Cspan2. Good morning everyone. More people are expected to arrive i saw Michael Lawler in the back. So the Wilson Center the best supporter on the planet and giving a name tag. So i am jane harman president and ceo of the wilsonan center it is the best job onob the planet because i get to talk to geniuses every single day. One of them i will call around you may not know her but she run Science TechnologyInnovation Program and is responsible and then to teach capitol hill staff about cyberand Artificial Intelligence and then been gbuchanan and the go to guy and and i think i have been the repeater of alll time. And i thank him for his patients. A global fellow and will discuss the latest book right now but spoiler alert hackers change the world. How . But those are at those relations in the gap between the United States and other countries has narrowedas considerably. Narrowed considerably. In 1 million worth against the bank of bangladesh and that disinformation to the blackouts in ukraine there is plenty to talk about. Understanding how cybertools are used and abused is the specialty with that analog brain a scholar to receive the phd from Kings College and knows everything even more important arity said this as a former member of congress to try to ensure the technical tools were not cumbersome and then to be reviewed by experts know that kind of teaching he is doing with all the stuffers and not to know the subject or each other. And that politicians are analog but they are digital and the Wilson Center is trying to change that. And within the genius courtney is a correspondent covering National Security and the military and has spent a lot of time reporting in the intelligence and digitalof issues we are expressing today especially election interferenc interference. Did you know theres election interference . It means a lot to us to do this and take some time away from the endless conversation with the ongoinggo primary election thank you so much. So one little thing and probably one of the few people that have the luxury that is a fascinating read in and to have been here to tell us more aboutnd it. If you have not had a chance to read it what is the basic overview of what is the thesis of the book . Too often we talk about hacking as a hypothetical like a nuclear war. Off in the distance, the cyberpearl harbor or 9 11. And hacking between nations every single day and thats part of the ways in which nations compete in the modern era in the project power. So to take the discussion thats academic and hypothetical and theoretical make a very real that these are the stories of how why they tackle one another and whatav it means so every chapter in the book that they project power inio cyberspace. And then hacking banks to steal cash but i want to say what really happens every day. And then to cyberespionage with masss casualties and chaos but for the space all between the gray i matter in what happens everyer single day as we will get into specific and fascinating cases but how did you characterize a cyberattack on the nation how did that general look today . You are waiting for a cyberattack with planes crashing and cities burning you miss what happeneded the most and with that persistent pervasive espionage and with those capabilities in some circumstances to blackouts with Russian Hackers and ukraine we also see the destabilization operation with that primary example of this to say we will use hacking tools for the election and those categories activity or espionage attack in the most everything we see fits into one of those buckets but almost all of that its important. So today they are more pervasive but less destructive . And that insidious harm and may be the Climate Change and that insidious harm and may be the Climate Change one of the major reasons nations hack one another is an and the struggle to dominate for domination over other countries and the world. Do you still believe that is true . Is hacking becoming harder to prevent that in the past . Not only as a harder to prevent been nations are getting i more aggressive. So what we see is that they are Getting Better and if you go back ten or 15 years russia is doing a very stealthy actor in cyberspace with the smash and grab burglars it would be methodical and slow will be seen since then to be much smore aggressive and the two blackouts and ukraine everybody here knows about i the election but there are other cases also so probably the most destructive cyberattack in history did Something Like 10 million of damage around the world and thats also perpetrated by russia there also getting more aggressive. So twice and with 20152016 what do you believe russias goal was was at messaging and then to have that capability. So what is remark about 2015 and 2016 the most publicly known back blackouts from cyberattack is that it appears they do less damage than they could and to hold Something Back which leaves the question what were they trying to do . What were they trying to do and there are two possibilities but the first that there is some kind of test to the capability for use down the line on the second that this is russia saying to ukraine or to the world we have this capability that to cause a blackout with a cyberattack we can do that and whats remarkable about the 2016 blackout the tool that they deployed to carry out the attack was automated and more scalable and it seems could erwork against with those modifications and that to the ukrainians and to the americans this is a capability in the arsenal. Specifically than 2016 to heat allow the other western nations and allies to been some sort of a preventative measure. It tipped their hand so can they develop the different capability can they prove it is so when you see a hypothetical and then caused the up the defenses that Grid Security to get attention and then to makeg progress. And then with a large and then can you tell us about that case there are details i never heard about expect that ambition with north koreas. And with that most isolated station country and then to fix that and then for those to hack other banks of the most famous hack is against the bank oft bangladesh where they aspired to steal upwards of 1 billion. They got access to the banks taccount and then to initiate transfers from the new york fed to the accounts north koreans controlled. So some of the were blocked and he only got 81 million 1 billion. And that the north koreans made. It shows the ambitions of north korea and that discussion and what i show in the book is a much Broader Campaign their currency exchanges with that coin and they also have hacked atms. And then to withdraw the money in a decentralized way. And nowhere is that more true than the baking operations and with the north korean government and to raise currency with the bank of malaysia that the north korea operators and that regime that sndoesnt care and what could they do next in the hacking world cracks in one hypothetical to delete transaction laws and to delete or manipulate transactions in order to do damage and that these transaction records and one worry and at this point a worry that they may come back for the purpose to punch back of from the west. What i found fascinating is the cat and mouse game t that exist because of cyberespionagele the byzantine is the chinese nsa codename for the hacking group. It was a spearfishing campaign so tell us about how that started and evolved over time. This was part of a broader set of trained operations. And their reach to strike many targets across the United States defense establishment and spearfishing to get access and then pulling information back. And what is striking is what the nsa did with a single Intelligence Agency and they hack the hacker so to figure out for those operatives are part of the Liberation Army ware hacking and that Broader Network and to hack the Internet Company to look at the billing records to confirm behind these activities to get advanced information with those chinese operations to come and to be ready against when the chinese show up. And the cat and mouse game is a daily competition with a public view and all of this is secret. And that is endemic to how nations operate. And there is a stretch but this is one battle in the bigger war and then to stop the chinese activity and tell the story and the Chinese Campaign against military aviation in the United States and then to be built in us and the chinese hackers pull out reams of information and it is so extensive they can even go back to china so they make list of the filenames and then to say if we could pull back which ones are important . Just to get a sense of the extent of the reach so can you explain how that works and how the nsa could intercede . What so fascinating is all about spy versus spy in the way the chinese were carrying out this deception that they would Hack Computers with the thirdparty countries and hack from those computers and what they have to do and where they hack back they had to hack these third party and had no idea and then they went up stream to make their way to the Chinese Networks every nation takeses precaution when was cyberespionage and the russians have extensive thing they were having for a period of time and then being that down because western intelligence agencies might not be working but they were so it is a constant game of trying to hide. It all sounds very nfascinating. And then it paid off in the end it was successful. And with the pla and if you would just indulge me for a a second and in this case the chinese hackers were sloppy at times with a lack of discipline and Operational Security and to be logged in on the personal email account and then watch pornography. All true. There are two reasons somebody would be sloppy. The first is everyone has a bos boss. You can imagine the chinese shacker they will be sloppy and take shortcuts and the second is they get bored and lazy and those odds are why not or other activities. And that shows the human side of this business we think of hackers with a person in the 30 behind the keyboard but the chinese were also checking facebook. [laughter] you talk about the shadow brokers so tell us about them and what you learned probably the single biggest mystery in cyberoperations and every author has their one but the one story every journalist has a and the shadow brokers are mine. I got pieces it is a fascinating story but we dont know all the details. What we do know at some point in 2016 at the incredibly powerful hacking tools. And then it was like fishing with dynamite. We dont know where it came from just a Mysterious Group on twitter and other platforms call the shadow brokers and they proceeded for about 11 months continually posting and burning and then it stopped and there are theories about who did it and why they did it and then to hand it to others. And so with those two attacks the next year one by north korea one by the russians used along withth other than that was the most distractive cyberattack in history with damage and it seems to have its roots at some level so that even now to this day they cannot condemn despite of those most significant i ones ever. Was is nothing more than a criminal enterprise . The shadow broker stock all the time and how they would stop the one theory of the case and a former contractor has decided this is what they would do to get money and then disappear. A produced only two unique needs, and this is based off of an ig report that questioned whether it was an efficient use of money and taxpayer dollars. We have quite a few staffers, surrogates to a large issue of policy and oversight. Is there enough oversight to a u. S. Government Cyber Espionage . This is an activity that is incredibly complex. Its actually one of the simpler collection programs and even that was hard to oversee so the biggest challenge in overseeing the program is often an understanding and the world of Cyber Operations is a tricky business. What is significant is what happens with the change in the strategy that we have seen the last couple of years. The arm that carries out the operations from the military purposes has been very clear over the pastac few years that t wants to be more aggressive, take the fight to the adversary and be less shy about pushing backju a. A. Is it going to work these are all questions hard to answer and question to the public that they should be asking in classified settings where its more appropriate to ask andd answer them. I am someone that always wants more oversight, so sign me up for more of that and how adept it is given how complex some of these programs are and how complex some of the jurisdiction is and what makes it an intelligence activity overseen versus an Armed Services activity overseen by the Armed Service committee. We actually worked that out but it was a discussion of who oversees what. Do you think there needs to be some sort of a standard rule of practice that exists. What needs to be adhered to the policy on this that sgoverns the activity they are classified, so it is hard to know. The broad question that is more pessimistic if can we get other nations to agree. Can we have norms here are the way we have in other categories of the warfare and the way weve seen the technologies in the past and then we build the norms to try to counteract them. Im skeptical and i think that this is an opportunity where it serves the interest of all nations to compete in cyberspace and the norms that have been outlined by the un have been very high level and general and i dont think they are constraining them out of the state behavior. Some of the nations that do the most conducted tasks on iran, china, russia that dont adhere to these practices or norms. Because of bad are they Getting Better, have they surpassed the United States in theirss capability . T the phrase you hear a lot the United States has the nicest rocks that we live in a very glasshouse so when it comes to intricate beautiful cyber offense the american capabilities are truly extraordinary talking about the intricate operations against the program but just because we can do that doesnt mean we can defend very well and weve got this vulnerability that our adversaries havent been exploiting. This is the case in which most dont know these Companies Access to a this is more of a military side but at what point do these attacks if we are talking about something in the gray area at what point are they beginning of the actual cyber war in connecticut for. I think what is remarkable is where we thought the point was we kept pushing it back to 1999 the russians carry out an spl launch campaign against Unclassified Networks in the United States this is what the cyber war was at the time. Whether it is doing a billion dollars in damage. Whether it is election interference and time and time again we kept redefining this. What costs are we willing to bear t to an act of punishment d thus far the administrations of both parties have beenes willing to say lets let the competition play out. Is this something that hell needs to get more involved in to provide guidance . Im not sure that i know the answer, but it is something that others can say what is the strategy or where is the line where the plan for reducing or mitigating the threat from the actors with china and russia. I do think there is an overhanging of deterrence where no one is going to kill people with the United States cyber attack. We just want to make sure we are drawing the line in the same place. Without attribution. Has the u. S. Gotten better and at what point without some sort of smoking gun, how can there be a kinetic response unless potentially they show how they were able to determine it. This is one of the biggest questions in cyberspace, can we figure out who did it. And i think the conventional wisdom for a long time is unlike the cold war, it was impossible. If the unite United States souga thousand Nuclear Missiles they knew where they were coming from. The thinking here is we wont know where the cyber attack comes from. We make it seem harder than it actually is. According to one estimate they get these emails about Angelina Jolie and the question immediately emerges who did this and they said it was north korea and some in the industry say it wasnt. We dont know, but it wasnt north korea. It emerges with time at the way the United States new it was in fact korea but they were in the north korean networks and koread eventually this leaked to the New York Times that i think it is emblematic of how thehe natis do these cases its not just forensic evidence detective work. Its also hacking the adversaries to watch what they are doing but that comes back to the broad theme this cat and mouse. Some folks said it is incredible. You havent proven the evidence. When you say the u. S. Is Getting Better at determining the attribution and a stronger and more concrete way and are there other nations as well. It certainly is the case of others that appear to have this against theha u. S. If that was a russian observation then that was an extraordinary counterintelligence success that we feel tremendous access. I want to touch a little bit on Election Security because you have a story in the book about june of 1940 coming and i think the audience would be surprised who was interfering in june of 1940. I didnt know the story on delay wrote the book. The answer is britain, and its striking. Go back to 1940. Its a tense period in history world war ii has begun. The United States is not yet in it and they are fighting a tough battle and britain has a priority to get Franklin Roosevelt elected. Hes running for the third term and they worry he will not win the election so they try to cainfluence the nominee against him. The convention have no primary iprimariesyet and in the chaos o determine who the nominee will be and out of the blue comes the pollpolls saying a say and a mad Wendell Wilkie was leading and would be the favorite republican choice. And this was fabricated by british intelligence, and it was the beginning or one part of an extensive campaignar to first te former democrat, pro war republican at the time. The republican nominee. And to make roosevelt defeated in the fall and then to get isolationist republicans voted out of congress then the campaigns of 42 and 44 and what it shows is interference is not new. The united dates has done it. What is new and what is striking is how these operations can supercharge the tactic. Theyve got this old craft interfering and the observation can supercharge andnd that is wt is particularly striking and what i like so much about studying this stuff. You can place it into Historical Context and gain an appreciation for its richness. You talk about 2014 to 2015. What do you see as being the biggest threat for 2020 and is therthere any way the u. S. Can o anything about stopping this disinformation or potential hacking . First is to pick the winner and second is the loser that theyve lost. The election interference can be either one. It can try to change the voters mind. They can try to change the votes. Or it can try to cause chaos and try to get the winner to think that theyve won and the loser y think that theyve won. And you can imagine that was thd present a lot of complexity in 2020, and i worry about the operations that might happen even if the vote is legitimate. Its so essential to a democracy. Russia has a sean much of it intend. We just dont have the track record that weve had with russia. With russia but history tells us the interference of collective measures is something that theyve done for decades going back to the early days of the kgb intelligence service. China doesnt have that track record. They may have the motivation and capability. What is hard is a standing meet the financial standpoint is to know what they will do in 2020, and i think that should cause the policymakers to take a step back and say what could wese fid out in these capabilities between now and the fall to get ready not just from russia that around the world. And can the u. S. Do anything that wouldth absolutely stop the foreign interference backs its the cat and mouse game once more so for example, everyone should vote on that paper ballot. You need that paper trail for after the fact of the voters intent. Many states have this, but not all. After the fact we should give a risk limiting audits which is a method to ensure the tremendous variety in the audit procedures statebystate, and i also think that its important for the government, and this is where they can come out to sea we treat elections as Critical Infrastructure as the core function of democracy and if you interfere as it is crossing the red wine and we will respond. What is striking about what they rd is how few consequences they suffered for it. We have a couple more minutes before you will get the chance to ask some questions. If you think of some Great Questions before we do, i just have to ask you who do you think is the best or most effective hacker . The United States and china are very good as well. It is aggression and risk tolerance turning out the power and launching these unguided insider attacks doing billions of damage and largely suffering very few consequences. And i think that is a recipe for the nation that is going to continue these impressive capabilities and embolden them in an empowered way and for someone in the United States thats working. You talked about the shadow brokers but what is the one case in the book that you found the most fascinating and surprising comingsu and i dont what is yor favorite story of hacking the what is your favorite i can talk about the case that is remarkable not just because we still have things we dont know the mystery aspect of who did this but because it shows how the tradecraft evolvet from the espionage and a tax to this new terrain of the Information Purposes and to actually have a tangible effect on the other side. What is striking is in is that we have seen other groups pop up like them. There is a group called intrusion truth no one has ever really heard of them and has no idea where they are coming from, but they are posting degette abilities giving attribution. Over the last year and a half or so it seems the shadow brokers in addition to these might be the vanguard of the tactic of counterintelligence. Do you think that they will emerge . They emerged last time in august of 2020. It would deepen the mystery if they came back. Is it considered how do they look at the shadow brokers . Theres been so little discussion in contrast to say stealing 20 million on the government workers. It just so rarely discussed but again if everyone has a favorite chapter thats the one and even then we dont know what the Intelligence Committee knows. I want to take a couple of questions from the audience. Great conversation. My impression is the Power Rankings are a function of the physical assets and intellectual capital. If they were to do a heat map of the world and rank the intellectual capital function country by country both in terms of current intellectual capital and talent in the pipeline but with those rankings look like and with better talent in the anarea. The United States probably still has the edge just in terms of the sheer talent available. The nsa, the largest employer for the code breaking. It certainly is incredibly genius. Being able to punch well above their weight so those are probably the top five probably in that order. From the center of Strategic International studies, thanks for the conversation. Its a great discussion about the book and i look forward to reading it. Im interested in what you mentioned about to be security and im interested in the resilient measures we can take from the United States government perspective to come away from the whack a mole spproach and thinking along the lines of Digital Literacy and it is kind of measures comes just wondering your thoughts on it. It is a really hard question. Thats probably part of the problem but i also wonder what can they do about this and former officer is fond of saying freedom of speech which is to bsay you might have the right n the United States as an american criminalo to russian intelligene eoperatives that their right to Say Something that isnt true but it doesnt mean they need to amplify it. In thehe context in which we hae bought many months, seven or eight months until it picks up, its hard to educate on the Digital Literacy and i do wonder if there are things platforms can do to try toms manage the content and that is something they are weary of doing. I just absorb this morning, congratulations. I started reading it right away the shadow brokers that you referred to in these tools to be released online and now they no longer are they can still find them in the internet archives and that points to one among the many methods that you have been using to get at some of this information some of which seems possibly still classified and i wonder if you can speak a little bit to some of the variety of methods youve used perhaps the great whale is your biggest mystery that forced you to rely on some unique tools. This is how we study the Cyber Operations. There was an incredibly robust private sector that studies with the nations do every single day because they defend the targets and they get greater visibility into these intelligence programs to otherwise be completely out of view and publish reports in a very technical language to the private sector in analysis with highly credible from the community and now in the private sector tracking china and russia and the United States as they go about their g business, so thats one source. The second of compute is compute literature. We talked about it there are two chapters in the book on encryption and essentially it plays out they are accessible and they are fascinating and how it becomes a frontier for the competition between nations and the Computer Science literature is very tech cold and reveals and helps me sort through a lot of would have been in that case. Some of the documents are promulgated by the government and indictment of the north korean and russian shed extraordinary light on how they go about their business. Some of these documents are leaked. Every single footnote in the book points to something that is available, little noticed but you can be sure that they have seen and these documents tell a story about what happened between the nations that is worth noting. David at the woodrow Wilson Center we just came out of the cold war where there was a serious deterrence that worked on the ground and there was a theory that worked on the ground. Is there any development of the deterrence of the new warfare beyond some pretty high threshold, im skeptical of the deterrence and one of the themes of the book that comes through itn in almost every chapter is that so many policymakers and scholars conceptualized the operations as operations for signaling purpose just like in the cold war for the coercion and deterrence. But what i argue is at least in the observing practice it is much better for shaping. They are better not for blessing but forng stacking the deck and that is this messy cat and mouse business and beyond some high thresholds of killing a lot of people where we respond with a military strike i think that we probably overrateov the deterree and feasibility in the domain and we im her rate how useful it is. Said the u. S. You think is doing too much signaling or not enough. The Cyber Command after i ooarted writing s the book was much more aggressive. It was a happy coincidence that we got the same place. Cyber command has a strategy that we call persistent engagement. This is d is the seed you shoulo take credit but it was your idea. Starting over here. From the National Security archive, news in this field breaks incredibly quickly from the moment you submitted the draft today, what stories have broken that you wished you could bwish you couldread over and abe and why lex i did write a good description of the breach perpetrated by the Chinese Government coming in within two weeks ago the department of justice comes out with the official version of the story that winds up and is always a good thing in journalism when it lines up, but i would have had a little more color and that would have been a few paragraphs longer if the doj and given me an advanced copy which they did not do, so that is one case where i was glad that i was correct in identifying that it was china but i think we probably coulde have had more details in the book o if the department had acted earlier. Good morning. I am an army officer doing pieces on the warfare. Kind of a debate is this evolution or a revolution in military affairs . I think it is the revolution in tactics. As i said there i theres an extraordinary history. My colleague is writing a great book on the history of the russian active measures and the influence campaigns. So, they didnt invent this activity in 2016, but what they did do is be supercharged and they married at the propagandists and hackers in a powerful operation and i think that is very much the shape of things to come. Does that amount to a revolution, i dont know, but it certainly is taking this old idea and making it more powerful and dangerous for the democracies like ours. There do not seem to be repercussions for it. Is that one of the things that needs to happen to shift . There is no doubt that they should draw a Clear Alliance to say we would take these very seriously. They did what they could but they didnt have much time before leaving office he kicked a 35 out of the country and he closed the consulates. But that really hasnt continued it is something we should go back to. State department fellow at the carlyle group. Two questions. One is psychological observations that are being used to impact and influence whether it is election related themes that push people away from science with say. Is that from a definition standpoint of the consider that because they are using public means that have been developed here in the u. S. That are accessible to everybody to essentially perpetrate or put forward ideas that are then being shared by americans and others around the world. So if you can verify that so we understand what we are talking about in terms of that is definedfy as hacking. The second one is the kind of brinto kind ofbring the converse bit, if as we are anticipating gables of the technology standardrdua for five g. As we e forward into the next generation, how will that impact the ability of china and others to use the hardware infrastructure to get to what you have been writing about in terms of information and also influence. I wouldnt consider it packing but i would consider that a cyber propagation. The terms are not quite synonymous. Its taking the code and placing it in their computer and cyber propagation is the business of competing in cyberspace. It might include for example fiberoptic cables. I would consider what you describe as a Cyber Operation certainly disinformation is well within the scope of what i studied and what i write about. Its worth noting the information and it is most effective when you can identify the crack that exists and then drive that wedge. So much of what we have seen them do for decades to identify these points of debate and try to make both sides feel like the truth doesnt matter, science doesnt matter. We are all divided. So we see in the disinformation that you mentioned and probably not just from russia that others as well these things are getting a lot of attention but maybe not well understood by the body of iclitics into subjects that are right for the disinformation. On the second piece, one of the things we didnt talk about is the world of the Telecom Companies and how this is an advantage that they can work with. They are confounded and thinking do we want to let the potential adversary have access to the telecomm networks. They are much more complex questions about the supply chains. Those are much harder to answer and it may be ticket to the point wee just realize everythig is compromised or everything couldth be compromised. And certainly if you go down long enough its in the level of disruption that seems kind of true. Get on board. Do you think that its a concern for security . The last 20 years of studying every nation would use every tool available to it and it seems like this is an opportunity that we would expect the chinese to try to use. You talk about the coordination. I wasn also surprised how much at t has helped. Couldnt china make the reverse argument if they are able to build from this infrastructure that they could then make it as pervasive theoretically could they say the same argument that it provides the americans the ability . If the cat and mouse game. Its not a wise idea and should verify. You havent much mentioned iran and my question is what about they are great at selling stuff and they also hired out to the nationstate actors people that have the expertise hell does that impact . This is a remarkable trend. I think they got on the cyber seen before a lot of that was available so they grew over the capability. But theres certainly the right to say that a lot of nations look around tharound the world e to compete in cyberspace as well. How can we get up to speed quickly. Those are other groups we turn to that are essentially the expertise weve worked with companies to level up and have to use the capabilities. What is remarkable is the used and not just to project power against adversaries they maintain control o over the population and coupled with traditional physical policing in the cyber domestic politics that was a good chapter which is how can the authoritarian regimes use thels tools. You are a genius on this and thank you for writing the book in a way that those like me can actually understand. Thank you all so much for being here. I know that there are copies for sale in the lobby. Thank you all very much. [applause] i was really concerned by what i felt were the kind of corrosive impact that these false narratives about the fbi and the corrosive impact they are having on the people of the fbi and their ability to do their work and i felt like people understood more about the organization, who we are, how we work, what kind of people were drawn to the fbi and most importantly, how we make the decisions based on specific legal authorities and priority is and policies given to us by the department of justice, healthier politics and personal preference into that sort of thing. This weekend on book tv on cspan2. Deputy chief Technology Officer for new york said he talks aboucity talksabout the pm