How does cybersecurity impact the global economy and geopolitical landscape? How is AI changing the game? Yadin sits down with renowned cybersecurity strategist, advisor and geopolitics thought leader Dmitri Alperovitch to discuss this in depth. They dive into the current geopolitical landscape and how CIOs should be thinking about global macro trends as they build their security strategy.
How does cybersecurity impact the global economy and geopolitical landscape? How is AI changing the game? Yadin sits down with renowned cybersecurity strategist, advisor and geopolitics thought leader Dmitri Alperovitch to discuss this in depth. They dive into the current geopolitical landscape and how CIOs should be thinking about global macro trends as they build their security strategy. Dmitri also shares his thoughts on the ransomware insurance industry and predictions for future actions from China.
---------
"So those are the types of things that you want to be thinking about as an organization is: What are you not practicing? What disaster recovery scenarios? It's great that you have backups, but have you ever actually tried to recover everything?...And what other resiliency mechanisms do you have inside your network that may not be cyber- or even technology-related, that would allow you to operate your business?"
"One of the things that everyone should be thinking about is how geopolitical events, like frankly the Russian invasion of Ukraine and similar events in the future, can affect your business and your operations. One of the things that companies had to figure out once Russia invaded Ukraine is how to pull out of the country in a responsible fashion. How, if they couldn't pull out completely, to isolate the operations in country from being able to impact operations globally, in case the Russian government decides to do nefarious things on your network or pressure your local employees to do something. And that's something that I think everyone should be paying attention to when it comes to China."
Time stamps:
(01:00) The relationship between cybersecurity and economic prosperity
(02:42) How rapidly is the ransomware issue growing?
(04:37) Hidden costs of sacrificing cybersecurity for competitive advantage
(07:44) Is the insurance industry influencing how companies think about cybersecurity?
(08:41) Is AI changing company behavior regarding cybersecurity?
(12:55) How AI impacts the gap between defense and offense
(16:51) How has cybersecurity become a tool in geopolitics?
(19:57) Global ripple effects of infrastructure being hacked
(21:59) How should CIOs think about security within these macro trends?
(36:22) What CIOs should be discussing with the board and executive staff
--------
Dmitri Alperovitch on LinkedIn
Yadin Porter de León on Twitter
[Subscribe to the Podcast]
On Apple Podcast
For more podcasts, video and in-depth research go to https://www.vmware.com/cio
0:00:00.0 Dmitri Alperovitch: As you're seeing cyber going from just financial extortion and criminal enterprise tool that it was in the '90s and early 2000s, to now a major nation-state espionage and economic espionage tool to increasingly being used for attacks that are disruptive and in some cases destructive.
0:00:26.0 Yadin Porter De León: Welcome to the CIO Exchange podcast, where we talk about what's working, what's not, and what's next. I'm Yadin Porter de León. How does cybersecurity impact the global economy and geopolitical landscape? How is AI changing the game? In this episode, I sit down with renowned cybersecurity strategist, advisor and geopolitics thought leader, Dmitri Alperovitch to discuss this in depth, Dmitri is the founder and chairman of Silverado Policy Accelerator, as well as a co-founder and former CTO of CrowdStrike. He has served a special advisor to the Department of Defense and currently serves on the Department of Homeland Security Advisory Council and the Cybersecurity and Infrastructure Security Agency's Cyber Safety Review Board.
0:01:04.2 Yadin Porter De León: In our conversation, we dive into the current geopolitical landscape, discuss what the hidden costs are of security breaches and digital disruptions, and how CIOs should be thinking about global macro trends as they build their security strategy. Dmitri, let's take a step back really and define the landscape. How do you see that relationship between cybersecurity and economic prosperity? Can one exist without the other? How are those two linked? 'Cause I don't think people think about cybersecurity economic prosperity and where does it exist at different levels? There's the national level, there's the commercial level, there's the personal level. What's your framework for approaching that topic?
0:01:41.3 Dmitri Alperovitch: Well, of course, at one level, cybersecurity is an enormous tax on the economy, both in terms of direct spend that is done on cybersecurity services, software professionals and the like, that are working to secure companies and organizations all over the world and in this country in particular. But another level, of course you have the criminal ecosystem that is generating revenue based on stealing of identities, stealing of credit cards, stealing money from the bank accounts, obviously the ransomware payouts. So all of that in aggregate costs billions and billions of dollars every year to the economy and is increasing as the cybersecurity spend goes up to help protect critical digital assets.
0:02:23.9 Dmitri Alperovitch: And frankly, as the criminal groups out there are getting more and more payouts from ransom operations and that sort of thing. And then the nation states that are operating to steal intellectual property from companies and truly put them out of business, come on top of that and generate an enormous cost on the overall economic growth because you have companies that are investing enormous amounts in R&D and development of new technologies of the products, and some nation states like China come in and steal it all and give it to domestic industry, thus helping their own economies and undermining ours.
0:03:01.3 Yadin Porter De León: And what's the scale right now historically, because we know this is a growing problem. Is it growing exponentially or is it growing linearly or is it accelerating right now? Is this becoming... 'cause ransomware has been a topic for a long time, but a lot of the headlines will talk about how it's increasing, but what is the best way to look at it really from that acceleration of cybersecurity being a bigger and bigger and bigger part of all the different economic activities that you're talking about?
0:03:29.4 Dmitri Alperovitch: Yeah. Very few things in this world grow exponentially. So I don't think cybersecurity certainly grows exponentially. If you look at the trend of the overall market on the cybersecurity services side, it grows at maybe 10% a year. So it's not that exponential curve, but it's significant. And as I mentioned, the criminals, the nation states are getting better at it. There is more information for them to steal as more and more organizations put their critical assets online. So it's definitely getting worse, not better, but I wouldn't say that it's getting worse exponentially and frankly, most organizations still make the cost benefit analysis that it's better to be connected, it's better to be online, it's better to do business online than not, even despite all these risks. So that tells you something about the impact of this, that as important as it is, people are still realizing that despite all the risks, you can't do business without being connected to the internet.
0:04:27.8 Yadin Porter De León: Yeah. And so I think with that decision, that's... I mean it's a strategic decision often that they stay connected and certain elements of cybersecurity and some of the remediation tools that are leveraged to be able to deal with things after the fact are seen sometimes as insurance, as, okay, we're gonna operate this in the cost of X, whether it's a penetration or whether it's a ransomware attack that's gonna be Y. And I'm gonna go ahead and hedge that bet. But what are some of those hidden costs of making some of those decisions where you might have, let's say, a weaker cybersecurity standpoint in order to be able to sort of have a better economic or strategic advantage within your market?
0:05:04.5 Dmitri Alperovitch: Well, cybersecurity is never easy. And it often introduces, sticks in the wheels of organizations that wanna move faster and do things easier, make it easier to process orders, for example, interface with your customers and cybersecurity professionals come in and usually tell you, "Oh, you can't do that, that's too hard to secure." And that, "You gotta do things in a more convoluted way." So there is definitely trade-offs in almost everything when it comes to cyber in terms of how you manage your employees, in terms of how you let them operate online, how you make sure that they secure their data, how they interface with customers, how you protect customer data. So all of that can make it more challenging to do business. And some companies make those trade-offs that I'm gonna take the risk in order to facilitate business growth, in order to facilitate better customer experience and take the hit on the risk side. Some companies try to offset that with insurance. So cyber insurance is a market that has grown dramatically in the last decade, but we're seeing a pullback from that market because increasingly insurers and particular reinsurers are realizing that you can't take unlimited risk.
0:06:16.5 Dmitri Alperovitch: That cyber is one of those things that is very, very difficult to predict. And as you're seeing in certain parts of the traditional insurance sector where the risk is too high, insurers are actually pulling outta the market. So for example, in Florida it's now very, very difficult to get property insurance because of the continuous floods and hurricanes and the like, and many insurance companies have left the market. You're starting to see a small pullback in the cyber market where the policies are getting written much tighter, where the bar is much higher for a payout, the payouts are more restrictive and at the same time, you're paying much more than you were in the past for those policies. So I used to tell clients customers all the time that about three, four years ago, that if you weren't buying cyber insurance, you were missing out a huge opportunity because the policies that you could get for the price that they were being offered at were an incredible deal that made zero sense for the insurance companies and they were trying to simply buy into the market and offer policies that weren't frankly economically lucrative for them.
0:07:22.7 Dmitri Alperovitch: Well, that has now changed in part because of these big ransomware cases like Colonial and others that have generated significant payouts from the insurance companies and they're now realizing that the risk is quite significant here and they're rethinking their strategies, not pulling out of the market, but certainly making sure that it's much, much harder for a victim to now get the insurance company to pay.
0:07:46.2 Yadin Porter De León: Yeah. And how is that changing some of the strategic decision making companies are making, the ways in which they're approaching cybersecurity now that you're starting to see some of that movement within insurance companies and then changing the way that they cover these types of incidents, is that changing the way companies are starting to think about cybersecurity?
0:08:04.8 Dmitri Alperovitch: Yeah, in part because the premiums have gone up so much. Companies are now starting to really look at the cost that they're paying. In some cases they're deciding to cancel those policies, in others, they're looking at what can you do to reduce the premiums substantially. And they're a number of companies I know that have gone to their insurance companies sort of opened the Kimono. Here's everything that we're doing with regards to risk with regards to cyber. Here are the technologies we have, here are the processes, here's how we think about our policies and have actually been able to negotiate significant reductions in their rates, if they can show that they're doing things in a very thoughtful way, that they're actually reducing risks. So that is one of the ways that you can mitigate some of the costs that have fallen on you as a result of these premium increases.
0:08:50.6 Yadin Porter De León: Yeah. And on this topic too, I think this is probably a good point to... Or a good chance to cover a lot of the hype around generative AI and some of the malicious things that certain individuals have been able to create, leveraging the technology, not that they couldn't create these things before, but they could create more sophisticated versions and a lot faster, a lot easier. The scalability and the availability of the tools creates a risk. Is that changing the behavior of these insurance companies or is it changing the behavior of the businesses, the nation states who are looking at solving these really hard problems?
0:09:27.7 Dmitri Alperovitch: Well, AI is one of those things that I think is gonna change everything that we do in day-to-day life. But it's gonna have... In cybersecurity, it's gonna have an impact on both defense and offense. And in fact, AI at some level has already been used in the industry for over two decades now. I was working on AI Algorithms in cyber all the way back in 2005. At the time it was called machine learning, not AI. So the hype cycle was not as as intense as it is now.
0:09:56.5 Yadin Porter De León: Yeah. Do you think cybersecurity specifically, do you think it's just a rebranding or do you think it's really an inflection point in the technology?
0:10:02.9 Dmitri Alperovitch: So there are certain things that generative AI, the sort of the Chat GPT style chat bots are really good at in terms of helping to elevate the sophistication of the workforce, making it easier for you to bring in junior analysts and train them up quicker to understand what the alerts may be in your systems, give you recommendations, what actions you can take. So it is absolutely helpful on the margins. On the adversary side as well, it is helpful in crafting really good spearfishing emails, for example, and lures that you can use for social engineering, particularly for attackers that may not be native English speakers. The ability to use deepfakes, either in video or audio present enormous challenges as well in being able to social engineer organizations and get into their networks.
0:10:51.1 Yadin Porter De León: Yeah. Have you... On that one too, 'cause that one really fascinates me. Has anyone successfully done any social engineering using let's say a deepfake for a voice of, let's say an executive who might be on camera a lot. They've got lots of samples of their audio and they make a phone call to their assistant and then maybe transfer money or buy something or some interesting sophisticated thing like that using... I don't know if you've heard any anecdotes. I've searched for some, I haven't found anything that's been successful yet, but I was curious if you had.
0:11:17.2 Dmitri Alperovitch: I haven't seen any being successful, but I wouldn't be surprised if they're just months or days away. The technology's certainly there, certainly in audio it's very, very easy to use and about to be even easier with the release of the next iOS. So that presents a big challenge and that's why you've actually seen the White House come out with the secure AI principles recently where one of the principles is that they want producers of AI models like OpenAI and others to watermark their technology so that it's very easy to understand that this is generated code and you can easily discarded if it's been used in a social engineering attack. So that will be really, really important. Although given how some of these models have become open sourced and training them on specific smaller data sets may be viable for even smaller organizations that don't have access to tens of thousands of GPUs, it's hard to see how you can put that genie back in the bottle.
0:12:14.0 Dmitri Alperovitch: So it absolutely is gonna present challenges, but it's also gonna present opportunities on the defensive side as well. And the amazing thing about the cybersecurity industry is that it's always a cat and mouse game. They're always breakthroughs either, on offense or on defense, and the other side inevitably catches up and evolves. So this is one of the things that differentiates cybersecurity from pretty much any other area of science or computer science because you're dealing with sentient opponents that look at what you're doing, analyze it, respond to it, and it's a little bit like a chess match. The opponent always has a move to play.
0:12:50.0 Yadin Porter De León: Yeah. Do you think it's widening the gap between the offense and defense? So like the offense comes in and then the defense reacts, usually there's like time gap, there's a gap that, like you said, it takes time for them to evolve. Do you think the new tools that are in place right now are gonna present an opportunity for that gap is actually increased? Or do you feel like that gap is not gonna change because those the same large learning models, the same tools are being used on both sides?
0:13:14.2 Dmitri Alperovitch: Yeah, I don't think that that gap is gonna persist for a long time. It usually hasn't by historical standards. I remember in my early days in my career when I was working on the spam problem back in the early 2000s, and you've seen just a very rapid...
0:13:27.4 Yadin Porter De León: Oh yeah.
0:13:29.0 Dmitri Alperovitch: Evolution of spam going from just text-based information trying to sell you pills and other frauds, penny stocks and the like, and to get through spam filters, they started to insert garbage text to try to sort of confuse the filters. Then they went to image spam where it was just an image of the text. But inevitably the defense is caught up every time and usually within weeks, if not sooner. So I think you're gonna see that same things evolve in the at least technical side of cyber where worry more and where frankly attackers have almost a 100% chance of success right now is on the social engineering side, where you're not attacking technical systems but you're attacking people.
0:14:10.8 Dmitri Alperovitch: And you have groups like Lapsus$ for example, that have been very successful in infiltrating tech companies, literally all over the world, and particularly the major tech companies in the Silicon Valley. Even companies like Microsoft have fallen to the attacks and they aren't particularly technically sophisticated. There's really no malware that's used or even exploits, but they are very, very effective at social engineering. They're not using AI at all, but they're just calling up help desks, trying to pretend to be employees, trying to reset their credentials. They're using SIM swaps as well to get access to authentication codes that may be sent to someone's phone. And those are the types of attacks that you can absolutely use AI to get much better at, both in terms of faking the voice or making someone who is not a native English speaker sound like one. Those are the dangers that I think are gonna make it much, much easier for criminals all over the world that are right now are fairly constrained in their ability to use social engineering, sort of direct voice to voice or video to video effectively. It's gonna open up those possibilities for them. One of the reasons why Lapsus$ is so successful is that they have a number of members that are native English speakers that can get away with it. Something that would be harder to do for criminals in Russia or China or elsewhere, but with AI that's gonna open up those possibilities for them.
0:15:34.2 Yadin Porter De León: That's gonna be really interesting to see how that manifests itself and how that accelerates and some of the social engineering things. I think that's one of the things that is gonna be one of those really hard and potentially intractable problems because humans are a very attractive attack vector when it comes to those who are trying to get into the systems.
0:15:51.6 Dmitri Alperovitch: They're the best. So I talk so much about Lapsus$ because I serve on the Cyber Safety Review Board, this new government body that has been stood up by the President a couple years ago and we're literally in the midst of doing a review of this group. And it's striking how successful they are, even though the technical sophistication is very low. And it just reinforces that you don't need to be a great technical hacker to get into these organizations successfully. All you need to do is be really, really good on the phone, be quick on your feet and you can sweet talk your way into pretty much anything. That is one of the lessons, of course, of the now unfortunately late Kevin Mitnick who passed away recently, but he was the master of social engineering back in the 1990s and that's what he was doing, calling people up and getting them to reveal their secrets. It was working 30 years ago and fortunately it's still working today and very likely we'll still work 30 years from now.
0:16:46.3 Yadin Porter De León: Yeah, I don't know if that effort can be scaled. You mentioned, I think it's... You mentioned a couple interesting points where it's about non-native speakers, people all throughout the world, whether it's from Russia or other places who will now have access to tools like this. I think that begs the question about a concept that you talk about with a geopolitical chess board, like you mentioned the chess board earlier in the conversation as well. And how has cybersecurity become a tool in that geopolitical arena and what is the implications of cybersecurity in general? Also some of the new tools for global economic stability because we've seen the foundations of the economic stability be rattled in many ways that were surprising. And how is cybersecurity playing a role in that?
0:17:30.4 Dmitri Alperovitch: So I coined this phrase almost I think 10 years ago, that we don't have a cyber problem. We have a Russia, China, Iran and North Korea problem. And I think that has aged very well because when you look at the majority of the attacks where they're coming from in terms of the people that are orchestrating them, they're either coming from the people working for the governments in those four countries or criminals that are residing in those countries and are allowed to operate at will without being extradited for their activities. And there's certainly criminals in other parts of the world as well, but by far the vast majority of them are operating out of these four countries. And the reason that that is the case is not because those countries have unique monopoly on cyber offense. There's certainly many other countries that have developed those capabilities, but they're the primary sort of rogue states, if you will, in the international arena.
0:18:22.5 Dmitri Alperovitch: They're primary adversaries to the west, and certainly in the case of Russia, Iran and North Korea, are now increasingly isolated on the global stage and believe that cyber is one of those equalizers that they can use as a way to hit back at the west and have an asymmetric advantage. And that's something that is getting worse and worse frankly, because you're seeing cyber going from just financial extortion and criminal enterprise tool that it was in the '90s and early 2000s to now a major nation-state espionage and economic espionage tool to increasingly being used for attacks that are disruptive and in some cases destructive. So you've seen some of those attacks manifest themselves in Ukraine where a variety of attacks launched by Russia at the same time as they were launching their invasion against Ukraine that had in a few cases significant effects on the Ukrainian ability to fight back and coordinate their actions.
0:19:25.2 Dmitri Alperovitch: As was the case with this really unprecedented attack on Viasat, an American satellite company that provided communication services to Ukraine and broader Eastern Europe, that the Russians had act on the day of the invasion and were able to brick thousands of terminals that were located in country. Those are the types of attacks that you're starting to see more and more of in the last decade. You've seen a number of attacks going after critical infrastructure, particularly of note there was an attempted attack also by Russia on a Saudi Arabian refinery back in, I believe 2017, that could have caused loss of life if that attack had succeeded. They were attempting to disable the safety controllers in that refinery that could have caused a fire and an explosion. So those are the types of things that we're starting to see a little of that we'll probably see a lot more of going forward.
0:20:15.4 Yadin Porter De León: Yeah. What are the ripple effects globally, sort of on that economic stage of those satellites or the terminals being bricked or the refinery being hacked? And what are the ripple effects through not only just the company that's being attacked, but the country it's in and other countries that are seeing these kind of attacks taking place?
0:20:31.6 Dmitri Alperovitch: Well you've seen that just a couple years ago in 2021 when Colonial was attacked, Colonial Pipeline, that was an attack that only targeted their business systems. But out of precaution, the company decided to shut down the pipeline because they weren't sure if the attackers, they were out just for ransom. If they had been able to jump to the... What's known as the OT network, Operational Technology Network that actually controls the physical operations of the pipeline, because they didn't have that assurance. They shut down the pipeline. And of course, you also had added panic as a result that caused delays and queues, lines all over the East Coast of people trying to get gas. And it literally has caught the attention of the President of the United States where he raised that issue with his summit, with Putin back in the summer of 2021.
0:21:21.7 Dmitri Alperovitch: People forget that now because invasion of Ukraine, of course, has overshadowed the ransom problem that we were facing vis-a-vis Russia. That problem has not gone away and has in some ways even gotten worse because the Russians have basically decided not to cooperate with us anymore given our response to their illegal invasion. So those are the types of things that are of deep concern where it wasn't even the objective of that group to shut down a physical pipeline that was just a byproduct of their actions and the company being overly cautious. But imagine if that had been actually the target and if they had done it and been able to actually damage it. Those are the types of things that can have cascading effects on the entire economy.
0:22:02.4 Yadin Porter De León: And those ripple effects that you talk about, sort of those cascading effects, they're not just one country attacking another country, it's one country attacking a company in many cases in another country. So technology leaders, these macro trends are very, very real for them. They've recognized that they've existed for a long time. How should CIOs, technology leaders, leaders of businesses be thinking about this trajectory of ransomware, this trajectory of nation-state instability or destabilizing, like you said, it's not a new thing, but in some cases, in certain pockets, it's growing. How should this maybe affect or inform the way that technology leaders are thinking about approaching cybersecurity with some of these large macro trends really playing a larger role?
0:22:44.1 Dmitri Alperovitch: So the really good CISOs and CIOs that are thinking the right way about this problem, appreciate that this is not something that you can go to zero risk. You can prevent everything, and there will always be mistakes that are made by people in your organization or your customers or someone else that is gonna open up some vulnerability, open up a door for an nefarious actor to walk in and do damage to you. So the key thing really is not to put all of your eggs into the prevention basket and trying to stop everything possible that can get launched against you. The vulnerability space attack surface is just too vast for that to be successful. The key thing is to really focus a lot on detecting this activity as quickly as possible and responding and remediating it so that the damage is quite limited, if any. And the other thing that's absolutely essential is to focus on resiliency. One of the things that Colonial had discovered is that they had never actually shut down that pipeline before. That was the first time I believe in their history, that they've done a complete sort of cold shutdown of the line. And it took them a number of days to get it back operational because they had never restarted it.
[laughter]
0:23:56.3 Yadin Porter De León: It wasn't part of their playbook.
0:23:58.1 Dmitri Alperovitch: Exactly. So they've never tried it. They've never exercised it. And so they weren't sure how quickly they could do it without damaging it. Now if push came to shove and they had to do it right away, I'm sure they could have figured it out. But it took them days to do it in a responsible fashion. So those are the types of things that you want to be thinking about as an organization is what are you not practicing? What disaster recovery scenarios. It's great that you have backups, but have you ever actually tried recover everything?
[laughter]
0:24:27.3 Yadin Porter De León: Not an exercise most people have done.
0:24:28.9 Dmitri Alperovitch: Exactly. And what other resiliency mechanisms do you have inside your network that may not be cyber or even technology related that would allow you to operate your business? Some of your listeners may remember the case of Sony Pictures when they were attacked by North Korea in 2014, a case that I was involved in investigating and attributing. Well, at the time, Sony's network was completely decimated by this North Korean wiper, and they had to figure out how to communicate with each other because active directory service was down, email was down, they couldn't talk to each other, they couldn't even get phone numbers of people that weren't already loaded into their phones. They had to figure out how to do payroll without the network being operational. So to the extent that you can build backup capabilities to do all of that, to make sure that even in the event of complete disaster, you can operate, you can still do your business perhaps less efficiently, but you will not be completely shut down.
0:25:22.8 Dmitri Alperovitch: That's gonna help you both in terms of thinking about whether or not you should pay a ransom. Perhaps you're gonna be more on the side of we'll figure this out. We don't need to encourage this activity and pay off criminals. And by the way, once you pay off a criminal, you're now known as a mark that's gonna pay. Then you may get hit again and again, perhaps by other groups, perhaps by the same one. And at the same time, there's now increased legal risk to doing so because a number of these groups are sanctioned by the US government. So you don't want to be transacting with a sanctioned party because that will introduce legal liability and criminal liability for you. So those are all the things that you should be thinking about in terms of how do we make sure we can still operate, whether it's our business systems or whether it's our physical systems, even in the event of a cyber or frankly a natural catastrophe. Those are always smart things to do. And something that we should be doing at a national level, at an individual organizational level, and even individual level.
0:26:21.1 Yadin Porter De León: Yeah, I think that's a good checklist as far as conversations that need to happen. So we like to have a part of the show or segment of the show we call, Take It To The Board. Now with these sort of geopolitical chess board idea with these macro trends ideas, with these... The new... The cyber security becoming this tool of various different nations, attacking other nations. What conversations should CIOs be having with whether it's the board or whether it's the executive staff when it comes to their future strategy for ensuring that they're having a security posture that reflects the way in which they need to operate?
0:26:56.3 Dmitri Alperovitch: Well, one of the things that everyone should be thinking about is how geopolitical events, like frankly, the Russian invasion of Ukraine and similar events in the future can affect your business and your operations. One of the things that companies had to figure out once Russia invaded Ukraine is how to pull out of the country in a responsible fashion. How if they couldn't pull out, completely isolate the operations in country from being able to impact operations globally in case the Russian government decides to do nefarious things on your network or pressure your local employees to do something. And that's something that I think everyone should be paying attention to when it comes to China. I was one of the ones that early on predicted that Vladimir Putin was gonna invade Ukraine. I put out public tweets on the subject in December of 2021, over two months before the actual invasion. I am increasingly becoming convinced that President Xi wants to invade Taiwan before the decade is over.
0:27:51.1 Dmitri Alperovitch: So not eminently, but could be as soon as 2028, 2029. And that's something that everyone should be thinking about in terms of companies that have business in China. How do you think about what's gonna happen to that business if such an innovation occurs and innovation like that, it's quite possible would involve the United States in a hot conflict with China. And your ability to continue operating there as an American company or as even as a European company, would probably become non-existent overnight. But even aside from that, even in a lead up to this increasingly likely scenario, the tensions are getting higher and higher. Increasingly Chinese government is cracking down on businesses in country, making it more difficult for them to operate. So if you're not thinking about pulling out, at least start thinking about how do you isolate those networks, those technologies from being able to influence the rest of your organization.
0:28:47.7 Yadin Porter De León: No, I think that's great, Dmitri, fantastic perspective. Where can people find out more about you? Where can they hear you? Where can they see you? Where can they interact with you?
0:28:58.2 Dmitri Alperovitch: Absolutely. So I have a podcast as well called Geopolitics Decanted. That's a biweekly podcast on everything from the war in Ukraine, the increasingly tense competition with China technology issues like artificial intelligence, cyber issues as well. So you can find it on your favorite podcast platform, Apple, Spotify, etcetera. And silverado.org is my new think tank. Silverado Policy Accelerator where you can check out the work that we're doing on these and other issues.
0:29:26.4 Yadin Porter De León: Excellent. Well, Dmitri, thanks for joining the CIO Exchange podcast.
0:29:29.6 Dmitri Alperovitch: Thanks so much for having me.
0:29:31.5 Yadin Porter De León: Thank you for listening to this latest episode. Please consider subscribing to the show on Apple Podcasts, Spotify, or wherever you get your podcasts. And for more insights from technology leaders as well as global research on key topics, visit vimeo.com/cio.