So since we have a little bit more time, I plan to do a little bit more elaborate introductions. So perhaps if you say, let's say one or two sentences about your current role and and your current challenges this time around as cars protected. I start with the one who sits next to me. Who is Stefan?
Yeah. My name is Stefan Rutenberg and I'm the group CIO of the Mabu Printing Ins. We are manufacturer of special inks for screen and pad and digital printing and small businesses for creative colors.
So, and I'm challenging security operation worldwide, so we are operating from China to UA and facing a lot of cyber attacks surrounding the globe.
Thank you. Stefan Christopher, who are you?
Yeah, I'm Christopher Christopher Schutze. I'm Chief Information Security officer with CO A Call. That's one of my roles. And the other role is advising CSOs as director for cybersecurity with CO a call and challenges. So internally for sure, we are mid-size company. We do events, we do research, we do advisory. We have a lot of confidential data where we must ensure that it is not shared with the wrong person, that we share the right data. And this is a challenge as you all know.
Thanks. Gustava. Now Carson.
Carson, Carson Fisher. I'm the Deputy Chief Security Officer for Orang, that's comprising of cyber and physical security and I'm running our office of the CSO with strategy architecture and some other nice stuff. Biggest challenge right now is to finish the budget process, as you would predict in a complex organization like Deutsche. That's a complex process, but that's important because we have just sort of finished a revision of our strategy for security that has become much more thread and architecture led.
So we now want to sort of put the first roadmap items in place via the budget process. So that's the biggest challenge right now. But hopeful we close that out this
Month.
Yeah, thank you.
Mark Wolfman, I'm the chief security officer at OD Oria as a bank, 30,000 employees. Our market is in the Nordics, so Scandinavia plus Finland.
Yes, we have offices and the rest of the world as well, but our focus is primarily in the Nordics, the challenges and funny cast, it's pretty much the same like, like I've seen at Deutche Bank, we've worked before together and a few years back. It's the complexity. So NOD is an organization which has been grown by lots of MNA in the past from smaller banks in the Nordics and this it looks like. So it's a fragmented organization with 3000 thousand applications. And you see this on other things like identity access and the other initiatives.
I think this is the biggest challenge and still find enough time to find enough time to look into the future and to deal with the present like the Ukraine situation and future challenges.
We are so good today to, to bridge to what I want talk next about. So this is a perfect match again and we did not reconcile beforehand.
Yeah, I just wanted to, I mean Microsoft issued, I think it was this week, their digital defense report 2022. And this report started with the following sentence on February 23rd, 2022, the cybersecurity world entered a new age, the age of the hybrid war as Russia launched both physical and digital attacks against Ukraine.
Now, in the first round, I want everyone's statement here, whether it is, whether you concur with this view or not. Yeah. So this time you had your start already. So I start with Christopher. Christopher is Microsoft, right? When they say that the Korean War has the potential to change the cyber threat landscape?
Yes and no. I think that's, that's the best answer to this question. What happened in February? When was it 20 20, 20 fourth, February. I think it's more the visibility that changed.
People realized, oh my God, there are state driven attacks that can impact us, that can impact other organizations, that can share false information, misinformation, all that stuff. I think that's, that's the most relevant part here. Big countries, big states, big organizations always start to try to manipulate things, try to share wrong information, all that stuff. But now we achieved that level where we realized it can affect directly delivery, pipeline, supply chains and all that stuff. And also attacking energy providers and all that stuff. This changed because the visibility is there.
I think the spread was always there. Now it's more visible for all of us and we realize the impact
Cars is, has the war against Ukraine changed our view in terms of of, of this, of
Just to not repeat what Christopher said, I said no and yes in a different order.
So no, I don't think so because we had seen cyber attacks before and we'd seen physical attacks before. Yes, because I think that's the first time we've seen that in combination. So I think that's the big game changer. And I don't need to echo what you said around visibility. I think that we are now seeing wire, the press and wire media and social media a different level of awareness on cyber security. I think that's helpful from the outside perspective of making this a more prominent topic.
And we heard keynote speaker today talking about how they want to change digital and security for Germany as well. I think there's also a downside because obviously all boards now, if they hadn't visibility, they have more now and are challenging all their CISOs to come up with a plan for that if there wasn't any. Yeah. So I think that's up and down, but no one, Jess,
Mark you,
I I agree to what the colleagues just said. I think it's more about awareness. So the experts knew about that and we already joined 2 21. We recorded a couple of increased activity against Ukraine and other nations.
So actually the first steps of this upcoming cyber warfare that we've seen this before, but it wasn't very prominently in the press obviously. So the, and the interesting effect on us was more that there is an increased interest of the board on this topic, for example. So the regulators were asking us, the Bank of England came Yeah. And gave advice and asked us the, our counterparties came, even customers came and asked questions on our security. So there was an increased interest in the topic, but is there really something completely surprising we've seen or something new techniques CTP or so?
I don't think so.
Yeah,
Yeah, absolutely. Yes and no. So when you're interested in cybersecurity, you see that all big states like us, China, Russia did a lot of cybersecurity and attacks each other. So it's not a new thing, but it's more in the presence. The Ukraine war has started. Yeah.
But also for the attendance here and also for, for the people outside, it's more common now to speak about cybersecurity and, and hacks again, companies and yeah, I'm a little bit aware of the, the critics when, when we have hacks about that, that could be affect in Europe or in the world more than we expect at the moment. Also, we have the energy situation now.
Yeah, we'll see what happens.
I mean you, you all mentioned that the awareness in the, in the society has significantly increased since the war started. Now my my impression is that yes, of course everyone remembers the attack against the, the pipeline in north. Everyone obviously it remembers the attack against the cables of Deutsche Barn and but that were, or the, the, the real attacks on the critical infrastructure in Ukraine itself, water, energy, et cetera. I'm not so sure whether the layman's outside really can remember any cyber attack, real cyber attack or pure cyber attack.
So I think we had the discussion before, Mark, what actually happened since, since February from a cyber perspective, cyber security perspective.
What do you mean by for the companies or
For in general? I mean have we seen a lot since then? I I still remember that when we had the discussion at eic, a lot of CISOs were saying actually we're not seeing anything.
Yeah, yeah, yeah, that's, that's correct. So with regards to a text we've seen, and if you look at the Microsoft reports and they're really super good reports. There are not sales documents. I can just recommend that to read the reports they, they put out in the, in the last few months you've seen that we've actually, they recorded hundreds of cyber attacks since the beginning of the situation. And we know that the nations state, the text we've seen or the, the texts reboot to the nation states that they've been primarily in the directly involved countries.
So in Russia and Ukraine and perhaps per, but we've seen a couple of attacks against the NA states as well. And we've seen a texts against the states which are directly surrounding the Ukraine, have some, some influence in the situation. And actually, and we thought about that at ea at least for us, we've not seen any reason to raise the cyber threat level for a direct nations data tech against us because we've rooted for us that we are not the direct target potential.
Yeah, I think that's a key thing. Everybody needs to assess their own profile to understand the motives of the nation state and find out I a potential target. Yeah. For example, the, the NA application of of Sweden and, and Finland and we are headquartered Helsinki. So this was a key, key thing for us. So we were thinking then step beyond thought about the internet cables thought about do we need satellite phones? What is if critical infrastructure outside OFS being attacked and what does it mean for us? Yeah.
I think this is the change for us to think about such things as well
Ka, I now walk my way backwards. So what actually distinguishes a state sponsored attack from other cyber attacks? What is the difference?
Why, why are we actually talking about that in particular?
So from a threat, from a pure threat perspective of threat vector threat driven attacks, it's easy to say nothing. But obviously that's ignoring the fact that they are much more sophisticated. If you look at in and you look at even ransomware attacks, if you look at ransomware attacks, the top five ransomware attackers are using a subset of the Mitra attack vector as their typical techniques because they wanna go in encrypt, get out, get money relatively quickly.
If they can't achieve that, they're moving on the nation state attackers, if you look at their techniques and procedures that are known, you can see the full Mitra attack framework because their aim is to come in and stay and stay as long as they can. And then whenever they decide that it's time for them to do something, they will decide to do something. And I think it's that way of trying to come in and stay that differentiates them probably from every other threat actor.
From a vector perspective, sort of the same
Christopher, one other probably important differentiator is the sheer volume of resources they can, they can spend, Yeah. What what's your view here?
Yeah, exactly. So basically what what cast mentioned is 100% true, the state driven attackers, they have, they don't care about the money or maybe on some cases they care, but their, their intention is not to ransom, to blackmail you to ask for 100, 1000, 1 million bitcoins, whatever they want to get the information, they want to have access to your information or they want to be able to manipulate your company or shut it down. In the worst case, that's their goal. If they are in, they wait until it's time to do something and they don't have to take care of the budget.
Usually cybersecurity or our intention is to be more expensive than being hacked. That that's basically sometimes the trade off you have to deal with because cybersecurity, that's what we mentioned two years ago on conferences, it's a business model that they want to attack you and if there is no profit, it does not make sense. And that's the different here because state driven attackers, they want to have access, control information, whatever, no matter what the expenses are.
Yeah.
I think as someone mentioned in the morning that imagine if, if all the, the people who are currently doing ransomware vertex, if they were rerouted to critical in infrastructure or to to help, and we've seen that in the case of Russia to help the government to attack the enemy. Right Now, we, we started off with a discussion around the, the Russian Korean War are the Russians the only ones we have to be concerned about?
I guess not.
So when you look in, in more in the east, there's the Korean and China situation, which are growing up and I heard a, a good discussion about that, that China is preparing its own infrastructure and production of semiconductor chips until they have the technology and the knowledge and then they will start to get over to Korea. That's also a situation we should be aware of.
Also, China and and Korean have a lot of cybersecurity state hackers I guess more as as we think. So it's, it's not only the Ukraine and the Russian situation. They get state hackers are a global, a global thing for the, for the big states. And they have other goals like the, the ransomware guys also when they hack companies, they, they want to achieve informations. And I guess when we, when we see the situation in in Russia, the the fleet of error flood that they haven't the spare parts, they want to have the technology to rebuild the spare parts. And that's I guess the, the relevant targets.
Now what they don't get about our import stops. And so for, for our, for our company, I guess we are not the, the biggest target to have color and and paint the the plane. So they have to more targeting that the plane are flying. So that's my perspective of that stuff.
Yeah.
So we, we heard about obviously Russia, we heard about China. Korea, Iran comes obviously to my mind stance. I know that of course you have also a big operation in the us What about them? It's a tricky question. I know
It was interesting to hear this morning that the German government, or at least the bun thinking about is the US a long term strategic partner for them when it comes to digital and all of that. And we are joking about, yeah, nobody else is listening but the nsa, so I think they have the capabilities to do stuff.
I wouldn't necessarily say we would treat them methodology wise as a nation state attacker. They clearly could if they want to, they may, they probably do. But I do think coming from a western perspective, you would probably probably not classify them as a nation state attacker.
Okay. So we have now talked a lot about who are they, what enables them, what are their strategies. Now let's come to the more interesting questions. What actually can we do about it? Right?
And I think in the first round I'd, I'd like to, I'd like to get your view what out of what we anyway do are the best strategies to to combat that. And then, and please don't mix it up because I wanted to approach it in second. And what do you do on top of that as a second step mark? You mentioned that to some extent already, but I really wanna get down to these two different things. So out of the, let's say normal, normal, how to say toolbox, what do you think is most effective? And then of course, what do we need to do on top?
Can, can I say last word on the, on the previous, on the states
Actually
I would be careful in limiting the discussion on North Korea, Russia, Iran and China obviously. Right? Because we've seen that as we talk about cyber warfare and these capabilities, we know about many, many nation states who currently ramp up their capabilities and who are really able to execute sophisticated a PT attacks. Yeah. These countries are Pakistan for example, and many, many other countries.
So I think T you said that yeah, it's a global problem going forward and we need to have everybody on the radar sooner or later. Yeah. Now on the attacks we said that the nation state actors are able to do very sophisticated attacks. They're super patient.
Yeah, they have lots of resources. They have fuel knowledge potentially. So they know about zero D vulnerabilities so they can abuse Microsoft product vulnerabilities, which are not patched yet. So this is a, this is an advantage and look at the lock for J situation we've seen end of last year where we in a real race then to configure the systems and waiting for a patch to get this quickly done.
However, this your day in knowledge, they just choose in a very targeted mode because they can shoot this bullet only once. Obviously that's it then. And that means many of the techs are pretty much standard attacks. So in the qua situation, we've seen that the majority of techs are attacks, started with a fishing campaign, spare fishing, hundreds, thousands of spare fishing emails for example. We've seen the classical watering hole attacks so that you, you yourself go to a web page actually and infect yourself.
We've seen basic things like brute force attacks and therefore the best defense against this is classic hygiene, multifactor authentication. I cannot, cannot repeat this often enough. Every access needs multifactor authentication. The excellent Microsoft reports we just, you just refer to actually end point detection and response internet connected so that they can actually detect what's going on. Intelligence, yeah, digesting rapidly intelligent, available from the usual suspects like FS, isec and all the organizations And awareness, awareness, awareness with the chooses.
I think these are the basic things. Yeah.
Pitching, forgot pitching.
Yeah. And I will go even one step before that. What is the prerequisite to be able to do proper pitching?
This exceeds now the, the time we have on this session
Here. Now it's the time to best your coo
I think, I think Life Schneider said this this morning, yes. Cybersecurity is different actually than classic it. We have no time and patching is a good example. We in the conflict to making a decision on is it properly tested? Yeah. What are the competing things we do on the production gateways and can be patched is no or not. Yeah.
I mean we've seen that prerequisite for proper patching. Patching is of course, first of all very basic thing, you have your asset management in proper shape, right? So know what kind of software is running on your shop. A problem for many organizations by the way, right? And then of course no one knows which of these software is using the critical piece.
Yeah, we are just searching about right? And now everyone is fishing in the dark and it consumes a lot of lot of time. Then the other thing is you don't have enough patch windows and of course probably you can continue in Carson with that.
I would add, I would and one major component and we call that legacy. So I do think that most bigger companies, I hope CO and coal doesn't, but most bigger companies have a subset of IT systems from their operating system level.
We wouldn't run them at home to say the least, but we run them in the business because that business is a commodity we can't invest or whatever. There are thousand reasons of doing that. That's where it starts. I think that's, for me the biggest obstacle to have proper patching in place to have a secure environment in place is really the legacy. If you talk to companies who are a bit smaller in size who are able to refresh their IT or really say like, okay, we only want to have one operating system, call it Microsoft for easiness or firm discussion, then that's a different story.
I think that's the big, big thing for attacks.
Yeah. So Mark mentioned multifactor authentication. I think you are are best placed to comment on privileged access.
Yes.
I, I mean coming back to the general overall question, understanding your attack surface is the first thing you need to know. Whether it's legacy cloud application and we also have some legacy applications, sorry for that.
But we, we know about that and then we have to identify the right measures or implement the right measures or at the end accept the risk and especially privileged access management in a very Microsoft Azure based environment is a thing for sure. There are a lot of solutions offered by Microsoft, but you need to use them. And so many companies that we are working with, I've seen so many companies where the root account of Azure AD is used for normal administrative stuff. And I'm not talking about small companies with 50 people. We can go to companies with 1,005,000 employees even then.
And that's not a way it should work because if you have, maybe it's also the human error here.
It's not only with a bad intention, you can shut down the whole company if you take Azure as an example, and same applies to all systems where you have technical administrative stuff but also business related critical processes like approving on payment about 100 million, whatever, something like that. This is nothing which should be done without a privileged access management.
Which means you need at least some kind of awareness monitoring of for principle or risk measurement or any other kind of intelligence that identifies whether this action is good or bad or maybe in the worst case asks for a second factor or blocks this access. This is really something very important.
So Stephan, I know and you, you were quite openly communicating that, that your company was victim of a ransomware tech I think two, three years ago or it was three years. Three years ago. And I also know that after that event you initiated quite some, some basic things to be better prepared.
I would assume that some of these measures would also help you to protect you from nations data tax. Can you share what, what, what were your priorities? What were your, let's say main meshes which you, which you put in place since then?
Yeah, absolutely. And what we heard is absolute right. So the prevention thing is also, also all needed.
Patching, multifactor authentication, which we have all in place. Segmentation, micro segmentation, privilege access management and so on.
But also to, to fight against cyber attacks is the thing of detection that you know when something is going wrong in your network and they have privilege access and, and the second real topic to fight against is the training of crisis management and the recovery mode, which is also often as I know not trained in companies so they all have backups that not test how is the recovery to do in the emergency case and what the dependencies of the recovery, what we have had the time as we have our ransom attack, we know we have backups and we know active directory and the e o P system is still the most important things to get back on work, but it's what is with ot, with all the other stuff, the dependencies of the software which are not documented and not tested to recover.
And that is that what cost time and also when we invest a lot of prevention we should also be invest in detection and, and training of the, the recovery and awareness is also a huge thing in, in companies that, you know, what company has to face when they have a attack or when they have to handle a ransom attack or any other attack of cyber crime.
Can I, can I say something to that? I think Shan, you're absolutely right. What was super helpful for us, and this sounds at first time a bit boring. Yeah. But there was use of theist framework, theist framework.
So we, we looked along the whole capability chain. Yeah.
Prevent, detect, respond and recover. Yeah. And then went with this ransomware scenario through all the stages. So how are we on the prevention side actually on the detection what or now detection on the endpoints and so on, on the response side actually, we said okay, we need to do a tabletop exercise and test this out. So when we did this then with the worst case scenario, yeah everything in production is encrypted. Yeah. Because we have, we have, we've at this point in time, we've had a flat network down to the recovery side.
Would we have the, the backups or would they be encrypted as well from the ransomware? I think that helps as you look at the whole chain and identify by your weak.
Yeah.
So, so I think perhaps quick round again, what do we do on top of the normal stuff? Can we do more or do you do more with regard to, to fighting against the state sponsor attack? You mentioned Mark, just that you analyze the situation because you had a a, a site in, in Finland. So are there other things you, you are now considering because of that increased threat?
I, I think the main, the main change of our thinking is getting a bit away from the, just the inside fuel and our own capabilities internally and getting more to an outside fuel. So what we like to to to do is to better understand the, the nations different nation state threat actors and their motives. So if it's, for example North Korea, we talk about more they have monetary interest. Yeah they want to place some fraudulent payments. In my swift systems it's a totally different thing than, than other organizations would just try to sp us out or even have then destructive motives.
The next thing is the dependency from third parties. So looking at the supply chain cases, we've seen some, some, some big things like a ceo. So elements in the last few years which show how critical this topic actually is. Yeah. And I believe we need to be far better in the collaboration amongst the good guys. So getting the right intelligence and best practice what we can do against this. And I talk about the, the law enforcements here, which whom we now build up concrete relationships in the different countries like Finland and Denmark.
I talk about the other governmental organizations pss so easy to just set up like like we do here in this round. Actually meet on a regular basis and share experience and keep ourselves up to date. This is super helpful.
Any other thing which comes to the other, I
Would combine, I would combine two things that Mark said your previous one around looking at the culture, whether that's N or I think we use, I think we are using microtech chains and look at those.
But if you start looking at the cool chains and then try to identify what intel do you have so you can learn and say okay, if I kill it early, I don't let it in perfect. But then really look at your cool chain, how mature are you in protecting yourself against that detection, monitoring, all of that good stuff. Intel also means talking to peers. Yeah. Take all the intel you have, you can have a great threat intel function and probably all of us do. It doesn't replace the crystal. Can you help me on this Stefan? Have you heard about that type of thing?
Yeah, so information sharing.
Yeah, actually you somehow answered one of my next questions, which, which would've been another bridge. You all mentioned that they are patient, they hang around for a long time. So then obviously the obvious question is how can we, wouldn't it be nice to be able to find out that they are in so that we can do something against before they actually start working on it? Wouldn't it be nice and if so, what would it be? What what could we do?
This is super difficult. Yeah.
As those threat actors who plan something like long running heist, they don't want to be detected obviously. So the the ized game so to say there are many, many things you can build up to improve the detecting capabilities in your network. So this is like network behavior, analyze their tons of tools. Countries which are very strong in developing such new technologies are for example Israel. In Israel we see many, many startups who have very interesting technologies like deception technologies.
You are building honey pots for threat actors and luing them into fake systems actually and increase your detection capabilities. I think the, the important thing we need to always keep in mind is regardless how sophisticated we do our defense, there is a potentially more sophisticated attack. So you need to assume that you will not detect them and your detect rate is then perhaps whatever, 30, 40% if it comes to real sophisticated nation, nations, data tech. So you need to think about what happens then afterwards as well.
So unfortunately we also need to talk about luck.
If you talk to, if you talk to CISOs who have been hit not by ransomware but by sort of regular attacks from nation state for example. And then you talk to them how they detected it, you will figure that it wasn't the regular detection methods that we are all using. It was a bit of luck. Somebody saw something that looked a bit strange and they reacted and usually you would've said that wasn't an alert to react on, but they did. Yeah. So sometime that you probably need to train your people to look for something that isn't really looking like it's malicious
And do deep dive.
So I think that's the strengths of having red teams or red team exercises is really use those to do bit of threat hunting and look for something that doesn't look malicious but could be something really bad and you need to have that. Otherwise I don't think it will work out. You will see that second point and last point on this one, we were talking about ransomware and you were talking about the nation states that they usually don't ransomware unfortunately, one of the biggest nation state attackers has now started to use ransomware as a method to hide what they have done. Hmm.
So we will learn less about what they have done in the past. We always learn from others who got hacked, what have they done, how can we detect them? They're now using ransomware to really wipe it out. That's becoming more sophisticated and difficult I think in the future. Yeah.
So Stephen, what are you doing in order to detect whether there's a problem in your environment?
We using the same, the same tools as as many and and I see the difference. We we operate it, IT department, the business and cybersecurity and that what the hackers not do.
So they have not to do a operating of a business, they only have to to hack companies. So that's a little bit a challenge which we have. But communication, sharing information, sharing knowledge, I guess that's, that's advantage when we speak about what hit us and how we prepared us, how we recovered us and, and that's just the thing we can do at least of the software we using and the processes to, to keep hackers away
Before I come to the file around. Are there any questions from the audience to one of the panelists? Let me just give you the micro for the online audience as well.
Hello.
Thank you. My name's Claudia Glover. I'm a cybersecurity reporter at Tech Monitor, just London based B2B tech magazine. I was just curious, I've been reading stuff about cyber twins which are sort of digital twins of a system, an internal system and it's meant to sort of give you that visibility that you're talking about when you say wouldn't it be nice you, you are meant to be able to see the entire system and then notice these anomalies however mild they may be. But I don't know how far along they are and I can't, I mean is this something that you've heard of?
Is this something that sounds pie in the sky to you? I mean is this something that sounds unlikely to you?
Yeah, this is to everybody.
Thank you for that Great question.
Yesterday I talked to yore exactly about the topic cyber twins. And that's a really new topic. I mean we noticed from for instance from from automotive industry if you simulate something, what could happen when a crash happens? Something like that in real world cybersecurity. It's really at the beginning it's a good idea but it's more or less a research topic right now and nothing which is I think pretty much in two years, maybe in three years we will sit here and talk about new ideas or understanding and how to do this better.
But this is really at the beginning and unfortunately, unfortunately nothing we can use right now.
Any other views from anyone? So I guess no has not found its entry into into the practice already at this point. Yeah. But do you think there's a potential that it will change? You still still a very, very advanced topic but good question nevertheless. Any other question from anyone? There is one please.
Thank you.
Taking, yeah, okay,
Taking the topic from the other side. So instead of state sponsored attacks, what about state sponsored support? So what's your idea or is is the state or is the government providing you information support so that you can set up a resilient set or prevent potentially even state sponsored attacks? So I'm not talking about regulation like the create by or Dora, but more active support
Maybe I would start with that and then please I chime that I think we heard something about the problem in Germany for example this morning.
There is some uncertainty around like how the BSI will will be structured in the future, how that will work together with a BKA who have a cyber department. I'm pretty sure, no, we know that B and D has one as well. So I think it's time to sort that. I was sort of pleased this morning to hear that the government are thinking about how to sort it. I was slightly disappointed to hear that they're looking sort of politician view on this rather than expert view on that.
And I think that's probably one where my advice would be that the government should most likely get in contact with the typical industry groups, whether it be at banking or automobile whatsoever. I think there's a lot of cyber experience in the market in Germany and I think we need to make more use of that.
If we do, then we can talk about how nation can support us against attacks. I think currently we're not yet there.
I think a few weeks back I read a report from from Trix tri study and the majority of respondents actually said they would wish for more support from nation states on cyber security. But there was a mixed group of, of organizations, I think small and midsize organizations, they really struggled with keeping the pace and the arm space against the fed actors. What I've seen from the nation states during the Ukraine situation, if I can be super honest, yeah, was not very helpful.
So we primarily receive letters from the Bank of England or other nation states regulators or from the government itself asking us to keep awareness high and the threat letter would be on that level and blah blah blah. So things we already knew actually not helpful, but that created a lot of noise internally. So then the board chair came to me and said, Wow Mark, I got, I read this letter, so what does it mean for us?
Can you do me a presentation please quickly on the status and the list of technical actions and pros and cons on decision and the budget you need and whatsoever, I believe the nation states need to step up here on that need to be better on collaboration. We started a bit on the natural level, but we need to be even better because I see today intelligence and the preparations are still very much on the respective nation focused and not overarching. And this includes preparation like EU type for example. Yeah.
Then, which we need to do that in every country different and they don't talk to each other and other things.
Room for movement.
I hate to, to stop this interesting discussion now was me again? No, no, no. Everyone who is interested in to hear more about that. We do have another presentation from Senior York who is head of research detector media Ukraine in the afternoon on on cyber warfare reality check. And at two o'clock we do have a round table on state sponsored attacks, which I invite you all to join. If you're interested, please join me and give the panelists a big hand.
