kirks all right good afternoon everyone. thanks for joining us. i have the pleasure of presiding over this conversation about diplomacy and deterrent. we are going to get started today by having our panelists introduce themselves. my name is camille stewart i am the global head at google at the intersection of our product security team and top social security team i have worked across government and private sector and cybersecurity issues. >> i am emily harding i and the deputy director of the international security program at the center for strategic and international studies which is a very long title. i just means i get to oversee the work of six scholars doing tremendous work in intelligence, defense and tech policy. two decades working the federal government both in the senate and senate intelligence committee and then in the intelligence community in a couple years at the white house. >> i am from intelligence and shop. we look at threats all over the world using response and a dozen different ways to collect the data we bring it all back to one centralized hub where we are looking at threats all around the world. for about 12 years before that was with ia and diplomatic security at state looking at the russian threat. >> max next? >> i'm a senior researcher for security studies and direct the cyber conflict on research. >> as you conceive got a great panel ahead. but actually going to do is have each of them give a two minute overview on their thoughts on diplomacy and deterrence in the states. we set is a conversation for. >> sure i will get started. so the very broad topic. you need to take it back to basics when you think about operations and cyber domain. another snow comment lexicon there is no norms and understanding here my colleague jim lewis does tremendous work in international agreements on cyber security and cyber issues. those have yet to gel into a broad set of norms that govern work in the cyber domain. this no agreement on what is cyber crime, what is cyber espionage, what is cyber attack, what is cyber war. your politician to sometimes understanding cyber domain sometimes don't calling things willy-nilly as a act of war what does that really mean if it is? so given that why is it so hard? why is it difficult? it is a combination of things something that the game changing technology, hypersonic weapons, nuclear weapons, those all came with a debate around what norm government and how they should be as what is a proportional response. we have not really gotten there yet in the cyber domain. it's a combination of two things. the speed of attribution is very difficult in this domain john can talk extensively about this. he is not a title work in this field. the ease of deniability they've proven themselves adept at staying at arms length remove from any kind of cyber activity they do not want to claim and claiming it when they do. those combinations of things make it very challenging for policymakers. to respond to a cyber attack to a cyber operation, what is this mean and how do we react to it? it also means it prevents the threat that is at the core of deterrence and that is a quick and decisive response to an activity. if you can't attribute it quickly and you don't have policy options ready to go, it is very difficult to pull something on the shelf respond immediately and thus sent a message or deter future actions. i can talk about this a lot more later. the 2000-point senate intelligence committee resolve this splat and excuse you in detail the obama administration. of all the sympathy of the world for the mini ring but this also total unprecedented situation. they were under attack but they could not say with one 100% certainty from who and what that meant. that delay to pull something off the shelf and innately deployed a nearly disastrous consequences. we cannot do for years, five years, six years later it's time to get that settled and move it forward. i think we will get better. we will get faster people like john who are doing this work are doing tremendous strides in that attribution piece get to a place we can act quickly. there's a solid story to be told right now about ukraine that is just sort of emerging. i have hope for the future. it's just that right now i think we still need to really wrap our heads around this as an issue. >> thank you, john. >> i have been asked i think the last four months now. [laughter] since a christmas or the beginning of the year what is the likelihood of an incident against nato allies against the united states. these usually turn into good-natured arguments. as a question of whether or not a cyber attack against the united states would be crossing a major redline but i have argued that doesn't a major red line. the one thing for the most important things we have to sort of keep in mind as we talk about cyber attacks. we are talking about disruptive destructive stuff. everything from hitting an industrial control system to a widespread destructive event they word i keep throwing around is limited. those incidents we've seen that they are largely limited. they did not take a society and bring it to its knees they did not bring the economy to a major halt. they are survivable. we will get -- and probably for a society that's art experience covid-19 a lot of the effects may not necessarily register the reason these actors carry out these incidents is not to bring society to their knees. there isn't a major question of the prospects of turning up the off the power for three hours at a time is going to have that effect. they do it for the psychological effects. they do it to undermine institutions. they do it to undermine your sense of security, your sense of places like ukraine their belief the system is safe. in the united states in 2016 they did it to undermine our elections. we had actors in systems where they could conceivably make some edits or changes to the system or may be altered some things. but really they were going to change the election. they had no -- but they don't expect to do that. what they expect to do is change our reliance for secure brits undermining our institutions. think their real important watchword is limited, right? it is good news somewhat, but it also means this is a great tool. you could conceivably use it without starting world war iii. don't bring society to its knees and conceivably get away with it. and historically the attacks we have seen these actors kind of got away with it. six years in most cases for us to even accuse them of doing the elements i talk about philip x all the time, the gr you who we were talking about earlier attack the olympics for the track to take the opening ceremonies off-line. this is an attack on the entire international community. took us four years to even bother to blame them for it. there is no hope for deterrence and a scenario where we don't even blame the actors for four years. that is it incident that affected literally everybody in the international community. i think these actors recognize they can get away with this type of activity that makes it a good option for them. they were looking for the psychological effects, that is what they really want they went to undermine a resolve particularly in ukraine redoing to undermine our elections elsewhere for they went to undermine her sense of security. >> max you want to talk about nato? >> there's already great points mentioned about the olympics and realized as an obvious connection here. many are not convinced it was russia you will know a lot more about that. i wanted to take a conversation about the nato alliance here's the main take away. what we've seen a convergence on alliance in terms of the need to develop a cyber posture we have a divergence and what this should look like. in particular offensive cyber and the rule of the military let me talk 30 seconds about these kind of key components is what we see is a cyber posture. capability, strategy and illegal understanding grade capability site but we have seen since 2018 is now the majority of nato members have established in military cyber command with some offensive mandate. an operational capacity is enormous. on several others operationalizing this the majority of nato allies still have commands operating on a budget of a couple of million dollars. it is enough to be officially part of the cyber club but certainly not enough for a second one of course all the countries have established a cyber strategy we've seen some significant difference emerging with the u.s. developing the cyber commands of engagement. with the focus of operating globally continues. they could be strategically meaningful they have a role to play and at peace time. that is not something most nato allies are willing to do so and changes the perspective. the third one which connects to this is what we have countries not just saying international law applies how it applies in the one hand sovereignty as a rule with franson on the other hand the uk sovereignty does not apply. the last point here is is dangerous to argue the differences between the alliance come from simply differences in maturity. there actually of a different policy part. that requires some real coordination and cooperation to at least bring us closer most start with. she you mentioned norms view mention the lack of taxonomy we've got a lot of work to do. where are our nations currently consists succeeding, where are they falling short? where should we focusing our intentions on to make progress in this space? >> all pick one from each category. where we really are succeeding as he cooperation of the tactical level. the kind of things that max mentioned different levels of coordination but it is happening. at the working level people are sharing indicators, people are exercising together. right now the big nato exercise the nato alliance the hunt for this is how we are going to win in this domain. i think that is where things are going well. that level of tactical cooperation really needs to be paired with a strategic discussion. and that is hard for lots of reasons. when i was on the hill we were doing oversight of these government people he succumb in all the time and brief us reading a boiled on every single briefing to to work it's hard and we are working on it. so that's true with this too. it's hard and we are working on it. let me talk a little bit more about why it's hard and why we still need to work on it. the hard piece, people need to have a strategic level discussion are swamped. they are staring at china they are staring at russia and ukraine. a whole host of global issues from supply chain to food shortages. sitting down and have a strategic level broad discussion about what the norm should be in cyberspace is like yes, we should do that. that is about 15th on my list of priorities. we need to create the urgency before the age urgency is created for us and have those discussions. the other piece of that is i think a lot of these are very fuzzy they are wrapped up in domestic values and national values. here in the u.s. we have debates all the time about free speech what can and cannot be regulated in cyberspace given our first amendment rights. our european friends had very strong views on privacy and have implemented that in a whole host of different ways that will eat into this debate as well. it is difficult. but if you can take it up a few levels, my friend sue gordon said if you disagreed down here take it up a couple levels get to a place where you agree. that place where we agrees the norms and values. this is the place where it nato allies, like-minded democratic countries can sit down at the table and say we all agree that spies are going to spy it's the thing that's going to happen. but when you're engaged in operations that affect human life, that affect public safety, that is a different level of threat. that is where we need to be building the norms in the guidelines. >> i am so, so glad you brought the points about being strategic in the lack of bandwidth they are. we have to prioritize that if we want to make progress because quite frankly there will always be the next ukraine the next ransom were attacked the next whatever. we are not making progress on the more strategic initiatives will never come to that consensus. so can we get some norms? can we find consensus and nato? what work should we be doing in nato to do that? >> max fix this. [laughter] may pick up on the point on the norms and also on the sharing side of things. just to get a potentially annoying different angle. guess we should think about that. i don't how many people are currently sitting in the room but if everyone in the room can come up with a couple of different potential clients to consider new critical infrastructure attacks, financial systems should not be attacks, healthcare off-limits all of those things. but there is a second question there now particularly the u.s. considering it's change in depth perception it's argued rightly so i think one gigabyte of data being sold by the chinese is not a big deal but doing it repeatedly is a big deal. the second question is what is not a redline? it's a really hard question to answer. i've answered a couple times in different rooms and rarely get a clear response to what is off limits it verily that isn't strategically argued all strategic activity should not be done. as a strange kind of norms question that has emerged. the second point is i am sharing the importance of sharing in some ways we are doing this already but equally i think were not doing it enough. we've got a couple of different initiatives, the first one was obviously the notion sovereign cyber effects. they cannot share exploits when we went to achieve an effect and secondly we can conduct these exercises much more can be done cyber ranges and infrastructure. that is where there is a space which is one incredibly costly for many countries to establish and to do it well. and second, where you see potential opportunities for collaboration where the use of one country or one actor, or one training program does not necessarily reduce the effectiveness of another country to use as well. and so the photo make a pollutant recommendation like what should allies do in the coming years, this would have i think even a billion-dollar cyber range for the training of their operator development system who are crucial for the workforce military. and potentially intelligence agency. >> great recommendation. john, with this intentionally below the line with the need for more collaboration and creating cyber rooms and the dynamic of cyber criminals as a shield to continue to blast the attribution we were talking about earlier, how can we make progress where should be focusing our tensions in terms of deterrence? >> what a good questions. we almost need to rank and stack our problems, right? they're going to change constantly. it will always be changing. you look at a lot of different problems in the space and i don't think we have really prioritized. a good example is the ransom ware problem there is the elections problem, there is the espionage problem. i personally think the espionage problem is probably spies are going to spy by the least effort issue. the most addressable issue if you look at the vulnerability problem it's fairly large. there now getting a lot of critical infrastructure with healthcare with the raging days of covid they are crossing a lot of lines. at the very least we want to push them back were not necessarily pushing those lines. the election promise another good example. it is not solved. in fact the unfortunate reality is the last election we saw new players when the proud boyd things happen the russians that i couldn't say that i did not have any evidence whatsoever here they are a we have been waiting, and waiting this is it this is the play. i thought even just that the problem is growing. i think we need to have a conversation about what problems we want to stop and start ranking them and going after them. also, i feel like we are running from one fire to the next and that is not going to work. i do think the ransom ware problem is largely addressable. it is absolutely out of control. potentially costing us the most money. >> with the problems i went through that same thing. there is a time around that 2018 election the 2020 election i just did not sleep there is too much to worry about. the proud boys/iranian problem was i think disheartening and we saw this new player burst onto the market in grand fashion. but in a large way it was a success story. the united states government and its allies, that's really key point, had their eyes open for this kind of potential activity. the excellent folks at dhs has done a lot of prep work, so much prep work to say to people this is somewhat normal election problems and this is what more difficult election problems. then, once activity was noted it was located, attributed, downgraded and released, shockingly quickly. it was like 36 hours. this is actually as upset as we all were to see it happen this was a good news story in the way it was handled. now to max's point about redline, i am not sure who were ready to do something to respond to the iranians and create deterrence for the next time around and that is where we need to do more work. >> that is a great reminder better point about being strategic. in that prioritization talked about the investment and attribution, getting things there really quickly are signs of that coalescing around being more strategic and focusing their. how can we create actual consequences? especially those hiding behind criminal groups in plausible deniability. our our current tools working he said this was a success story the iranian context to what end? did we deter the behavior were just able to make attribution? how are all of those things actually moving us open at the nav of your. >> i can start out with that because i brought up the point. the iranian thing was a success story and that we were able to broadcast very quickly to the american people who were in the midst of a very difficult election this is not a thing, this is not real this is not something you need to worry about they are not these bad actors all over the place we can leave aside the question of domestic issues in the 2020 election. on the specific issue was a success mostly diffuse i would not call it a success is a broader strategic policy. you brought up several things the sanction question, the indictment question, sanctions are great until they are not. there's only so much you can do. don't really care, there are ways you can make life painful for a russian oligarch, for a hacker who is working ten levels down from a russian oligarch more difficult to create deterrence pain there. indictments, same thing. they want to visit their kids in college or take them to disney world or the u.s., great. trying to find them and arrest them is much more of a messaging jewel than anything else. i think honestly tool of last resort. if you look at the way the d.o.j. and fbi operate, they are law enforcement officers paired with they want to do is to build evidence, prosecute a crime that's just not the model that works effectively for these actors. it takes too long, it is too slow while the building case for prosecution they cannot take the information shared. that honestly is the most important piece. this is where i'm going to make a pitch for the private/public collaboration on the deep, deep importance of her in the u.s. government, its entities and private sector operations at sea this on the front lines, on a daily basis during all of the collaboration possible to try to go after this problem set. my soapbox. works wouldn't you hit on all the points i wanted to make. as we go through, as far as the election situation went, i think we have gotten to a place over talk about capability and intent. i had a conversation song from another country doing with another actor a non- russian actor there's a question capability and intent. right now we think russia's got capability the question is whether not they have intent. this other country they said this actors got intent but the capabilities not really there. the problem with sort of not being able to deter when actors have intent going to run into the black swan event. they will hit again, again, and again in these incidents won't even read words in the news. the problem is with the nature of technology, eventually there will be a major black swan event. they will get through. so the defense i would argue were actually correct our defense, our response was fantastic but if they keep trying eventually they are going to get through. they are going to have something that makes it on the news, because as a division in the u.s. electorate. there's all kinds of potential outcomes here. that's what happens with an actor who's almost there and capability definitely there on intent we have that black swan event. another good example is the pipeline. we have been warning myself and my colleagues have been warning this is coming, this is coming, they are knocking over so many things. someone is going to get hurt something important is going to go down it's a matter of time. i think if we can't figure out how to approach the intent side we're just talking about a matter of time before there is a black swan event. anything on this one? >> i mentioned about the convergence about they don't cyberculture the good thing on opposing consequences is what we have seen is a real development in the eu waking up they have to think about this as well. now with at least a degree set of measures in place what can be undertaken to respond means the u.s. is not there alone anymore and thinking we can potentially do this more effective in a coordinated manner. the second point is and it also comes with the nature and title of the panel is when we talk about would quickly get into the deterrence unless it is a demonstrative pack we take the initiative away from them how can we make sure we disrupt the activity? we are already kind of in the after that's being done what can we do? clearly the second question here is as relevant as well we have seen great strides over the past two or three years. excel open for questions and just and i'm to ask one more as a player questions together. we talked a lot about russia/ukraine there is a lot of talks about attacks on the margin per it's a great illustration of if cyber capabilities continue to be leveraged, what will be the impact? who will bear the brunt of the back and forth, to four taps, rest routes cyber active, we are how they play a role. what are we looking at? who is going to bear the brunt? when i talk about limitations i have to be really clear. i think from a societal aspect we are going to be fine. we made it through covid-19, right? there are a lot of business in my neighborhood who were out of business now. altogether we are going to be fine, my customers may take a real hit that's important to remember. the people who are really on the front lines are the private sector. it is important to remember when we start employing these capabilities to, i saw one of these kerfuffle's we get into with tehran every now and then, think there was some news of a cyber attack against their capabilities. it's important to remember iran is not going to retaliate against cyber commander going to retaliate against some random company in the united states. that is going to feel the burn from the stuff. we have to keep that in mind no matter what we do. >> i would agree. the question of who is a combatant, is going to be the thorny question of the next few years. i am reading nicole's book right now which is really good, very thorough, i have loved it. but one of the things she outlines is the response inside google when they first saw the cyber tech coming from china, some of the quotes are priceless, who would've thought a nationstate actor would be interested in google? how could we possibly been expected to respond to a nation bid actor invading our territory? that's a totally understandable perspective for somebody who was a start up in group this massive company and never had to think about it from a national security perspective. somebody like me who spent 20 years basic and the intelligence community unlike of course you are a target, come on. but that's a product of my training in my upbringing i tend to think this way and they don't. so bringing these two sides together, to collaborate, to cooperate to try to share information is going to be absolutely critical. and i think american companies, european companies really thinking through whether they're going to be counted as a combatant not by the u.s. government better adversaries is the real challenge the folks in the executive branch right now, jen, chris, and have done a phenomenal job point to of the d.c. a lot of the collaborations between the private sector and the government. the initial steps that really need to be built on. when you look at china on the way they think about what is government versus what is private sector, that is not a distinction for them. they seek government and they see those who help the government will be ask them too. in russia there is really also not a distinction between the oligarchy and the government. there is the government men are all these tools of government when i can draw on whenever i want to because they know where their bread is buttered. both are adversaries and say that's the private sector and say oh yeah sure right of course. [laughter] thinking through who counts as a combatant, how they are going to be affected by this next round of potential warfare is going to be really challenging. we can talk about this during the q&a little but the question of redlines and escalations i think it gets really thorny. because if google gets hit what does that mean? >> i'm going to be a bit boring i'm going to agree with the previous panels but of course the private sector will bear the most significant cost in case of some type of retaliation. just add one point here, we often hear about these discussions being raised, will putin potentially conducts cyber operations against the west should it's not just putin, right? i think sometimes we overestimate the amount of control that a russian government has over such a wide is set of criminal groups and other activist groups that are operating in russia. as an academic name theories to understand these relationships as principal agent theory. normally we'd argue the principal has the least control over the agent nurse information symmetries these are enormous here in terms of the information the criminals have in terms of targeting what they are capable of, who you want for the target which seems to suggest it's very high. risks these groups may be operating in favor of russia but not completely in control is significant and increases the risk more of a scenario. the last political infrastructure attacks on the u.s. but certainly more consequential collaborate damage type of attacks through ransom ware or self propagating malware. >> we have that in the collaboration between public and private sector. that is really important to predict interested see how that continues to evolve i would think more than some of the other mechanisms have been deployed as of late. do we have any questions? >> virtual question first. >> will take our first virtual question. ms. hale please go ahead. we will take a virtual question from adam siegel. >> hello everybody. thank you very much for doing the panel sorry i could not be there with you in person but i think this question is for max the others can question my assumption. so max seems in the u.s. the debate about whether defense for and it is a school tour is over people basically believing it is not. so i want there's a different perception of that among the nato allies you spoke of and if there is within nato different versions of that view. >> that is a good question. i think it is actually the discussion is more is that more or less escalatory but the question is much more a legal one. should the military be allowed to operate in peacetime potentially do this globally, what is the relationship with intelligence? it is that question in particular that is holding many continental european countries back in developing a similar posture. it is less of in the lesko he lesko attempt more babe your credit question right now. [inaudible] >> thank you. i work for the nuclear southern initiative but i wanted to first make a comment to your rank order list of priorities. i would love to add operational technology and military systems there. some of the guv a lot of conversation with it size and maybe not about the ot. my question is, to what extent do we really need to solve or pay attention onto the attribution conundrum but to signaling in this space relative to escalation management. we have other technologies for which globally there some sort of recognition for what the movement of a bomber implies or other types of maneuvers or the from the leadership side. is it possible to build clarity around what different cyber actions signal in fact? and do we need to be working on that? >> i think the best example of his cyber signaling i have seen is our lead on the actions of an action we call them isotopes, dragonfly, if they have a history of getting into that of their ssb related so russia -- action of their internal security purposes. anyway a decade they have been digging into u.s. critical infrastructure. we look at it to ways, one are they sort of digging in for the moment when they need to be ready for the contingency? the other things are they digging into signal to us that they are digging in, that they are there in case they need to be? i think that's probably what are the best examples of signally i have seen in the space it's holding a real capability or real infrastructure under threat. i'd be interested to see in the other examples. >> go ahead max. >> now i think you can speak more to this, emily. it reminds me it's not the deterrence u.s. once but some great -- the election was supposedly sump u.s. retaliatory options taken off the table because of concerns of the scc in particular being u.s. critical infrastructure. i don't know if that is true but it is a fascinating case it signaling at supposedly one of the deterrence at least there might be one case where it has worked but not in the way that we wanted it too. if you may know more about that emily. >> i might. [laughter] by the per plug in here for anyone who wants to be talk about the 2016 election interference report tribute to gorge that a little bit for this is one of the proms with the ironic administration response of 2015. by the time they understood somewhat the extent of what the russians were up to, they had very limited time before the election. they had very limited prepared options. the other thing is it's easy now it was easy -ish in 2017 -- 2018 to look back on the complete package of information clearly this should have known this. when you were in a war in information scamming a piece at a time day after debts a lot more difficult to make sense of a very foggy picture. but again, that's the reason we have the strategic now we have to be thinking forward now. i wanted to make a point about the signaling question you asked which i love coming from a nuclear scholar. nuclear scholars had spent decades talking about very precise signaling options and deterrent theory and how these things work together. i think folks work in the cyber domain have a lot to learn from that scholarship. i think we need to be very careful about making comparisons low. it is just a totally different set of tools the cyber domain is still so young but no one is figure that out yet. and it nukes their finely tuned, this signals of this and this is code for this. and cyber it's like nobody really knows what any of this means yet. [laughter] part of the big problem is a lot of the tools have dual use. if you implant a tool in someone system, that tool could be used for espionage it could be used for destruction. and you don't know this because to john's point about intent and capability. maybe the adversary has the capability to implant this tool on your network, what's our intent? are the russians there to spy on a potential new administration? are they there to taint confidence in election? it's really not wise to sit back and wait to see which one it is. >> there two crews in the dnc. one was a gr you the other was svr for the scr guys were spies doing spies for they are abiding by the rules sort of. >> the gr you on the other hand. [laughter] some men just want to watch the whole world burn. next question. >> thanks. steve, gw law school. we have heard a lot on the panel this morning and this afternoon about cooperation, public and private collaboration. i'm a little surprised when i heard earlier the question, what does the u.s. government's response to an attack on google. i would've thought that the whole role of u.s. government to defend the public including u.s. companies. i am wondering, do we expect google to have its own international policy and international capability to defend itself? i would think not. i don't think we would have google take international military or cyber action. google could have a very active environmental policy been nuts international cyber policy. it has to be assumed the u.s. government was going to defendant google. i am wondering, are we doing enough as a government to defend and help our leading tech knowledge champions in the united states if they are vulnerable? i guess they are vulnerable. is the u.s. doing enough? >> go steve i could go on a 20 minute terror about this i'm not going to because of the above questions. the short answer to the question is no. the longer answer to the question though is what is appropriate? i think this is what you're getting out there question, sony pictures was hacked below, those many years ago, that initially was a hands-off response by the u.s. government until it became clear it was a north korean trying to silence free speech than the white house got involved. but still, was the fbi responsible for what happened at sony? there is no would have let the fbi into their system ahead of their checks they could have prevented it. should be defending after the fact finding criminal but doesn't really work here. the u.s. does not have an mi five. it's very poorly suited for the mission of trying to defend in advance of these kind of cyber attack. there question about google, do we defend google? okay we defend google do we defend the cyber start up it has five employees did not pay any attention to security? are we responsible for them? i asked these questions knowing full well i don't have the answer i don't think anybody does right now. trying to find the right line between a business executing its own business practices properly, doing the simple things it needs to do, to factor off the authentication, the basic stuff in the what point does the government take over as a response of a deterrent faction? you can make a comparison to crime which the fbi or local law enforcement is posted too but that's after the fact the damages done. you can make a comparison to national defense we all pay taxes so we can buy aircraft carriers and s22's breach of the government be thinking that we need cyber domain? and if they are what is that imply for the googles of the world letting the feds into their system? i can see the room cringing when i say that because everybody said no that's not the job of the u.s. government, so what is the job? >> yes proactive defense is not likely to be the place the u.s. government plays. as a strong mission for voluntary support. small-company all the way to the large company build up their defenses, and implement the two factor and will play at a voluntary space pre-attack. but we have to figure out is how we would stand up as a usg before an organ trade organization depending upon the severity of the attack. sony was decided trying to attack free speech was a fundamental constitutional right, something we wanted to come after we need to do that strategic work we talked about earlier to figure out what those lines are, what is a significant cyber incident he was government would mobilize itself around hacking into the private sector. there is unlikely to be a moment were all of the u.s. companies open up their systems to let the u.s. government do something on the proactive defense side of things. >> meanwhile. [laughter] >> honestly, we have her own incident i can't give too many details. we had a really strong, good experience working with the government as far as dealing with it. there are clearly things that we are very good at. for instance the response thing that worked as the best responders on the face of the planet. we handpicked a team of all-stars. but we still needed the u.s. government's help. they were able to fill in a lot of gaps that made the whole process easier and better. >> which is why the proactive collaboration is so important. the trust that needs to be built between the public sector the private sector while in the event of an incident companies are pulling the government in early so they can have the information they have and declassify things all about that is why the collaboration proactively and consistently. next question. >> hi everyone, monaco with microsoft. earlier in the conversation you all talked about the importance of strategic engagement also information sharing in the content of international cyber norms or norms redlined. i'm curious how you all think about countries that don't necessarily have a capacity to engage strategically and to share information. how do you think about building that capacity? especially in the contents of what's going on the united nations the oe wg, and talk about the previous report essentially was endorsed by a lot of countries and reaffirmed the 11 norms that came out 2015. and i am curious how you guys think of building that capacity beyond the countries who actually have it right now, thank you. >> we have some experience working in areas that don't necessarily have a lot of customers. we still find value working there because we learn a lot. that is one way to sort of get the private sector involved in these sort of problems. some of the areas on the front lines cannot necessarily afford the billion -- a million dollar security solutions, right? but they can offer great information a lot of threats have been in places it's historically been in places in india, taiwan, and ukraine, and the middle east. not every occasion was a customer relationship or to have to go in there and develop partners. this partners often time payback in the form of information that you used to secure your other customers. there is value there. it's just not necessarily the normal sales process. >> you'll see companies investing to raise the collective level of cybersecurity so that we all benefit from it. on the usg side that's an important question and something we need to be focused on. the strategic investments in collaboration, the support we provide now will have a direct impact on the norms discussion, the multilateral of how we engage in the future. it was a strategic imperative a part of the strategic conversation that needs to keep happening to be focused on how we engage with smaller nations and nations developing capability. >> just to come in with one quick comment. i think it is a great question, monica. what we really see is a capacity gap in terms of the countries that are actually able to attribute and not able to attribute. we have to get to the level of those countries are unable to attribute and as a result of that are very hesitant to file the public attribution segment of maybe the allies or other countries. get them to get the capacities to verify claims. that is a starting one. of course that comes with a number of issues. one of which being attribution is not the only process that companies where you collect a different puzzle pieces on where it was set up for those kind of things to come to a conclusion is also more proactive process sometimes. particular you literally actors being in systems and seeing the attack going out for the second fish of a high level about tradition confidence but it's even harder to share with a wide number of other countries. but on the first one, yes. getting a microsoft, other companies involved in training programs to lease ramp up the capacity to verify would be a good first step. >> another virtual question. >> will take our next question. >> hi. i have a question about companies that continue to operate in russia. there've been a number of articles there's a lot of attention paid to who is leaving, who is staying, et cetera, how they are winding down. as well as another of other companies is still in russia. we provide internet security one of those things of us staying there has allowed us to do or has allowed russians to do is get information from outside of russia. there's also a been a push to close russia down from the internet in some ways. i would love to hear how you will think about that. >> well, i tend to be in favor of keeping russia widely connected and throwing every pipeline you can in there. this is a difficult question for so many companies, to leave or not to leave. if you leave what does it really mean for the long term? i have been, from the beginning of this whole thing talking about how it is not going to be a short fight i don't see how it's going to be a short fight. if as a company you can't to be out of russia for more than six months or a year, then think very hard about pulling out now because what happens in a year when you have to go back in or your business model cannot survive. what message are you sending then? i think there are lots of ways to support the ukrainian people. i think every company has to make their own decision here. i have been heartily encouraged seeing the outpouring of support from the private sector. i think it's sent a very strong as us to think their repercussions on the russian economy are going to reverberate for years and be very difficult undo. so think every company really has to make their own decision. and then do what you've got to do to explain that to your customers, your shareholders. the basic fundamental goal is to support the ukrainian people and then continue to speak truth inside russia i think that is a noble goal. >> without getting into sort of the information flow, one of the really interesting things that happened really early with the citizen sanctions is to watch a lot of organizations, a lot of customers take very clear, public stances on the war including divesting themselves from russia. at one point really okay, when you figure who these people are because they were essentially putting themselves at a higher risk profile. the bad news is okay you might consider you've raised your threat profile. the good news is so my people have done it now that i don't think it matters almost. >> safety in numbers but. >> there is safety in numbers. if it had been one organization, really early on i think we saw some international gaming or sporting organizations for instance, there is a history of sports organizations, pooch and loves sports it's like a thing for him we are really kind of worried about them. now everybody is done it. i am sort of encouraged by the fact there is safety in numbers. >> yes. nothing i will add is i know many of the companies are concerned as they evaluate this they're weighing about as part of this decision. definitely not a decision without complication for the probably weighing a number of factors. >> and then the insider risk for us has increased so enormously for the company saying it's a major concern. >> i think that is it. well, thank you all for joining us for this discussion. questions from the audience were rich the comments from the panel were rich. i think we all left with a mandate to be more strategic and collaborative with the government. [laughter] we thinking long-term sewing get ahead of some of these issues. thank you all for the time a big thank you to the panelists for an for having us. [applause] [background noises] e of the senate on cspan2. former senator oren hatch died saturday in salt lake city at 88. the utah republican surfer at 42 years in the senate from 7,

Related Keywords

Taiwan , Salt Lake City , Utah , United States , Iran , Tehran , China , Togo , Russia , Monaco , Ukraine , Iranian , Chinese , Ukrainian , Russian , Russians , American , Iranians , Camille Stewart , Adam Siegel , Emily Harding ,