China's Cyber Capabilities

Speaker 1: Janes Capella interconnects millions of assured data points across Janes' foundational intelligence, with the ability to integrate and contextualize multiple sources, delivering the single source of truth. Janes Capella increases certainty and accelerates decision- making for everyone in your organization. Find out more at janes. com/ capella.

Speaker 2: Welcome to The World of Intelligence, a podcast for you to discover the latest analysis of global military and security trends within the Open Source Defense Intelligence Community. Now onto the episode with your host Terry Pattar.

Terry Pattar: Hello, welcome to this episode of the Jane's podcast. I'm Terry Patter, I lead the Janes Intelligence Unit. And I'm joined on this episode by Rob Dartnall, the Director and CEO of Security Alliance, an accredited and certified cyber threat intelligence company and someone I've known for a while. And I wanted to invite Rob onto this episode to join us to talk about China's five- year plan, which we have covered in a recent episode in terms of defense and security and what their plans are around that. But in this episode, we wanted to talk specifically about their cyber, or the cyber aspects of China's five- year plan. So Rob, welcome to the podcast. Thanks for joining me.

Rob Dartnall: Thanks Terry, good to be here.

Terry Pattar: Thanks. It would be great maybe firstly to get a bit of an introduction from you in terms of your background and how you got to where you are now and within the context perhaps of open- source intelligence, what it is Security Alliance does and what is threat intelligence? A little bit on that because I know sometimes people get a bit confused about what threat intelligence is in the cyber context.

Rob Dartnall: Yeah, sure. So just starting back with me. I was previously in the British Army as a military intelligence operator. Most of my work was predominantly around intelligence exploitation, and also I specialized in threat finance. And then over the years, I kind of pivoted more away from conventional intelligence work and started to focus more on the cyber domain. I'd been working in cyber threat intelligence for about six years, and a couple of years before that, working on more cyber insider threats as well. And in reality, what I really do on a day- to- day basis is I either do intelligence led red teaming assessments. So that's generally understanding an organization as a whole, also understanding what adversary capability that there is and then generally working with red teams to actually simulate these attacks against organizations to make sure that we're learning on what defenses work, what don't, and what we need inaudible to improve. And then the other half of my job when I'm in an operational role is I set up information and intelligence sharing initiatives within the cyber domain, usually at national or international level, just to make sure that we're all sharing insights around adversary so we can make sure that we're all adapting within hours to a new attack type rather than days, weeks, or months. So that's mostly what I do. That's mostly what Security Alliance does as well. Mostly we map and track threat actors, and campaigns, and monitor our clients to see where they're weak so we can work out which share attack paths attackers are potentially going to take. And also monitoring who's going to be targeted next, which is part of this five- year plan-

Terry Pattar: It is.

Rob Dartnall: ...And trying to look through that and work out which bits are potentially interesting, and can we work out which industries, or technologies, or which data sets might be a little bit more interesting than they were for the last five- year plan.

Terry Pattar: Interesting. So, I mean, let's just use it as a springboard to launch straight into it then. And what does China's five- year plan tell us about their intentions when it comes to developing cyber capabilities? Because this is a really important topic and it's one we hear a lot of people talking about and we do hear a lot of talk about state actors and the threats they pose when it comes to cyber. But I think the research that you've published, you put out a report on this just recently, and that was why I wanted to talk to you about it. And I think within that report, Security Alliance is probably one of the few people I've seen, if anyone, I haven't seen actually anyone else put out some analysis on this. So yeah, be great to get your thoughts and some of the key insights, I think, from that research that you did to figure out what it means for us as well and what we should be thinking about when we look at what China's cyber intentions are.

Rob Dartnall: Yeah. I think, in reality, there is a huge amount there. Let's not forget about the sheer size and capacity that they have, not just about capability. I know in a recent report they were described as a tier two operated with the US being the only one as a tier one operator. I think, in reality, if you actually look at their offensive capacity, the sheer size of their teams, what they're going after, how often, the operational tempo that they have. I think, in reality, looking at how we grade them, I would still put them as a tier one operator within the cyber domain, especially as most of what they do is offensive based. I think in terms of progression from the previous five- year plan, I wouldn't say that there is huge amounts of progression. Where they are progressing in terms of where their focus will be on offensive cyber capability, some of the industries that they're interested in, the data sets, the functions that they want to target pretty much the same. Where some of the change is happening is possibly more at a geopolitical level or influenced from geopolitics. So if we look at them wanting to move away from being reliant on Western financial functions and financial systems, producing their own payment functions, so creating their own SWIFT network, their own exchanges, their own fintechs and stuff like that, a lot of that is going to be their own innovation and they've proved that, but that is being driven by the geopolitical fallout so there will be espionage based operations against European and American, I suppose, global financial market infrastructures rather than financial services generally. So that's just one example where it's potentially more geopolitical focused than it is based on a five- year plan from five years ago, or even the new five- year plan.

Terry Pattar: And I think in that context of sort of geopolitical elements, I guess what we've seen from China is that they've become much more belligerent in their public sort of statements. And we're hearing a lot of talk of wolf warrior diplomacy, and them trying to be much more aggressive in many ways towards other countries. And so, did that sort of come out to you in what they were talking about in terms of cyber and what their aims are within the five- year plan in terms of actually trying to compete? We were often talking about contested space and the competitions that are going on globally at the moment, but are they very bullish in their attitude towards that?

Rob Dartnall: Yeah. I'm not sure within a written document it comes across. I certainly think on a more physical presence, then absolutely. I'm going to be interested to see what happens over the next six months. So there was the Comprehensive Investment Agreement that they were negotiating with the European Union, that was pretty much put in the long grass last month. And some of the elements that people were concerned about there were things like visas for technical employees for Chinese nationals. Now, obviously there's also laws within China that make Chinese nationals part of the intelligence collection capability for the state so that was a significant concern within Europe around the insider threat within the cyber domain of having these technical nationals with visas operating within Europe. Since then, we've also had some of this pushback from the likes of other European nations pushing back against soft power influence from China. So again, more geopolitical influenced rather than necessarily what was in the plan. There will have to be some form of reciprocal action from China for that, no doubt. And also, if they're having less individuals within key institutions with collecting on their behalf within European entities, that's only going to put more pressure on them to operate on a cyber domain rather than necessarily a physical domain. And also not forgetting there is also the belt and road initiative, of course, but there's also the digital silk road, it's not just the silk road, right, and that expands globally, that's not just a traditional silk road type route.

Terry Pattar: When we talk about the digital silk road, does that overlap with some of the things you mentioned in the report which is the interaction between cybersecurity and information operations? Is that part of that sphere for them in terms of influence, that they want to push out more influence? Is that something that you see as being very much a part of their cyber strategy as well, or are they two distinct things?

Rob Dartnall: No, I see it all entirely integrated. Integration is everything, full stop, whether or not it's internal Chinese politics with civil military type elements or anything that they do, they're incredibly well joined up, and they're doing much better at that. In terms of information operations, I think information dominance is key for any of their success, especially in developing nations, they have to control the narrative there. I think in terms of counterparty information operations from Western entities around technology providers such as Huawei, I think in the west we're generally happy with how everything went there in terms of making sure that some of those technology providers weren't part of our core critical national infrastructure.

Terry Pattar: That was a big topic of debate for a while there, wasn't it? I mean, there was a lot of uncertainty about whether that would happen or not. And was that something that you... Has your perception changed of that issue at all through what you've seen in the five- year plan, or is that still the same, that you would still perceive that as perhaps... Like you said, it was a good decision maybe not to include those companies in core infrastructure.

Rob Dartnall: I think it was a key decision. I think it was a critical decision. I think you can only look at Hong Kong and see that why do you need to compromise 100 organizations when you can just compromise the core infrastructure for which that information is going over? And I think in developing nations, we're absolutely concerned as well because there is the ability to exploit them slightly more easily. But also we have telecommunications and data just flows all over the planet, we don't always necessarily know where it's flowing and how it's flowing. And also, we outsource a tremendous amount within our supply chain. And if you talk to any of the major institutions, especially for our clients who are usually very large financial institutions, the supply chain, and you only have to look at the headlines, forget about anything, the supply chain has been horrendous for every type of industry this year. There's been breaches left, right, and center, whether or not that's Russia or China. And if we outsourcing software development, and call centers, and data centers, and our security operations to other developing nations, and the underlying infrastructure is provided by entities that we consider as hostile, but also collecting on behalf of China, then what's the point in banning it from our own nations? We're losing the battle of information dominance in those nations.

Terry Pattar: I guess, yeah, it's just displacing the risk, isn't it?

Rob Dartnall: Exactly.

Terry Pattar: Yeah. Well, what I liked in your report was that you went on to talk about the likely targets. I mean, you and I've talked a lot about, just as an aside, I guess, about intelligence and intelligence writing and analysis in the past, and likely it's always one of the favorite words in intelligence work, I think. But all of this is with caveats, I guess, in terms of what we expect to see. But yeah, I mean, from what you put in the report, it'd be great to just get some key points really from you in terms of who you think will be targeted, the how, the what, and the way in which you sort of break down really neatly in that report.

Rob Dartnall: Yeah. So in terms of those likely industries, I think if we look past over the previous five years as well, we're not going to see any big changes. And we also have to separate industry from government as well, so let's forget about government and defense, I would say. Of course the defense sector will always have to be heavily targeted. I think one thing to potentially pick up as well from other commentary is this China wanting to innovate and create themselves. That's absolutely fine, and I concur with that and I believe there are certain areas that they are not only incredibly good at, but probably leading the way with it as well. But if you were to look at it this way, that if you were a nation that was highly successful with cyber espionage, would you spend three to five years and 100 to$ 200 million innovating and creating something yourself when the solution is potentially already out there, that you can get your hands on in a number of weeks at just not very much costs because you've got a significant cyber espionage capability? So yes, they will always want to innovate and create Chinese solutions for the Chinese market, but it doesn't mean that they will be stepping away from cyber espionage operations. So I just kind of want to throw that kind of cautious point out.

Terry Pattar: That's really interesting. Yeah. And you also mentioned in the report that there is this overlap between cyber espionage and conventional espionage.

Rob Dartnall: Of course.

Terry Pattar: Is there a bit of a risk that sometimes we do try and separate our cyber risks and threats and look at them separately when actually we should be looking at them in a much more integrated way?

Rob Dartnall: Yeah, absolutely. And I think more and more, we're helping more and more organizations, not just have their standalone cyber threat intelligence capability and their conventional intelligence capability separate. And even fraud, if you're talking financial institutions, they're usually siloed inside organizations. More and more, thankfully, people are creating their own internal intelligence units, which are physical as well as cyber, as well as inaudible all combined, because you need to do that, especially with cyber, physical enabled cyber attacks. So things like rogue devices being implanted within networks, sometimes even just little things like accidentally clicking on links that you've already been told will be coming your way. Even little things like just telling an external attacker what laptop you're using, what security devices there are, what access to what folders and systems each type of individual or role has, how they would access a particular function. All of that is incredibly valuable to an external attacker. So being able to fuse kind of that physical element within an organization as well as the cyber intelligence capability is really important.

Terry Pattar: So, yeah, I guess that sort of leads us neatly onto, so you mentioned some of the types of targets that they would be looking at. So we mentioned their critical infrastructure, you talked about supply chains which is something we've seen a lot of, as you said. In terms of the how though, and you sort of started to, I guess, talk about that a little bit, is that something we're going to see change a lot over the next five years, or is that still going to be more or less the same kind of methods that we've seen through the last five- year period?

Rob Dartnall: Yeah. So the how, I think, is a great example for COVID. Obviously we talked about it a lot, so I won't dwell on it too much, but as we've moved to a working from home model, that's made us much more reliant on connectivity technology so things like VPNs into our offices. So there are, I won't name the vendors on here, it's not particularly fair, but there's two or three vendors that are consistently targeted by Chinese actors over the past 12 months because there have been vulnerabilities in this technologies that they've been able to take advantage of. So they have swayed more to exploiting a vulnerability in their technology rather than relying on social engineering. And when I say social engineering I really mean phishing and spear- phishing. I think as we move to a more connected community, digital exploitation, over exploitation of a human beings weaknesses, they will become more dependent on that. But it also depends on the sector in the region. If you are inaudible thinking about this in terms of wanting to supply technologies and infrastructure, if you're able to provide the underlying core infrastructure and networking to a particular nation, you are then going to be able to exploit and get network access and direct access to data that way rather than having to hack 50 to 100 organizations in that nation or the population. So that level of targeting will likely increase as they increase their digital networking presence across the developing world, I would have thought.

Terry Pattar: That's really interesting. Well, it creates a lot of risk for everybody because if you're any kind of organization, whether it's public sector or private sector, and you're buying software from a third party vendor, how much can you really do to dig into that, or to do any kind of due diligence on that software to work out whether it's got any vulnerabilities? We really are reliant, I guess, on the creators of that, those software tools and applications to be secure for us, aren't we?

Rob Dartnall: We are. But I think we have been for such a long time now that we've come to realize that we can't be, and that we actually need to take on this responsibility as individual institutions and also as a collective as well. So we've done quite a bit of work this year, actually, with major institutions in effectively expanding their intelligence surveillance capabilities from wider, just against my own organization, what's happening with me, consultancy X or bank Y, and what's going on with threat actors. But also going," Okay, let's monitor my supply chain. Who's targeting my supply chain? How are they talking to my supply chain? What products and services are within my organization that my supply chain has access to, or threat actors can get access to by compromising my supply chain?" Spending much more time, effort, and money doing quality assurance on the actual products. And this is where the cyber threat piece comes in. There's a vulnerability in this particular technology. Actually it sits within this part of the network and you've got to have network access for it, it's quite complex, don't worry about it. Or, there's this vulnerability in this technology, which is sitting on your perimeter, it's very heavily targeted by this nation state. And by the way, this nation state has historically targeted either your organization or a peer type organization. So get that squared away and inaudible or in the next 48 hours otherwise... You look at China and the push for automation and artificial intelligence within cyber operations. If they're continually scanning network perimeters across the entire globe it's only going to take them a matter of hours to identify a brand new vulnerability within the perimeter of an organization, and not only identifying it, but being able to exploit it automatically without the use of a human being doing the technical exploitation. It just puts more and more pressure on us to know exactly what's going on with our software and our supply chain.

Terry Pattar: Wow. I mean, that's a really interesting sort of point to touch on in terms of that advancement in capability that you just mentioned and the ability to go after many more targets faster globally. To what extent does that become something that you would expect to see China relying on more and more versus some of the other things you earlier that you touched on, which also you mentioned in your report as well, which is that the aspect of the insider threat, or is it just a combination of those?

Rob Dartnall: I think it's a combination. I would say the insider threat can only be so big because of course they can have a Chinese national supporting operations, evidently you can also rely on conventional human type operations with coercion and the normal mice framework where with getting somebody to work for you. In terms of relying on technologies, that is where you're going to see the growth. Now, a lot of people talk about machine learning and artificial intelligence when actually what they're doing is just deploying some really cool scripts that are quite complicated and pretending it's an ML. In reality with China, they are pushing quite heavily in investing, very heavily on that in terms of automating the detection of things that they want to go after, that's already happened, we already know that's already happened, that's what they do on a daily basis. But it's the AI element, knowing exactly what organization they do want to go into, you don't want to go into, how far they should do when they hand off to the human operator, et cetera. They will keep pushing hard on that and we will see more and more of them.

Terry Pattar: Sure. But that's really interesting. And I think especially from within the context of the international kind of global competition we're seeing at the moment, and this much more competitive environment at the state level. Do you perceive that China is building, well, an advantage, I guess, are they building a capability in that way you described in some of using AI, et cetera, perhaps faster than either we might anticipate, or than the US or the Western countries might be doing themselves?

Rob Dartnall: Yeah, it's an interesting one in terms of AI, I think in the short term, and when I say short term I mean five years and even 10 years, when we talk about AI, probably five years, there's only going to be so much that you can do with AI in terms of cyber ops. I think what it will do, it will reduce kind of the mass amount of work, i. e. rather than having to look at hundreds of thousands of targets all at the same time, most of the hard grunty work will be done by the AI. A lot of the actual exploitation inside networks over the next five years will still be mostly human led, but I think somewhere between three and eight years, that's when you're going to start looking at AI predominantly doing significant amounts of the intrusion before we get to the really sensitive parts of the network where potentially that top secret document is, or that payment function is, or that AI is, or that formula is, and that's when humans with hands on keyboards will stop completing the final parts of the attack, I would have thought.

Terry Pattar: Got it.

Rob Dartnall: But let's not just say inaudible, this isn't just inaudible.

Terry Pattar: No, yeah, sure. And I guess that's part of the problem, isn't it? The capabilities developed in one place potentially... We've seen this in the past with cyber and the fact that capabilities developed by one country or one actor, once they're out in the open tend to be very easily copied or used by others. Is there also a danger of that, do you think, with some of the capability that China might develop?

Rob Dartnall: 100%, yeah, absolutely. But also at the moment, I think it's also nation's running the same race against each other in their own lanes rather than necessarily them all copying from each other. I think there were some of the US leaks from the NSA and the CIA. Forgetting about the tools that were leaked, just the overall mentality, methodology, and approach to doing things so kind of the process kind of stuff behind it is sometimes even more valuable than the actual tool sets that people use to conduct that. In terms of adopting malware from each other, that is just something that happens all day, every day, threat actor to threat actor. We see it today. There's a new variant of another piece of ransomware that has been copied by another threat actor or another organized crime group. So I'd be more concerned about how you do the things and go about it than necessarily the tools themselves.

Terry Pattar: Yeah. I think that's a really interesting and really important point as well in terms of thinking about that process and that being the more important aspect of what actually gets copied. Yeah, that's fascinating. And we talked about how they might conduct some of these attacks and you've mentioned and touched upon already some of the things that they'd be looking for, but the objectives really are around things like intellectual property, you mentioned that the financial sort of sector and their interests there. Is there any sort of... Or is there any focus from what you saw in the five- year plan in terms of talking directly about competition against other countries in terms of military capability? So cyber as an aspect of military capability, or is that something that's not directly mentioned?

Rob Dartnall: I think in reality and towards the tail ends, then yes, it does. I'm not going to give you a page number, but I can see it in my head it makes reference to it. In terms of competition at a military level, of course there is obviously only one major adversary that China really wants to compete against, of course, in the US. In terms of other areas, I think it's mostly, yes, IP is going to be an area. Financial intelligence is key for them as well, I think, when they're moving into M& A activity, acquiring organizations that can collect the sort of data that they need and give them access to without them necessarily having to conduct offensive cyber operations is another one things that lend them credibility within an industry. And just soft power. I think soft power is going to be key for them. And they've got to start winning this game pretty soon, I think, and probably six months ago I would have said that they were leading the way, but I think... I wouldn't necessarily leading the way, but they certainly made significant progress. But I think what we've seen post G7, some of the meetings here in Europe, some of the elements around, for example, the comprehensive agreement on investment being pushed back, I think there's definitely a contested battle space with Chinese soft power at the moment.

Terry Pattar: It's so interesting and being particularly... You've touched upon the geopolitical aspects of the cyber threat and how much it shapes the targeting and the thinking and just the strategizing, I guess, for the Chinese around how they go about using cyber threats that they innovate, whether they innovate them, or whether they acquire them from elsewhere. But I think we've seen that a lot in the past, I think it's really underrated in terms of actually what drives state actors to use this particular means of either influencing, gathering information, getting an advantage, generally competing. Is that something that you would then look at as a way of trying to monitor now that we know, okay, you've analyzed what direction they want to go in in the next five years, to what extent is the geopolitical aspect a really important part of that versus looking at perhaps any more technical information?

Rob Dartnall: Yeah, I think I would probably focus more on the quantitative element than the qualitative geopolitical element as well. Although there are always going to be signs in geopolitics, probably more monitoring what the CCP says about interaction with the rest of the world. when they start talking, undermining quite heavily payment functions within the west or other types of technologies or services in the west so they're starting to discredit on the kind of the world stage, then they're making progress in that particular area. I think, and this is possibly the bit that concerns me, is once we then start to see disruption and see greed and potentially even denying type operations within cyber domain from China against some of those key functions that they've been developing themselves or the key assets, that's when we know that they're in a comfortable place to start telling the rest of the world that," You don't need to rely on Western payment systems anymore, or Western services or technology providers or vendors or network providers, because look, they're really unreliable. They're always breaking." And when you're starting to get that on both a verbal level and also seeing network degradation within Europe, payment systems all of a sudden not working properly, then that's when you can start measuring the success that China has had.

Terry Pattar: That's really interesting. Okay. Yeah. That's something I guess people can definitely look out for. And what does the future hold for... Or you think in terms of your activities in terms of cyber threat intelligence, what sort of things are you thinking about, whether it's China or more generally, the kind of challenges that you face to keep on top of the sort of changing landscape. And is it something I think you need to really be specialized in looking at, or is it something that... Because it touches on so many different areas inaudible people that other organizations can also be sort of looking out for signs that they're seeing more activity against them? To what is the balance there in terms of does it require the real expertise that you would bring to it or can sort of any organization really monitor their own, I guess, interactions with China for any signs of this type of activity?

Rob Dartnall: Yeah. I mean, I come back to the comments we were discussing earlier about a fusion capability of physical cyber fraud and I think, especially given my background, 10, 12 years ago, I still hate computers if I'm entirely honest, but I never inaudible in the cyber domain, and I'm not doing too horrendous of a job at it. I think you need to bring down individual specialists to work within that fusion capability to understand. I think most organizations, even big organizations are really stretched with resource. So them creating dedicated intelligence capability that can concentrate on China, can concentrate on Russia, can concentrate on organized crime groups, Western groups, wherever you are in the world, then bringing that into a physical and then bringing that into a business context as well," This is the likely impact of them moving away from this particular industry or system that we provide, in three years they will likely conduct disruption operations that will probably have a X billion dollar effect on our share price or income or revenues." How many businesses have actually looked at saying," Okay, well, China wants to develop this by themselves, that's great. How much is that going to reduce our market if they then start selling that solution into Africa or other parts of Asia and the Indian sub- continent or South America? So what's the market influence of us losing our IP?" Because I can't tell you how many times I've heard this and it deeply concerns me, when I've walked into big organizations that say," You know what, we're really concerned about getting targeted by ransomware, we're going to lose X amount of money, it's going to hit the knees, and that's our board's main focus." Board's not really worried about the IP kind of stuff to China because nobody's really going to know about it, chances are we might not even know about it. And it's such a short term view in terms of... But you're losing market dominance, why is it... If you want to look at the long- term strategy of how are you going to grow into other regions, have you considered what China's doing in the cyber domain, what they're taking, what they're developing themselves, and then what they want to use in terms of dominance in the regions inaudible you want to expand?

Terry Pattar: Is the challenge there as well for those kinds of organizations that they might see some sort of attack happening, or some sort of threat against them, but they might not necessarily be able to say it's coming from China, and so they might not be able to connect the dots in the sense of being able to think about," Well, actually, this is not just about directly trying to... It's not about short- term threat of say which a ransomware attack might be, it's a longer term strategic plan that is designed to degrade our market share, or our ability to dominate a market." Is that the challenge that they might not necessarily know where the threat is coming from?

Rob Dartnall: It is and it isn't. So I think partly, I'm a big fan of attribution, so there's a big discussion, and always has been, and always will be is, is attribution actually really important? Well, my preference is yes, and there's other reasons for it. One of those reasons being that it's, for the same reason you're asking the question is to understand what the long- term influences and effects could be. When we actually look at direct attribution versus kind of category attribution, that's also important. So what I mean by that is you can look at all of the techniques that were used within an attack, and also potentially the malware and the tools. Now, you may not be able to distinguish that from a couple of nation states, but what that does tell you is, actually, this has never been seen by organized crime, or hacktivism, or whatever, it's only ever been seen by these subset of nation states. So what that really means is actually generally at nation state level, they only have an intent of X, Y, and Z so maybe information dominance, information operations, and espionage and whatnot. So you can still make decent enough assessment out of that, even if you can't pinpoint it directly to the individual unit within the PLA or the FSS or whatever it might be.

Terry Pattar: That's really interesting. inaudible I'm conscious, Rob, that you've got a lot to take on, a lot to help your customers with so I don't want to take up much more of your time. But I wanted to just maybe round out this discussion with an unrelated question, actually. And it's just because there's been a lot about it in the news lately, in the sense of there's a huge shortage of people in the cybersecurity sector. Is that something you're seeing when it comes to sort of cyber threat intelligence in particular? Because I know a lot of our audience are obviously in the military and probably thinking about careers afterwards. What advice would you have to people, like yourself maybe, if you don't come from a technical background about getting into that sector, is the demand as good as it appears to be judging by some of the new stories we hear?

Rob Dartnall: Yeah, the demand is most certainly there. I think it was easier for me, seven, eight years ago, it was easy for me to really make a mark with what I was doing as well because there was less people like me, I suppose, who had done that initial transition. What I'd say to military folk is, we're all used to really getting our heads down and working incredibly hard when we disappear for nine months on operations, or we're about to start focusing on a new line of operation or a targeting deck or whatever it might be and we spend months and months reading in and we do long hours doing that to make sure that all of a sudden we switched from country desk X to country deck Y, and we expecting to be a world- leading SME within 24 hours. We're used to that level of pressure. I know, in reality, cyber is one of those elements where it's overly complicated because there were two sets of people. One, there's a lot of people in it that understand it and they make it incredibly complex because they don't understand it themselves, and two, people want it to be complex so they can keep the keys to their kingdom. On a technical nature, you are never going to get me breaching somebody's network, your not going to get me catching a forensic image and going through it, or reverse engineering malware. But I've got enough of a technical grip over the past few years to really understand what an attack path looks like, the techniques that people use, why they use them. And at the end of the day, if you can communicate what actors are doing, how they're doing it, why they're doing it, but most importantly, what your assessment is in terms of business impact or organizational impact, that is the key bit that is missing from technical expertise and cyber threat intelligence. So you guys, within the military, have fantastic understanding inaudible and being able to communicate that clearly. So it's going to be a scary, hard couple of years transitioning into it, but if you want to, the grass is most certainly green within the cyber domain.

Terry Pattar: Interesting. And I guess on the reverse militaries should really be doing more about cyber threat intelligence themselves, shouldn't they? And is that a capability you see them developing or-

Rob Dartnall: Yeah, it is.

Terry Pattar: ...Is that somewhere where they still are sort of lacking impetus?

Rob Dartnall: Yeah. I obviously have massive bias in terms of the organizations that I look at and I can see great strides, particularly within European militaries and armies, and obviously more Western, generally. The rest of the world, I'm probably going to have to rely on your expertise, Terry inaudible, but I really do, I'm starting to see more CVs from the police and other law enforcement and the military with some cyber threat intelligence experience where they've been enrolled for several years and it's less strategic stuff and also more technical now, which is really, really great to see. So steps have been made, evidently more steps need to be made, but as we... Most military not based militaries, but significant number of militaries are also transitioning into a more civil military so reservist type forces, that's going to be incredibly helpful there as well I believe.

Terry Pattar: Thanks, Rob. It's been really great talking to you and there's a lot that I think people could take away from this episode. For me, definitely thinking about China's capabilities and all of the things that they're trying to do, and actually the integration of it all, it all comes together, you can't separate out one aspect of what they're doing, it just seems to be a very all encompassing way of competing, let's say. And I think we'll hear a lot more about this and no doubt I'll look to you for some of your insights and to hear from you again about what you're seeing in terms of how some of these capabilities are developing.

Rob Dartnall: Thank you for having me.

Terry Pattar: Great stuff. Thanks, Rob. Appreciate it.

Rob Dartnall: Take care.

Speaker 2: Thanks for joining us this week on The World of Intelligence. Make sure to visit our website, janes. com/ podcast. Or you can subscribe to the show on Apple Podcasts, Spotify, or Google Podcasts so you'll never miss an episode.