Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,768 --> 00:00:03,135 [narrator] Join us on Tomorrow's World Today, 2 00:00:03,137 --> 00:00:05,871 as we journey through the worlds of inspiration, 3 00:00:05,873 --> 00:00:09,074 creation, innovation and production 4 00:00:09,076 --> 00:00:13,278 to find the ideas and technologies that are shaping our future. 5 00:00:13,280 --> 00:00:16,982 In this episode, we visit the world of innovation, 6 00:00:16,984 --> 00:00:19,785 to explore how offensive and defensive tactics 7 00:00:19,787 --> 00:00:24,823 in cyber weaponry are protecting us from the hackers of tomorrow. 8 00:00:24,825 --> 00:00:26,759 From invention land world headquarters, 9 00:00:26,761 --> 00:00:29,061 here's your host, George Davison. 10 00:00:37,203 --> 00:00:40,072 Believe it or not, it was over 100 year ago, 11 00:00:40,074 --> 00:00:42,908 that one of the first tech start-ups began. 12 00:00:42,910 --> 00:00:46,011 And they're still changing the world today. 13 00:00:46,013 --> 00:00:50,916 In the 1920's they invented components for radios. 14 00:00:50,918 --> 00:00:53,252 And that made it more accessible for everybody. 15 00:00:53,254 --> 00:00:55,754 And it was big technology back then. 16 00:00:55,756 --> 00:00:59,792 In the 1940's they developed jet propulsion technology. 17 00:01:00,860 --> 00:01:02,628 In the 1960's, 18 00:01:02,630 --> 00:01:06,598 they helped the world's first communication satellite go into orbit. 19 00:01:06,600 --> 00:01:09,668 Their work even supported the Apollo 11 mission, 20 00:01:09,670 --> 00:01:11,770 which put the first humans on the moon. 21 00:01:15,041 --> 00:01:16,942 Then, in the 1970's, 22 00:01:16,944 --> 00:01:20,712 their scientists found a way to send the first network email. 23 00:01:20,714 --> 00:01:22,281 Now that company... 24 00:01:22,283 --> 00:01:25,050 does over 63 billion a year in revenue, 25 00:01:25,819 --> 00:01:28,787 and employs 180,000 people. 26 00:01:29,789 --> 00:01:32,057 60,000 of them are engineers, 27 00:01:32,059 --> 00:01:35,661 and they own 46,000 patents. 28 00:01:35,663 --> 00:01:38,497 That company is Raytheon Technologies. 29 00:01:38,499 --> 00:01:40,833 And today, some of their leading innovations 30 00:01:40,835 --> 00:01:43,268 are helping organizations facing... 31 00:01:45,138 --> 00:01:46,371 cyber attacks. 32 00:01:46,973 --> 00:01:49,241 In the spring of 2021, 33 00:01:49,243 --> 00:01:50,442 Colonial Pipeline, 34 00:01:50,444 --> 00:01:54,746 one of the largest fuel pipelines in the United States, 35 00:01:54,748 --> 00:01:57,583 fell victim to a cyber attack. 36 00:01:57,585 --> 00:02:03,455 Hackers received access to the personal information of almost 6,000 people, 37 00:02:03,457 --> 00:02:07,659 and caused the company to shut down its fuel distribution operations, 38 00:02:08,328 --> 00:02:09,695 leading to gas shortages, 39 00:02:10,897 --> 00:02:13,765 all up and down the east coast. 40 00:02:14,734 --> 00:02:18,370 Colonial ended up paying over $4 million, 41 00:02:18,372 --> 00:02:21,073 to a criminal hacking group. 42 00:02:21,075 --> 00:02:25,144 Cyber attacks are unfortunately becoming more common. 43 00:02:25,146 --> 00:02:28,013 And could have a detrimental effect on all of us 44 00:02:28,015 --> 00:02:31,350 who are relying on our infrastructure to live. 45 00:02:31,352 --> 00:02:32,985 I'm going to send Tamara, 46 00:02:32,987 --> 00:02:36,388 to go visit with the experts at Raytheon Technologies, 47 00:02:36,390 --> 00:02:39,057 to explore what can be done 48 00:02:39,059 --> 00:02:40,425 to protect us online. 49 00:02:45,265 --> 00:02:48,534 [Tamara] Cyber attacks happen every 39 seconds. 50 00:02:48,536 --> 00:02:50,002 And 1 in 3 Americans 51 00:02:50,004 --> 00:02:52,971 are affected by these attacks every single year. 52 00:02:52,973 --> 00:02:54,840 In fact, since the pandemic, 53 00:02:54,842 --> 00:02:58,477 the FBI has reported a 300% increase 54 00:02:58,479 --> 00:03:00,112 in reported cyber-crimes. 55 00:03:00,114 --> 00:03:02,281 The most hacked industries are government, 56 00:03:02,283 --> 00:03:03,982 retail and technology. 57 00:03:03,984 --> 00:03:05,450 And it's not because these industries 58 00:03:05,452 --> 00:03:07,386 aren't protecting their customer records. 59 00:03:07,388 --> 00:03:10,956 It's because of the high level of personal identifying information 60 00:03:10,958 --> 00:03:12,424 found in these records. 61 00:03:12,426 --> 00:03:14,793 Today, I'm here at Raytheon Technologies 62 00:03:14,795 --> 00:03:17,029 I'm going to be meeting with Julian Zottl, 63 00:03:17,031 --> 00:03:20,132 the chief technology officer of cyber protection solutions. 64 00:03:28,274 --> 00:03:29,208 Hey, you must be Julian. 65 00:03:29,210 --> 00:03:30,409 I am. 66 00:03:30,411 --> 00:03:32,277 I'm Tamara Krinsky, thank you so much for meeting me. 67 00:03:32,279 --> 00:03:33,278 Of course, nice to meet you. 68 00:03:33,280 --> 00:03:34,546 Welcome to Raytheon Intelligence & Space. 69 00:03:34,548 --> 00:03:37,082 I am so excited to take a dive into what you do here. 70 00:03:37,084 --> 00:03:38,283 But before we do, 71 00:03:38,285 --> 00:03:41,053 I just wanted to start with a really basic question. 72 00:03:41,055 --> 00:03:42,721 The term, cyber security, 73 00:03:42,723 --> 00:03:44,556 it gets tossed around a lot. 74 00:03:44,558 --> 00:03:45,757 How do you define it? 75 00:03:45,759 --> 00:03:47,159 It does. 76 00:03:47,161 --> 00:03:48,727 It's everything from the protection of the electrical power grid, 77 00:03:48,729 --> 00:03:50,629 all the way down to baby monitors you have at home. 78 00:03:50,631 --> 00:03:52,464 - Well that's quite a range. - It is. 79 00:03:52,466 --> 00:03:53,966 - Why don't we go and take a look? - Awesome. 80 00:03:58,171 --> 00:04:00,138 All right, so we've talked cyber security 81 00:04:00,140 --> 00:04:02,608 but there's one more thing I want you to define for me. 82 00:04:02,610 --> 00:04:03,976 Cyber space. 83 00:04:03,978 --> 00:04:06,278 Because most of us just kind of think of it as the internet. 84 00:04:06,280 --> 00:04:08,747 Right, a lot of us go home, we open up a web browser 85 00:04:08,749 --> 00:04:10,582 and that's everybody's experience on the internet. 86 00:04:10,584 --> 00:04:12,417 But it's vastly more than that. 87 00:04:12,419 --> 00:04:14,786 Uh, right here, we have the major fiber optic lines 88 00:04:14,788 --> 00:04:16,622 going across the United States, for instance. 89 00:04:16,624 --> 00:04:18,590 All right, so this is a pretty intense system, 90 00:04:18,592 --> 00:04:21,426 obviously, probably with a lot of vulnerabilities. 91 00:04:21,428 --> 00:04:22,327 Correct. 92 00:04:22,329 --> 00:04:23,862 What is Raytheon Technologies doing 93 00:04:23,864 --> 00:04:25,430 to keep us safe in cyber space? 94 00:04:25,432 --> 00:04:27,032 [Julian] We work with a variety of customers 95 00:04:27,034 --> 00:04:28,333 everybody from domestic 96 00:04:28,335 --> 00:04:30,802 US government, even some international partners. 97 00:04:30,804 --> 00:04:33,472 [Tamara] Gotcha. and what's Raytheon Technologies' special sauce? 98 00:04:33,474 --> 00:04:36,275 [Julian] Uh, a lot of it is bridging that last 20%. 99 00:04:36,277 --> 00:04:39,044 So a lot of commercial solutions hit the 80%, 100 00:04:39,046 --> 00:04:41,413 What we're trying to do is bridge that last 20%. 101 00:04:41,415 --> 00:04:43,649 Well, I want to be 100% safe 102 00:04:43,651 --> 00:04:46,285 so, what are some of the tactics that you use? 103 00:04:46,287 --> 00:04:48,420 Uh, the big one is thinking like an attacker, 104 00:04:48,422 --> 00:04:49,488 believe it or not. 105 00:04:49,490 --> 00:04:52,190 Yeah, uh, so, Raytheon thinks like an attacker 106 00:04:52,192 --> 00:04:55,193 and we implement technologies along those lines. 107 00:04:55,195 --> 00:04:56,428 That's the best way. 108 00:04:56,430 --> 00:04:59,364 And do things like initiate zero trust, etcetera, 109 00:04:59,366 --> 00:05:00,565 for our customers. 110 00:05:00,567 --> 00:05:01,867 Wait, wait, what is zero trust? 111 00:05:01,869 --> 00:05:03,101 Let me show you, down the GCSC. 112 00:05:03,103 --> 00:05:03,969 Okay. 113 00:05:29,529 --> 00:05:30,962 Welcome to part of the GCSC, 114 00:05:30,964 --> 00:05:32,397 the Global Cyber Security Center. 115 00:05:32,399 --> 00:05:35,901 Why do I feel like this place has seen a lot of secrets? 116 00:05:35,903 --> 00:05:37,302 [both laughing] 117 00:05:37,304 --> 00:05:41,506 So, all right, tell me about zero trust security. 118 00:05:41,508 --> 00:05:43,675 Sure, zero trust security is one of the many capabilities 119 00:05:43,677 --> 00:05:44,710 that we offer here. 120 00:05:44,712 --> 00:05:47,145 It involves people, processes and technology. 121 00:05:47,147 --> 00:05:49,147 And it's one of the few I can actually talk to you about. 122 00:05:49,149 --> 00:05:50,716 [Tamara laughs] 123 00:05:50,718 --> 00:05:52,818 All right, so, methodology. 124 00:05:52,820 --> 00:05:55,587 What are some of the main tenets of the methodology? 125 00:05:55,589 --> 00:05:57,622 [Julian] There's one where people only have access 126 00:05:57,624 --> 00:05:59,291 to the information they need. 127 00:05:59,293 --> 00:06:01,059 So, for instance, HR shouldn't have access 128 00:06:01,061 --> 00:06:03,261 to detailed schematics from engineering. 129 00:06:03,263 --> 00:06:05,530 And the people at facilities 130 00:06:05,532 --> 00:06:07,366 should only have access to the HVAC system. 131 00:06:07,368 --> 00:06:10,235 Does anybody else want access to the HVAC systems? 132 00:06:10,237 --> 00:06:11,303 They do. 133 00:06:11,305 --> 00:06:12,404 So that's the interesting thing, 134 00:06:12,406 --> 00:06:13,472 when you get into 135 00:06:13,474 --> 00:06:15,040 some of the more non-traditional cyber attacks, 136 00:06:15,042 --> 00:06:17,109 um, you get into the idea that, 137 00:06:17,111 --> 00:06:18,744 Do I attack a single server, 138 00:06:18,746 --> 00:06:19,945 which might be difficult 139 00:06:20,012 --> 00:06:21,279 because a lot of servers are patched nowadays. 140 00:06:21,281 --> 00:06:22,881 Or do I attack the HVAC system 141 00:06:22,883 --> 00:06:24,950 where I can take down the entire data center? 142 00:06:24,952 --> 00:06:26,518 It's much easier to attack that, 143 00:06:26,520 --> 00:06:28,954 and take down a bunch of servers in the data center 144 00:06:28,956 --> 00:06:31,089 than it is to attack a single server. 145 00:06:31,091 --> 00:06:33,058 I never really thought about that 146 00:06:33,060 --> 00:06:34,192 but it totally makes sense 147 00:06:34,194 --> 00:06:35,360 and it kind of sounds like a movie. 148 00:06:35,362 --> 00:06:36,561 It does. 149 00:06:36,563 --> 00:06:38,263 [Tamara] Speaking of movies, 150 00:06:38,265 --> 00:06:39,598 you know there's always that scene, right? 151 00:06:39,600 --> 00:06:40,732 Where somebody comes in 152 00:06:40,734 --> 00:06:42,601 with their USB thumb drive and they stick it in 153 00:06:42,603 --> 00:06:43,535 and they're [vocalizes]. 154 00:06:43,537 --> 00:06:45,137 Uh, right, like, and you get that-- 155 00:06:45,139 --> 00:06:47,038 - [Julian] Exactly. - [Tamara] sign on your computer screen. 156 00:06:47,040 --> 00:06:48,373 Does that actually happen? 157 00:06:48,375 --> 00:06:49,707 [Julian] It does. 158 00:06:49,709 --> 00:06:52,244 Um, so you have a variety of reasons for this happening, right? 159 00:06:52,246 --> 00:06:54,246 The USB stick coming in could be malicious 160 00:06:54,248 --> 00:06:55,313 or it could be benign, right? 161 00:06:55,315 --> 00:06:56,982 It could be somebody bringing something in 162 00:06:56,984 --> 00:06:58,950 from a friend at home, looking at pictures, 163 00:06:58,952 --> 00:07:00,285 you know, on a corporate network. 164 00:07:00,287 --> 00:07:02,621 But there's also the insider threat side. 165 00:07:02,623 --> 00:07:04,189 Which is, somebody's coming in 166 00:07:04,191 --> 00:07:06,925 trying to steal, you know, corporate, uh, identity information, 167 00:07:06,927 --> 00:07:08,960 Or any kind of information from a corporation. 168 00:07:08,962 --> 00:07:11,096 And that's where the zero trust comes in, right? 169 00:07:11,098 --> 00:07:13,298 So, you verify every piece of technology 170 00:07:13,300 --> 00:07:14,699 that's coming in. 171 00:07:14,701 --> 00:07:17,002 Um, and that helps to contain the threat. 172 00:07:17,004 --> 00:07:19,137 So even if ransomware does happen to get in, 173 00:07:19,139 --> 00:07:20,238 It's contained within 174 00:07:20,240 --> 00:07:21,840 whatever that person happens to have access to. 175 00:07:21,842 --> 00:07:24,176 Got it, so it's just as much about containment 176 00:07:24,178 --> 00:07:25,610 as it is about prevention. 177 00:07:25,612 --> 00:07:27,179 - Oh, definitely. - Because attacks are gonna happen. 178 00:07:27,181 --> 00:07:28,680 Exactly and we talk about dwell time. 179 00:07:28,682 --> 00:07:31,049 How long does the attacker stay on the system? 180 00:07:31,051 --> 00:07:33,652 Because the longer they're there, the more information they can get. 181 00:07:33,654 --> 00:07:35,620 And what am I looking at right now? 182 00:07:35,622 --> 00:07:37,022 Oh, so these are the undersea cables 183 00:07:37,024 --> 00:07:38,957 that make up a huge part of the internet. 184 00:07:38,959 --> 00:07:41,359 So, as countries get connected on the internet, 185 00:07:41,361 --> 00:07:42,794 they connect via these. 186 00:07:42,796 --> 00:07:45,130 All right and there are a lot of points of vulnerability there. 187 00:07:45,132 --> 00:07:46,131 There are. 188 00:07:46,133 --> 00:07:47,466 Now that I've got the basics, 189 00:07:47,468 --> 00:07:48,800 is there a way to see this in action? 190 00:07:48,802 --> 00:07:49,968 So funny you should mention that, 191 00:07:49,970 --> 00:07:51,470 I believe Dr. Staab is coming in right now. 192 00:07:57,043 --> 00:07:58,076 [lock beeps] 193 00:07:59,479 --> 00:08:01,580 Tamara, let me introduce you to Torsten Staab. 194 00:08:01,582 --> 00:08:02,714 Thank you. 195 00:08:02,716 --> 00:08:04,416 Hi, Torsten it's nice to meet you. 196 00:08:04,418 --> 00:08:05,450 Hi, nice to meet you too, 197 00:08:05,452 --> 00:08:07,385 welcome to the security operations center. 198 00:08:07,387 --> 00:08:10,155 So, tell me what I'm looking at here on the screens. 199 00:08:10,157 --> 00:08:12,224 So, you're looking at our latest generation 200 00:08:12,226 --> 00:08:13,825 of cyber security tool 201 00:08:13,827 --> 00:08:15,560 which is called REDPro ZTX. 202 00:08:15,562 --> 00:08:17,596 It's a zero trust security platform. 203 00:08:17,598 --> 00:08:19,865 It's very modular, highly scalable. 204 00:08:19,867 --> 00:08:21,766 Modular in the the sense of like a Lego system. 205 00:08:21,768 --> 00:08:23,268 You have different building blocks 206 00:08:23,270 --> 00:08:25,170 that are focusing on various aspects 207 00:08:25,172 --> 00:08:26,338 of an IT operation. 208 00:08:26,340 --> 00:08:28,673 Whether it's the networks we're trying to secure, 209 00:08:28,675 --> 00:08:32,010 the applications, the users or the data. 210 00:08:32,012 --> 00:08:34,079 So let me show you what that system looks like. 211 00:08:34,081 --> 00:08:36,014 So, one part of the system is 212 00:08:36,016 --> 00:08:38,984 the real time situation display that you see here. 213 00:08:38,986 --> 00:08:40,819 The system continuously monitors 214 00:08:40,821 --> 00:08:43,889 computers, applications and users and networks. 215 00:08:43,891 --> 00:08:45,824 And it shows you real time alerts 216 00:08:45,826 --> 00:08:47,425 if someone were to compromise the system 217 00:08:47,427 --> 00:08:48,927 trying to intrude into a system 218 00:08:48,929 --> 00:08:50,862 and install ransomware as an example. 219 00:08:50,864 --> 00:08:53,365 So you get real time alerts on a display. 220 00:08:53,367 --> 00:08:55,300 Um, the system will then also take-- 221 00:08:55,302 --> 00:08:56,368 Wait, wait! You got an alert. 222 00:08:56,370 --> 00:08:57,802 [man] Yeah, actually that's a great example. 223 00:08:57,804 --> 00:09:00,005 So here, we have an example where 224 00:09:00,007 --> 00:09:04,409 someone was trying to insert an unauthorized USB storage device, 225 00:09:04,411 --> 00:09:05,744 in a corporate computer. 226 00:09:05,746 --> 00:09:08,113 The system detected that in real time, 227 00:09:08,115 --> 00:09:10,081 and what this platform now will do, 228 00:09:10,083 --> 00:09:11,583 in order to secure the system, 229 00:09:11,585 --> 00:09:12,817 it'll take multiple steps. 230 00:09:12,819 --> 00:09:15,720 It'll execute what we call a cyber playbook. 231 00:09:15,722 --> 00:09:18,223 Let me show you what this looks like in this particular case. 232 00:09:19,125 --> 00:09:20,592 So, in this case, 233 00:09:20,594 --> 00:09:23,762 the system will take, uh, multiple actions. 234 00:09:23,764 --> 00:09:26,097 It'll block all the USB ports on this laptop 235 00:09:26,099 --> 00:09:27,899 to prevent any exfiltration. 236 00:09:27,901 --> 00:09:30,268 Or someone installing unauthorized software, 237 00:09:30,270 --> 00:09:32,704 such as malware which could be ransomware. 238 00:09:32,706 --> 00:09:34,472 It'll also then automatically 239 00:09:34,474 --> 00:09:35,907 isolate this machine from the network 240 00:09:35,909 --> 00:09:38,577 to protect any other machines on that network, 241 00:09:38,579 --> 00:09:40,679 uh, from a potential threat. 242 00:09:40,681 --> 00:09:43,548 It'll then also lockdown the data on this drive, 243 00:09:43,550 --> 00:09:44,749 to secure the data 244 00:09:44,751 --> 00:09:46,484 in case there's sensitive information on this machine. 245 00:09:46,486 --> 00:09:49,554 Um, it'll then disable also the user accounts 246 00:09:49,556 --> 00:09:51,890 to prevent someone from taking these accounts 247 00:09:51,892 --> 00:09:55,460 and trying to get escalated privileges on other systems. 248 00:09:55,462 --> 00:09:58,063 So all of that happens automatically 249 00:09:58,065 --> 00:09:59,497 in a matter of milliseconds. 250 00:09:59,499 --> 00:10:02,067 I just slowed it down here for demonstration purposes. 251 00:10:02,069 --> 00:10:03,969 But the system will take all these steps 252 00:10:03,971 --> 00:10:05,737 in the background, instantaneously. 253 00:10:06,539 --> 00:10:08,273 So it's a really thorough system. 254 00:10:08,275 --> 00:10:09,808 Just to make sure I understand, 255 00:10:09,810 --> 00:10:11,109 you mentioned earlier, 256 00:10:11,111 --> 00:10:15,280 you compared it to the way a Lego set is modular in design. 257 00:10:15,282 --> 00:10:18,750 In this, are the modules, are the building blocks 258 00:10:18,752 --> 00:10:20,585 the hardware, the software, the network? 259 00:10:20,587 --> 00:10:22,420 Or are the building blocks 260 00:10:22,422 --> 00:10:25,256 the different technologies you use to protect all of those things. 261 00:10:25,258 --> 00:10:26,992 Yep, that's a great question. 262 00:10:26,994 --> 00:10:29,160 So, it's the technologies, the building blocks, 263 00:10:29,162 --> 00:10:31,296 because to protect the system 264 00:10:31,298 --> 00:10:33,798 which consists of networks, data, applications, users. 265 00:10:33,800 --> 00:10:36,167 Right, you need to use more than one technology. 266 00:10:36,169 --> 00:10:38,837 Unfortunately there's no one size fits all tool you could install 267 00:10:38,839 --> 00:10:40,438 that provides comprehensive coverage. 268 00:10:40,440 --> 00:10:43,274 So, what this platform is designed, uh, to do 269 00:10:43,276 --> 00:10:46,578 is take the best in clients technologies for network security, 270 00:10:46,580 --> 00:10:49,481 application security, user security data security, 271 00:10:49,483 --> 00:10:51,316 and allow us to combine those rapidly 272 00:10:51,318 --> 00:10:53,351 and employ those when we need them. 273 00:11:17,343 --> 00:11:20,111 We've looked at different ways Raytheon Technologies 274 00:11:20,113 --> 00:11:21,646 can outsmart attackers 275 00:11:21,648 --> 00:11:24,749 and identify anomalies that could cause potential threats. 276 00:11:24,751 --> 00:11:28,353 Now it's time to see the future of aerospace and defense 277 00:11:28,355 --> 00:11:31,022 in action with the CADS flight simulator. 278 00:11:35,394 --> 00:11:36,628 [Tamara] Hi, Amanda. 279 00:11:36,630 --> 00:11:37,762 - Hey, Tamara. - Hey. 280 00:11:37,764 --> 00:11:38,997 This is my pilot, Sung. 281 00:11:38,999 --> 00:11:40,165 Hello, hello. 282 00:11:40,167 --> 00:11:41,633 And what I'm gonna be showing you today 283 00:11:41,635 --> 00:11:45,804 is how we protect airplanes from cyber attack 284 00:11:45,806 --> 00:11:47,806 here at Raytheon Technologies. 285 00:11:47,808 --> 00:11:51,543 We use our cyber anomaly detection system, or CADS 286 00:11:51,545 --> 00:11:53,411 to monitor all of the communication 287 00:11:53,413 --> 00:11:55,246 going on internal to the aircraft, 288 00:11:55,248 --> 00:11:56,748 for signs of cyber attack. 289 00:11:56,750 --> 00:11:58,349 What CADS is gonna do, 290 00:11:58,351 --> 00:12:00,351 it's gonna give Sung information 291 00:12:00,353 --> 00:12:03,054 about what's going on, the cyber attack that's happening. 292 00:12:03,056 --> 00:12:06,224 So that he can respond and fight through the attack. 293 00:12:06,226 --> 00:12:08,159 So you're talking about an attack that happens 294 00:12:08,161 --> 00:12:10,495 in the air, while the plane is actually flying? 295 00:12:10,497 --> 00:12:12,163 Yep, that's exactly what we're worried about. 296 00:12:12,165 --> 00:12:14,499 A lot of these planes have been built in the '80s, 297 00:12:14,501 --> 00:12:17,335 and they have a lot of external facing interfaces, 298 00:12:17,337 --> 00:12:19,037 like radios and wifi. 299 00:12:19,039 --> 00:12:21,606 These could all be vulnerable to different cyber attacks. 300 00:12:21,608 --> 00:12:23,541 So I'm gonna go ahead and launch an attack. 301 00:12:23,543 --> 00:12:26,211 And Sung is going to see the effects. 302 00:12:26,213 --> 00:12:27,345 Ah! 303 00:12:27,347 --> 00:12:29,748 [Tamara] Cyber attack via GPS receiver, 304 00:12:29,750 --> 00:12:32,016 engine systems affected. 305 00:12:32,018 --> 00:12:33,418 [Amanda] Yes, exactly. 306 00:12:33,420 --> 00:12:36,187 So, I'm telling him that a cyber attack is what killed his engines, 307 00:12:36,189 --> 00:12:38,556 and that it's originating from the GPS receiver. 308 00:12:38,558 --> 00:12:41,259 In this instance, he can disable the GPS receiver, 309 00:12:41,261 --> 00:12:43,161 and his engines will come back online. 310 00:12:43,163 --> 00:12:46,197 Without CADS he'd have no idea why his engine just stopped. 311 00:12:46,199 --> 00:12:47,565 And this is really important 312 00:12:47,567 --> 00:12:49,601 because pilots rely so heavily 313 00:12:49,603 --> 00:12:51,169 on their instrumentation, right? 314 00:12:51,171 --> 00:12:52,971 So if that information they're getting is faulty, 315 00:12:52,973 --> 00:12:54,272 it can, [vocalizes]. 316 00:12:54,274 --> 00:12:57,008 Right, exactly, that's another thing that could happen 317 00:12:57,010 --> 00:12:58,743 is we could affect the instrument display. 318 00:12:58,745 --> 00:13:00,411 Uh, so now what I'm gonna do 319 00:13:00,413 --> 00:13:03,548 I'm actually going to swap out the onyx boxes 320 00:13:03,550 --> 00:13:06,151 for a box that's got more cyber protection on it. 321 00:13:06,153 --> 00:13:07,752 And I'm going to throw another attack 322 00:13:07,754 --> 00:13:10,588 and we'll see how things change. 323 00:13:10,590 --> 00:13:12,891 I'm getting like a little nervous watching all of this. 324 00:13:12,893 --> 00:13:13,958 [Tamara giggling] 325 00:13:13,960 --> 00:13:15,727 [Tamara] So now the avionics systems 326 00:13:15,729 --> 00:13:18,062 are going to be protected by our additional solutions, 327 00:13:18,064 --> 00:13:19,898 counter veil and boot shield. 328 00:13:19,900 --> 00:13:21,266 And what they'll do, 329 00:13:21,268 --> 00:13:23,601 is they should mitigate the attack from happening. 330 00:13:23,603 --> 00:13:26,638 I tried to launch the attack, but nothing happens. 331 00:13:26,640 --> 00:13:29,574 CADS has still seen me trying to inject something. 332 00:13:29,576 --> 00:13:31,176 But the malware's no longer running 333 00:13:31,178 --> 00:13:33,344 because it's being blocked by our other protections. 334 00:13:33,346 --> 00:13:36,414 Yeah, okay, so that is the plane that I want to be on. 335 00:13:36,416 --> 00:13:37,682 Yeah, definitely. 336 00:13:37,684 --> 00:13:40,952 All right, well thank you so much for flying with me today. 337 00:13:40,954 --> 00:13:42,453 Or letting me fly with you today. 338 00:13:42,455 --> 00:13:44,189 I'm going to head out for a scrimmage now. 339 00:13:44,191 --> 00:13:45,223 Sounds good, no problem. 340 00:13:45,225 --> 00:13:46,124 Thanks again. 341 00:13:55,000 --> 00:13:56,501 Is this where the scrimmage is at? 342 00:13:56,503 --> 00:13:57,702 Yes it is, come on in. 343 00:13:57,704 --> 00:13:59,237 I'm Tamara, you must be Anisha. 344 00:13:59,239 --> 00:14:00,972 Yes, welcome to the code center. 345 00:14:00,974 --> 00:14:04,309 This is our cyber operations, development and evaluation team. 346 00:14:04,311 --> 00:14:05,977 And these guys are going at it, 347 00:14:05,979 --> 00:14:09,414 they are attacking away at some of the products that we have, 348 00:14:09,416 --> 00:14:10,982 trying to find our vulnerabilities. 349 00:14:10,984 --> 00:14:13,184 On the screen here you'll see that, you know, 350 00:14:13,186 --> 00:14:14,619 they're scanning the environment 351 00:14:14,621 --> 00:14:15,887 they're looking for, you know, 352 00:14:15,889 --> 00:14:17,455 any place where they can find a hole. 353 00:14:17,457 --> 00:14:19,824 So the red dots here signify, uh, 354 00:14:19,826 --> 00:14:21,693 products that look like they might be a little bit weak 355 00:14:21,695 --> 00:14:23,228 and they can break into them. 356 00:14:23,230 --> 00:14:25,897 So they're constantly scanning, all the team is trying to collect points. 357 00:14:25,899 --> 00:14:26,898 It's a scrimmage. 358 00:14:26,900 --> 00:14:29,434 So we use our offensive attackers here, 359 00:14:29,436 --> 00:14:30,835 to inform our defense, 360 00:14:30,837 --> 00:14:33,137 So that we know how to protect our products better. 361 00:14:33,139 --> 00:14:35,807 We do this as a game just to keep it more interactive. 362 00:14:35,809 --> 00:14:37,675 This kind of reminds me of, like, the white boards 363 00:14:37,677 --> 00:14:39,377 that you see during athletic practice. 364 00:14:39,379 --> 00:14:40,879 - Yeah, yeah. - Where you're looking at each team, 365 00:14:40,881 --> 00:14:41,913 trying to find the holes. 366 00:14:41,915 --> 00:14:43,381 Yep, each one of the team mates is here 367 00:14:43,383 --> 00:14:44,616 honing in on different products 368 00:14:44,618 --> 00:14:46,818 just so they can collect the most number of points 369 00:14:46,820 --> 00:14:47,886 for their scrimmage. 370 00:14:47,888 --> 00:14:49,454 How do you know when someone wins? 371 00:14:49,456 --> 00:14:51,456 Well, actually in the scrimmage you do 372 00:14:51,458 --> 00:14:53,091 but in real life it's always an evolving game. 373 00:14:53,093 --> 00:14:55,059 All right, well then I better see what's going on in defense 374 00:14:55,061 --> 00:14:56,427 so I have a good understanding of it all. 375 00:14:56,429 --> 00:14:57,561 - Yep, let's go see. - Okay. 376 00:14:59,798 --> 00:15:02,533 All right, so this is our defense, our blue team. 377 00:15:02,535 --> 00:15:05,703 Yes, welcome to our blue team, our cyber defenders. 378 00:15:05,705 --> 00:15:07,005 Um, as you can see from their screen, 379 00:15:07,007 --> 00:15:08,640 they're looking at something a little bit different 380 00:15:08,642 --> 00:15:10,041 than what we saw in the red team side. 381 00:15:10,043 --> 00:15:12,143 Obviously for the purposes of the scrimmage, 382 00:15:12,145 --> 00:15:13,578 this is dummy data that they're looking at. 383 00:15:13,580 --> 00:15:15,480 Ultimately we're looking at threat actors. 384 00:15:15,482 --> 00:15:16,681 Where are they looking? 385 00:15:16,683 --> 00:15:18,182 What information are they gathering? 386 00:15:18,184 --> 00:15:20,718 And basically they're trying to prevent the red team from breaking in. 387 00:15:20,720 --> 00:15:23,855 So they're blocking and tackling as best as they can. 388 00:15:23,857 --> 00:15:25,290 They're collecting points for their team 389 00:15:25,292 --> 00:15:28,293 using whatever products they have at their disposal. 390 00:15:28,295 --> 00:15:30,361 But as you can see, it's a lot of information 391 00:15:30,363 --> 00:15:32,864 But, um, it's the best way we can, you know, 392 00:15:32,866 --> 00:15:34,365 build our products for our customers, 393 00:15:34,367 --> 00:15:36,367 is ensuring that it's protected. 394 00:15:36,369 --> 00:15:38,636 So this process seems much more evaluative 395 00:15:38,638 --> 00:15:40,071 than what was going on in the offense side. 396 00:15:40,073 --> 00:15:41,306 Oh, yeah. 397 00:15:41,308 --> 00:15:43,308 I mean, they're basically scanning the threat horizon. 398 00:15:43,310 --> 00:15:45,543 Um, and seeing where people are trying to come in from. 399 00:15:45,545 --> 00:15:46,678 But it could be from anywhere. 400 00:15:46,680 --> 00:15:48,980 So our defenders have to, you know, 401 00:15:48,982 --> 00:15:51,049 rely on the best techniques that they have out there 402 00:15:51,051 --> 00:15:52,583 and best products that we can give them. 403 00:15:52,585 --> 00:15:53,918 So this truly is a game 404 00:15:53,920 --> 00:15:55,420 where you kind of want both sides to win. 405 00:15:55,422 --> 00:15:58,289 Oh, yeah, I mean both sides have to put their best foot forward 406 00:15:58,291 --> 00:16:00,358 so that we can build better products at the end of the day. 407 00:16:00,360 --> 00:16:02,593 Um, and again, in cyber, 408 00:16:02,595 --> 00:16:04,028 the landscape is always changing. 409 00:16:04,030 --> 00:16:06,097 As you can see, it's constantly evolving. 410 00:16:06,099 --> 00:16:07,598 Well, speaking of landscapes, 411 00:16:07,600 --> 00:16:11,035 we are now gonna take Julian back to invention land 412 00:16:11,037 --> 00:16:13,371 so he and George can have a conversation about this. 413 00:16:13,373 --> 00:16:14,772 Thank you so much for showing me through. 414 00:16:14,774 --> 00:16:16,074 - Oh, you're very welcome. - All right. 415 00:16:38,831 --> 00:16:40,198 [knocking at door] 416 00:16:45,170 --> 00:16:47,138 [both laughing] 417 00:16:47,140 --> 00:16:49,374 How in the world did you get in there? 418 00:16:49,376 --> 00:16:50,908 [giggling] Little bit of magic. 419 00:16:50,910 --> 00:16:52,744 - Good to see you, Julian. - Good to see you too. 420 00:16:52,746 --> 00:16:54,445 Well, I was hoping that you would share with us 421 00:16:54,447 --> 00:16:55,580 a little bit about 422 00:16:55,582 --> 00:16:58,649 where's cyber security going in tomorrow's world? 423 00:16:58,651 --> 00:17:01,052 Sure, Raytheon's intelligence space 424 00:17:01,054 --> 00:17:02,854 is really at the forefront of cyber security solutions. 425 00:17:02,856 --> 00:17:04,489 - Things like zero trust. - [George] Mmm-hmm. 426 00:17:04,491 --> 00:17:07,125 We have customers, both domestic and foreign governments, 427 00:17:07,127 --> 00:17:09,794 commercial companies and even other cyber security firms. 428 00:17:09,796 --> 00:17:10,828 - Interesting. - Yeah. 429 00:17:10,830 --> 00:17:13,431 And that's because we strive to really cover 430 00:17:13,433 --> 00:17:14,399 the last bit. 431 00:17:14,401 --> 00:17:16,167 So many traditional cyber security firms 432 00:17:16,169 --> 00:17:18,336 will cover 80% of the solution. 433 00:17:18,338 --> 00:17:20,304 Where we cover that last 20%. 434 00:17:20,306 --> 00:17:21,572 - Ah, the hard stuff. - Exactly. 435 00:17:21,574 --> 00:17:24,308 All right, well let's take a look at this screen 436 00:17:24,310 --> 00:17:26,644 because I got this image. 437 00:17:26,646 --> 00:17:29,013 So I wasn't quite sure what I was looking at here. 438 00:17:29,015 --> 00:17:32,550 It's like some kind of a digital mind print or something. 439 00:17:32,552 --> 00:17:33,885 [Julian] Right, yeah, no, 440 00:17:33,887 --> 00:17:36,454 this is about machine learning and artificial intelligence. 441 00:17:36,456 --> 00:17:38,723 So, cyber security we have tons of data. 442 00:17:38,725 --> 00:17:40,658 And we have to sift through that data 443 00:17:40,660 --> 00:17:43,061 in order to find the little nuggets, the evil bits, right? 444 00:17:43,063 --> 00:17:45,163 And so we use artificial intelligence and machine learning 445 00:17:45,165 --> 00:17:46,631 to do that. 446 00:17:46,633 --> 00:17:49,067 You know, we have to constantly look at five, ten years down the road. 447 00:17:49,069 --> 00:17:50,968 In order to stay ahead of the threat. 448 00:17:50,970 --> 00:17:54,705 The holy grail of cyber security is really predictive cyber. 449 00:17:54,707 --> 00:17:57,475 And the only way to do that is to look through all of this data. 450 00:17:57,477 --> 00:17:58,676 Mmm. 451 00:17:58,678 --> 00:18:00,011 [Julian] We're looking for those little nuggets, right? 452 00:18:00,013 --> 00:18:02,013 Machine learning and artificial intelligence help us get there. 453 00:18:02,015 --> 00:18:03,214 Very nice. 454 00:18:03,216 --> 00:18:04,582 Well, it sounds like you have some of the best brains 455 00:18:04,584 --> 00:18:05,450 working on this. 456 00:18:05,452 --> 00:18:06,551 We definitely do. 457 00:18:06,553 --> 00:18:08,186 All right, let's take a look at this next one. 458 00:18:09,621 --> 00:18:12,557 All right, so I got this image, 459 00:18:12,559 --> 00:18:13,724 and I see these two people. 460 00:18:13,726 --> 00:18:16,394 I assume they're two super brains working on a project. 461 00:18:16,396 --> 00:18:18,296 Exactly, these are two cyber security engineers 462 00:18:18,298 --> 00:18:19,730 working on one of our tough problems. 463 00:18:19,732 --> 00:18:20,665 Ah. 464 00:18:20,667 --> 00:18:22,433 It's interesting, we have a huge talent gap 465 00:18:22,435 --> 00:18:23,935 within cyber security. 466 00:18:23,937 --> 00:18:25,536 We're always looking for new people. 467 00:18:25,538 --> 00:18:29,207 And really, we've got to start cultivating that way back in colleges. 468 00:18:29,209 --> 00:18:31,876 So, we're part of the national collegiate cyber defense competition, 469 00:18:31,878 --> 00:18:33,311 for instance. 470 00:18:33,313 --> 00:18:36,514 Great, I mean, that's a great way to, you know, cultivate talent. 471 00:18:36,516 --> 00:18:39,283 Now, we're really into STEM and STEAM around here, 472 00:18:39,285 --> 00:18:42,687 do I need to be an engineer to work in cyber security? 473 00:18:42,689 --> 00:18:43,721 No, not at all. 474 00:18:43,723 --> 00:18:45,456 And in fact, many of our engineers are, 475 00:18:45,458 --> 00:18:48,126 I'd say, unconventional types, right? 476 00:18:48,128 --> 00:18:50,528 So, we have a Sociologist who's an engineering fellow 477 00:18:50,530 --> 00:18:52,763 who's involved in cyber security. 478 00:18:52,765 --> 00:18:53,698 Yeah, interesting. 479 00:18:53,700 --> 00:18:55,366 Yeah, and they bring unique perspectives. 480 00:18:55,368 --> 00:18:57,869 And in fact, my boss is actually an environmental scientist. 481 00:18:57,871 --> 00:18:59,103 That makes a lot of sense. 482 00:18:59,105 --> 00:19:00,271 'Cause you're looking at the threat 483 00:19:00,339 --> 00:19:02,006 from a lot of different directions then, aren't you? 484 00:19:02,008 --> 00:19:02,974 Exactly. 485 00:19:02,976 --> 00:19:04,442 And then we have this screen down here. 486 00:19:04,444 --> 00:19:07,211 This Cyberlandia, what is that? 487 00:19:07,213 --> 00:19:09,747 So Cyberlandia is the journey to perfect cyber security, 488 00:19:09,749 --> 00:19:11,649 which we call Cybertopia. 489 00:19:11,651 --> 00:19:13,684 It's an idea that my boss came up with. 490 00:19:13,686 --> 00:19:15,052 And the idea is... 491 00:19:15,054 --> 00:19:18,489 that Cybertopia is a world where we're free from cyber attacks. 492 00:19:18,491 --> 00:19:20,525 You know, we don't have to worry about anything. 493 00:19:20,527 --> 00:19:22,660 And Cyberlandia, of course, is the journey to that. 494 00:19:22,662 --> 00:19:24,729 I see, so the perfect world 495 00:19:24,731 --> 00:19:26,831 which I would love to have for my family 496 00:19:26,833 --> 00:19:28,266 and my friends and our business. 497 00:19:28,268 --> 00:19:29,534 - Right? - Exactly? 498 00:19:29,536 --> 00:19:32,670 All these threats are completely disrupting our lives. 499 00:19:32,672 --> 00:19:35,006 They are, and that's why we're developing these advanced technologies, 500 00:19:35,008 --> 00:19:36,440 like I was showing you. 501 00:19:36,442 --> 00:19:38,176 In fact, it's a journey, right? 502 00:19:38,178 --> 00:19:40,444 And it's a continuous journey as cyber threats evolve. 503 00:19:40,446 --> 00:19:42,547 You know, we have to come up with better technologies 504 00:19:42,549 --> 00:19:44,215 like you've seen here previously. 505 00:19:44,217 --> 00:19:46,150 So, that might be a good segue, 506 00:19:46,152 --> 00:19:48,753 I got this in from your corporation. 507 00:19:48,755 --> 00:19:50,655 Right, this is a board game that we developed. 508 00:19:50,657 --> 00:19:52,089 Okay. 509 00:19:52,091 --> 00:19:54,358 It's called Cyberlandia, it's the journey to perfect cyber security. 510 00:19:54,360 --> 00:19:56,460 The Cybertopia that we were just talking about. 511 00:19:56,462 --> 00:19:58,462 That's a good idea, I mean, 512 00:19:58,464 --> 00:20:00,498 cyber security is such a complex field. 513 00:20:00,500 --> 00:20:01,666 It is. 514 00:20:01,668 --> 00:20:03,668 Boiling it down to a game, that makes a lot of sense. 515 00:20:03,670 --> 00:20:05,770 Exactly, and as you progress on the journey, 516 00:20:05,772 --> 00:20:07,738 you'll find out it gets more and more difficult. 517 00:20:07,740 --> 00:20:10,107 A board game to simplify the, uh, 518 00:20:10,109 --> 00:20:14,312 the difficult story of really the cyber security's all about. 519 00:20:14,314 --> 00:20:16,347 Exactly, and there's of course a catch to it too. 520 00:20:16,349 --> 00:20:17,915 - A catch? - Mmm-hmm. 521 00:20:17,917 --> 00:20:20,084 Yeah, like the catch that it never ends, right? 522 00:20:20,086 --> 00:20:21,252 Exactly. 523 00:20:21,254 --> 00:20:22,787 - Well thanks, Julian. - Great seeing you. 524 00:20:22,789 --> 00:20:24,555 - Good to see you, thanks for coming in. - Take care. 525 00:20:38,971 --> 00:20:41,205 [George] Welcome to Cybertopia. 526 00:20:42,874 --> 00:20:44,041 Interesting. 41948