Your favorite cyber policy podcast is back for Season 2! New format, same old hosts. We'll be covering the Chips & Science Act in a discussion that goes through great power competition, hardware nuance, hardware supply chain security, AAPI advocacy, and workforce education. Winnona also talks a little bit about DEFCON policy for her "Cyber Show & Tell".
Chips&ScienceAct
[00:00:00] Hello, and welcome to cyber dot R E R a podcast by Harvard Kennedy school students. My name is Beth and I'm joined today by Sophie, Danny, grace and Winona. On this episode, we'll be asking the question what's in the chips and science act. And why does it matter for cybersecurity?
Okay, do this one more time. Well, it is our first episode of drum roll, please.
Season two of cyber dot R R. We are here. I cannot even explain how happy I am that we are. On season two. Yeah. I missed you guys. This is sad to be over zoom and not in the same corner of Belfer, but nice to see your faces nonetheless. Yeah, a hundred percent. Uh, sisterhood of the traveling cyber pants,
Anyway, anyway, we have a whole season ahead of us. We had some incredible guests in season one. And [00:01:00] again, thank you to all of the folks who joined us for interviews.
Thank you to Belur. Thank you to of course, all of these incredible co-hosts and all of the amazing work we did last semester. Season two is gonna be really exciting. We have a lot of interesting topics and speakers in the pipeline. It's, it's been so awesome to hear from all of our folks around the world who have listened to this podcast.
That's been one of the most gratifying parts about making this for me is hearing from people who actually tune in and have enjoyed listening and being on this journey with us. Yeah, it's been wonderful to hear what people really like.
And so we're hoping to bring more of that to you this season. And also we hope you keep staying in touch and send us your feedback. We now have an official email, which you can contact us@cyberdotrrdotpodcastatgmail.com and follow us on Twitter at cyber R R. Oh, right. So we're kicking off season two with a discussion [00:02:00] about the historic chips. Plus we're now called the chips and science act that was passed by the house and signed by the president. Just a few weeks ago. So the chips and science act authorizes the largest five year investment in public R and D in American history.
So it's 280 billion to subsidize the semiconductor industry boost, domestic manufacturing and shift investment from China. But it's also got increasing in spending for research and development provides a lot of funding for stem, workforce initiatives and other innovation hubs and activities throughout the us.
It's really exciting and it's really historic. And it's got a ton of implications for cybersecurity policy, which is why we wanted to kick off this discussion about the chips act. Yeah. So Beth what's in the chip set. So obviously there's chips. And then now with the additional Senate at endo, right.
Mm-hmm , what's that about? And then [00:03:00] where's the cyber component cuz we are cyber dot R AR, right? great question, Winona, because this is a $280 billion package. It's got over a thousand pages. So sometimes I feel like the question with these massive government bills is like, what's not in it. But we won't get ahead of our skis.
So a few things I wanted to high. In the chips and science act is the biggest part of the act is the chips for America fund, which is around 52 billion directed to chip manufacturing, research and production. This is really the biggest highlight of the bill. It's got manufacturing incentives, a new national semiconductor technology center.
An advanced packaging manufacturing program all rolled up into that 52 billion. We also have the national security component. So the DOD chips for America defense fund, which is about 2 billion. We have international technology security innovation fund,
and then the other major part we have is a public wireless supply chain innovation fund, which is all [00:04:00] focused on telecommunications security and movement towards a more open architecture software, very wireless technologies. So we'll, we'll touch more on that later, but there's a lot of context.
Behind why this bill is the way it is. So grace I'll kick it over to you cuz you did a lot of work on the chips and science hack this summer. So yeah. Thanks Beth. For, for that rundown. Yeah. It's like such a huge bill. So I honestly could spend an hour just listing the things and it, it, we, we would still run at a time.
So basically COVID 19 and the supply chain issues that have been happening worldwide. It, it really affected. A lot of global trade issues and in particular one of the biggest issues that came up for the tech industry was that semiconductors are primarily a manufactured abroad. And so it became sort of a bipartisan issue to try and bridge that gap.
Bring that manufacturing to the United States. Increase the manufacturing of semiconductors, which are really important for, I mean, so many different technologies on the political side, which is [00:05:00] more of what I was working on. The United States relies a ton on Taiwan for its semiconductor production to become a huge national security issue.
Grace, that's great context because it's so important to remember that this is not just about semiconductors. It's about a whole host of geopolitical pressures and tensions that have led to the creation of this bill. So why does this matter? For cyber. So there's the chip part of the chips and science act.
Right? So when we're talking about Ts, M C as the Taiwanese manufacturer for semiconductors they produce what a large majority of the supply. Danny. I know you had some stats about the market cap. Yeah. It's really shocking cuz you don't see this kind of dominance in a lot of, in some industries, but, but not a lot of 'em TSMC.
Just over 53% of the global semiconductor Foundry market. The next closest competitor, Samsung at 16.3% that says of July this year, 2022. It's important when we're sharing [00:06:00] those numbers that we note there are several stages in the conductor manufacturing process, and Samsung Intel have a larger percent of the market when it comes to the later stages.
But at the very beginning, when we're talking about pre-fabrication. TSMC has a really dominant share. Yeah. And so going back into the supply chain security aspect of this a lot of those semiconductors are being transported through global manufacturing hubs. So from Taiwan to China, then to America or South Korea, where the later stages of this semiconductor manufacturing cycle is and so.
Going back to what grace was saying , then yes. You're going to have a bunch of semiconductor shortages. If that global supply chain grinds to a halt due to, I don't know, a global pandemic. But the cybersecurity component of this is a little Murier on the semiconductor issue specifically.
There's the geopolitical tensions between China and the United States rising and amidst all of this rising China, [00:07:00] us tension. There's the understanding that our supply chain software and hardware are really interconnected. There's been some conversations in the cyber security community about software supply chain, making sure that we know what software we're using and whether or not those pieces of software can be backdoored.
So the conversation about software bills of materials is that conversation about software security, right? Hardware security. In that same vein is a little bit less explored, but I know that in 2018 there was an interesting blip on, on the map where that Bloomberg article came out. That was pretty much debunked.
Right, Beth, then? Yeah, it's, it's complicated. It's a debate. It's spicy. It's a hot take. Bloomberg business week first reported in October, 2018 that China had hardware hacked, super micro products through adding malicious chips found on motherboards, starting as early as 2015. So super micro is one of the largest, if not the largest producer of server motherboards in the world.
It's based in San Jose, California, [00:08:00] but it does a lot of its manufacturing. Through subcontractors in China, however, super micro apple, Amazon publicly called for retraction and the us government officials from varying agencies have also on the record dispute the article. Even though there was this pushback, Bloomberg has doubled down on these claims with an article, a published in 2021 in February, and stated that China's implanting of chips and server mother boards is only the tip of the iceberg in terms of hardware.
Manipul. We are not taking a position on if this is true or not. However, I think the super micro saga or lack thereof demonstrates a potential widespread risk for both hardware, security and global supply chains that I wanna us all to dig into. Yeah, I totally agree on that, Beth then, I mean, it's definitely a weird story when you're looking at the Bloomberg article and how many sources have been like, no, that's not really true.
But you're right. It does demonstrate a risk, especially given how difficult hardware vulnerabilities are to patch because you physically [00:09:00] have to have access to hardware or you have to have some sort of software work around having a vulnerability built into your hardware. Supply chain is. Going to be a pretty good bug for an adversary like China, especially as tensions are rising.
And so, yeah, super micro may not be the smoking gun, but it does, surface a lot of interesting risks that having a supply chain really reliant on an island in the south China sea, may not be the best move at the moment.
One of the things I'd like. Explore a little bit more with the chips act is what is implementation really going to look like? And there's two dimensions I'm concerned with. One is we just finished a massive funding effort with American rescue plan a P and we heard of a lot of his successes. At a state level, they were dispersing the funds, but we also heard of a lot of swings and misses where, when you're trying to manage that level of [00:10:00] money inevitably you're gonna have vendors that are not delivering at the level envisioned by the federal government when they.
Allocating these funds, and this is another massive, massive funding bill where by the time we get down to the level of, okay, who's building the factories and how are they being operated and, and what's production look like the reality may be significantly different. It's, it's very well to say we're gonna reassure this industry.
And all it takes is money to build some factories, but actually that's not all it takes. It requires significant. Talent talent. That's not just a function of, can we teach people this, but actually years and years of experience, the semiconductor, particularly the Foundry stage, which is kind of what we're hoping to sho requires really specific experiential knowledge to do.
It's not just a, go hire a bunch of people with a certain degree. And so that's gonna take time to build, it's gonna take expertise to build and. That's the kind of [00:11:00] attention to implementation that our federal government, frankly, doesn't currently have the long term attention span for. So I've, I've a lot of concerns about can the national security interest of this be realized when it comes to implementation.
Yeah. I agree with that so much, Danny. I think there's like a couple of points, a couple of nuances. The focus of the legislation, somewhat misses because this is such a complex space. So first of all, there's a difference in the types of chips that are relevant here. The sub five, seven nanometer stuff, that's really kind of the critical technology for national security applications.
Is different from what we saw a lot of supply chain gaps from COVID being, which is not state of the art. But the kinds of memory and logic processors, that Intel is really good at [00:12:00] building that you need for things like computer monitors and other stuff that people really needed during COVID when we were all working from home and stuff like that.
So there's like a distinction in the state of the art versus state of the practice and where the supply chain gaps are for that. But the bigger issue is that supply chains for chips are just really complicated, largely because of the huge number of process steps that are used in semiconductor manufacturing and the yields that you need in order to make each step of that process economic for a lot of semiconductor manufacturing, like experience, knowledge, knowledge of the process.
Those human factors are just as important as simply. Having the right IP or the tools. So even when, even for the equipment stuff, the legislation misses, some of that nuance, for example, a lot of the subsidy money is specifically for procuring the raw [00:13:00] materials and the equipment that you need for chip manufacturing.
But when you think about things like E EV like the extreme multi ultraviolet, Tools that you need to make the most advanced chips, like the five nanometer seven nanometer chips. There's one company that does that. And it's a Dutch company called ASM. Another point is that there's not a lot of investment in packaging.
So we could end up in a situation where we're pouring all these millions into making, fabs in the us, and then having to ship chips to Asia for packaging. And again, on, on Danny's point about the numbers here, to me, 52 billion is a rounding error for semiconductor manufacturing companies like the 40 billion or so out of the 52 billion.
I think that's, you're marked for manufacturing that's in all likelihood gonna go to Intel global foundries, Samsung and TSMC, like the big four and for an industry that . [00:14:00] Is pouring hundreds of billions of dollars of investments into chip production expansion over the next, three to five years, $52 billion is not a lot of money.
So, I mean, this is a good, down payment on rebuilding a sector that we've kind of offshore intentionally, too, right? Like we made the us, we being the us, made a decision to focus on software as opposed to hardware, but this isn't gonna be. A magic bullet. It does send a signal to industry that the us is intending to be competitive in this space.
But I think some of those nuances are also important to keep in mind. Awesome. I think that speaks to the point again, that there's so much more complexities here that throwing, oh, throwing a rounding error at isn't gonna solve when, oh, I'm gonna kick it over to you. Yeah. I mean, I have so many thoughts on what Sophie just said.
I mean, the first is like, yeah, it's surrounding error, but [00:15:00] the Biden admin released this fact sheet right after they signed it, getting industry to match part of the chips act. Right? So you get micro announcing a $40 billion investment. So that almost doubles it right there. And then, Qualcomm and global foundries announcing a partnership that includes 4.2 billion to manufacture chip.
In upstate New York. So it you're right. I think it's a lot of demand signaling, but I think it's working yeah, it's not gonna be as, the panacea that we need in terms of fixing this hardware supply chain issue. But I think it's, it's going to be a start. Yeah, I think that's definitely true.
And also, we've seen precedent of this working before that kind of industry government model. Backtrack, like in the eighties, the global semiconductor industry was becoming increasingly dominated by Japan. And us companies thought that, Japanese companies were competing kind of unfairly by dumping memory chips at below production costs.
So to counter that and regain us control of the semiconductor [00:16:00] industry, the us government, and then 15 or so of the biggest semiconductor manufacturers in the us. Began this Semitech consortium to basically restore generational leadership and advanced microprocessors by doing exactly what the chips act I think is calling for now, which is like pooling their manufacturing resources together to develop advanced products at competitive prices while recovering their global market share.
And that worked well. And I think even a few years into that DOD. Like remove their funding because the industry piece of it was taking off well. So the industry had taken the demand signal from government and run with it. I wanted to go back to something Sophie said about a lot of this funding is going to go to the large companies already doing production.
Some of those companies have already. Named where they intend to do work. So Intel said it's looking at a 20 billion investment in Ohio, as well as expansion [00:17:00] Arizona, New Mexico. Global foundries is looking to expand output in Malta, New York, where they're at and just I'm naming these areas because of course, as you're expanding, you need to be hiring more talent.
One of the estimates out of Georgetown is that we need 30,000 high tech workers. Those workers are not all just hanging out in those areas, waiting to be hired, and they're putting on my other. Other hobby hat, which is workforce development, the biggest challenge, any area runs into, particularly when trying to transition to an innovation economy is the lack of highly skilled talent.
And so you have what is already an existing known challenge? No matter what industry you're trying to move into compounded by again, the really specific and niche knowledge needed for this particular industry. And unless there's a concerted. Across each of these regional economies. And we're talking about things like L housing for workers the kind of [00:18:00] infrastructure that enables workers to travel to work at at these boundaries, the kind of culture and life that attracts.
Young high tech talent to these places, unless you have that orchestra all playing together, it's gonna be really difficult to get the workers you need for this kind of manufacturing. And so I just wanna call that out because there's a lot that goes into setting up and, and staffing these factories.
And not all of that is provided for within this act. It's a question of can our state and county government. Pull those pieces together in concert. Yeah, Danny, I think the point on workforce development is huge because that's a major issue in cyber as well. We, and that, and that this is overlap, right?
These are not, it's not an, and or it's a they're together. It's a similar across all of technology. We have this massive pipeline workforce issue, particularly when we're looking at rural or underserved communities where a lot of members of Congress were. Supporting this bill, because there was an [00:19:00] opportunity for them to get money in their districts, in their states, in areas where you don't typically have a lot of this type of technology, funding, and resources.
So I think it there's a big read across for both cyber talent and. Broader technology talent. And that's, that's the beautiful thing about the marriage of the chips and the science part of this act, right, is that you get a lot of that workforce funding and stem funding in the act itself. You're breaking it down.
And there's a lot of interesting scholarships. There's a tenure national stem teacher core pilot program in here, guys, and they have. Over tripled the budget for the cyber core scholarship for service, which blows my mind. I mean, I just, most people thought that they wouldn't even double it, but here they are tripling it.
And being able to, as a cybersecurity professional, go into a university that I would be able to afford and, come out and try and work for the government in that way is amazing. I think they're, they have thought about [00:20:00] this aspect in which you do need highly trained professionals, not just in the manufacturing sector, but also in the cybersecurity engineering those sorts of areas as well.
I have questions about them, especially on the workforce stuff. I think it's true. Especially cuz there are provisions in the bill saying that there, there should be priorities given to like more rural areas, but but then it's also like, top tier scientists wanna live in cities.
The other thing is looking at this bill from like a cybersecurity standpoint. I think like the hardware part of semiconductors and its relationship to cybersecurity is, I mean, very clear, but I feel, I don't think there's a lot in the bills. . Very explicitly about cybersecurity, which I find interesting.
It's true. That that there is an increase in the cyber core scholarship for service. There's clarifications about what cybersecurity related stuff entails, which includes like artificial intelligence, quantum computing, aerospace and. I think that's really important, but other than that, there's [00:21:00] only really like two other provisions in it specifically about cybersecurity it's like towards N saying that they should look into digital identification, research biometric research.
To, to me, it, it's not as explicit as it could have been, so I could not disagree with you more grace. And this might also be because I went through the thousand page document and command F cyber. And so there's like at least a hundred
line items for the word cyber, and that doesn't even include data protection and identity. Right. And so aside from the semiconductors, like I've been dying to talk about this, just the science part of the chips and the science act. There's the teachers in stem funding for cybersecurity initiatives.
There's the blockchain crypto advisory position, which I'm sure given all of the interesting crypto highs going on right now would have a security component. And then there's a ton of signaling on international standards, which Sophie, I know you've done a decent amount of research on and, and has some interesting geopolitical connotations and cybersecurity connotations going back to software [00:22:00] supply chain.
I think the beauty of this bill is that they're not calling out cybersecurity specifically, but they're embedding cybersecurity components in every provision. So for example a lot of the research components of the chips and science act have. Research security provisions where they're specifically saying any sort of research you do, you have to have the right pro protections or tools against intellectual property theft, which given some of the anti-China or great power competition portions of this bill could be pointing fingers towards.
The mass amount of Chinese, I P theft that happens in cyberspace. Yeah. Like the AI enabled security, the cloud computing, open source, software security privacy controls for biometric security. All of those are cyber security. And then there's like one line item, which I think is really interesting or a couple line items on it versus OT security.
So like the in information technology versus operational technology specifically for. Securing food, water, and energy systems under the [00:23:00] department of energy. So it's not mentioning security because they want security to be built in. Yeah, I definitely am a huge record of this act . Yeah. I mean, I am too.
I wanna, I wanna say that I am too. I mean, are you Sophie? I didn't let us, no, I'll let you. I'll let you defend yourself in a sense. I'm supportive of this. I'll let you, I think it's a great starting point, Sophie. I don't think that it's a silver bullet. That's gonna sho all semi marker. I don't think another thing that either, but anyway, to, but to your point,
I think when it comes to government regulation slash government bills, I don't think federal departments are the best at doing built in employing things, but also wouldn't that be better than Congress doing it for the departments? I feel like it would make more sense for the departments to come up with their own cybersecurity regulation than to have Congress mandated for them.
Yeah, I think I disagree with you on this point of what should be [00:24:00] like standardized or not, but I think that's, I think that's fair enough. Well, I did wanna mention the the research security stuff that you're talking about because to, for background, my summer work was with Asian Americans, advancing justice, who successfully blocked provision within the chips and science act that did end up getting passed.
That, that basically would've, would've made it very easy for the state department to have denied visas for applications and existing visa holders from quote unquote national security issue countries, but mostly under under the wording of, for people who are interested in like accessing secure information about like sensitive topics such.
Semiconductors, which would've just like really opened up the door towards anti-Asian sentiment, which is a huge problem as we've seen, with the China initiative. And and I don't think that this is like a. It's not based on who's in administration. This is like a cultural problem that we're having, regardless of the political party.
So yeah, obviously shout out to a AJC and the amazing [00:25:00] work that they're doing. I think that's like where where I kinda like bristle at the research security part but I'm, I'm also not saying it's an easy like that. I even have a, a, a solution here because it's like intellectual theft is a huge problem for sure.
And so is anti Asian sentiment. How do we bridge that? I'm not the guy to, to tell you. Yeah. What are your thoughts on the research security part of the chips act where they're saying we actually are not going to allow some of the NSF funding to go to any institution in university that has an existing relationship with a Confucius Institute.
Yeah. I saw that whole section about the research security part. When I wrote up my notes, I put it in quotations, cuz I was like, I don't know about this one guys. Yeah, I think that when it targets institutions versus people I'm more on board for that. I think that there's less of a likelihood for people to be personally attacked based on their identity, but [00:26:00] in general, I think it's like just a tough, tough thing to be in.
And I think when it comes to security, it's kind of always gonna feel like a little bit like overstepping when it's regulated, but then when the breach happens, it's gonna be like, well, why didn't you do anything about it? So I think how, how it was written in now and what was passed is, is like the right track.
One thing that that makes me think of is that I think that these discussions are evidence of. A crossing of the Rubicon towards like a full decoupling of China that is somewhat concerning. At least I'm concerned that politicians are less and less interested in subjective standards and individual reviews and more in favor of just outright bands and.
When you're looking at these globally integrated supply chains that may not be the best approach. So one line of [00:27:00] criticism that I've read about the chips act is that, you know some groups think that a company that's benefiting from a federal support should not be able to invest in China at.
The chips act is very clear in specifying that a company can only receive a grant for a project that is in the us. So if supporting a company that does business there is helping China, then everything is helping China. Like by that metric. If you give a tax benefit to encourage investment in like a global comp like a multi multinational company, then you, then that's a pro China subsidy.
Like I don't really follow the argument that a, that an American semiconductor company making investments in America should be barred from investing in China. But at the same [00:28:00] time, a company, an American company, Doesn't invest domestically is free to partner with the Chinese government or any Confucius Institute that they might want.
So I'm, concerned by that line of thinking, Sophie, that brings up the point of now, this is not just again. And we, and we know this, we know this is, this is a major geopolitical issue that puts a lot of pressure on many different areas of. Our politics and the global economy and individual businesses who are caught up in great power competition, both to their benefit and detriment.
Danny, I know you have some thoughts. I think I'm gonna disagree with you, Sophie, that this is concerning. In that one, I don't think it's reflective of a broad decoupling. And two, I. Know that taking, making probes into the [00:29:00] decoupling strategy is problematic. I actually think that's probably what we should be doing at this point, given the us predictions about the geopolitical benefit of coupling, I would say largely have turned out to be wrong.
The headline in opening. Global markets in China was this will lead to widespread capitalism and, and therefore democracy and the for stability. And, and we will all be us friends. And very few, I think of the USS visions about how how global geopolitics would flow in, in particular its position in the world order.
Lined up in reality with, that stage of things or that, or the predictions at that stage of things. And in fact, China's done a phenomenal job of using the opening up of global markets to its advantage while maintaining its own domestic agenda. And now foreign policy agenda. So the TLDR is what we were doing.
Didn't [00:30:00] work. If you're measuring, working in so far. Matching our matching the S's predictions of its ability to achieve its global its its foreign policy goals with regard to China. So I think it's okay to start dipping our toes in the water of doing something else. That's a good point. I also, for what it's worth, I don't know that a full decoupling is even possible given how integrated our, technology supply chains are.
I just offer it as a point of like, Those kinds of maybe knee jerk blanket kind of assessments can be dangerous. I dunno what you're talking about America. First America
li building on Sophie and, and Danny's comment. I think the evolving us versus China, whatever you wanna call it now. Strategic competition, geopolitical competition, great power competition. You name it. Someone said it. I think it requires well, definitely in competition is what we know. That [00:31:00] is true.
Indeed. We've decided that at least, but I think there's a lot of, challenges in terms of Congress is trying to legislate ahead of trends where, and that's, I don't think often possible, sorry for folks on the hill, but I could see that when you have a massive. Institution like Congress with so many different ideas and people it's hard to stay on trend.
And I think that's what I wanted to bring it back to is the chips and science act is a historic investment. However, is it too late? Are we feeling more or less optimistic about the state of us technology before this act or after? That's what I'd love to feel to you? All policy cautiously optimistic.
Largely because I think the bar was low . Anytime Congress passes a well intentioned effort towards long term goals, I can give at least a participation plus for, and, and maybe it'll turn out to be more than that. I agree with that, Danny, I think like [00:32:00] the us has , a long history of being the first to develop a lot of innovative industries and then.
Losing production to other countries, other nations. We've seen that in us manufacturing in semiconductors. We've seen it in solar panels. We've seen it in telecoms. And it's often like a similar story, right? Where it's like foreign governments buying industry share through subsidies. And us policy makers have not really responded in a lot of cases.
And I think this is an instance of a response. It's a start of a response. And you can disagree, you might think it's okay to lose leadership in innovative industries because we'll just create new ones. And because we make strategic choices about what parts of the supply chains we wanna get involved in and be invested in.
But yeah, I mean, America created the semiconductor industry. Lost leadership in the seventies, regained it in the eighties with effective policies and [00:33:00] then kind of dropped the ball in recent decades . So I think there's broader lessons to be learned here about how policymakers can avoid making those same mistakes .
Grace let's hear your take. I'm just gonna be a hundred songs with you. I don't think I knew enough going into the research into chips act to say like I was feeling one way and now I feel another, I think, as like an Asian person, I'm concerned about the increasing competition, I think on that level.
As like a tech policy, cyber policy interested person all this new funding for education is awesome. And I think that there will be long term impacts. The research security stuff does freak me out and I think that's where I'm at. I also think something that doesn't get enough love in the chips and science act is the reauthorization of the NASA and the establishment of the moon to Mars program.
Very exciting. The search for. Outside of, of earth has been authorized by one president Biden. So [00:34:00] honestly, you guys, I'm a piece out by 2030. I have a hot take. We should not be gonna space. space is a distraction space beyond our immediate orbit in terms of satellites that we need communications, et cetera, for.
Meant to bring your attention a very hot page skirt, Danny. The whole episode on that space is the opiate of the masses. That is my take .
Winona. You have you have not answered the question. How are you feeling optimistic, less optimistic, ready to get on a spaceship and leave planet earth? I feel super optimistic about this. Kind of echoing what Sophie was saying. It's not a silver bullet. Same with Danny, but not the space part. I don't agree with Danny on the space part either.
But. On the cyber issues. I think that it's a good baseline. Like these have been things like funding into basic research getting more money into education, getting the fabs back in the states or, or bringing semiconductor manufacturing back in the states. All of these are things that [00:35:00] people in industry have been harping on for years.
And it's good to see that it's finally happening and I guess just the. I'm actually not as excited about the space por portion of the bill as I am about the crypto portion of the bill, which has the crypto and blockchain advisory position in OSTP, not a crypto bro. Getting a job at OSTP. no, it's not.
I. There's a lot of people who understand crypto, who are also crypto skeptics. And so I think that if picked right, somebody at OSTP could do a lot of really good work. And this comes off of the heels of the us treasury sanctioning tornado cash, which is a, a crypto mixer. Where basically you take cryptocurrency from one account and you like launder it through a bunch of accounts and it, it pops out of a, a new account and, and you're able to do this for anonymization purposes.
So there's like legitimate reasons for it. But North Korea uses tornado cash quite a bit. But the problem with the department of treasury is they put the Address like the Ethereum [00:36:00] address of this tornado cash mixer software on the OFAC list, which means that they effectively sanctioned a robot.
And so I would hope that N OSTP representative who understands how cryptocurrency works would be able to avoid stuff like this. All right. You heard it here first. All right. Winona desal for that. that crypto rope position drop outta a law school. It's time. Winona. I think OSCP is calling your name, but I think this goes back to that point that we were grace and Winona that you both were debating on, who should be setting these standards.
Should it be Congress? Should it be agencies? And right now we just saw treasury sanction, a robot. Would Congress do much better if we had some type of better definitions or standards? I don't know. But I think coming back to my own question about how I'm feeling as well, I'm feeling optimistic [00:37:00] because I think, this bill , is laying the foundation for a national technology strategy, which is something the us does not have and something that we desperately.
And I think bills like this there's components in the inflation reduction act is, is the stepping stones towards having an affirmative technology action strategy that as a nation, we can work towards and have a vision as opposed to throwing money at the next hot topic or technology that we're all excited about.
I think this is the first step in showing that technology and industrial policy is critical for national security and needs to be the foundation of how the us goes forward. So I'm excited overall, but it's gonna take a lot more work
okay. So on that note I am so excited to introduce a new segment today. We are adding a new part to our show called cyber show and tell where one of us [00:38:00] shares a brief cyber fact news story or event.
And today I am so excited to hand it over to Winona. To tell us her cyber show and tell Winona, take it away. Yeah. Thanks Beth. So my cyber show and tell is just the fact that DEFCON policy was a huge thing at DEFCON this year. So for those of whom don't know what DEFCON is. It is one of the biggest ha conferences in the world, and it is held every year in August in Las Vegas, Nevada.
30,000 hackers from all over the world, basically descend upon the Las Vegas strip. You have a bunch of really cool talks and workshops and catch the flag competitions and this year, the policy department at DEFCON where I volunteer part-time and helped organize this year had a really incredible showing of policy makers coming and working on.
Getting feedback from hackers and talking to other practitioners in Chatham house forum, as well as on the record [00:39:00] talks. And it was just a really fun time. And so next year y'all should all come down. Devcon is an incredible place to just interact with people in this industry. So director English, actually little bit of a humble rag. I got to show director English Chris English, the current official us national cyber director around some of the villages at DEFCON this year.
And he got to basically do a live replay of an exploitation of a Honda car which was really cool. And so stuff I might drive backwards. Well, no, you can basically replay the signal that unlocks the Honda car if you're able to capture it. And so if you use a flipper zero, which is like this a hundred dollars tool, you could buy off the internet, you could replay the signal and unlock the car.
Bro, which is. Insane. Yeah, I love it. So everybody should come to DEFCON and if you're coming to DEFCON, obviously check out the villages, but also the policy department has a bunch of really cool stuff. That's my show and tell are you getting paid for this? Are you [00:40:00] a no DEFCON? Are you a DEFCON influencer one?
Oh no. Cause I think you are. . No, but that's the beauty of DEFCON is it's the hacker community. All of them are volunteers coming into the desert and putting on this incredible conference where people can learn from each other.
I love the community so much and it's so cool. That policy is now a much bigger part. Thank you so much, Fiona for that lovely cyber show and tell we are very excited for this new segment and for all of us to share our show and tell in the coming weeks.
Thanks for listening to cyber dot R E R a podcast by Harvard Kennedy school students, given that this is a student led program, this podcast doesn't represent any views of any institution, school, or even ourselves. After we finish recording this episode on Tuesday, August 16th, 2022, we're just students learning every day, trying to navigate this murky area of cyber policy, staying tuned for more episodes and discussion in our season two.
yeah. Yay [00:41:00] space. Is the of thees
defend that position to be clear. I don't mean like near orbit, all the stuff space force is working on that is obviously essential, but no one thinks you think that getting to Mars. Hot tape is a distraction. That may be the SPST take you've ever. No, I love, love you space force. I do think you're essential.
I don't think we need to get to Mars. It's an opiate of the passes.