is probably more corruptible than our digital infrastructure, we didn’t learn the lessons from the development of the internet to bake in security. We’re not doing that in, in IOT, which is sad. And so in that increasingly connected world, there’s more points of failure and more points of attack for attacker to get information right.
Tom Garrison: [00:26:50] Extending where, uh, Camille was going. You know, if you think about your background within CIA as an example, uh, and national security, national security work that you did, I’m curious, you know what I think about attacks, especially from foreign entities and I think of attacks, I think of a couple of different motivations. One would be to just disrupt. You’re just creating mayhem. Uh, the, the second would be to steal. You know, so-and-so has some plans. You want those plans because they’re ahead of you. And so you attempt to steal them. And then potentially just taking advantage of the situation and figuring out a way to make money.
Is that sort of the right way to think about it? Are there other, other motivations as well? And then second of all, if you could just walk through some of the prototypical countries that are following some of these motivations.
Will Hurd: [00:27:50] Sure. So, so your, your, the way you broke those down. Yeah. those are accurate. Um, and, and so, so who are the people we have to worry about? So at the top of the stack, let’s call it the apex predators, right of, of the digital world–Chinese government, Russia. Around North Korea. They’re on the top because they have the technical sophistication and they have the willingness to use those tools, um, and deal with the consequences. Right? So that’s one.
Now you can also put incredibly sophisticated and talented our, you know, our, our 5I partners, uh, the UK Australia, uh, New Zealand, France, you know, India is pretty sophisticated, right? They are not going to hack us, or they’re not going to be government sponsors hacking of, of the United States. So you take your allies out.
Then you have countries like Pakistan, Pakistan has capabilities and limited ability, and most of their activity is probably focused on, on India, Iran, China. And so, but then you have, you know, criminal groups, a lot of them may be moonlighting with these that do work for these other governments. Um, you have just random people–punk kids, I call them– that, you know–script kitties is another name for them–that do things in order to be in order to be malicious. But, but you know, they’re going to try to. Steal information and more criminal activity.
So the criminal activity is significant and it’s not even just pure digital. It’s, it’s the number of, of spoof robocalls that are happening in defrauding Americans alone is it’s like a couple of billion a year, so you still have that. But the super sophisticated people that can do the SolarWinds kind of attack that can do that micro, that recent Microsoft Exchange issue. Um, it’s, it’s a handful of people that you have to, to defend from.
But we have to stop thinking about the previous wars, right. And we gotta be prepared for the wars of the future. And I remember so 2007. There was a thing called the, um, the bronze soldier, the bronze soldier and Estonia. It was a statue that the Russians built to put Tallinn, which is the capital of Estonia. And the Estonians were going to move it to the outskirts of town because to Estonians the bronze soldier–which was a Russian soldier–was offensive because it was showing how the Russians had kind of invaded their country and took over their independence. Right. But the, the ethnic Russians that lived there saw it as a, as a thing of pride. There were riots, stuff like that. The Russians government took advantage of this and basically brought the Estonian government to its knees. It couldn’t issue checks. People can get into their bank accounts, right? Like every element of society was, was impacted for multiple days.
Because of that, it made Estonia make a decision. Everything they do now is digital, right? They’re like government, I think there’s only two, one or two things they can’t do. If you’re unmarried, you have to get like the birth certificate of your child in person. That’s like the only like one or two things that you can’t do online. But they were able to defend themselves. Oh. And by the way, their next sort of Russia, Russia is a physical threat. They were a digital threat they were able to defend.
But my point in telling that story is two months after that event, “Die Hard 4” came out. This was the movie with, uh, where there was the fire sale. Right. It was like the financial industry, the transportation, everything comes out and people like, “Oh, that can’t happen. That’s never going to happen. That’s so far fetched.” What are you talking about? It freaking happen two months ago, right? And then, “Oh, you, you can’t impact a grid. You know, somebody can’t, they are digital attack can’t take down the grid.” Russians did in 2014 and Ukraine, right? My point is we have to be prepared for future scenarios as well. Not just, uh, not just the things of the past.
Tom Garrison: [00:32:22] The frustration that I find is that people sort of deny almost like what you were saying, right? Well, “people, you can’t do this. They can’t do that.” It happens it’s happening now. This is not a theoretical threat.
So if you are working at a company and you’re not doing everything you can from protecting your data and making sure that your machines are updated and you’ve got the latest, you know, uh, updates on your, on your, uh, firmware drivers or whatever it happens to be, to protect against threats, then you’re just inviting disaster and, and yeah, I don’t know. It’s, it’s sort of flabbergasted.
Will Hurd: [00:33:00] The fact that people still click on stuff from people they don’t know. Like to me, it’s just guess what? “You didn’t buy that thing. Okay. You know, you didn’t buy that thing and you’re getting the digital receipt sent to you. Don’t click on it. Okay. It is, somebody is like, like somebody is trying to impact you. If you worry about that, go to your bank and see if that charge was actually put on it. But don’t click on that thing, that it was sending your email and it was sent to your work email to boot, right? Like, come on. Y’all, you know, you’re better than that.”
Camille Morhardt: [00:33:30] But you’re also bringing up this very serious issue of critical infrastructure and how it’s kind of interwoven with the cyber world these days. And we have to be very careful. I would assume that’s not just at the protection level of today, an operation, but in the building and in the producing and the creating of the supply chain of anything that we’re building now, uh, we should be pretty conscious of, because probably when a lot of our initial infrastructure was built, that we’re still living with, it was all coming from known sources. And I don’t know that that’s the case today. I don’t know that we have all those protections in place in every scenario.
Will Hurd: [00:34:13] And then we, we, we don’t, and, and, and what’s even crazier is when you start looking at software development. Like software like that is being pulled after GitHub and stuff like that. Like this notion that open source software is always the best. You have to have a certain number of people banging on your software before open software becomes secure. Red Hat Linux is kind of the gold standard of open software. How many people look at that code? Right? Probably hundreds of thousands, uh, already. You get something that only four people have looked at that’s not properly protected and saved. And so when we’re introducing code from places that, that we don’t know that’s crazy. And then you look at parts as well, right? Not everybody knows where all the parts are coming from.
So this notion of supply chain security is, is real. It’s complicated. It’s hard. Um, if a company that’s building the thing has a hard time understanding where all the parts are coming from. How do you expect the Energy and Commerce Committee in Congress to understand that and be able to say, “Hey, these are the kinds of things that we need to be looking at, right.”
And this is a broader issue. Many folks in the private sector are always looking to the government to give advice and guidance on how to do something. And in the absence of that advice and guidance that like, “Hey, let’s do the minimum that we possibly can. “
In this day and age policy is never going to be able to keep up with the speed of innovation. So when you’re developing that widget, protecting, you know, security and, and protecting civil liberties should be at the forefront of any developer, any entrepreneur’s mind when they’re building their new service or they’re good. Even if it’s, you know, “the government says we don’t have to do this.” Well at some point, if you get large enough, um, and you’re having an impact on society, people are going to be asking those questions. So bake it in at the very beginning.
Tom Garrison: [00:36:31] Okay, well now, before we really do end it here, uh, we have a fun thing on our podcast. We like to do about, you know, fun facts or something you think would be interesting for the listeners to hear about.
Will Hurd: [00:36:50] And I was just, you said that question was going to get asked and as you can notice, I’ve made several movie references, um, throughout my conversation, I love movies. I go, I watch, I watch bad movies. I watched so many movies and, and series. And one of my favorite series that I’ve been watching, uh, was, uh, “Ted Lasso.” It’s on Apple+. It’s so good. It’s so amazing. But there’s a character in it. And the actor is named Brett Goldstein and he has this podcast and it’s called “Films to be Buried With.”
And he has all these different people on and he asks a number of questions about their favorite movies. And so as a movie buff, listening to really smart people talk about movies, um, is pretty fantastic. So that’s my latest obsession is “Films to be Buried With” with Brett Goldstein.
Tom Garrison: [00:37:43] Wow. So let me just ask you right now. So what what’s on the top of your list? What would you w. And maybe by genre even.
Will Hurd: [00:37:54] Well, so, so I’ll answer this way. The movie, I will watch if it’s on is “Gladiator” with Russell Crowe. I think that is a fantastic movie. I think Joaquin Phoenix, and it was pretty amazing. I think objectively one of the best movies of all time, um, was “Casablanca.” And you know, that, that, you know, it’s like, I’m not trying to be some film buff by saying that no, it’s just a good movie. And it holds up 50 years later. And having served, um, overseas and, and, and in dangerous places, I have a new appreciation for it. I love action movies. Uh, some obscure ones that some people may or may not have seen “A Long Kiss Goodnight” with Gina Davis and Samuel Jackson. That was like a late 90s movie. Excellent. If you like Die Hard that you’ll love that. Another one “Night and Day” with Tom Cruise and Cameron Diaz is a really good. Anyways those are some good ones. That’s off the top of my head. Oh. And I love Marvel movies. I got to give a plug to Marvel. I love Marvel. You know, I’m sad. I have to go like two months before another Marvel production, uh, with “Loki” coming out. So, um, so yeah.
Tom Garrison: [00:39:03] So Camille, what are your what’s on your top of your list for movies?
Camille Morhardt: [00:39:07] Gosh, you know, I’m a little different, I like the, what I would call a little bit weird or different kinds of ones. So you mentioned “Her” and I think for an AI movie, I loved that and I like Joaquin Phoenix too.
Will Hurd: [00:39:21] Oh Camille, have you seen “Lobster?”
Camille Morhardt: No.
Will Hurd: Uh, but like if you had heard or you like were in movies, watch “Lobster.”
Camille Morhardt: [00:39:27] Well I like “Being John Malkovich” [00:39:30] you know, just kind of different, but I didn’t even know it was Cameron Diaz till the end. I was like, how does she change so much? So I enjoyed that, too.
Tom Garrison: [00:39:38] Oh, those were “Her” was I thought interesting. Just, it’s just weird when he falls in love with an AI.
Will Hurd: Tom what about you?
Tom Garrison: You said “Ex Machina.” I think “Ex Machina” is a fascinating, fascinating movie. It is not just kind of visually stunning, but it’s just, I can’t give it away because people haven’t watched it, but there is a question at the end that I love. I can’t, I can’t do it. Can’t do it anyway. So my favorite movie hands down. Um, is “Indiana Jones and the Last Crusade.” It’s the number three. It’s the one with Sean Connery in it. And absolutely just love it. Just that sense of adventure and, you know, good guy, bad guy, all that kind of stuff. It was just. I just love that movie anyway. Well, Hey, Will, thank you so much for spending the time with us, uh, you know, your insights and your just your experience is fascinating. You’re such a well-spoken guy as well. So it was a pleasure having you on the panel.
Will Hurd: [00:40:42] Thanks for having me on. Thanks for what y’all do and highlighting these important issues.