Thomas Glocer, BlueVoyant: What’s the State of Cybersecurity?

Thomas Glocer, BlueVoyant: What’s the State of Cybersecurity?


(reverb tones)
– So, I’ve always been
interested in cyber defense.
Well, I’ve always been
interested from my time
at Yale in computing and I used to code.
I ran Reuters and then Thomson Reuters
in the late 90’s, first
decade of this century
and we were subject to significant amounts
of electronic probing in part
because of the electronic
trading systems we operated
in foreign currency
and in fixed income and as a result,
I sort of fell in with a group of, call it
concerned cyber warriors who were worried
that in particular the
nation’s banking system
wasn’t adequately
protected and cyber defense
brings together a set of
issues that interest me.
There’s a geopolitical overlay.
What foreign state actor
might want to compromise,
not only government and military systems,
but financial services,
power grid, et cetera.
They’re a set of really
interesting technological issues.
You know, how do you go about injecting
malicious code without the
target knowing about it,
and then even more importantly to me,
how do you defend against that.
So for a variety of these reasons,
including my experience on
the Morgan Stanley board
where I was chairing the operations
and technology committee of the board
with responsibility for
oversight on cyber defense,
I thought this would be a good area
to start a new company,
and hence the birth
of a company called Bluevoyant with,
I’m the executive chairman and my partner,
co-founder, Jim Rosenthal,
is the chief executive.
Financial services is quite well defended.
That’s in part because
the firms themselves
recognized relatively early
what the threats were.
It’s because they already
have very good technology,
typically have very good
technology operations
and spend a lot of money.
The threat, I think, is more in the medium
and lower size, the savings and loans,
the community banks who just can’t spend
that amount of money, but yet have
attractive assets that the
bad guys want to go after.
I am told by the people
who do know that if,
for example, the US or the Russians,
or the Israelis really
want to be in your network,
they will be in your network and you won’t
know it until something bad happens,
and something bad may never happen.
They may just be there to be prepared,
or be there to look at your information.
So, we don’t purport to
stop the highest level
advanced, persistent
threat out of a cluster
of the best governments, but we can stop
a lot of other things
including sort of second
and third tier nation-states,
and in particular,
criminals who unfortunately now have,
not only their own good homegrown tools,
but some of the tool
sets that nation-states
develop have fallen into criminal hands,
thanks to earlier hacks.
There’s a famous NSA
set that are out there,
and you know these days you can go
on the dark web and you
can, in effect, rent
a very high quality attack platform.
So you don’t really have to even be able
to develop malicious code yourself.
It’s all there.
You can contract if you’re stealing money
for a mule that will receive the money
and turn it into bitcoin
or some other crypto.
So there’s quite an
underworld ecosystem there.
Number one, there are a bunch of start-ups
that have focused on this possibility
of could we upend the way in which
our personal data is held and monetized.
There’s also a fair amount of,
I guess, thought
leadership around the edges
of technology, philosophy, government
on, you know, I would reduce the question
down to whose data is it anyway,
and so the sort of way
this would come about is,
imagine if the model
were completely flipped.
Imagine if you held, on
your phone let’s say,
there was a digital vault,
and that vault contained,
either locally or secured up in the cloud,
your entire browsing
history, your entire history
of location, where you had been,
where you had turned on your phone,
your pictures and other, imagine all
of your various electronic
sort of breadcrumbs
were organized into these
different collections
or time series of data, and now imagine
that I could, because I controlled it,
Google, Facebook, Instagram, Twitter,
whomever, comes and says I will pay you
12 cents for your browsing history,
’cause it would be useful to me,
or I’ll pay you 12 cents
every month for that,
and somebody else might say, I’m training
up my AI and I’d like
to access to every photo
you keep in online photo services.
And so, you could imagine
a model where there’s
much more explicit authorization,
and you control the data.
You’d be only receiving
probably micropayments,
and if it were that,
you might just decide,
well, actually, I’d rather not you have,
you know, my complete genomic sequencing.
So, I know it’s sort of cool to find out
that my great, great grandfather came
from Mongolia, let’s say, but I’d rather
not have my genomes
sitting up in the cloud
that who knows, can you sell it
to an insurance company
one day, can you not?

Leave a Reply

Your email address will not be published. Required fields are marked *