Do you want to be an American idiot?
Go building one to night? Do you see lost on Saturday or won on Saturday? The loss today on the Loss, of course, is Jim Kelly Junior passing away at seventy two.
I've been fighting cancer a long time.
I was enjoyed listening to Jim along with Dan Horde for what the last twenty years as the color analyst for the UC Bearcats, and just so sad to hear because he's such a good guy. But our thoughts in pairs with that Jim and his family, everyone in the in the Bearcat family as well. Sloane here on seven hundred WLW. If you watch the Bengals last night, lose but lose in a better way?
Typic whatt you dose?
You hang on for a minute before you cut over to NBC and watch our boy talk about well last night's gale. I didn't say I've watched the whole thing in Kansas City wind up winning last night, But you watch sixty minutes on CBS and you always catch like the first couple of minutes. I thought last night they had a fascinating story on about China Our front of me.
China has infiltrated some two hundred critical infrastructure operations in the US water treatment plants, electrical grids, transportation, hospitals, telecommunications. Pretty scary stuff that the incursions, these intrusions have been going on for a while now and we haven't done anything about it. Why because we're getting intel on what the Chinese may or may not do as they can
control some of our critical infrastructure. We've talked about this before, but I think when you start to hear two hundred or more facilities in America could be under Chinese control in a couple of keystrokes, that is a huge wake up call, going, what if they're doing this on sixty minutes? We know the government's known about it for a while, and we're allowing this to continue. And what happens in the future on that is that Chris niheis. Chris is
the CEO of Vigilant Cybersecurity here in Cincinnati. Chris, welcome back, are you Hanks?
Scott? I'm doing great one.
I'm well till I saw this thing last night after football lost. I'm like, well, wait, what's going on here? So the idea here is that China is lying dormant in two hundred these things, and I think it was like a small some small town in Massachusetts.
I forget where that it turned out.
The FBI shows up and tells the operator, the guy who's in charge of it, Hey, listen, the Chinese have taken control of your facility. You don't know that, but the Chinese have digital control of your facility. So we know that everything now is plug and play, and it's the Internet of things, and everything is controlled remotely and electronics.
And so before we branch off into what they're doing and how they're doing it, a water treatment plant, what could go wrong if the computers are under control of the Chinese and a water treatment.
Plant rights the Littleton, Massachusetts, and a lot can go wrong. Actually, I mean inside these water treatment plants, you have different vats of chemicals. Those chemicals are mixed together in different varying levels. You have fluoride, you have all coins of different things in there, chlorine, Those are mixed together very precisely to make sure that the water that we drain is clean, purified, it's refreshed when it gets to us.
If those systems, or the chemical interactions or even just the mounts, the measurements are put into water differently.
It could be catastrophic.
It can make our water undrinkable, untenable, it could be it could make poisonous.
There's there's a lot.
Of different things that can happen inside a water treatment plant.
And that's just a small time. But imagine the masses steria of a town of I don't know if that ten twenty thousand people, if all of a sudden, your water's poisonous, and we would know it because they program everything to make it look like the tests are fine. I don't know if they do physical manual tests and how often they do that. I don't know the workings
of water treatment BLA. I would think so that somebody's going, hey, there's something with the right but it'd be too late for some people who are drinking poison water.
That would be way too late.
And then the problem with the two is, I mean, if you look at the way water works. We pump water into our water towers, that creates water pressure into our cities, but you'd have the entire system would be contaminated. And you know, it just makes even if even if no one drank it, even if the system was contaminated,
you have you have a major problem. And to your point, you know they're doing so much automation now, Uh, you know all all of the chemical you know, the chemical measurements, the purification, it's.
All, it's all automated. Uh.
The testing is mostly automated. They do spot checks and things like that. But there's sensors throughout the entire line that determine tempature. It determines, uh, if there's different chemicals. I mean, you've even seen recently where they can see if COVID is spiking up inside Uh, you know, different cities because of what's coming in to the waste treatment plants.
So there's there's a lot of different sensors there. But but like you said, those sensors can be modified so that that way it gives incorrect information and then people don't know.
You know, the monitors aren't going to trigger off that something.
You can make boiling water look like it's freezing water based on what the what the what the sensors on and reprogram all that stuff, and no one or know until that's all sadly too late and you gotta shut them and I don't figure out what's happening. And that's just in one small town in Massachusetts, and then there's at least one hundred ninety nine others and other water treatment plants, but electrical goods, transportation, hospitals, all these things
I mentioned. And what's interesting about it is there they said there's about two hundred that they've identified since twenty twenty three. I suspect, like anything, the two hundred the most obvious ones. How many more do you think I are out there?
Oh?
I would say in every critical city, we work a lot in critical infrastructure. A lot of my background is in critical infrastructure. And you know, even back in the early two thousands, I was working with COMMONI control systems and you could see that those systems were trying to be attacked.
And I would say.
That was my wake up call, that you know, that wake up call. But at the moment I realized how evil this could be because in those situations, what we were seeing is someone attacking back then our Windows ninety five systems, and they were back in these really old operating system it was, you know, not old at the time, but these systems were connected to these valves that could you know, from the system, you could open a valve
and it would be a release valve. And you could release ammonia or an ammonia actually can melt people's lungs. So you know, when I saw that happen, like whoa wait a second. And that's what really made me get into this industry because for me, it's about making sure that we protect the United States right, and one of the things we have to be really aware of is that we're not doing a great job of it because they're everywhere so well.
The problem is this, right, we have decentralaw Unlike China, everything's centralized in China. Here it's decentralized. So you've got small municipalities, and I'm guessing that a lot of these two hundred chris are small municipalities that don't have the budget. And you know, fifty grand to them may not be a lot to the state of Ohio or the United States of America, but fifty grand to a small community
is a lot of money. That's what it costs us one small town to redo all their infrastructure to essentially make what the Chinese did moot. And on top of that, you know, paying for new equipment and getting taxpayers to put the money for the latest and greatest servers and technology isn't always an easy sell. People don't make that connection until while it's too late. We don't want to
spend that time. Why are we spending more money? We just updated these computers and our systems have been updated, and we don't need to do that anyway. Why are we spending so much on people, like, for example, the contract with Vigilant Cybersecurity. I mean, that's a huge cost item right there, and so we tend to cut away all of that help and all those people in safety Net and then something like this happens and we want more of it.
Right.
Well, see, here's the problem is that I'll make some bold statements here. You know, we talked about before you got to wonder you know why. You know, like the average time it takes to detect the threat U Riising comes out with report every year. It's a great report. But the average time it takes the detective threat today someone comes into your environment. The average time it takes for most cybersecurity technologies, right, this is the average, right, two and eighty seven days.
Right.
And so the biggest problem is that a lot of companies are buying technology that seems to work because it's a brand name we're a big no name, but it doesn't actually do what it's supposed to, and so you end up with the attackers and these environments that are there forever, and what they really want to do in any warfare scenario is they want persistence. So what happens is these attackers come in, they trigger an event so that your security systems see it, you go do an
instant response. But what they're really doing is they're embedding themselves for persistence for later while they're triggering a fake incident, right or a real incident that you go work. The second problem is that companies, you know, use their security technologies.
That they use as badges, and the security companies that work with them also use them as badges.
So what I mean by that is, you know, they'll put their logos up on their Webb site, they'll you know, the security.
Providers will do that. So that tells you the hacker.
Exactly what technology is used. And then the third thing that happens, especially in these municipalities, is when they're buying things, they're buying things under committee or approval with their cities municipalities, and so those are all open meetings. And so if I'm a Chinese threat actor, I can come in, I can know exactly. I mean, in the state of California, you.
Can go out. There's a law that requires them to do this.
It lists everything any city, every single technology they buy was from a cyber standpoint, is on a list, so they can an attacker can easily go to water treatment plant see exactly what they use, and they just they.
Just know how tottack them. So you wrap all that up.
And I think here in the United States we don't understand warfare in the private sector very well. And in China they do, and in Russia they do. Outside US they do. We just don't understand it here because we you as citizens, are so comfortable with not interfacing with evil, right, well.
Because we are commerce right and some small businesses. We're business people, so we understand that. We don't see that. As you know, there's competition, but not in the arena that the Chinese do because of that centralization element too. And so Chris ninehis is here CEO of vigil and Cybersecurity, in the sixty minutes thing last night, that there's some
two hundred plus critical infrastructure operations. We're talking electrical, we're talking water, treatment plants and the like that essentially are under Chinese control. And so what they did is they've infiltrated that infrastructure and now they're just laying dormant. They're not shutting it down like some I don't know if you're if you have malware, which we've talked about before in the past, right, you shut them down Cattering Health for example, pay me my money and I'll open everything
back up. Or maybe not, some other actor gets in there and just wants to be disruptive and destroy things and shut it down and put some sort of political or anti state message on whatever it might be. We've seen that this is different. They're actually lying in wait. It's like a trojan horse. They're watching what you're doing online.
They're watching the systems that you have in place, and in the future if they need to, when they need to, when they will, they will strike by doing all the stuff we talked about and multiply that by hundreds more. And you've got real problems here in America that they're sitting there just watching and wait and lying dormant and our own infrastructure and most of us have no idea they're there.
Yeah, right, And the reason you know you and you know, we don't know all the details of Littleton, but you know, we spent fifty thousand dollars to rebuild his network. I would say he didn't really He may not have actually even had to do that if he had.
The ability to see what was what.
Was embedded as in this environment, you don't have to swap out all of your systems, but if you don't have the ability to see what's there, then you do.
You have to start all over.
But the big problem there is he may not know how they actually got in, so he may have just rebuilt his entire environment. And this happens with a lot of companies. I'm not saying that Littleton did this, but they'll rebuild their whole environment. They don't know exactly how they actor got in, and then they get in again, and they just wasted all that money.
Yeah, you know. And yeah, right.
The other thing too, Scott, that happens and this is this happens with a lot of our power generators. A lot of those does come from China. Right, They have about you know, the transformers, things like that. They have a year and a half way time to get those. We've already found you know, when they when those things have come in. Not we vigilant, but you know particularly
but you do. It's government has found that there's malware inside the systems already, right, Uh, just straight out, straight straight coming over.
So the thing that.
We we just have to be a lot more aware of is that, uh, you know, we're going down a path that we have.
All these back doors in a critical coming instruction.
Now I'll say this, now we have that as well, right, so you know, we do the same thing around the world, you know.
And that's why I went here, is like, well we're doing it too, but it doesn't make it better, no, no, because I get it. On our side. Yeah, I think for us to be embedded over there, totally get it. We want to.
It's like an arms race, right who could be embedded the most because in any case, it's whoever can hit the button first, right, and and and there's a couple of different things that can take place in that. But the big thing is to realize is that you know, this, this is a this is the hidden war, and cyber warfare has already happened. We're already in that, but you know, most of us don't realize it. And in the critical infrastructure world or even the you know, the small business
meetium sized business world. In the United States, it makes up like eighty percent of our financial postability here in the US. And so you know, if you want to take out hospitals, go and bed yourself in hospitals. You want to take out water, go and bed yourself in water, You want to take out the financial sex to the United States, go after small medium sized businesses that normally don't have the protection they need, right right, And then you just took down the entire country.
And you do it with some keystrokes. You don't fire one shot, but you do it via computer.
So we had two hundred of these infrastructure operations that were compromised, right, and now it's on sixty minutes. And I'm guessing that the Chinese have known that, We've known about this for a while before it gets on sixty minutes for sure, right. So, yeah, in the month, in the months that that's happened, where our years even where they're exposed that and moved, what's that? What's happening right now as we speak? Then more of the same, less of the same or a different same.
Oh, it's more the same, Yeah, I mean it's you know, the yeah, it just it just continues on and inside these environments, that's where work happens. We found this was a couple of years back, we found a Chinese threacture group that bounced through United States entity out to another country, right, And what they're trying to make it look like is that the attack was coming from the United States.
To that other country.
So the you know, you have that issue as well is where you know, China will act like Russia, russiall act like China ran axt right like Russia. You know, you're trying to really tie it back to whoever is actually really attacking. But the big key here and you mentioned as well, you mentioned kettering health. Right, We've seen significant aspects where malware is you know, in ransomware is used to come into an environment, create a distraction, and
then allow people to be embedded. And most, like I was saying, most security technology out there is built to detect things that it knows about, not to always detect things that are unknown. So if you can attack someone embed yourself in a way that isn't known yet or isn't detectable yet, you can hide and wait and especially if it's like a you know, in a triggered thing that's based on a timer, like maybe that connection reaches back out every month or every two months.
You know, it's a.
Single ping in the midst of millions of connections. It's really hard to find. So, you know, a lot of the ransomware or malware, those are the things like if you're in an organization you've had ransomware or malware, just fighting that is not the end of your battle. You now have to comb through your infrastructure and find out is there a back door that was put in during that attack, because you know, ransomware, like I said, is being used a lot. Is just that distraction now and
you know and also too it's funding terrorism. You know, they just put these groups do they come in, they do ransomware, they fund terrorism, they create a backdoor and now they're embedded.
And they'll be to continue can and mouse game like this. And in the fear of course, is one day if we are at odds and a war with the Chinese or whatever transpire, they can shut down a significant portion of what it is we have our infrastructure and if you tease will they be able to execute that plan?
I mean I think we're already seeing some of that. I think Colonial Pipeline was a good example of that. You know a few years ago, and I talked about that, you know, or you know, there's there's inside of these pipelines, there's sensors. You can take over the sensors, you can heat them up and explode the pipeline. Uh, you know, like I said earlier, among control systems, water water treatment plants.
I think when we when we see these.
Isolated attacks, you know, quote unquote isolated attacks, I think that those are just tests, right.
I think they're hey, how far can we go? Right?
I mean we and again you see those things happening around the world. I think we do our own tests also, you know, uh, you know, but you know, and it's just to show each other, Hey, I'm here and I can do that. But I think in the United States we have to be much more careful and aware that just putting the security technology in doesn't mean that it's
going to find what we're actually looking for. And we have to be much more educated as business owners into what is really coming in our environments, especially if we support companies like a General Electric you know, if you're a city if you're a community a business here in Cincinnati that supports general electric, highly likely you're going to get attacked before they will, because they'll try to come
through you to get to them, right. Uh you know, especially if you're an HVAC company or you're a you know, you're you're you're, you're, you're building plans for them, you know, to build out a facility or whatever. Highly likely you're you're going to get attacked. If you are a business that creates a part for you know, a defense industry or for uh parttery gamble, right, that's really critical to their system, chances are you're.
Going to be attacked and and so got it. You have to be a lot more hyper aware. You know that that what?
Yeah, So he's Chris n Ihi, CEO of since Today Based Vigilant Cybersecurity. Go to the CBS or sixty minutes so you can watch this whole piece. It really is fascinated, uh in how embedded the Chinese air system? Chris, all the best, thanks again, thank you, Scott. All right, being well, got to get the news running late. Just a few minutes away. We got Julie Age mental health Monday here next. If you're a procrastinator. She's going to be talking about
you and to you. Just ahead on seven hundred WLW