[01:51] What Hasn’t Happened Is What’s Interesting

Rachael: I'm excited to welcome back to the podcast, Michael Daniel. He's the president and CEO of the Cyber Threat Alliance. What a great time to be coming back on the podcast to talk to us today, Michael. We were just talking, I think it's been a year.

Eric: And a little bit has changed in that timeframe.

Michael: Some things have changed, absolutely. Yes, and some things are still exactly the same.

Rachael: To say the least. One of the things that I've been noticing, and we talked a little bit about this before we got on. There's this sense of ratcheting up, if you will, with the Ukraine conflict and the Biden statement coming out last week. Then I had mentioned there was the customs and border protection bulletin on US supply chain attacks. You had some really interesting perspective that you were talking about in terms of what industry is seeing and what we're seeing in terms of that big momentous event that has yet to happen.

Michael: Yes, so I would say that in some ways what's been interesting is what hasn't happened. While, certainly, there has been increased cyber activity inside Ukraine, and there's been lots of reports of denial of service attacks. There's definitely incidents that are happening to Ukrainian companies. The use of cyber capabilities to disrupt Ukrainian critical infrastructure broadly at scale has not occurred. Their communication networks are still functioning largely. You still have communications in and out of Ukraine. You're not seeing widespread reports of power outages or things like that.

While certainly individual Ukrainian companies, and I think particularly some of their government ministries and their banks and things like that are under attack, you have not seen widespread scaled use of cyber to cause disruption, even in Ukraine. 

 

Cyber Is Not Yet Being Used to Cause Disruption at the Moment

Michael: And certainly not outside of Ukraine, which a lot of people thought was a very distinct possibility. Now, that doesn't mean it won't happen. We just haven't seen it yet. But I think a lot of people thought it would happen as part of the early stages of this war.

Eric: Michael, why do you think that's the case? We spoke, I think last week Rachel, on my theories, maybe it was two weeks ago. 

Michael: Well, I think some of it is that it's still the case that to have the exact effect that you want at the time and place of your choosing. And only the effect that you want at the time and place of your choosing, is still really hard in cyberspace. There's a lot of uncertainty around, well, if I use this cyber tool, what's going to happen? Well, we don't fully know, this is what we think will probably happen, but we're not sure. 

Okay, if I use this missile to blow it up, I know what's going to happen. I think when you're in a war, the military is an inherently conservative organization for obvious reasons. So you're going to use the capabilities that are more tried and true. I certainly think that was part of it. Some of it may have been that they actually thought that they were going to be able to win more quickly and so didn't want to cause widespread destruction. I mean, there's a variety of reasons, and it's probably not one singular reason. It's probably multiple reasons combined.

Rachael: Yes, that's a good point though, because whatever is inflicted in the Ukraine, then they inherit that as they move in there and try to take cities and whatnot. It affects everyone, not just one group.

 

Long-Term Trends

Eric: Well, and where they have lost power, a lot of that's kinetic attack, physical attack on Czech tower. Or there's a bombing and it happens to hit power lines or something like that. We've definitely seen that, but in the kinetic realm more than anything.

Rachael: Yes, absolutely. I have so many questions, Michael. I don't even know where to start. But I mean, I know from an industry perspective though, it seems that everyone's busy. Rob Lee Dragos was posting and advising folks to start getting on a retention and retainer with organizations because things are clearly coming. I mean, the president wouldn't have come out and made a statement like that if they weren't seeing something on the backend. Are we ratcheting up to this as they like to joke or not joke, the cyber apocalyptic moment? But what's going on and why aren't we seeing more of that externally yet?

Michael: Well, I think that conditions will continue to change. Certainly, I mean, years ago, a friend of mine in the business, Herb Lin, out at Stanford, he said, "It's very easy to be a cybersecurity expert. Just declare that tomorrow will be worse than today and you'll probably be right." There's some truth to that. These are not things that began with the Russian invasion of Ukraine. These are long-term trends that we're seeing. 

As more and more businesses have been hit with ransomware, as more and more nation states have gained capability to conduct offensive operations, cybersecurity issues have just become much more salient across the board.

 

The Ripple Effects of the Russia-Ukraine War

Michael: A lot of this is companies and the demand signal in the market saying, "Okay, we've got to do a better job of getting our arms around these cybersecurity problems." For example, you've got the SEC floating guidance that is basically saying, you've got to do a better job disclosing your risk. We're no longer going to let you be able to say, I'm paraphrasing here. But we're no longer going to let you say, "We have cyber risk." Okay, you got to do more to characterize your cyber risk.

Well, if you're going to actually characterize your cyber risk, you got to have companies like Dragos. You got to have companies like Bitsight or Security Scorecard or others that can help you analyze your risk. Then if you're suffering an incident, you've got to be able to respond to it. I think all of these things are really driving an increase in demand for cybersecurity products and services.

Rachael: Yes. I don't know, I keep getting hung up on the Ukraine. I just think of all the people and what it's affecting and the impact out of that and what that means in a broader global community.

Michael: Yes. No, we're going to be seeing the ripple effects of how this war has occurred. We're going to be seeing the ripple effects of that in a lot of different dimensions. In cyber security, you're going to see that too. There'll be lessons that'll be taken away from what's happened during the conflict and what does that mean for companies? 

 

Securing the Digital Footprints Left in Russia

Michael: Even down to security issues, like okay, you're a Western European company and you had operations in Ukraine or in Russia and you shut them down. How do you secure your digital footprint. Because you probably can't get all the stuff, all the equipment out of the country.

Eric: At minimum, you can't get the hard drives back.

Michael: Yes.

Eric: You've got data there.

Michael: Right. So how do you deal with that and what does that do to your risk profile? And now, do you need to include in your incident management plan, what if country X ends up in a conflict? What if these operations end up in a conflict zone, what does that mean? Those are all new areas that I think we'll see more attention paid to. But the lessons won't be fully learned for months or years down the road.

Eric: What I think will be interesting is we as American companies and well, really a lot of global corporations have pulled out of Russia. They've left infrastructure and capabilities behind. How does the Russian government, how do the Russian people pick up from there and continue on? And what do they do with that intellectual property? You can think of like a McDonald's. Can they make burgers and buns and french fries? Can they get the same ingredients? Probably not, but can they leverage the intellectual property that's trapped in Russia? If you're a business like an oil, someone who's drilling for oil?

A manufacturer, can you take design documents and you find ways to use that, even though the organization left? And how do you protect intellectual property? You're not suing Russia at this point in a court of law.

 

The Level of Connectivity Before Compared to Now

Michael: Yes. Right. I think those are all going to be very salient questions. What does this mean for the structure of the internet itself? How, with the Russians working very hard to control their media environment and suppress any sort of real information from getting out, there could be implications for internet governance. So there's all sorts of ripple effects that will be playing out for years. That's just obviously, there's the human suffering. People who've been killed and the families disrupted and the human suffering. But there's got to be political and technological and all sorts of other ramifications that go in addition to that human toll.

Rachael: Right. Very much so. It's amazing in this day and age that we can come into these situations where we kind of don't have a roadmap forward. Every day is a new day and kind of take in the information and kind of make the best decisions that we can. Can you think of another time, I guess, in recent history where we've been in such a place?

Michael: I think it's hard to compare. Because the interconnected world that we live in is, that level of connectivity is so different than what most people dealt with in prior years I think it is very difficult to make comparisons.

Rachael: Yes. There was something I was reading last week. It might have been Herb Lin when we were talking to him last week and I was doing some reading. But it was, imagine the Cuban missile crisis in the time of Twitter and misinformation. That's just such a critical element right now in terms of how countries present themselves and Russia perceives them presenting themselves. 

 

[14:21] Biden's Statement

Rachael: And like Biden's statement, it really kind of puts things in a perspective about how tenuous everything really is, for sure. Biden did make another statement over the weekend. I know that has been much discussed. What's your perspective on that, in terms of how that could be perceived?

Eric: Which statement?

Michael: I presume you're talking about the, he can't stay in power statement.

Rachael: Right, exactly. When everyone's trying to walk a line of being very careful what to say and how it can be perceived. A lot of discussion on that over the weekend.

Michael: Yes. I think if you look at Biden's track record in this area. I think, in some ways that came from a very real place of good grief, Russian people. Even look at how he delivered it. Look at what this guy's doing to you. I don't think that was so much a signal about what he intends for the US to try to do.

But it was more like an appeal to the Russian people to say, do you really want this? Is this how you want to be led? 

I think that no matter how you play this out, Russia is going to end up in a weaker place than it was. And clearly, it has not played out the way that the Russian government could have wanted. I can't imagine that this is the path that they thought this was going to happen. And so I think that even down the road, so what does this mean for, just to connect it back to cybersecurity.

 

Trust Cannot Be Restored Overnight

Michael: So you had a Russian company that, two of them, in fact that were actually quite successful as cybersecurity companies, Kaspersky and Group-IB. Now you have effectively truncated their market pretty significantly.

Eric: Yes. We're seeing that on our side where people are like, hey, I've got to get off Kaspersky. National governments who were using them. So I agree with you, Michael.

Michael: Yes. Could they eventually recover from that? Yes, of course. Because things change, people's memories will fade, but that's not like something that if they signed a peace accord tomorrow, that doesn't get restored overnight. I think there's all these ramifications that we'll be working our way through for a very long time.

Eric: I think that trust element is not restored overnight. I think that takes decades. What business person in Europe or the Americas, or even China is going to risk going back into Russia in the near term. Knowing that their assets could be nationalized, knowing that something could go crazy off the rails. They could re-attack Georgia, Kazakhstan, who knows. And all of a sudden, your assets are gone again. What was it, BP, I think. It was trillions of dollars they're giving up. They had 20% in, I forget the name of the Russian oil company, in investment. That's real money. You're not going to take that risk in the near term. That trust to me is broken. And that might be the biggest thing we are seeing here.

Michael: Yes. I think that's right.

Eric: Time will tell.

 

From 11 to 20

Michael: Yes, that's right. It's one of those, how do you justify that as a business? How do you justify using, especially when the Russian market is not, from a global perspective, it's not that huge.

Eric: I heard it was number 11. I was tracking this. It was number 11. It's projected to be in the twenties now as a result of the sanctions and corporations pulling out and everybody moving to try to supplement their oil and natural gas from other sources. They're going to be down in the 20. Which is going to be horrible for the Russian people.

Michael: Yes, absolutely.
Eric: That's the sad part. And then when you have a country that goes from coming up and increasing your per capita income per head, and now you reverse that trend. That's not a good situation for the world either. It's not a good situation all around.

Michael: No, that's right. And I think that's where I would say, my message to companies and organizations is, do not take your eye off of the potential for cyber threats from Russia. Because as the reality of that situation sinks in, and as that eventually begins to have real noticeable effects, the temptation to use cyber capabilities to cause disruption elsewhere, I think will increase. And the downside risk of it also decreases.

Eric: No one's going to prosecute you. Russia has a lot of cyber talent, they have a lot of IT talent. But if the Russian economy takes a major hit, can you get a job? Where are you going to work? Do you need to leave? 

 

Article Five

Eric: But if you stay there, it's probably easier to turn to crime. If you can't make your money in the country, the common sense approach is, I have to make my money outside of the country. And crime is just flat out one of the options. Which is probably more attractive when you're trying to feed your family.

 I think it's going to be a real problem for the world. I think we're going to have some challenges there. So Michael, I do have a question I've been meaning to ask you since I saw you were on the docket for today.

I'm going to be very careful here. I'm not going to ask you what you think, let me ask you how you think about the problem. I don't want to put you in a tough spot, but you are the Special Assistant to President Obama and the Cybersecurity Coordinator on the National Security Council.

There's a lot of talk on Article Five. I think President Biden said on Friday in his speech in Poland, we will trigger Article Five if Russia steps one inch into NATO property. Here's the question. As a cybersecurity policy expert, how do you think, and how do you advise on what an inch looks like from a cybersecurity perspective? 

Since I would say we're already inched in over the last couple of decades. You've been dealing with this for years, so obviously that inch statement doesn't directly apply to cyber. But how do you think through that problem? Not where is the red line or anything else. I know that's an impossible answer and it changes all the time, but how do you think through that problem? How would you advise people on that?

 

[22:14] Where Is the Red Line in Cyber Preparation?

Michael: Yes, so it is a very difficult and challenging question. So of course, Article Five is actually something that would be invoked by a NATO member. And they would say, we have been attacked in a way that constitutes a use of force. That we are calling upon our NATO allies under Article Five of the North Atlantic Treaty to come to our mutual assistance and aid. So I think what you would have to be looking at is the effects. Do the effects of the cyber activity, can you actually draw a connection to the use of force? 

Is it an attempt by the Russian government to compel using force? In this case, using cyber capabilities as the force. As opposed to kinetic weaponry to impose costs on a NATO member. And that they're calling upon our assistance to either repel that, stop that, or even to strike back. And I think that's how you would have to frame up the issue and look at the situation.

I think it's unquestionable though, that there are actions that could occur through cyberspace that would warrant triggering Article Five. And I think the bigger challenge will be something that's more than sort of your basic espionage or iffy little denial of service attack. I think that's where the challenge will be. That's where it actually literally becomes a political and policy judgment. I don't mean that in a pejorative sense. But it literally becomes a judgment call of, does that action constitute the use of force and worthy of a response.

 

NATO Countries’ Cyber Preparation

Eric: I love that answer. I was watching this weekend. I don't know where I saw it, but we're seeing more activity in the Baltics probing on their readiness. Obviously, that's probing from a cyber security perspective, but I love the effect. That was the perspective I was missing this weekend as I was trying to think through the problem. I think that's a great way to look at it and I appreciate that.

I mean, what is the effect of this behavior? If it's just probing, is there harm there? Probably not, but I could see some countries saying, hey, this is our red line. NATO, send the bombers in. I don't think that's the way we want to look at the problem.

Michael: Yes, no, and I don't think they would get much support for that either. Now, I think if a country, if a NATO country, came to us and said, hey, we're concerned about this Russian probing activity and we would like some assistance in trying to figure out, did they get access someplace? Can we find them? Can we shut down their access? Sure. We could provide that sort of aid regardless of whether or not there's an Article Five request. 

So not everything has to go through that process. And you could have something far short of invoking Article Five in terms of us providing cyber assistance to NATO countries.

Eric: Yes. Okay. What do you think, Rachel? Do you just want to go back to 2000 and like 17, right?

Rachael: Yes. Can we talk about NotPetya again?

Eric: It was so much easier in those days, wasn't it?

 

Cyber Criminals’ Cyber Preparation

Rachael: Now it seems so. Another interesting thing you said before we got on, Michael, is also this notion of kind of the professionalization of cyber criminals. We talked about the Lapsus Group and the Okta attack and the 16-year old living in the parent's house. But that's a very much ‘90s interpretation of cyber criminals and that's not really the reality at all. I mean, these are very sophisticated business organizations.

Michael: Yes. And I keep saying that over and over again. Yes, you get exceptions like this alleged Lapsus person. But the reality is that most of these organizations are highly sophisticated. They're organizations, they're multiple people and they've specialized. They've diversified. Now it's a very highly professionalized business. They have org charts and process flows and everything else. 

My joke is, they've read their Adam Smith, they've read their Roger Porter. They've attended Harvard Business School classes online probably to really look at how they run these organizations. And that's part of what makes them so dangerous. That's really a big force multiplier. 

When you sort of add in the cryptocurrency as a fuel, as a way to move money at scale efficiently, outside of a lot of the financial controls that exist in the standard financial markets. And you then have a country that's been providing them safe haven. Largely providing safe haven. And then you add in our digital dependence. We keep becoming more and more and more digitally dependent with each passing year. Like suddenly it's not a big surprise that we've had this explosion in cyber crime and particularly ransomware.

 

A Serious Economic Threat That Requires Cyber Preparation

Eric: Yes. Rachel, I was mentioning it, but there's a great report that, remember Marco Figueroa, who was on the podcast? He's at Breach Quest right now. His team did a breakdown on Conti based on the leaks that were out there. It's a great read. Like the org structure, the figureheads, how it runs as a business. They effectively have a CEO, a head of HR, which is all about recruiting and keeping their members happy.

And they have a person in charge of the blogging. They have a training lead. They've got someone on the CFO finance side who handles blockchain. And then they have three teams, ABC, Alpha, Bravo, Charlie. And in the teams, they have developers. They have pen testers. And they have open source intelligent people, OSINT people. They have admins, they have QA people and they have reverse engineers. They have multiple teams. 

You've got to see the org chart. It's fascinating the way it replicates a common, modern business based on what they're doing. And how do they handle disbursement of wages and budgeting. According to LinkedIn, it's a 16-minute read. I think I spent about an hour on it because it was so fascinating, but that's based on the Conti leak. It's a new world, Michael.

Michael: Yes. And I've said that this really drives how we have to think about responding to this. Because you can't continue to treat cyber crime as a sort of economic nuisance. It is now become a serious economic threat. The amount of money that's being drained from the legitimate economy is larger than the GDPs of a fair number of countries on the planet. It's a national security problem. It's a public health and safety problem. 

 

[31:06] It Requires Cyber Preparation to Combat Cyber Crime

Michael: The analogy that we use is this is sort of like where piracy got to in the 16th and 17th centuries. And it's posing such a threat that even though a lot of attention is currently focused, rightly, on what's happening in Ukraine. I think over the next two years, the attention will come back around to, how do you combat cyber crime effectively. 

It's going to require some really different thinking on the part of governments. We're going to have to work on some international cooperation and really build the structures to do this internationally. Because it crosses international boundaries.

Eric: So, Michael, I'm not a seaman personally, but there's a law of the sea. There are international laws on how we handle the sea if you will. I'm trying to think of the words here. 

Michael: You raise a good point, there's treaties. There's longstanding international law. There's custom and habit about how you consider what is territorial waters. What is your right of self-defense on the ocean and how do you maintain freedom of navigation. All of these kinds of things that have built up over the last really thousand years of maritime activity. Maybe even going back further than that. And so I think you're going to see similar sort of ideas have to emerge in how nations work together in cyberspace.

Eric: You do. Okay. Good.

Michael: But nobody should expect that to happen really quickly.

Eric: Hopefully it's not a thousand years.

Michael: No, I don't think it'll be that long, but it shouldn't surprise anybody that it's got to take time. 

Eric: In 10 years.

 

We Have to Be More Inclusive With Cyber Preparation

Michael: We're going to have to try out various things. You have some conventions out there, like the Budapest Convention on Cyber Crime. But one of the challenges of that was that's primarily a Western European convention. And the truth of the matter is, we're going to have to go beyond Europe and the sort of US, Canada, Australia group. We're going to have to be more inclusive in how we develop those conventions. 

I think the Budapest Convention is a very workable convention and I would like to see its principles and things more broadly adopted. But the reality is, we may have to make some adjustments in the interest of inclusivity, in bringing in new voices and new perspectives. 

I think that's really important. Because everybody needs to have a stake in how we develop those agreements and those interactions and those kinds of things. And what is it going to mean to move digital evidence around the world? And can we do that at a speed that anybody actually cares about? So, yes, there's a lot of challenges in this space.

Eric: That there are. I want to switch and go to a challenging area as we're wrapping up here. Shields up. CISA is really big on shields up. I think in the states, one of the things we're seeing, and from what I gather, in Western Europe also. We're somewhat on guard. 

Businesses are patching, they're on alert, they're deploying multifactor authentication. In some cases we're hunting on networks. What I'm observing is a lot of organizations are taking the warnings they're getting out of the governments that represent them very seriously. 

 

It’s Time to Raise the Baseline With Cyber Preparation

Eric: But how long can they do that? A small 30 person, 50 person company, a law firm may have one cyber person who's also their IT person. Are we as vigilant as we're being before we get back to, well, I've got a day job and we'll deal with it. What are your thoughts there? I know you do so much with the Threat Alliance, how do you see that going?

Michael: So, in some ways, this falls into the category of never let a crisis go to waste. Go do the things that we've actually been telling you to do for years. We're politely sort of saying, none of this is new. None of this advice that we're telling you, oh, this suddenly you need to have this new capability that nobody's ever mentioned to you before. 

You're right, they can't maintain this level of vigilance forever. But I do think that you can parlay this into saying, look, it's time to raise your baseline level of cybersecurity and take the steps to make yourself more secure over the long run. Multifactor authentication is a capability that protects you against nation states. It protects you against, hacktivists. And it protects you against criminals. It serves multiple purposes. So the other advantage of a lot of the things that we've been saying to do is they are actually effective against a wide variety of cyber threats.

And so the result is that these are good long-term investments to make to raise the level of cyber security in business. I think if we can capitalize on that and make sure that the investments that are happening become baked into the business process, that will actually make everybody better off across the board.

 

Businesses Must Be Informed How Experts Are Handling Cyber Preparation

Eric: And are you seeing more right now? I know you're big on STIX and TAXII, or the cyber threat alliances, I believe. Are you seeing more information sharing and more automated information sharing? Are you seeing a lot more of that these days?

Michael: Well, we continue to increase the amount of information that's flowing through our platform. For example, we're are well north of 300,000 indicators a day going through our platform now. So 34 members headquartered in 11 different countries. 
I think the real question for me is, how do we actually take that conversation about intelligence sharing and really begin to have a much more nuanced discussion about it? Meaning that your average business does not need the kind of information that CTA moves. They couldn't do anything with it if I gave it to them. And that's okay, because in fact that's not their business. I want Flo's Flower Shop to be worrying about selling flowers, not trying to worry about cyber security.

So we need to have a much better understanding of like, look, there's certain kinds of information that we want the really technically capable organizations to be sharing in the background. But really, this is the kind of information we need to be getting out to small businesses on a regular basis. This is the kind of information that the financial sector or the healthcare sector needs. And it needs to be much more tailored. The information we ask back from them needs to be very simple for the most part, very simple and easy to connect.

And we need to do a better job of connecting all of this to the business side. Like, how does this affect your business operations? 

 

The Cybersecurity Industry Is Maturing In Cyber Preparation

Michael: How does this affect your ability to deliver your product, your service, whatever it is to your customers. We need to get much more sophisticated in those discussions, and I can see that happening. This is really about the cybersecurity industry maturing to incorporate more than just the technical aspects of the industry. It grew up in the technical side, it will always have its foundations in the technical side appropriately. But it's now growing beyond that. And that's a good thing in my view. Because that's the only way that we'll actually really be able to get our arms around this problem.

Rachael: That's a really good point. I keep coming back to kind of coming up and going to business school and it seems that there should be some mandatory cyber courses if you're getting an MBA or other things. It almost seems irresponsible not to have some level of awareness and ability in your MBA curriculum, if you're going to be starting up or managing a business today.

Eric: Well, it's a board-level discussion, so you need it.

Michael: Yes. Just like you have to have some facility, you don't have to be an accountant. But you got to have some facility with generally accepted accounting principles. You need to know how to read a balance sheet and know how to read a P and L. And you ought to have some basic facility with cyber security. Again, you should not, in fact, be the expert. You hire experts, you have experts in your company. But you got to have some basic facility with it. Just like you also have facility with risk management and insurance and disaster recovery, all these things that encompass running a business. Yes, it is one more thing. 

 

[41:23] Experts Must Communicate Cyber Preparation Better

Michael: But I also think that people overthink and overstate the degree of expertise that they actually need to make decent decisions in this area. And that's where I think it's actually incumbent upon the cybersecurity industry to figure out how to communicate better. It's not that your clients or customers or whatever, they're not stupid. It's that we need to explain it better in terms that they can understand.

Rachael: Agreed. That's actually kind of exciting though. You think about kids who grew up with iPads and internet and all the things that they can do and how they think about things so differently. Now we have this kind of generation coming up and they're focused on cyber as part of a way of life. I think that could be really interesting what we see in the next generation or so. Hopefully in our lifetime of getting ahead of this thing potentially.

Michael: Oh yes. It was actually really cool. My younger son is in elementary school, he's in fifth grade. I went to their career day at his elementary school. Actually I had a fair number of kids come through and want to talk to me about cybersecurity. And I don't think all of them were completely there voluntarily, but most of them were. It was great to talk to them. And it was great to see the enthusiasm and the diversity of kids who was interested in this topic and even talking. One girl asked me, could an artist be involved in cybersecurity? And I said, absolutely. 

 

We Need Artists

Michael: I was like, have you seen the imagery in cybersecurity? I said, it's all like dudes in hoodies. In que maps, we need much better imagery, so absolutely.

Eric: That's what we need. We need the artist, the musicians, they think differently. I saw it on the malware, the reverse engineering side. You need that creativity.

Rachael: That's exciting. That's I think cyber's cool. If I were a kid again, I would be so jazzed if you came to my school and were talking about cybersecurity.
Thanks for joining us, Michael. It's always so lovely having you on the podcast and your amazing insights. You've been on the front lines for so. It's wonderful that we have the opportunity to get your perspective and share that with our listeners. Thank you.

Eric: No kidding. The effect is the big piece I took out at one of the many big pieces from today. Then looking at like treaties as we did with the laws of the sea. I think that's some amazing insight there.

Michael: Well, thank you very much. I always enjoy the conversation and never quite know where it's going to go, but that's great.

Eric: Hopefully next time we chat, we're still wondering why we didn't see significant critical infrastructure, cyber activity outside of the Ukraine war. And we're still just wondering, as opposed to dealing with the impact. 

Rachael: Well, to all of our listeners, thanks again. Michael, for joining us. Thank you for listening to our podcast every single week. And if you subscribe, for those that aren't aware, you get a fresh episode in your inbox every single week. Or automatically download it to your phone, if you subscribe to one of the popular podcast services. So until next time, everybody, stay safe.

 

About Our Guest

Michael Daniel leads the Cyber Threat Alliance team and oversees the organization’s operations. Prior to joining the CTA in February 2017, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, Michael led the development of national cybersecurity strategy and policy. He ensured that the US government effectively partnered with the private sector, non-governmental organizations, and other nations.