Return to Transcripts main page

Quest Means Business

Microsoft: Cyberattack is "Wake-Up Call"; North Korea Taunts China with Missile Launch; Mexico: We Won't Talk New NAFTA Tariffs; United Airlines Accidentally Releases Cockpit Access Info. Aired 4-5p ET

Aired May 15, 2017 - 16:00   ET

THIS IS A RUSH TRANSCRIPT. THIS COPY MAY NOT BE IN ITS FINAL FORM AND MAY BE UPDATED.


[16:00:00] RICHARD QUEST, CNN ANCHOR: We are off the top of the day but still a strong session for the Dow Jones Industrials, up more than 80

points, getting close to 21,000. I've got a good feeling -- oh, look at that. One, two, and a third. That's what you call a firm gavel that

brings trading to a close. It is Monday. It's May the 15th.

Tonight, Microsoft says the world should wake up as a giant cyber-attack continues. The Microsoft president will join me live in just a moment.

North Korea's latest missile test spoils China's economic party.

And read my lips -- no new tariffs. Mexico's economy minister tells me how he'll handle the NAFTA renegotiation.

I'm Richard Quest live in the world's financial capital, New York, where I mean business.

Good evening. The cyber defenses are holding, according to a Europoll, which says the world's largest ransomware attack has been largely

contained. Meanwhile, Microsoft is hammering the U.S. government over its role in exploiting the vulnerability. We're going to talk about all of

this over the course of the program. We'll have the Microsoft president in just a moment.

Let's have some background, first of all. The ransomware ended up on more than 200,000 computers in 150 countries. Now this is its genesis, give or

take. The ransomware "WannaCry" started in the perverted minds of some hackers and some criminals. However, the spy agencies hoard the various

exploits that make it possible to exploit vulnerabilities in operating systems.

So, first of all, the NSA, they have various tools which were leaked or stolen, including, of course, the one eternal blue which was used in

"WannaCry". And there was published by shadow brokers. It was used to create WannaCry ransomware. Now, to be fair, Microsoft fixed the patch

back in March. And the company even patched older unsupported operating systems as well. Of course, if you didn't do the patch, well, that's how

you got infected. Now, Microsoft vulnerabilities from CIA were then leaked via WikiLeaks. Put it together, and the United States is downplaying its

role, both here and here, saying whatever may have been -- they wouldn't discuss the vulnerabilities but they do say they didn't create the

ransomware.

(BEGIN VIDEO CLIP)

TOM BOSSERT, U.S. HOMELAND SECURITY ADVISER: This was a vulnerability exploit as a one part of a much larger tool that was put together by the

culpable parties, and not by the U.S. government. This was not a tool developed by the NSA to hold ransom data. This was a tool developed by

culpable parties, potentially criminals or for nation states that have put it together in such a way that so to deliver it with phishing emails, put

it into embedded documents and causing infection, encryption and locking.

(END VIDEO CLIP)

QUEST: This is the scenario you just heard the U.S. government. Brad Smith is Microsoft's president and chief legal officer. Brad, we have much

to talk about and we have some good time in which to talk about it. But, when you hear what the U.S. just said, what the White House just said,

bearing in mind, you've described it an equivalent scenario with conventional weapons would be the U.S. military having some of its tomahawk

missiles stolen. You go on to say, we need governments to consider the damage from hoarding these vulnerabilities. Do you accept that the U.S.

doesn't have a role in this?

BRAD SMITH, PRESIDENT & CHIEF LEGAL OFFICER, MICROSOFT: I think ultimately, we all do. This is a wake-up call to everybody. We at

Microsoft in the tech sector have a responsibility to work harder to address these problems, we need to act with shared responsibility with

customers. And, yes, we need governments to address these issues in new ways.

[16:05:00] It is not a single government. It's many governments. But the reality is, we pointed out, is more and more intelligence agencies are

creating cyber weapons. When they are stolen, they can be turned by hackers or criminal organizations, as it appears to have been the case

here, into weapons that attack other people in a way that was never intended.

QUEST: Right, but you make a very good point. It is much more difficult to steal a tomahawk missile because you've got to physically move tons of

metal and electronics, and you've got to fire the thing. Now, when you're dealing with software, as we discovered from Edward Snowden -- and I saw

the movie -- you only need someone to download the thing and walk out the back door with it in their back pocket. I'm simplifying, but that's the

gist of it. Isn't it?

SMITH: Well, I actually think you simplified in a way that makes the key point. Cyber weapons are all different, and yet they all need to be

protected when they are created. We do need new solutions in this space because otherwise, they can be stolen or they can be leaked. That's why

earlier this year we encouraged governments to come together. We said there needs to be new rules, there needs to be, as we put it, a new digital

Geneva convention. One of these rules should actually put new restraints on governments so that they're not hoarding these vulnerabilities, they're

not creating all of these exploits. And when they are, that they're keeping them secure.

QUEST: Do you think we have had a lucky escape here? I mean, you know, if we extrapolate, Brad, to what could have happened, and I think crucially --

because I suspect you have no doubt that there will be another one around the corner -- what might happen next time?

SMITH: I think it is too early to say that this episode is over. Oftentimes we see hackers then create new variations on what they first put

in motion. Ultimately though, I think you are hitting the right point. Let's learn from this before something even worse happens. And I think

that's where there is this opportunity for us in the tech sector to ask ourselves what more can we do. What can we do more with customers so they

are patching and updating their systems, and what more can we ask governments to do to protect against these problems.

QUEST: Right. We'll come back to government in a second. Let's talk about the customer. Your blog which -- let's face it. You wrote this blog

and it was very carefully written and you knew it was going to be a bombshell around the world, which is exactly what it is. But you also talk

about in a very detailed way the complexity and diversity of today's IT infrastructure and how updates can be a formidable challenge -- practical

challenge to many customers. I'm one of those customers, Brad. I am one of those customers. I delay your patches on windows 10 until the computer

finally does it, and then I lose my temper.

SMITH: Well, I might encourage you to act, Richard, before you lose your temper. The reality is, we can do a lot and we should ask ourselves if we

can do more. But the reality is we can't do everything. You do need to update your computer on and ongoing basis. We send you the patch when it's

ready. We work closely with customers that have more complicated IT systems. We want to find ways to make that easier and well. But at the

end of the day, the sooner people act to update their technology, the better off they're going to be because the criminals are now waiting for

you. They're going to take advantage of the delay if you wait.

QUEST: On the question of ransomware, we'll talk more about it later in the program. If, God forbid, humans get kidnapped we are urged not to pay

a ransom. But when the ransom is only 100 euros or $100 or 300 and you can your computer back, the argument for paying or be it morally repugnant has

a certain pragmatism to it, doesn't it.

SMITH: Well, I think it is right to be pragmatic. But I think that there are two other ways to be pragmatic. First, keep your systems updated and

patched so you don't fall victim to ransomware in the first place. Second, back up your computer so that you have some technical alternatives. In

each case if one falls victim to this kind of thing, you need to get some technical support. But if you backed up your computer, you may be able to

just go back to last night's version of what was on your hard disk.

QUEST: Finally, back to the government side of it. I mean the government is clearly going to -- they'll never admit that they created an exploit,

even though everybody does understand that the vulnerability is there. And they'll never admit that they allowed it to get into the wild. But -- you

live in the real world, Brad.

[16:10:00] You have no realistic expectation that Western governments, any more than Eastern or Russian governments, are going to give up cyber

weapons.

SMITH: I think in the real world what we've learned over decades, and even centuries, is that governments will develop new weapons. But we have also

learned that the world is a safer place when we have arms control treaties, when we get the public policy discussion out into the open, when we take

new steps to keep the world safer. And this is part of the conversation we need to begin to have. And as much as anything else in the blog I wrote,

it was a request that we start talking about new international steps that will bring to cyberspace some of the rules that have worked in the physical

world.

QUEST: Great to have you on the program. Thank you for taking time and joining us.

SMITH: Thank you.

QUEST: Thank you, Brad. That's certainly going to have people talking in the hours ahead.

But the spread of the ransomware slowed. IT departments worked throughout the weekend patching and updating and preparing PCs around the world when

they powered up on Monday. This of course should be familiar with the security research in the U.K. who accidentally slowed down the spread by

triggering a kill switch in the ransomware that he not only spotted but then registered. Hackers have released new versions of the worm. The

cyber security firms are now working to stamp out the warnings, the fixes came too late for some. Renault was forced to halt production in some

facilities. Other victims included FedEx, Nissan and railways in Germany and Russian. And indeed, in one particular case I saw, there's on

particular clinic in Lindon that's talking about those who need HIV and other medications, they can't dispense them because they can't get their

files. Clare Sebastian is tracing the outbreak. So, Clare, you just heard the president of Microsoft say it is not over until it is over. How much

is it over already?

CLARE SEBASTIAN, CNNMONEY CORRESPONDENT: Well, it's slowed. He was right, it is not over as the homeland security advisor said at the White House

earlier. The worm is still in the wild. And that is true, but we simply saw a significant slowdown in the infection rate. Many people had expected

that the opposite would happen on Monday morning when people turned up and switched on their computers at work. But it turns out that wasn't the

case. What seems to have happened, according to Europoll at least, is that people have been heeding the warnings that they have been downloading the

patch before they've been infected. It is not only about immunization, Richard, it is about collective immunity.

QUEST: Once you are infected with this one, there is still no way of unencrypting. Correct?

SEBASTIAN: No one has the decryption key, apart from we assume the perpetrators. That's what they're selling.

QUEST: Not necessarily. Well, of course they do. That's what they're selling.

SEBASTIAN: That's what they're selling, but we don't know of any instance where someone has paid the ransom and it has worked. We know that people

have paid it apparently $70,000-plus have been deposited in bitcoin accounts, that number according to the U.S. government. But we don't know

that that's been effective. We know around the world Europoll, the U.K. cyber agency, the U.S., the FBI, Homeland Security, independent cyber

security companies are all working to get the encryption key.

QUEST: Talking of cyber security companies, their stocks did well today.

SEBASTIAN: Extremely well. FireEye went up almost 8 percent, Symantec up more than 3 percent. I think this is a sign that investors are betting on

the fact people are going to take cyber security much more seriously and our going to heed the warnings they've been given.

QUEST: Finally, is it just a case of when's next? When the next one happens?

SEBASTIAN: Yes, I think so. Cyber security companies have been warning for a while that ransomware is the number one threat out there. We've seen

just how far and quickly it can spread.

QUEST: Thank you. We will continue tonight. The world's attention is back on North Korea. Its leaders beamed with pride after the country test

fired a new missile. The analysts are saying and warning, it's Pyongyang's most advanced rocket so far. It's QUEST MEANS BUSINESS, you're very

welcome.

[16:15:02] (COMMERCIAL BREAK)

QUEST: North Korea's latest missile was also its most successful one so far, according to them. Pyongyang claims the new Hwasong-12 missile is

capable of carrying a nuclear warhead and has the potential to reach major military bases in Guam if it is fired in a different trajectory. Now on

Sunday, the test missile reached an altitude of 2,000 kilometers and traveled nearly 800 kilometers. So that gives you an idea. But if you

take that as heading well towards Russia, U.S. officials say the missile hit the water around 100k from Vladivostok off eastern Russia, which will

certainly give the Russians some pause for thought. Obviously that distance is way over South Korea and Japan putting a much greater range.

The White House is calling for stronger sanctions against North Korea. Barbara Starr is at the Pentagon, joins me now. Barbara, when they looked

at this particular missile firing, was there an element of surprise, shock and real worry here?

BARBARA STARR, CNN PENTAGON CORRESPONDENT: I think yes to all of it, Richard. When is the last time you saw the North Koreans fire a missile

towards Russia? You know, starting with what we really don't know, is that really what they were aiming at or did this missile go wildly off course

coming within 60 miles of Vladivostok, of course, the strategic city, because it is the home port of Russia's pacific fleet. No indication

Russians made any effort to shoot it down. We don't even know if the Russians knew the missile was headed their way.

But something you said a minute ago is really sparking the most concern. It's the altitude and distance that this missile flew, especially the very

high altitude. It apparently went all the way through the earth's atmosphere, and then came back down. If the North Koreans were able to

maintain controlled flight of the missile, through all of that, that means they've made a huge leap forward, a huge technical advance that does put

them on the road to some kind of intercontinental ballistic missile, very long distance, that could someday potentially hit the U.S., Richard.

QUEST: This is fascinating, because the last missile, the nuclear test, was regarded as a dud by the U.S. and previous missiles recently. So, I

guess -- I guess the analysis is under way as to whether this was a lucky fluke or a true technological advancement.

STARR: I think that's right. And I think that's why they're trying to figure out, did it -- was it in controlled flight? Were the North Koreans

able to maintain control of this missile throughout its entire flight. But regardless, it is a success for them because the last two tests of this

type of missile basically exploded seconds off the launchpad, if not right at launch itself. I mean flying just for seconds or minutes. This one

flying perhaps as long as 30 minutes. So, it looks like they have achieved some sort of advance. The question is exactly what.

QUEST: Now, this is creating a huge difficulty for the White House. Not besides the obvious one, what do they do? The sanctions haven't worked.

There's not really many more. Donald Trump has talked about his relationship with President Xi Jinping has being crucial to all of this.

But to put it in the vernacular here, Barbara, if he's firing at Russia and he's within the ambit of the U.S. and China, the man's in danger of

annoying or pissing off all three.

STARR: Yes, pretty much. Huh? I mean what do you say? I mean especially because he fired this off while Vladimir Putin was in China with president

Xi at this big meeting in China. An embarrassment to the Chinese. An embarrassment to the Russians. And by the way, the Russians claim that the

U.S. is wrong, that it didn't come within 60 miles of their coastline, that it went hundreds of miles away. So, you would have to presume that U.S.

missile intelligence is bad in this case. A lot of embarrassment all the way around, and no clear answers because Kim, if nothing else, this proves

he doesn't appear to be paying attention to anybody.

QUEST: Barbara Starr at the Pentagon, thank you, Barbara.

STARR: Sure.

[16:20:00] QUEST: The missile test drew immediate reaction from world leaders. Vladimir Putin described North Korea's actions as

counterproductive, damaging, and dangerous. Meanwhile, the White House issued a statement saying North Korea has been a flagrant menace for too

long and Washington stands by North Korea's neighbors, Japan and South Korea. All of which meant the test overshadowed Xi Jinping's economic

forum. The missile was fired hours before the Chinese leader spoke at the event, and Beijing considered Pyongyang's closest ally. Or it creates a

huge problem for all three leaders that you see behind me. Richard Haass is with me now. The president of the Council on Foreign Relations and the

author of "A World in Disarray." Good to see you sir. Thank you for joining us. It's a really difficult situation with a really simple

question. What do you do?

RICHARD HAASS, PRESIDENT, COUNCIL ON FOREIGN RELATIONS: Well, you've really only got three options at this point. One is you learn to live with

it and the problem with that is who wants to live under the threat of a North Korean nuclear capability that can reach us? You use force against

it. The danger of is that is you kick off a second Korean war with all that that would entail. The third is you negotiate. And my guess is

people will try to negotiate. And I would say it's conceivable that could succeed. If -- and it's an enormous if -- the Chinese were to back it up

with the threat or reality of real sanctions, United States would have to show some real flexibility. We're not going to give North Korea to give up

their nuclear weapons but we could maybe get some kind of a freeze on the peninsula.

QUEST: Is it your understanding that now the Chinese are realizing the severity and the near catastrophic nature of this in terms of time and

distance, that they are more willing to put the pressure on Pyongyang, that they seemingly have been reluctant to do so far?

HAASS: Up to a point. I think they came away from their meeting in Mar-a- Lago when Xi Jinping visited Donald Trump. I do think they got the message that things are qualitatively different. By the way Richard, I think they

would've gotten the same message from Hillary Clinton had she been elected. But anyhow, the Chinese did go home understanding that, but you put your

finger on the real question. Are they prepared to use enough pressure to really make a difference? Historically they've been unwilling to. They've

been always been scared of ultimately destabilizing North Korea. So, the real question is what is China prepared to do? They're going to have to

live with the consequences either way. Their options aren't much better than ours. I'll be honest with you.

QUEST: Right, but as asked Barbara Starr, not sure if you were able to hear my question to Barbara, putting it in the vernacular, and being rather

crude, it takes real skill if you're going to piss off all three, Trump, Putin and President Xi. Because your missiles are now potentially within

reach of all three.

HAASS: Again, we try to be slightly more elegant here at the Council on Foreign Relations than you are. But the real question again is what are

they prepared to do about it? North Korea has quite a few cards it can play. Again, you remember that old line that the French used to use about

Germany, we like Germany so much, we're glad there are two of them? That's the Chinese view here. Yes, they like Korea so much, they want there to be

two of them. That is historically constrained the Chinese from using the pressure -- from using the leverage, rather, they say they don't have. But

you and I both know they do have. North Korea May just figure it can somehow get through this and create facts. They did it with their nuclear

weapons. That's one of the reasons I think they're rushing on all these missile tests. They want to create a new status quo and force people to

swallow it, even if they don't like it.

QUEST: I just wanted turn to the main story of the evening tonight that were talking about, cyber security. You may have -- probably didn't hear

the president of Microsoft talking about a new digital Geneva convention. Now when you've got cyber weapons being leaked, or at least allowed into

the wild, is this something that governments have yet to grasp the enormity of consequence?

HAASS: I'd simply say there's been an enormous gap between the technology and what the world's prepared to do. I think governments in some ways have

been guided more by their own narrow national concerns. So, the Russians or others really want to control the content of the internet, and so forth.

But I think if there was a good thing that came of the last few days, is that the Chinese, the Russians, the United States, the Europeans and

everybody has realized to some extent, they're in a similar boat, that everybody's vulnerable to people exploiting this new reality of the

internet, of digital connectivity.

[16:25:00] And unless they come up not simply with a new convention, rules of the road, but are prepared to do something about it. To police what

goes on within their own territory, to essentially protect or attack those who would violate those rules, they're all going to be extraordinarily

vulnerable.

QUEST: On that finally, do you see any potential for cyber weapons -- if we think about the number of weapons that have been absolutely banned,

you're really only talking about chemical weapons to some extent, post the first world war. Even that's a ban that's been in its breach rather in its

fruition. And nuclear weapons which are highly regulated to some extent. Where does cyber weapons, bearing in mind the consequences to a global

economy, where do they fit into that spectrum?

HAASS: It is awfully tough because we're going to want to use them at times to stop terrorists or stop proliferation. Non-state actors will

never agree to ban anything. So, I don't think you can ban them. The question is whether you can get governments to agree to only use them in

certain circumstances and to go after those who would use them more broadly. Total ban, no. But some rules of the road, that's still a real

possibility.

QUEST: Good to see you. Thank you for joining us. We really appreciate it.

HAASS: Thank you.

QUEST: We'll be able to talk in some detail on these issues. Thank you.

Now U.S. markets, the big mover in the markets was oil and the price that surged earlier. The Dow was up 85 points, and it was on the back of a

rising oil price which is up about 2 percent. The S&P, the NASDAQ closed at record highs. But we were just off the top, as you can see. The

energy, cyber security shares, the cyber security companies went higher. Brent and WTI were both higher as well. You see the Brent crude. They

were off the best of the day. But they have been up much higher during the session. Saudi Arabia, Russia vows to extend Brent output cuts. Prices

now are leveling out and you've seen them come off. Oil exporters will meet in Vienna next week and supply cuts have helped prices recover. CNN's

John Defterios has more from Abu Dhabi.

(BEGIN VIDEOTAPE)

JOHN DEFTERIOS, CNNMONEY EMERGING MARKETS EDITOR: It's a bold move when the number one and number two oil producers in the world trying to send a

message of unity to other oil players before a formal meeting in Vienna. And unusual in that they chose the Silk Road summit in China hosted by

president Xi Jinping in which to do so. Back in December, the Saudi oil minister, Khalid al-Falih and his Russian counterpart, Alexander Novak, led

the charge to get the first OPEC/non-OPEC agreement on record, and the market rallies to $56 a barrel. This is an effort to regain that price, if

not more.

Here's what they had to say in a joint release. "We've come to the conclusion that the agreement needs to be extended. The two ministers

agreed to do whatever it takes to achieve the desired goal of stabilizing the market."

This is a tricky game, however, because it means Saudi Arabia and Russia and the other members of the OPEC/non-OPEC agreement are having to respond

to recovery in U.S. production. The U.S. added nearly 1 million barrels a day in the last year and the oil rig count, a good barometer of new

activity, is up 17 weeks in a row. Keep in mind, Saudi Arabia wants to float about 5 percent of its state oil company in 2018. The higher the oil

price, the higher the valuation for their IPO. John Defterios, CNNMoney, Abu Dhabi.

(END VIDEOTAPE)

QUEST: To the markets in Europe, record highs for both the FTSE and the Dax. Take a look at the numbers The U.K.'s big gains for commodity

companies. Germany's Angela Merkel, the party won state elections in North Westphalia. And that of course, is also the region where her principal

opponent in the forthcoming federal elections -- Martin Schulz comes from. The fact that she trounced him there gave a political boost amongst the

financial stocks. They were the best performers. And of course, in France, President Macron has named his prime minister. It is Edouard

Philippe and the markets in France. And so, all three biggies in Europe were up. Zurich SMI was off just a fifth of a percent.

$300. That's the price for getting your files back from the hackers who have encrypted them. It is a promise, but the cyber authorities say it is

not a guarantee. And therefore, don't pay the ransom. We'll talk about it after the break.

[16:30:00] (COMMERCIAL BREAK)

QUEST: Hello, I'm Richard Quest. There's more QUEST MEANS BUSINESS in just a moment.

Mexico's economy secretary tells me he's ready for surprises in the NAFTA talks with Washington.

And United Airlines tells the world how to access its cockpits.

Russia's president's condemning North Korea's latest missile test calling it dangerous. He says he doesn't want the club of nuclear states to

expand. The remark apparently aimed at the U.S., Vladimir Putin warned against trying to intimidate Pyongyang. North Korea meanwhile announced it

will conduct missile tests anytime and anywhere.

The U.S. State Department has now leveled new intelligence -- unveiled new intelligence suggesting the Syrian government has built a large crematorium

near a notorious military prison in order to hide mass atrocities. One official says prison officials may be killing as many as 50 detainees every

day.

The global ransomware attack must be a wake-up call. Speaking on QUEST MEANS BUSINESS a few moments ago, Brad Smith says the U.S. must think about

the unintended consequences of their actions.

(BEGIN VIDEO CLIP)

BRAD SMITH, PRESIDENT, MICROSOFT: It is not a single government. It is many governments. But the reality is more and more intelligence agencies

are creating cyber weapons. When they are stolen, they can be turned by hackers or criminal organizations as it appears to have been the case here

into weapons that attack other people in a way that was never intended.

(END VIDEO CLIP)

QUEST: It is a busy first day in office for the newly inaugurated president of France, Emmanuel Macron. He and Angela Merkel agreed their

relationship is crucial to the EU. He nominated Edouard Philippe as France's new prime minister.

Allow me to bring you some breaking news here in New York. A private Learjet has crashed on approach to a regional airport just outside

Manhattan. The flight was from Philadelphia and it was headed to Teterboro just on the other side of the Hudson. The FAA says it crashed outside

Teterboro airport in new jersey an hour ago. It was a Learjet 35 and it crashed into a residential area. Local police have told CNN that the pilot

and co-pilot were killed in the crash. It is not known if any others were onboard the aircraft.

Europol has a simple message to those held to ransom by the cyber-attack -- don't pay the money. U.S. authorities say the hackers have collected less

than $70,000 so far. To prevent an attack, Europol suggests two back-ups, one on a disk and one in the cloud. Install security updates for your

operating system and software. Remove infected machines from the network. And trust no one. Literally. Any account can be compromised. Links and

attachments may not be from whom they appear to be. One company is track being the spread of the virus and he joins me now live. What is your

understanding of the current situation as it relates to this particular virus, sir?

VINCENT STECKLER, CEO, AVAST: Well, this particular one is winding down now. We've seen very few new infections over the last day or so. Since it

started, we've seen about 215,000 ourselves. We have about 40 percent of the world's consumer computers, but not so much on the busy. So, one could

imagine it infected about 1 million computers.

QUEST: That's a frightening number. It infected 1 million. Would you say that 1 million computers now have that encrypted screen that says you can't

get your material?

STECKLER: Yes, basically about a million -- excuse me. For the most part, they have been stopped. For example, the ones we tracked, none of our

users got infected because our software stopped this at day zero. Many other security products did not and it took some hours on Friday for them

to get updated. So, the actual number of infected would be substantially less than 1 million.

[16:35:00] QUEST: Right. Now, with this, you say don't pay the ransom. Correct?

STECKLER: Well, that's very easy to say when it is your data that's not been hijacked.

QUEST: Exactly.

STECKLER: Or a loved one is kidnapped. I think people and businesses have to make a decision on it. There is not a guarantee that if you pay it

you're going to get the data back. But there is a guarantee that if you don't pay it, you have lost that data basically forever. So, for many

folks, for example baby photos, family photos, personal data, it's going to be worth the $300. And businesses, the same way. If they don't have back-

ups. Easy advice to give if you're not infected.

QUEST: That's a really interesting point. Because the no ransom and all these other organizations, I mean it's a bit like the old warning, you

know, light your pipes in winter before you go away, turn the gas off if you're going away for Christmas. It's so easy to say, and yet it's only

when the leak happens or the gas is leaking and whatever that you really think, why didn't I do it.

STECKLER: Yes, that's true. That one here took advantage of a problem inside Microsoft Windows that Microsoft patched a couple months ago. And

around the world, about 15 percent of computers over the weekend still had that unpatched. But some places like Russia, it is far higher. And other

places like the U.S. it is far, far lower.

QUEST: So finally, related to this, is it your view that we got a lucky escape here, and it is only a question of time before some really serious

damage is done by one of these viruses?

STECKLER: Well, this was very lucky, because most viruses these days, if not all of them, require some user interaction. The user has to do

something, visit a website, open an email, open an attachment. This goes back to the old days where people could get basically attacked over the

internet without even knowing it. First time in many years something like this has happened. So are there other vulnerabilities out there that

various intelligence agents that might get leaked. That is what appears to have happened here.

QUEST: Thank you for joining us, sir, putting it into perspective.

Donald Trump once described NAFTA as the worst trade deal ever signed. In a moment, the key to renegotiating NAFTA. Mexico's economic minister gives

us his perspective about how far he's prepared to go in renegotiating the deal.

[16:40:00] (COMMERCIAL BREAK)

QUEST: Mexico's economy minister says he is ready to renegotiate NAFTA with the United States and Canada on one condition -- tariffs are off the

table. The minister's meeting the U.S. trade officials in Washington to prepare ahead of those talks. And I asked the economy minister whether

president Trump's threat to withdraw from NAFTA still exists.

(BEGIN VIDEOTAPE)

ILDEFONSO GUAJARDO VILLAREAL, MEXICAN ECONOMY MINISTER: Fortunately, I think that the understanding is quite clear. After the phone call of the

prime minister and the president of the U.S. and the Mexican president, it is clear that Canada and Mexico, we are ready to start negotiating NAFTA.

Fortunately for us, the new U.S. TR has been confirmed by the senate and that will definitely unlock the process to get the submission to start on

the negotiations. We have to wait for 90 days after consultations, but we hopefully believe that we can start negotiations by the end of august, the

latest.

QUEST: When those negotiations begin, how wide ranging is Mexico prepared for them to be?

VILLAREAL: We have been very clear in our position, which means once we are ready to launch negotiations, we have to clearly define objectives of

this process. It is just like in if NAFTA was a patient. You cannot put NAFTA on the operating table just to open up everything. You have to

really have clear objectives. We have to modernize NAFTA. We have to go into locking in the energy sectors in North America, to work together in

the best efficient way. You have to bring in new e-commerce, other elements like new technologies, like telecom. At the same time, we have to

be able to bring back strong productive process into North America to create jobs in North America. And definitely we have to look into new

areas that can be beneficial for the three countries.

QUEST: Nobody could disagree with a word of what you've just said, minister. But it doesn't go to the heart of what the U.S. or the U.S.

president wants, which is a rebalancing of economic, if you like, benefit of NAFTA that would reduce the U.S. deficit as it relates to Mexico. Now

that can only happen if there's a wholesale renegotiation towards that end.

VILLAREAL: If we want to rebalance trade in north America, the only way to do it is to try expansion, not to trade with trade management. So, if we

are willing to work together so if in supply chains, that could benefit trade. As long as this objective of rebalancing trade are not about

introducing tariffs or introducing borders, we're OK with talking about that.

QUEST: As I understand your position, minister, you won't be backward at coming forward to promote your alternatives if you have to.

VILLAREAL: Let me tell you, Richard, that from day one of president Pena Nieto's administration, we engage very optimistic policy towards

introducing operation to the world. We are right now negotiating with Brazil and Argentina to open new alternatives for food stuff in Mexico just

in case things don't go the way we want them to go. So, Mexico's integration to the world economy will not stay frozen while we discuss

NAFTA. We need to make sure that the goal to have a much more global Mexico is still going.

QUEST: Economy minister of Mexico.

Now China's wrapped up its trillion-dollar trade showcase. It is called a One Belt One Road Summit. It is designed to catapult China in the number

one spot for global trade. CNN's David McKenzie is in Beijing.

DAVID MCKENZIE, CNN CORRESPONDENT: Richard, the belt and road initiative is really Xi Jinping's signature plan. It involves up to $1 trillion in

investment in trade and infrastructure, stretching from China through to Central Asia and into Europe, both on road and rail routes, also maritime

routes to Africa and to the pacific. It is a massively ambitious plan. The plan of the century, the Chinese call it. But one query is whether

some of these investment and infrastructure projects will lead to while elephant projects. I put that question to the head of the Asian

Infrastructure and Investment Bank.

(BEGIN VIDEO CLIP) [16:45:00] JIN LIQUN, PRESIDENT, THE ASIAN INFRASTRUCTURE AND INVESTMENT BANK: the warning, I would say, is necessary because they were white

elephants. There were mistakes. But this time, to my knowledge, when a Chinese leader has proposed this, they would like to work or appear to all

of the countries working together. Not necessarily china will be role. It is very much more important that the resources which are put into those

projects must be producing tangible results for the people. Now the idea is not just to collect so much money, mobilize some resources. Another

concern is that these projects will increase the debt burden here in china. But the organizers say that this will be a cooperative plan that will

really look to increase trade to some of the least developed regions of the world.

(END VIDEO CLIP)

MCKENZIE: David McKenzie in Beijing.

QUEST: As we continue tonight on QUEST MEANS BUSINESS, cracking the code. Another slip-up at United Airlines. We'll discuss what happened and how

the company plans to patch it.

First, the latest in you are series, "INDIA, TWENTY UNDER FORTY."

(BEGIN VIDEOTAPE)

MASOOM MINAWALA MEHTA, CEO, STYLE FIESTA: No matter where I am, at work or with my friends or even hanging out with family, I see that everyone around

me is completely consumed by fashion and I love it. I'm 24 years old. I'm a fashion blogger and CEO of Style Fiesta. I launched my brand Style

Fiesta because I saw this massive glut in amazing international trends, especially in the access remarket in India. I saw that young women in our

country with always referring to the western side for inspiration. Everybody was following international bloggers. I was like, why don't we

have somebody in our country whose life could obviously be a little more relatable. You know? I just consider myself lucky to be one of the first

few to kick it off in India.

Style Fiesta has been very successful over the years. We started with only 30 products. At the moment, we are selling 10,000 products. We are also

exploring launching new categories. We're now manufacturing our own products in India. The most incredible part of working from India and

catering to India is that it is such a rapidly growing market. There's so much everywhere. We're finally accepting our Indian culture what it comes

to fashion. And it is lovely to just watch our heritage fashion. I think infused with a modern twist. I think it is very important to really accept

our culture and to keep engaging with it.

(END VIDEOTAPE)

[16:50:00] (COMMERCIAL BREAK)

QUEST: A new blunder for United Airlines. The carriers cockpit access codes was accidentally made public. Now other measures have been put in

place to ensure security. Rene Marsh is in Washington. Rene, when they announced this, they were fairly out front and quick about it to say about

this mistake. How did it happen?

RENE MARSH, CNN AVIATION CORRESPONDENT: Well, to be perfectly honest, Richard, they weren't that up front in the sense that it took quite some

time to get the information. We first learned about this from sources. We still don't know from the airline exactly how it happened. They haven't

said. And I spoke to a couple of the united airlines employees today and they don't even know exactly how it happened. There have been reports out

there, but again, there's no certainty. The airline is not confirming anything, so we don't know. What we're talking about is access codes.

That could be the code that you punch in on a keypad to gain access to the cockpit. But we are also talking about other procedures and protocols that

would allow flight crew to get into the cockpit, including special knocks, certain code words, and other procedures that they use.

QUEST: Every time this is raised, you'll remember from 370 and other stories, every time this is raised, viewers go ballistic that we are

revealing material that is secret and this, that and the other. But the reality is, not in terms of individual codes, but in terms of procedures

and locking mechanisms, there is a lot that's out there, isn't there.

MARSH: Yes. I mean this sort of information that got out of into the public as it relates to this United Airlines story is information that's

traditionally listed in their flight manuals. It's something that employees would know. If you're an ex-employee, you would still know this

information as well. But it's critical information, and I spoke with a couple of employees today who say this really highlights what a lot of the

pilots with united airlines have been saying for quite some time, which is they want to see even more procedures in place to protect the cockpit. We

know after 9/11, they fortified the cockpit door, but pilots say that's simply not enough because people can observe, according to these pilots,

and they can eventually learn what is the protocol to gain access to the cockpit. So, what a lot of pilots have called for is something called a

secondary barrier, and that argument is being renewed now in light of the information that united airlines procedures have been compromised.

QUEST: Rene Marsh in Washington, good to see you. Thank you.

MARSH: Good to see you.

QUEST: You can download our show. It is a podcast. It is available through all the main providers, including iTunes. You can listen to it

also at CNN.com/podcast.

As always, Twitter where you can find me is @RichardQuest. And the newsletter, CNNMoney.com/Quest. The newsletter arrives just about now. In

fact, it is arriving in your mail or email box now and it is before Europe opens.

A Profitable Moment happens after the break.

[16:55:00] (COMMERCIAL BREAK)

QUEST: Doesn't matter which phrase you use, the rabbit out of the hat, the dog's out of the gate, or whatever it is. The reality is, I WannaCry along

with eternal blue affected an altered hundreds of thousands of computers all over the world. I am as guilty as the next person when it comes to

actually updating the computer. I'll put off until the last possible second before the little thing spins around and my computer program or my

operating system updates. And even then, it will do it in the middle of the night and it won't work properly. As a result, those of us who are

negligent suffer the consequences.

But governments also play a role, and that's what we were talking about when we talked to Brad Smith. Governments have to seriously consider cyber

weaponry. There the government, the consumer and the i.t. itself. What we have learned in the last two or three days is the severity, the

importance, and the gravity when it all goes wrong. We have nobody to blame but other selves if we ignore the warning of WannaCry.

And that's QUEST MEANS BUSINESS for tonight. I'm Richard Quest in New York. Whatever you're up to in the hours ahead, I hope it is profitable.

We'll do it again tomorrow.

END