Cyber and Artificial Intelligence and two days genius, that would be ben buchanan as our go two guy. Ive been the repeater at one of the schools. Im getting it but i have an analog brain and i thank him for his patients. He is a global fellow and he will discuss his latest book right now called the hacker and the state. Spoiler alert, theyve changed the world. How . He says Cyber Operations are now indelibly part of International Relations and the gap between the United States and other countries has narrowed considerably. From north koreas efforts to hack for cash a Million Dollars worth against the bank of bangladesh to be maligned activity for disinformation to the electric blackouts in ukraine, theres plenty to talk about. Hes a marshall scholar and received his phd from Kings College and he knows everything. Even more important for as a former member of congress, that would be me who try to ensure the Technical Intelligence collection tools were not cumbersome were legal and regularly reviewed by experts to prevent abuses for those who come here not doing enough about the subject and not knowing each other and the contribution hes made his chest colossal. A bigger analog are problems that are digital and at the Wilson Center is trying to change that. Here to moderate a conversation with him is courtney of nbc ne news. Correspondent covering National Security and the military and has spent a lot of time reporting on the intelligence into digital interest we are discussing today especially election interference. Did you know there is election interference and it means a lot to us that she would come here and do this and take a little time away from the endless conversation about our ongoing primary election. Courtney, thank you so much and over to you. Enjoy, everybody. Thank you. Hopefully we will all learn a bit buabout but i do have one tg and that is i got an early copy of this, so im one of the few that have the luxury of being able to read the fascinating read. Im lucky to have ben here to talk about it. Can you give us an overview of the pieces of the book . Too often we talk about hacking between agents as if it is identical like nuclear war, something that is often the distance from the cyber of pearl harbor, cyber 9 11. The pieces of the book is that is the wrong way to look at it. In fact between the nations it happens every single day. It isnt an area of activity but it is a daily one and it is part of the way in which its the modern era of statecraft to protect power so what i wanted to do is take the discussion that is very often academic and hypothetical, very theoretical and make it very real and say these are the stories of how they had one another and this is what it means for the International Systems of every chapter in the book is a different way in which they protect power from fiberoptic cables to placing encryption backdoors to hacking the banks to steal cash and blackouts and beyond. So basically you are looking at many people americans across the world seeing Cyber Attacks and Cyber Espionage for casualties, chaos that you are looking at the space between us, it is a gray matter o what happens betwn every single day. We will get into some of the specifics in the fascinating cases you tell in the buck. But how would you characterize what a cyber attack on the nations nation, how did that generally look to a . If you are waiting for a cyber attack in a plane is crashing in the city is burning, you missed the activities that matter the most and that actually happened. And what we do see between the nations is persistent pervasive espionage, the United States, china, russia, all of these nations use the capabilities as tools for espionage. In some circumstances we have seen blackouts caused by Russian Hackers and ukraine we are going to use these to interfere the adversarys election. Very little in false casualties. Usa today usa todays Cyber Attacks are more pervasive and potentially less disruptive than in the past . Its closer to Climate Change and it is to a forest fire. You also explain in th explan enddoublequote of the major reasons the nations hack one another is this endless struggle to dominate, domination over other countries and domination over the world. This is a study of whats happened in the last 20 or so years. If you look at russia as this case go back ten or 15 years they are an actor in contrast for the chinese. They would hide below the radar and what we have seen since then is a russia that has gone much more aggressive as well as which are capable. I mentioned the blackouts in ukraine and everyone here knows about the election interference in 2016 but theres other cases, too. Probably the most destructive cyber attack did Something Like 10 billion in damage around the world and that is the lowest estimate is perpetrated not only are they Getting Better but more aggressive. He. What do you believe russias goal was in that . Wasnt messaging the world but they had enough capability . If it were for the destructive measures they fell short of their role in. It leaves the question what were they trying to do. The first is the system kind of test refining the capability down the line and secon second e system signaled that this is bradshaw saying they ukraine or to the world we have this capability. What is remarkable about the 2016 blackout is the tool they deployed to carry out the attack is automated and more scalable and it seems to. This is now a kid ability in our arsenal we are not afraid to use it. Did that allow the United States or other nations the ability to put in some sort of a preventative measure. It showed how they were going to carry this out. One hopes when we see the hypothetical peter blackouts become real one hopes it is caused to up the defenses and certainly election Grid Security is something that gets a lot of attention in the United States. Its not all doom and gloom we are making progress on the electric security. It involved a large financial implication. Can you tell us a little bit about that case because their t cells in the book that ive never heard about it to an isolated distinction country on earth and one of the ways they aimed to fix thaaim to fix thate regime is to hack other banks and the most fans is that a bangladesh for that country where they aspired to steal upwards of a billion dollars the interact in the International Banking system and initiate transfers from the new york fed and what is a little bit funny the transfers were blocked and the only got 81 million to what i show in about as this is a much Broader Campaign that north korea had with less success. They had crypto currency exchanges and other very valuable crypto currency is and the operation hacked atms all over the world and withdrew the money. So the characteristic of the observations that continue to evolve and nowhere in the pink observations. When you talk about the operation you mean this is something that is state run sanctioned funded. Directed by the government. This is a priority to raise the currency and one way in which they do it. Another thing i was surprised that in that case is you wrote in the operators are risk tolerant. What can they do next. One hypothetical thing that has been raised as if they are comfortable deleting the transaction while interacting with the integrity of the Financial System to get cash, would they be comfortable deleting or manipulating the transaction law and the integrity of the Financial System in order to do damage. Damage. Any banker will tell you that these transaction records are at the core of our modern Financial System and at this point it is a hypotheticahypothetical worry ts that north korea might come back to the hacking not for the purpose of the regime but for the purpose to push back against the west. You also talked extensively about Cyber Espionage and there was one specific case again i found fascinating so illustrative of the cat and mouse game that exists in Cyber Espionage and it was a kid was a chinese group. Into the essentially in the early two thousands. Can you tell us how it started in a vault overtime fax it is a broad set of operations being the code name for this. What was striking about the candor is the reach that they were striking many targets around the United States. They have the Broad Network that was trying out these operations and the Internet Company that was selling the chinese there service so they could look at the billing records to confirm who was behind these activities and they got advanced information on the chinese operations to come and they use this to defend against the attacks and the chinese showed up and it shows the cat and mouse game. All of this was out of the public view and secret. There was a stretch of how many years between the time they were able to counterspy and how many years its unfolded for years. Its a much Broader Campaign so this is one in which the United States did very well and appears to have stopped the chinese activity but there were many others in which the activity went uninhabited. They gained the plans for the warplane and the chinese hackers pulled off reams of information about this claim. The information is so expensive they cant transport even digitally back to china so they just make a list of the names. There are thousands of pages and they take the names and say. To give the extensive reach. One thing i also found that t interesting in the example is the points the chinese used. Can you explain how that worked and how they were able to intercede or intervene. What is so fascinating about these operations is that its all cat and mouse. Its all about spy versus spy and one way in which they are carrying out his big attack computers an and the thirdparty countries and then they would hack the United States from those computers. Then they went upstream and made their way to the chinese networks. Its not just the chinese to do this. Its when they are carrying out the Cyber Espionage and the russians had an extensive thing they were doing for a period of time with satellite communicationcommunications ando africa because they thought western intelligence agencies might be looking so it is a constant game of trying to hide your hand to give more freedom of operation. Another thing that i found fascinating is not only is this an example of the offensive role and it paid off in the end. If you would indulge me for a second they were sloppy at times demonstrating the lack of discipline and Operational Security and they sometimes even walled in on their personal email accounts and check their stock portfolios and watched pornography. There are two reasons why someone would be sloppy in this business. The first is everyone has a boss and a budget. They want them to hit more targethave moretargets faster ae going to take shortcuts. The second is they get bored and lazy and the odds are exceptionally low. That shows the human side of the business. The chinese were also checking facebook. You also focus quite a bit on the shadow brokers. Tell us a little bit about that and what youve learned. The shadow brokers are probably the single biggest mystery in the world of Cyber Operations and every author has the one story that is as well. The shadow brokers are mine. I got pieces of the story, its a fascinating story but we dont know all the details. What we do know is at some point beginning in august of 2016, the nsa tools, incredibly powerful hacking tools started appearing and one of them are so powerful that they operated and told the Washington Post was like fishing with dynamite. We dont know where this came from and it came from the Mysterious Group on twitter and other platforms called the shadow brokers and it proceeded from about 11 months or so and continually posting and burning these tools and then stopped. There are theories about who did it and why. Many people guess that it was russian intelligence but this was the way of taking air rose and handing it to others but what is remarkable about this case that led to devastating Cyber Attacks. To attack the next year, won byn the North Koreans and one by the russians used with other capabilities. And one of these attacks was the most destructive fire attack in historcyber attack inhistory wif damage. And it seems to have its root at least at some level in an operation that even now to this day three or four years later we cannot condemn. We dont know who did it despite it being one of the week leaks. Was this just nothing more than a criminal enterprise . The shadow brokers talk all the time about how. One theory of the case is a former insider or contractor who decided that this is something they would do to try to get money and disappear. Its if the masquerade and an intelligence operation. Its remarkable that we still dont know. It opens up another interesting idea when it comes to hacking and Cyber Espionage. It cost 100 million from 2015 to 2019 but it produced only two unique leads and its based off of the report whether this was an inefficient use of money come ,significant amount of taxpayer dollars but we have quite a few congressional staffers. Is there enough oversight of the u. S. Government Cyber Espionage. For the programs even that was hard to oversee and that was entirely secret for long period of time so the challenge in overseeing the program is often just an understanding and the world of Cyber Operations is a tricky business. Whats significant in one place we should be asking questions and congress should be asking more questions is what happens with the change in the strategy that we have seen in the last couple of years. For the military purposes its been clear the last few years that it wants to be more aggressive they want to take the fight to the adversary but to keep the adversary from doing what they want to do and the question the scholars raised is that going to lead to escalation and these are all questions that were hard to answer in public but that the congress should be asking in classified settings where its appropriate to ask and answer them. You are someone that is provided with governance to members on the hill. Do you think at this point it is adequate or theres enough attention . Find someone that always wants more attention and informed oversight. Do you think it is a standard rule of practice that exists specifically with hacking that needs to be adhered to. They would agree to some sort of standard and have norms and other categories of warfare in the way we have seen technologies emerge in the past and try to counteract them. Im very skeptical of that and i think that this is an opportunity that serves the interest of al all nations are t preceded intereswerethat precedl nations to compete in cyberspa cyberspace. Those that outlined like the un have been very high level in a very general and i dont think they are constraining a public safety. You have some of the nations that conduct the most also on the west and iran, north korea, china and russia that dont seem to adhere to any kind of Ethical Practices were norms. Because of that or they Getting Better, have they surpassed the United States and their capabilities . The United States has the nicest rocks but we still live in a glassy house so when it comes to the intricate beautiful cyber offense the capabilities are truly extraordinary. I talk about the extraordinary intricate operation against the Iranian Nuclear program, but just because we can do that doesnt mean that we should defend very well. We have the adversaries that have not been shy at all probably a better example of that know better than the recent indictment from the department of justice when they basically because they could probably almost everyone here. They are not getting government protection. They are not defending chinese adequately but it is information about Many Americans into the chinese are happy to say we will take that and that is the glasshouse helme how much of th. At what point do these attacks talking about something more of the gray areas are not destructive or mass chaos in the streets at what point do these attacks begin actual cyber war. Whatever we thought the point was because pushing it back. The russians carry out an Espionage Campaign called moonlight maze against Unclassified Networks in the United States, Unclassified Networks. They didnt go to wa war but thy got ready for pushback it must be something along the billion dollars of damage. Its at least closer to the peace side and one of the biggest policy questions is where is the line and what is the cost we are going to bear and thus far in the administration on both parties theyve been willing to say whats with this competition play out and keep this short of war. Is this something they need to try to provide guidance . Im not sure that i know the answer i just want to know the strategy and its something that the hill and others can say what is the strategy or where is the line, what is the plan for reducing or mitigating the threat from v. Actors like china and russia and i do think there are some overhanging deterrents where no one is going to kill people in the United States with cyber attack and not expect response. We just want to make sure you are drawing that line on the first place. What about attribution . As the u. S. Gotten better at attribution, and at what point does that without some sort of smoking gun how can there be the kinetic response unless the u. S. Put forward. Can we figure out who did it. The thinking here is we wont know where the cyber attack comes from. It talks about the 400pound hacker in the basement that anyone could do this. What is striking is i think the complexity. For the nation like the United States, take the half of example north korea hacked sony in 2014 and the infrastructure according to one estimate gets these emails by Angelina Jolie and the question immediately emerges who did this. We dont know that it wasnt north korea. It emerges with time that the way the United States know with certainty it was in fact north korea was in the north korean networks and this leads to the New York Times i think that this is emblematic of how the nations to attribution making. It isnt just forensic evidence. That comes back to the cat and mouse game that happens every single day. Iits at least been probably covered after the fact end up like so much else in cyberspace it gets into this messy tangle of competition one more time. Is talks about the sources and methods which is why some folks said that as a incredible you havent provided evidence. What you see the u. S. Is Getting Better at determining the attribution and a stronger more appropriate way for what the u. S. Is doing . The United States does its best but its the case of the nations that appear to have counterintelligence success and again go back to if that was a russian operation which is a big if then thats an extraordinary counterintelligence that reveals tremendous access to the files and great insight as to how they went about. I want to touch a little bit on the Election Security because yothey had a story in the book about june of 1940 and i think the audience would be surprised who was interfering in june of 1940. I didnt know the story until i wrote the book. The answer is striking so go back to 1940 its a ten period in history world war ii has begun. The United States is not yet in it and britain is fighting a tough battle with germany and has a priority which is to get Franklin Roosevelt reelected running for his third term. Suddenly out of the blue comes the poll with a former democrat leading into this didnt exist. It was fabricated and was one part of the extensive campaign. To get isolation out of congress and they carry out the campaign in 1940 with the president ial election and what it shows is interference is not new. What is striking is how the packing operations can supercharge with this craft interfering in the elections and like we saw can supercharge and that is what i like so much about studying this stuff you can gain much more appreciation for its richness. You talk about the advances made. What do you see as being the biggest threat and is there any way the u. S. Can do anything about the disinformation or the potential hacking . They have two purposes. First is to pick the winner and second is ththe second is the lt they lost. They can change their mind or change votes in the campaign or try to cause chaos and get the winner to think they won but the loser to also think they won. And you can imagine that would present a lot of complexity in 2020 and i worry about operations that might happen for the legitimacy of the vote even if it is legitimate its perceived as legitimate that interferes in the peaceful transfer of power that is essential to democracy. Russia has shown the intent to show chaos over militarily cyber elections. What about the others like china, what do you think is the biggest threat for how they can turn to election and the ultimate voters will do . Going back to the early days china doesnt have that record they may have the capability its not just from russia that from around the world. Can the u. S. Do anything that will absolutely stop the foreign interference . It is a cat and mouse game once more to improve election integrity. Everyone should vote on the paper ballot. After the fact we should do the risk limiting audit that is a method to ensure the votes were counted properly and that goes beyond just the account. There is tremendous variety in the procedures statebystate and i also think its important for the government to come out and say we treat them as Critical Infrastructure as a core function of democracy and if you interfere we will respond. Whats striking is how few consequences they suffered for it. We have a couple more minutes before you get the chance to ask some questions. I have to ask who do you think nationwide is the best i will use the word best or the most effective most dangerous . The the most dangerous are the Russian Hackers but the United States and china are very good as well. Turning off the power launching these Cyber Attacks with billions of dollars of damage interfering and largely suffering various consequences and i think it is a recipe for the nation that is thing to continue to use its impressive capabilities and emboldened and empowered way and for someone in the United States. You talked a bit about the shadow workers but what is the one case in the book that they found the most fascinating and surprising. Its remarkable because the mystery aspect because the tradecraft evolves from the espionage and basis to the new terrain of hacking and leaking not for publicity or Information Purposes to have a tangible effect on the other side. And its because weve seen other groups pop up like them and theres one on twitter no one has ever really heard of them and no one has no idea where they are coming from but they are posting it getting attributions. We have seen the iranian material capabilities over the last year and a half or so and it seems like they in addition to being a great mystery on their own might be the vanguard of this new test of essentially counterintelligence of the public sphere and that is something that is simply extraordinary. Do you think they will reemerge . They did last time and the august of 2020. It would certainly be striking and deepe deepened the mystery y come back. How do they look at the shadow brokers . Theres been so little discussion to say the office of management stealing 20 million security clearance finals the shadow brokers it is just so rarely discussed but as everyone has a favorite chapter that is the one and even years later we dont know what the community knows. I want to take a couple questions from the audience. I am a member of the Wilson Center national cabinet. Great conversation. My impression is the function of physical assets and intellectual capital. If you were to do a heat map of the world and rank the intellectual capital function of the power country by country both in terms of current intellectual capital and talent in the pipeline what would those rankings look like and from a ia policy perspective, should the u. S. Be doing more for better talent. Its used in code breaking. China is up there on a per capita basis and has an incredibly ingenious hackers and how they are carried out, so those three are probably caughtd up by the rest but we shouldnt sleep on the operations. Theyve demonstrated for a long time that they can play this game. Theyve done a great job being able to punch well above their weight so those are the top five in that order. From the International Studies thanks for the conversation its a great discussion and i look forward to reading it. Im very interested in what you mentioned about Election Security in the vein of the security im interested in the resilience measures that we can take from the United States government perspective to sort of come away with the approach in terms of responding to the Cyber Attacks and thinking along the lines of digital so just wondering your thoughts on that. It is a really hard question. Can we educate people to spot more information and that is probably part of the problem but i also wonder what can the platforms like facebook and twitter do about this and the former chief Security Officer is great on this issue is very fond of saying freedom of speech equals freedom of reach which is to say you might have the right in the United States as an american to Say Something is not true but it doesnt mean facebook needs to amplify it and i think the context in which. Its hard to educate in seven months but i do wonder if there are things platforms can do to try to manage the content that goes viral it is worth saying from the platform perspective that it is a tricky bill to go down. But how they are managing all of that is something that is complex. This is a business where there are no easy answers. I noticed the second footnote where you introduce the shadow brokers that you refer to and now we can still find them in the internet archives. There is one of many methods youve been using to get to some of the information that seems theyll classify and i wondered if you could speak a little bit to some of the variety of methods you use perhaps as your biggest mystery to rely on some tools. This is the greatest thing you get questions about the footnote and its impressive. They are hypothetical or theoretical and i wanted to tell the stories of the cases that have been so how do you find those cases. First is theres an incredibly robust private sector that studies the venetians do every single day in cyberspace because they defend the target can have a great visibility that otherwise would be completely out of view. But its based on these analyses with highly credible analysts from the Intelligence Community and now in the private sector tracking china and russia and the United States as they go about their business. The second force is Computer Science literature. We didnt talk a lot about it, but there are two chapters in the book on encryption and spy versus spy. They are very accessible, but they are fascinating in how it becomes a frontier for the competition between nations and the Computer Science literature which is technical reveals and hopes me sort through what has happened. The third source are the governing documents and some of these documents are actively promulgated by the United States government and they show extraordinary light on how they go about their business. Some of them are leaked and i will never fight anything they dont already know. It points to something that is publicly available online, often little notice but you can be assured they have seen it and they tell a story about what happens in cyberspace bu cybersn the nations thabut in thenation. At the woodrow Wilson Center, we just came out of a cold war where there was a serious deterrence that worked on the ground. Is there any development of deterrence in this new warfare and should the u. S. Become more aggressive to stop the attack on the United States . Beyond the claim im skeptical of deterrence and one of the themes of the book that comes through in almost every chapter is that so many policymakers and scholars conceptualized the Cyber Operations as operations for signaling purpose just like in the cold war for coercion or deterrence simply changing how the other side plays its hand. But i argue is at least it can be observed in practice and are better for shaving. As for changing hofor changing e plays its hand is stacking the deck. Beyond some high threshold killing a lot of people where we respond with a military strike i think we overrate the feasibility of this domain and we underrated how useful it is a statewide competition. So the u. S. You think is doing too much for signaling. I would have said that two or three years ago. After i started writing the book they changed the strategy and was aggressive. It was a happy coincidence we got to the same place and the heavy strategy now they call the system engagement and we are not going to worry about this broad deterrent strategy. Just take credit but it was your idea. The National Security archive. News from this field breaks an incredibly quickly from the moment you submitted the draft until today, but stories have broken that you wishe wish you d re opened the book and why . I wrote a good description. The department comes up with the official version that is always a good thing in journalism and scholarship that i would have had a little more color and it would have been a few paragraphs more if they had given an advanced copy which they did not do so that is one case where i was glad to identify but i think we could have had more details and the book oin the book of thf justice had acted earlier. It was kind of a debate in the military affairs im not sure if you can speak to that. It is a revolution of the tactics as iv as ive said then extraordinary history. My colleague is writing a great book on the history of the russian active measures and their influence campaign of disinformation so what they did to its supercharged it and they married their propaganda and hackers in a powerful obligation and that is the shape of things to come. Maybe your thesis can answer it but maybe it is taking the idea making it more powerful and more dangerous for democracy like ours. And there dont seem to be repercussions. They say we will take these very seriously the Obama Administration did what it could. It didnt have much time from leaving office. He kicked a 35 agents out of the country and closed the consulates, so he tried to impose a cost and then in the eight or so weeks that he had that have been continued and i think it is something we should go back to. State department fellow with the carlyle group. One is psychological operations that are being used to impact and influence and ive asked anr it is election related that push people away from psion. Is that from a definition standpoint do you consider that hacking or are they using means that have been developed here in the u. S. That are accessible to everybody to essentially perpetrate or put forward ideas that are then being shared by americans and others around the world so thats the first kind of if you can clarify that so that we understand what we are talking about in terms of if it is defined as hacking. The second is to bring the conversation a little bit if as we are anticipating to set the Technology Standard as we move forward to the next generation how will that impact the ability and others to use the hardware infrastructure to get to what you have been studying and assessing and writing about in terms of information and also includes . I wouldnt consider what you said in the first question as hacking that a Cyber Operations of the terms are not quite synonymous. Its taking the code and placing it on the computer and Cyber Operations the business of competing in cyberspace, so it might include for example fiberoptic cables. I would consider what you described as a Cyber Operations certainly disinformation is well within the scope of what i studied and wrote about. Its most effective when you can identify the crack in the society that exists and then drive the wedge into the crack and its identified as these points of debate to try to widen them to make both sides feel like the truth doesnt matter, science doesnt matter we are all divided here and that serves the interest very well so we see that in the disinformation that you mentioned and probably not just from russia abou that othen the coronavirus as well. On the second piece, one of the things we didnt talk about is the role of Telecom Intelligence and how this is an advantage for many nations that can work with their industry to get access to the information that flows through it, certainly the United States does this. It seems to me that one of the risks is that china as you suggested to do that also so i would certainly i think the concerns are founded in do we want to but an adversary or potential anniversary have access to the networks. You would think it is an easy solution but certainly not the entire solution. There are much more complex questions about supply chains. Maybe it gets to the point we realize everything is compromised. If we go over it long enough the fact is its a hall of mirrors with a level of deception seems kind of true. So, that is worrying in and of itself but as a policy matter we are right to be concerned. It seems the u. S. Is getting more on an island and some of the European Partners to get on board. You see this concern for the security. The last 20 years studying Cyber Operations is every nation will use a free tool available to it for cyberspace and it seems this is an opportunity that we would expect the chinese to try to use. You talk about the coordination. I was also surprised how much at t helped the United States. Could china make the reverse argument if they are able to build an infrastructure architecture that they could make as pervasive, couldnt they make the same argument that that provides the americans the ability . I think it certainly would and that is the cat and mouse game. This is not a business where trust is a wise idea. Its where you probably shouldnt trust and you should definitely verify. Im width of the association for diplomatic studies and training. You have not much mentioned iran and my question is what about they are great at selling stuff and north korea also hires out to the nationstate actors and people that have the expertise for sale. How does that impact . This is a remarkable trend. I think they got on the cyber seecyberseen before and a lot ot was available so they hold and a lot of the capability that to say a lot of nations look around the world and say we need to compete in cyberspace as well. How can we get up to speed quickly and the groups they turned to that higher out expertise and you can go down the list of nations that have worked with companies to essentially level out the capabilities and have used those capabilities. What is remarkable is to use them not just to protect power against adversaries, but to repress at home that they see the capability as a tool with maintaining control over the population coupled with traditional policing and the like. If you want to add a chapter about cybersecurity and operations in domestic politics that would be the chapter use these tools. The hostess was correct you are a genius on this. Its a way that we can understand and enjoy and learn more. Thank you for being here at anothers copies oinvite othersk available for sale. [applause] congressman from the ninth congressional district, what are you reading . Right now im reading for whom the bell