Welcome to tech Stuff, a production from I Heart Radio. Hey there, and welcome to tech Stuff. I'm your host, Jonathan Strickland. I'm an executive producer with I Heart Radio and a love of all things tech. And recently, the Pentagon's former chief of software, Nicholas Hilan, resigned, and he did not go quietly into that good resignation. No, he posted an explanation of why he chose to quit on LinkedIn, and he cited lots of very valid reasons for frustration.
He expressed anger at how he would have to try and chase down budgets in order to fund any sort of project or research or development and deployment, and just you know how hard that was and exhausting and never ending. He pointed out how the US military complex is still focused largely on trip aditional weapons systems like fighter jets and guns and stuff, and not so much on the
digital side of warfare. He argued that China is so far ahead of the United States in this regard, along with its advances and artificial intelligence, that the cyber war is effectively over already in China's already won. So today I thought I would really tackle these issues and examine them are his frustrations all valid? Has the United States
lost the cyber war already? Well, the first thing we should do is acknowledge that cybersecurity in the United States, particularly at the federal level, like not a specific company or specific trend, but looking at federal cyber security, it's pretty lousie, particularly for you know, critical organizations like the Department of Defense. And there are many reasons why this is so. Some of those reasons are fairly intuitive, which means I'm still going to go over them because that's
how I roll. For example, we know that technology advances at a really rapid pace. Uh not all technology evolves at the same speed, you know, not all of it goes super fast. Gordon Moore observed that because of you know, multiple factors, primarily market based ones, the number of discrete components that we could cram on a square inch of
silicon would double every two years or so. Now that observation became Moore's law, and today we usually interpret that as meaning that a new computers processor will be twice as powerful as the ones from two years before. So the computers of today are twice as fast or can compute twice as much. In the same amount of time as the computers we produced two years ago and so on. Now, for multiple reasons, we've had to find new methods to try and keep Moore's law active. It's not it's not
a guarantee. It was an observation, and now it's almost like a challenge. So there's there's nothing that says that this trend will continue forever. In fact, you know, we might be able to kind of keep the trend going by fudging some of the definitions and changing up the way as we do things. But my point is that this particular subcategory of tech has a really aggressive trend
when it comes to advancement or evolution. Well, not everything advances that quickly, like battery technology is a great example of tech that has a much slower evolutionary path, but a lot of stuff does change pretty fast. The world of software is another example. Developers generate enormous amounts of code every single day. Some are working on mission critical systems that play a part in important organizations like the Department of Defense, uh saw are making the next version
of Candy Crush. But the point is that software development happens super fast, and sometimes developers might overlook things that can lead to a potential vulnerability in the system. Like there, they might be focused more on I need to make this code work, and less on is there some way that someone could leverage this code in a way I
did not intend. Now, in an ideal world, every developer out there would have plenty of time to test code thoroughly and conduct some penetration testing to make sure that the code doesn't have any vulnerabilities in it before ever deploying it. But in the real world we run up against, you know, stuff like deadlines and and budgets. These are things that mean that sometimes we have to push stuff out the door before we can do all the testing
we would like. So sometimes we see code deployed that does have gaps in it, gaps that determined hacker might discover and exploit. Nelly. Important element for us to consider here is that all this development in tech, from hardware to software and all the related fields, it's happening all the time. The world of tech really drives home what the Greek philosopher Heraclitis said way back in around four b C, which is the only thing constant is change.
The tech world is fast paced and fluid. Now let's talk about the world of policy and governments. Governments cannot be nearly as nimble as the tech sector. Governments move at a much slower pace, glacial, some might say, depending upon their point of view. So forming policy takes time. You have to have someone to propose it, for one thing, and then that person has to get buy in from other parties in order to form a plan of action. There has to be a vote on that plan of
action to make sure their support for it. There needs to be a budget assigned to that plan of action. There's got to be someone in charge. There needs to be deliverable as assigned, and some means of holding the project accountable for achieving the goals that are set out by the policy. You need to have metrics these steps
I'll take a lot of coordination, cooperation, and time. Complicating matters is the fact that in the United States the average age of federal level policy makers is pretty up there. So right now in the US, the average age in the US Senate is sixty four point three years old. The average age in the House of Representatives is fifty eight point four years old. Now, generally speaking, the average American is twenty years younger than the representative who you
know represents them. Now. I don't want to engage in ages um here, especially since I'm forty six. I'm no Spring Chicken. I don't want to make too many generalizations. However, there is something to be said about people who have spent a career in politics who might not be the
most tech savvy individuals out there. In fact, if you do a search on how tech savvy is Congress, you're gonna find numerous pieces about how Congress is woefully behind the times when it comes to even a basic understanding of where tech is and what it is capable of. The gap and knowledge with regard to tech is a serious problem. And in case you think I'm being hyperbolic here, I'll point to one of those tech savvy articles I just mentioned. This is something that I really feel you
should read if you have the chance. It's titled How Congress Got Dumb on Tech and how it can get Smart. It was written by Grace Gedyer and published in Washington Monthly. Grace's piece details how some members of Congress have never so much as sent out an email. Okay, so email, in case you're not aware, dates back to the early nineteen seventies. So let that sink in for a second.
There are politicians who are at least theoretically representing the interests of citizens who live in those politicians districts, and these politicians are unfamiliar with the technology that was invented fifty years ago, half a century ago. So how up to speed do you think these same people are going to be when it comes to stuff like a distributed denial of service attack or state sponsored hacker groups. Now I'll give you a specific example of an embarrassing lack
of understanding. Recently, the governor of Missouri, Mike Parson, accused a reporter from the St. Louis Post Dispatch that's a newspaper, of being a hacker. Now, what the reporter had done was found out that the HTML code on a Missouri Department of Education website contained the private information of school teachers and administrators, including things like social security numbers. Now, that private inform ation was not visible on the web page itself if you were looking at the web page,
it wasn't right out in front of everything. But if you looked at the HTML code, you could see it. So Governor Parson said the reporter was a hacker and should be prosecuted. Now, some of you all out there are probably already saying, what excuse me? So if you are not aware web browsers, let you look at the underlying HTML code of a page. And this is a great tool if you're building a web page. Being able to switch between what you see in a browser and
the HTML code can help you troubleshoot problems. If you're learning HTML. Using this, let's you see how any given web page is set up. You can actually look at the code and say, oh, so that's how they did that. More importantly, it's super easy to do in Chrome, for example. In order to look at the HTML code for any web page doesn't have to be a web page, you won't, it's any web page. All you do is right click on the web page and you choose view page source
and it will give you the HTML code. Alternatively, you could just hold down the control button and type the letter you Boom, you got the HTML code, no hacking involved. You can do it on any web page and like you know, when you think about it, that's essentially the code that the web browser receives. Then the web browser says, oh, this code means that the page needs to look like this, and that's why you see it the way it is
on your screen. So there there shouldn't be anything in the HTML code that is bad like that shouldn't be there because ultimately HTML is just instructions for your web browser, so that knows how to display the information there. And that's my point. Governor Parson didn't or perhaps still to this day, doesn't understand that there's no hacking going on here.
This is a browser tool working as intended. It's something anyone can do with no training, which means the State of Missouri was negligent and exposed the private information of a lot of people to anyone who just happened to look at the HTML source code. At best, you could say that Governor Parson was deflecting, attempting to shift the blame and hold the reporter responsible for an error that
the state had made. At worst, you would have to say Governor Parson just playing doesn't understand web browsers, which doesn't necessarily fill you with confidence that he understands any other matters relating to technology and and seeing how tech plays such an important part two pretty much everything we do all the time these days. This is a huge challenge.
After all, its Congress's job to form laws and regulations at the federal level, and at the state level we see the same sort of sing I'm concentrating on the federal level because otherwise it starts getting really fragmented. But the same thing holds true in states too. If Congress at the federal or state level, doesn't have a full understanding of technology, how can we expect them to regulate
it or to form policies that makes sense. So we're literally seeing a growing chasm between the fundamental ways technology plays a part in our lives and politicians understanding of technology. For some, you might as well substitute the word magic for technology. You know, as Arthur C. Clark said in
his Third Law, any sufficiently advanced technology is indistinguishable from magic. Well, it appears that, at least for some politicians, the advance and technology doesn't have to be particularly impressive Web browsers, they'll do the trick. Now, I'm not saying politicians all need to become engineers or computer scientists, and politicians can and do rely upon subject matter experts to help them
navigate unfamiliar territory. Whether the politicians grasp what those experts are saying is a matter for debate, but at the
very least they do call upon experts. If you've ever watched any video or read any transcripts of these types of meetings, even if it's something like one of the times where you know, Facebook representatives have to appear before Congress, if you look at those transcripts, you might walk away with a pretty low opinion of some of the politicians, at least when it comes to their you know, tech savvy.
You might also take issue with the saying there are no such thing as as dumb questions, because after reading one of those transcripts, you'd say, I beg to differ. Now, this also means there can be a certain lack of urgency on the part of political leaders to address matters that relate to tech unless they feel that it's directly threatening them, and this has both good and bad consequences.
One of the good consequences is that we don't frequently see US politicians rush to fund some tech initiative that is completely unproven or unsuitable. We're not seeing you know, taxpayer money thrown at problems without due consideration. In this regard. Typically, most politicians are a bit cautious when it comes to authorizing money for something they don't actually understand. And in
some cases this is a good thing. On the bad side, well, we don't see enough support for strategies that could do a lot of good either. And there are threats out there and they are there here now. So for several reasons, politics moves at different pace than tech. One other one I didn't really cover is that, of course we elect politicians and these processes because they can take so long, sometimes they will span beyond one person's term of office.
And when people change in offices, often we will see priorities change and we'll see support for stuff shift, and that can slow things down again because again, politics, you know, works on its own kind of time frame and its own cycles, and that can be disruptive for things where you know you're trying to put in a cybersecurity policy.
This is really problem no one this this timing issue when it comes to creating a strong cybersecurity policy, because just getting the policy makers up to speed as a challenge. Getting that buy in is hard, and there's always the possibility that someone will have a misguided but compelling approach
and then we'll go down the wrong path. Like, you know, if I were to appear in front of Congress and if I made an impassioned appeal for a certain path towards security, and it really did sound like I knew what I was talking about, I might get support even if I'm totally wrong, just because I sound like I'm an authority. That's what we call an appeal to authority. That's an argument which I claim that my credentials stand as evidence that my argument is sound. The argument doesn't
have to stand on its own. I'm using my credentials as if that is enough to say this is the way we need to go. That's actually a fallacy. It's the sort of thing that a debate club would jump on right away, and in fact, a lot of people in Congress would probably do it too, because a lot
of those folks started off in debate club. Well. Even when things go well, when Congress is getting good guidance from thought leaders in cybersecurity, when they fashion policies that are effective and on point, the process can still be slow enough that by the time the policy becomes active, the field has changed enough so that whatever protection was
offered has been compromised in the process. Because it's no longer the best practices, right, Like, by the time you finally get to the point where now we can put this into place, best practices have evolved beyond that. That's not to say that the policies are completely worthless, but rather that they're always lagging behind. It is the state of the art and technology. Now, when we come back, we'll look at another matter that affects US cyber strategies,
and well, it's all about the Benjamin's baby. Let's take a quick break. Okay, we're gonna move on to other issues that complicate matters when it comes to formulating an effective national cybersecurity strategy, and a huge one is organization. Alright, so we often refer to the Pentagon as an organization, but it's really a massive building. The Pentagon is a structure of physical structure. It is the headquarters for the
United States Department of Defense. So when we say the Pentagon, we're often actually referring to the do o D, the Department of Defense, not the physical building. So I will occasionally be using Pentagon in that regard in this podcast. The Department of Defense has three main sub departments within it, the Army, the Navy, which also has the Marines in it, and the Air Force. And there are other agencies within the d o D. For example, there's the Defense Advanced
Research Projects Agency that's DARPA. You also have the National Security Agency that's ESSAY, that's part of the d D two. And then each of the three main departments, the Army, the Navy, and the Air Force all have multiple agencies and divisions under them. So if you had an organ chart for the Department of Defense that was even just a few levels deep, it would just be massively complicated.
There'll be interconnecting relationships and potentially a few cases where it might be confusing to see who reports to whom. Sometimes that can be confusing to the people in the organizations themselves. Now within this organization of organizations, you've got different departments responsible for stuff like establishing, maintaining and protecting networks. You've got different groups that are running on different pieces
of hardware and software. Some might be locked into systems that no longer get support, and we call these legacy systems. This is a problem a lot of us encounter in technology, not just in the government sphere, but it can happen
in businesses too. So if you've ever bought a product, like let's say that you bought a computer from a company, and later on down the line, that computer company goes out of business, Well, you might find yourself kind of stuck because you're no longer going to get support from that company. Right if they were uh previously releasing like firmware updates for your for your device, You're not going to get those anymore because the company doesn't exist anymore.
So the stakes become higher because now you're relying on something that no longer has support from the manufacturer, but you're still dependent upon it. I see this happen with like back end systems a lot where a company will invest a lot of money into a back end system and build pretty much its entire infrastructure on top of this back end system. That system will age out, but to migrate everything off of that system onto something else would be an enormous uh sink of of money and
time and other resources, and it's a nightmare. So again, this happens in companies, not just in governments, but when it happens in governments it's particularly rough. Um, you know, the organization ends up building products on top of this and the underlying stuff is the foundation, and when it does come time to migrate, you've got to figure out, well, how can I do this without interrupting services. For a company, that's important because you want to keep generating revenue. For
a government, that's important because you've got to keep governing. Right, you can't just say like, all right, well y'all all just behave and uh, well you're gonna go away for a month and migrate our systems on the new new network. Uh, then we'll be back and you know, whatever is not on fire, I'm sure it's fine, and anything that is on fire, we'll get to it. Like, you can't do that,
So it's a huge challenge. So there are government offices that are, you know, at least partly dependent upon legacy systems, and these systems sometimes they have vulnerabilities, you know, just like any other system. They can have things where it was an oversight and some intruder has figured out here's my entry point into this network. And without ongoing support, you know, those vulnerabilities go unaddressed. There's no patch for them.
So that means if you are someone who is determined to exploit a system and you happen to know what hardware or software is being used within that organization. You can perhaps formulate a plan of attack that leverages that vulnerable system, and you can have a pretty decent level of confidence that you'll be able to pull it off because chances are no one's patched that vulnerability. It's why some experts call for a more modular approach when it
comes out to planning network architecture. That way, administrators can swap out modules within the network architecture if necessary, particularly if they're working with stuff that's open source, where you know, the open source community finds and addresses vulnerabilities at a very quick pace, so that you're constantly with the most secure, most recent version of whatever it is you're working on. Okay, So, there are also a few big authorities in the federal
government that are concerned with cybersecurity. For example, the Department of Homeland Security has the Cybersecurity and Infrastructure Security Agency or sees A c I s A. Uh So, there are some that are important when it comes to stuff like rolling out standards that all agency offices should follow, and once you get past that, there's a much more
fractured landscape. A Senate report in two thousand nineteen recommended a more coordinated approach to cybersecurity to try and bring things into kind of a more focused effort, because what we were seeing is a very patchwork approach towards UH design and implementation of cybersecurity measures. Then you've got stuff like budgets to contend with. Every single department has its own budget and that gets funneled down into different sub
departments and projects. So when it comes to weapons systems development, the typical approach is to spend thirty of your budget on development and procurement and the other goes to sustaining the weapons system and maintaining it. Now, that's according to Heidi Shiu, who is the current Under Secretary of Defense
for Research and Engineering UH. She had previously served as the Assistant Secretary of the Army for Acquisition, Logistics, and Technology, so she has a history with the process of setting up, you know, weapons systems and technology systems. So when we talk about cybersecurity on a national scale, that actually does overlap with weapons systems, both from an you know, an attack perspective and a defense perspective. So we're not talking
about traditional weapons. We're not talking about guns or tanks or missiles or anything like that. And that's kind of show use point. She was saying that that thirties seventies split to procurement and deployment and to sustaining. That doesn't really make sense when you're looking at it from a cyber front, and that really we should flip that ratio around with sevent budgets being dedicated to development and procurement
and reserved to sustaining and maintaining weapons systems. So budgets, by their nature, not only limit how much we can spend on any given thing, but how we can spend money on that thing. And if we adhere to the older philosophy as we hinder our efforts to get up to speed in the digital realm. As Nicholas La pointed out in his resignation, getting those budgetary dollars is a never ending pursuit. You have to get buy in from
the people who oversee the budgets. You have to make your case that the money would be well spent on a specific endeavor. You have to provide a means to show that the project is staying as close to being on deadline and under budgets you can possibly manage. It's really a game of numbers and politics, and meanwhile, you still have those actual threats out there in the real
world to worry about. So budgets can also be seen as an issue when it comes to attracting talent, and just addressing that takes time in the world of policy. So back in two thousand and fourteen, the Department of Homeland Security requested and got the authority to create a new personnel system with the goal of attracting more talent, specifically in the field of cybersecurity and cyber warfare. See, that is a thriving yield, and the private sector pays
really well for that kind of talent. So getting a qualified person to agree to come and work for the government at a salary and benefits that might be significantly lower than what they would find elsewhere in the market, that's a hard sell. Like, Hi, I know that you could make three times as much working for company X,
but why not you work for us? So the Department of Homeland Securities goal was to streamline the process, to knock down some of the requirements that applicants would need to meet in order to be considered to work for, you know, the federal government, and to improve things like you know how much they would make. Even that process took several years, with the department recently, you know, actually
bringing this talent management program online. So it was started, you know, the start the process started in two thousand fourteen. Really it's only been active for a short while and it's now so we do see changes over time, but now there's a lot of loss time to make up. Right now, let's talk about the d o d S track record when it comes to actually following through on cybersecurity projects, because they have set projects even with all these challenges in place, the agencies within the d o
D have tried to set specific goals for cybersecurity. So how do they do well? It ain't great. The Government Accountability Office or g AO reviewed the d d S cyber hygiene initiatives. These projects were meant to improve overall cybersecurity practices and procedures within the Department of Defense, and the g AO found that the status of many of those projects was incomplete and and at least some cases unknowable,
which is a big old yikes. So, for example, the d o D created a cyber Discipline Plan, and this plan identified seventeen preventable vulnerabilities in various networks within the Department of Defense and these needed to be addressed, like there needed to be a way to patch these vulnerabilities. So the d D Chief Information Officers Office became accountable for ten of those seventeen identified preventable vulnerabilities, and the goal was to have of the projects completed by the
end of the fiscal year of two thousand eighteen. Now, when that time came around, only six of those tasks were implemented. Four had not been. So remember ten were assigned to this office. Six we're complete, four we're not. So by my reckoning, that's a six completion of the tasks, not a nine d percent. That's not good. But it does get worse because remember I said that the total number of preventable vulnerabilities that this program identified was seventeen.
Only ten of those were given to the CIO office, So what about the other seven? You know, that's a really darn good question, and sadly it's a question that we do not have an answer to. The g AO found that no Department of Defense entity had been designated to be in charge or to report on those vulnerabilities, so the status was unknowable. You could probably make a good argument that the vulnerabilities probably went unaddressed since no
one was assigned accountability to them. It would at least be the wisest to move forward under the assumption that no one had done anything about them. But the g a O was really saying, how can you hope to improve cyber hygiene if you don't have any way to
measure or monitor progress on your goals. Another thing the g a O found was that while d D personnel were to take cyber awareness training courses, a lot of departments within the Department of Defense lacked any information about who had or had not actually gone through the training. And since network access was supposed to be continggent upon taking the training, this meant that people who may not have followed the required process continue to have access to
the system. So the g a O found that project administration, accountability and follow through was lacking in the d o D when it comes to cyber hygiene. So there's yet another problem on top of the ones we've already talked about. So on the one hand, you could argue that, but you know, with bureaucracies that are as labyrinthian as the Department of Defense, you can see how things can get
lost in the shuffle. But on the other hand, you can also see the conditions that would lead someone to resign in frustration when it's their job to try and get things up to speed. You just you see the mountain of work you have to do and the fact that as you're addressing one problem, other problems could be
getting worse. It just becomes a never ending quest. Now we've seen some other efforts meant to try and get a handle on things in the d o D s under Secretary of Research and Engineering put out a request for information to federal agencies in order to lay out a roadmap on creating effective cybersecurity strategies not just for today, but for the next couple of decades. So the goal was to get a look at what the Pentagon's capabilities are right now, as well as to create projections of
what future threats could look like. So there are definitely people working on these problems, they just have really big challenges in front of them. One thing the d o D is implementing is what's called a zero trust model. This is a system in which users must continuously verify their identity even within a session, to ensure that the person who is accessing any given system actually has the
authority to do that. Some of that became really necessary in the wake of COVID nineteen because people would frequently need to work from home, and granting access to critical systems for mote workers comes with a big risk. So implementing a system that requires frequent identify identity verification is one way to kind of mitigate that risk. Okay, when we come back, we're going to talk about cybersecurity threats and Chilan's belief that the US has already lost the
cybersecurity war against China. But first, let's take this quick break. Okay, whither China? How how are things looking when we are looking at China as a potential threat? Uh with regard to cyber warfare. Well, first of all, it's not just potential threat, it's a real threat. We have seen attacks including ransomware attacks, supply chain attacks that link back to hacker groups that either we know or suspect are backed by China's government. So it is a a clear and
present danger, if you will. China is definitely at least funding efforts to penetrate various cyber systems within the United States. So this is where we get into state sponsored hackers. China funds companies and hacker organizations. There are companies in China that have sort of a front that makes them appear to be some you know, relatively harmless organization, but in truth, the whole purpose of the company is just to attract hackers and then direct them toward efforts to
to conduct things like espionage. So there are entire companies in China that are really just fronts for hacker organizations. And then there, of course you're your black hat hacker groups that aren't quite that organ eyes but are still active in China, and China's government will fund a lot of these. It allows China to have you know, top
talent on hand without formally being part of China's government. Like, China has the same issues that the United States has in that if you want to make a lot of money in China, then working for a company tends to be a better approach than working for the government. So same sort of thing China, rather than recruiting directly into its ranks, is funding the efforts of companies that the
hackers work directly for. It also means that China has a little bit of plausible deniability because those companies aren't formally part of China's government, and hackers get a little bit more leeway. Like if they worked directly for the government, they would have to do exactly what the government says, but because there's this buffering, they have a bit more freedom.
This is a good thing for them and a bad thing for them, so they can you know, they still have to achieve whatever it is that the government wants them to do, like to infiltrate a system for the purposes of espionage, for example, but they can also do some other stuff, like they can try and steal things, which frequently is how we find out about them, because if an intrusion is done very well, you might not be aware that the system has been compromised, but if
someone's messing around with stuff, it becomes apparent pretty quickly. So in some cases this approach means that we become more aware of these intrusions, gives us the chance to address those vulnerabilities and patch them out, and while the damage might have already been done, it can help prevent ongoing espionage projects at least using that specific vulnerability. So you know, the fact that hackers can do these things outside of their initial directives. Means that there's an additional
financial incentive for the hackers. If they can make money by stealing, then that's an added bonus to them. However, it does mean that we tend to catch them more frequently. Um yeah, and then espion as you just don't want anyone to know that you're there. So it could be a downside for China's goals in the long run, although they can do, like I said, a lot of damage even in the short term. But China itself is also
facing a cybersecurity talent shortage. This is according to China's Ministry of Industry and Information Technology, and it ties into another issue, which is China's approach to regulations with regard to the tech sector in China. This also will tie into artificial intelligence. All of this is interconnected. So China was saying that China's superiority in AI is part of what is spelling the doom in cyber warfare. So we're gonna look at that in a second, um, but really quickly,
just to talk about regulations. For a long time, it was the wild West in China as far as the tech sector was concerned. Like China was taking very much a hands off approach and allowing companies to do things that here in the United States or in places like the European Union, companies wouldn't be able to get away with stuff that would clearly violate, say, people's privacy. Well, in China, that was kind of fair game. You could do that, uh and that that ended up fueling a
lot of rapid growth in the tech sector. It fueled a lot of consumerism in China, and it fueled a lot of growth in AI in China. We're now starting to see that kind of turn around. This also is affecting things like the desire to go into UH tech fields, because now we're seeing China start to push back against
the tech industry. Okay, so let's talk about AI. One way to measure how our country is along with regard to artificial intelligence is to look at how many papers, how many scientific papers are published on that subject within that country, how many patents relating to AI get filed in that country, And by that those metrics, China has surged ahead. So in just twenty years, it went from publishing less than five percent of all papers on the subject.
You know, scientific papers in the world per year to now around, so like almost a third of all scientific papers about artificial intelligence are coming out of China. That marks an enormous push in AI research and development. China caught up and then started to run past everybody else. However, as Harvard Business Review has pointed out, a lot of this research has benefited from that very loose regulatory environment in China, particular early when it comes to stuff like privacy.
So AI research could take advantage of the fact that, you know, it was easy to collect enormous amounts of data and to use that data when refining your artificial intelligence for specific fields of AI, like speech and facial recognition technologies. This is also where we have to remind ourselves when we say AI. You know, when we use the phrase artificial intelligence, that is an incredibly broad term.
It It encompasses dozens of different disciplines. AI is not so simple as saying their machines are smarter than our machines. That's not that's not an accurate representation of what's going on. So you could make a very valid argument that China's expertise in AI is incredibly advanced for some specific subcategories of AI, but not necessarily across the board. Also, China, as I mentioned, has more recently started to impose some
regulations on the tech sector. So they're starting to put a little bit of a cap on the amount of data and the types of data that companies can collect for example. And I suspect that one cause of this is that the Chinese government doesn't want companies to potentially
rival the power and authority of the government itself. Like we've seen that China, China's government has been a little uneasy with the growth and power of big companies within China, and that there is this sort of push pull relationship that goes on occasionally. And right now it looks like China is starting to pass more regulations UH. That could mean that we might see this area of AI research and development start to slow down a bit because the
access to the data itself is going to decrease. In an edition, most of the patents in ai UH in China belong to universities. They're coming out of university research groups. In the West, most AI patents are actually held by companies, not by universities, and that means that the organizations that can actually implement AI solutions like these are companies that can turn them into products and sell them either to
consumers or to other businesses or what have you. In China, that knowledge is within the universities, and there is a pretty weak technoledge transfer in China from universities to companies, so actually making use of those patents in China is not as straightforward as it is in other parts of the world. The Harvard Business Review concluded that AI research in China is largely in fields that lack original ideas
and breakthrough technologies. So again, the stuff that they're focusing on, it's phenomenal the work they're doing, but it doesn't necessarily mean that the AI technologies that are really going to power cyber warfare in the future are the ones that China is excelling at. So the from a casual glance at how kind of slipshot our cybersecurity is here in the United States and the general progress of AI in China, I could easily see where you would come to the
conclusion of the game's over. The United States has lost, China has one. There's no point in saying otherwise, I would argue the future is not yet written. There is a lot that needs to happen in the United States in order for cybersecurity to get up to a level that is even roughly equivalent to the threats that are out there. And you have to keep in mind that those threats are constantly evolving. After all, the threats, all they're really doing is trying to find a way into systems.
So they just have to find a way in, whereas we have to anticipate all the potential ways that hackers could potentially get into a system. It's very, very difficult. And you know, if we look at our recent history, we might say, well, what hope is there for us? But I would argue we're constantly pushing to get better and that that is something we have to take into account.
And I would also argue that we shouldn't fall into the trap of overestimating the capabilities of any potential uh, you know, rival out there, whether it's China or Russia or Iran. We we shouldn't dismiss the threats at all. But we also shouldn't, you know, become fatalists and say, well, we've lost, because I don't think it's as simple as that.
I think there's still opportunities and that it's not as It's not as simple as saying, well, we left we left the country unguarded for too long and now there's not anything left to guard. So this was a complicated topic, like there was a lot to go through. Uh. And obviously we've only touched on certain things a little bit and could dive into much more detail. But I wanted
to cover it because it was in the news. It was something that was really interesting to me, and I wanted to get a better handle on exactly what are we looking at here. Uh. I hope that this was interesting to you. If you are someone who works in the cybersecurity field and you found this interesting or you have more to add, certainly reach out to me. Also, if you just have a suggestion for a topic I should cover in a future episode of tech Stuff, feel free to reach out. The best way to do that
is over on Twitter. The handle we use is text stuff hs W and I'll talk to you again really soon. Tex Stuff is an I Heart Radio production. For more podcasts from I Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.