In today’s podcast we consider the difficulty of distinguishing nation-state hacks from criminal capers. It’s not always clear, and sometimes it’s a distinction without a difference. But in any case, many call for international norms of cyber conflict. Waterholes and catphish. Ben Yelin reviews President Obama’s security legacy. Steve Grobman from Intel Security on the challenges of changing course. RSA is at its midpoint; we offer some of what we’re hearing on the floor about false alarms, where to draw the perimeter, and concerns about the Internet-of-things.