Approach to cyber warfare between the public and the private sector. Can we say all private sector and the Public Sector goes one way and are there any differences in the approach to that . Thank you. You want to take that. And i have a little bit of a different perspective than my panelists so this should be a interesting discussion. 85 of the networks in the United States are private. And contrary to popular belief the National Security agency is not on those networks. Not unless they have a warrant to be there and that is highly unlikely. And so what happens is you have Intelligence Services overseas and trying to bring it back to protect the government and we want to share that information in realtime so the private sector it protect themselves today. That is where we are today. It is not working. Sharing is terrible. No one wants to do it for liability reasons an a whole host of good reasons not to share so we can fix. And here is the problem with the private sector saying heck with it, im going to go and flick whoever i think did this. Attribution and determining and attributing that attack to a certain nation state or International Criminal organization. There are capabilities all over the map. Some can do it very well some think they can do it very well and some dont have a clue on how to do it but wouldnt stop them from doing it either way. But the government is in the responsibility of how do i protect 25 businesses from what would be the second order impact. If i attack you and you flick me in the forehead, i guarantee you wont sleep on it overnight. They will come back over night. And why . Because theyve been trained there isnt much of a consequence for that. And how do you contain that. I argue you have to have a good defense if your going to do something to your neighbor. If you want to punch him in the nose, hit the weight room for a while because he is likely to hit you back and so today we dont have that for 85 of the networks. A lot of companies i wouldnt have any problem doing that. But what do you do when you take out the 15 companies that are the suppliers that cant handle attack and now we have a nation state watching happen as a Government Entity and what do you do . How do you stop the escalate. From a Government Entity wul ways of stop to deescalate any event and you have none of that in cyber space. We have to get all of that right before we allow that to happen. Just real quickly. I love being on this panel with these gentlemen, it is awesome. And three problems. And youve identified a critical question. The adversaries dont differentiate between public and private. The autocratic and the totalitarian states, it is all one. The economic power and influence is part of a state power. The chinese has identified the banks as a strategic asset. And so our adversaries in this space dont differentiate. And secondly, if we think about national defense, resilience, our health system, our Financial System, our infrastructure is a part of that. And so in some ways, the clear divide between public and private in this environment doesnt make a lot of sense. The third point would make is one of the challenges and mike referenced this is how we interact between the public and the private sector. Information sharing is a leading edge of that question. But also it is a fundamental question of our National Security architecture. How do we enlist the private sector in a way that enables them defends them and makes us part of a National Resilient campaign when there is a clear blend. And one way of thinking about this and that is where mike and i disagree, i think there is a way of thinking about this aggressively a senate private earring model that takes from the constitution and the founding at the republic came at a time when there was much unease about the maritime constitution and now they can Leverage Private ears in the merit im domain because of the threat of violence. And they dont differentiate between public and private. We dont want to do damage to the constitution or the way we foster and protect the private sector but we cant ignore the private sector whether it is sans sony or jp morgon they have all part of the constitution. It is something the chairman and juan talked about with what is government and private sector owned but it goes past that. In our country and in most of the western countries there is a very handsoff view to the internet. You have to allow technology to innovate and governments have it as a philosophy to not get overly engaged in the infrastructure. That is not happening everywhere in the world. So the countries that weve already mentioned that get thrown out russia, china, north korea, they are bull cannizing the internet and you dont realize it. They own and monitor the infrastructure and they can take it up and turn it down, have resilient approaches. And so that relationship that we have with the private sector where we are hands off but on the same hand it is not resulting in secure outcomes and it is not being followed everywhere and what were seeing as the rest of the world, those who are the aggressors are looking down their infrastructure. We are going in exactly the opposite direction in a way that would really not be considered i guess obvious when we do other things. For example, if i were to say i could develop one cell tower that has so much power that all you need is one cell tower and youll always have your four bars all over the country but it will give you cancer. People will say that is a ridiculous invention and dont use it and dont build it. And if i can bield a car that goes 2,000 Miles Per Hour and you can go to california in an hour and our roads arent set up for it. And that is ridiculous idea ive heard. But in technology, you can sell anything regardless of the economic consequences to our country and we have to start thinking about what were permitting and the relationship between the private sector and the government has to shift in common cause to health and safety and security. Great. Thank you. Well take a couple questions. I just want to renks in the monograph both in juans chapter and in michaels chapter there are discussions about letter of mark. And in fact there are interesting footnotes about this law School Article that have been written by letters of mark and cyber that i commend you to. Good afternoon. Keith smally. I want to follow up on your last comments mr. Chabbinski. A lot of the focus is how do we make the network for defendable, for robust and resilient and trigger the threat who hacked the system and at what point do we flip the model and holding the manufacturers accountable because i garuarantee you in most of the intrusions, whether it is sony or elsewhere it may have come in by spear phishing but it was using adobe or flash or some other Vendor Software running on that network and when do we hold them accountable and start cleaning our own house. I think it is the wrong perspective quite frankly. We dont demand perfect security in any other aspect of our lives. I would never dream if my house got burglarized i wouldnt go after the architect and say someone was able to tunnel through the ground. This is low cost, quick to market products that dont have the level of security. But never will. Im not saying that there cant be a better job in coding and there are companies that have done it and an excellent job and im all four it but the fundamental position today we are talking about wouldnt change. That nation states and organized crime groups that are persist ebts and determine persistent and determined can break in because it is impossible to secure a dynamic interoperable environment which is what we have in the internet. The only time you see it in a physical world is like a bank or a fortress. It doesnt move or change over time and you can really secure it. But once you are going to meet up with everybody and change the time through updates and upgrades and connections that is the fools errand. So the real choice is how do we tart taking the money and put it into a robust conversation and intellectual analysis and bring analytic standards to operations when these things happen what do we build platforms that when necessary are not necessarily better at being seek bur but are better at detection and attribution and figuring out what the policy choices are. And despite you took the card ill make it this one some of the systems we need the best security for, coincidentally and goodco incident has the least privacy concerns. But if you have power the standard electric power grid everybody wants to have perfect knowledge of who is on it at any given time. That is where i would start. Not cleaning up the house from a vulnerability point of view which could be done, but figuring out how to build in detection attribution and policy choices to give to our leaders in those areas that matter most. Juan. Just really quickly. I think there is a different dimension here that is important because what we havent enabled is privately the private sector bar. With the attribution revolution there is an opportunity to think about classaction law enforcements, key time actions, victims of malignant Cyber Attacks that allow Victim Companies and individual sharmds to shareholders to go after companies that are taking advantage. So chinese soes using stolen data why arent they subject to Government Action and private litigation. So i think the question of liability is none important one but we need to flip the model more and empower the private sector to be an actor and deterrent. Jim, i think we have time for one quick question. Michael, quick. Just to get you all on the record on this. How fast the tables change. Yes. Is it fair to say that the u. S. Private sector in cyber has no right of selfdefense according to the law that is our policy, we have no right of selfdefense. And in the same way there is a duty to retreat, there is no right of selfdefense. And i would like to begin with juan because you advise banks on this. And when you listen to the lawyers and the lawyers seek to work with you on this, do they feel the bank has a right to defend itself when it comes under attack by either criminals or nation states. I think part of this is how you define defense. Because if you define defense passively and say of course we have the right to defend and we have the right to great layers and redundancy and a lot of the criticism is they havent done those and the cyberine hygiene. And there is a lot of reticence of getting involved too actively. There are a lot of companies that dont want the idea of hackback or to be active defenders of systems. They want the government to do it. They want more information to do it themselves. So in that sense if you define defense broadly, yes, they do. Do they have an active defense role to play at this point and is there a legal structure for that . No. Look, i mean, defense of person or property is a justification, right. So it is an another wise illegal activity. It is uncertain. We havent seen prosecutions against companies. That might be prosecutorar discretion. And that is a case taken up. And most of this is theoretical but there is to certainty in this area. And unlike individuals who are more likely to roll the dice businesses hate uncertainty. And were a nation that cant even get a National Data breach law, we are stuck with dozens upon dozens of individual state laws in the area of data breach notification, so what is the chance of a company figuring they have certainty of action even within the United States, no less how that might be observed outside of the country where they are likely doing business. So i think the short answer is, do they there is no clear answer but that factor is enough to make it that big businesses that are responsible are not going to touch it. I think when you Start Talking about extra torit oriole defense, that is a loser from the get go. If you do not have proper legal authority, it is a disaster. In the stand your ground circumstance, you are dealing with a personal threat to your life and the way the law is written is it has to fit that criteria. This could you never make that that legal argument here number one. And number two, again when you decide you are going to breach territorial jurisdiction and go after someone, you have opened up a can of worms well beyond the scope of their threat and that is why we have to and our policy is not there. We dont in the United States have a good offensive policy. I think it was admiral rogers, not that long ago in the last few months, said just as much as that, woe dent have a good cyber offensive policy. We talked about it add em fin item for the entire time i was on Intelligence Community and we could never agree to move to the next place on what that Cyber Defense is. And the administration is going to make china pay for the consequence of the opm hack, i cant wait. I cant wait to see what the heck that is. And candidly im not too excited about what it will be. We havent crossed that threshold to bring everybody into a room and work through this problem. I would long answer to your question, but i dont believe they have the right to go extra trtal to protect what they perceive would be a threat at that point. That is fantastic. Thank you. Thank you so much. If we could give a hand to the speakers. [ applause ] you can see how we can take many hours talking about that but well roll right into the next panel. Capabilities needed to protect and defend economic work. So this played perfectly into that. [ pause in proceedings ] we want to get you out in a relatively timely fashion. So if we can ask you to reclaim your seat or somebody elses. So while were getting our seats, before i turn it over to the panelists for this discussion i want to read a very sport paragraph. There is an intellectual nomans land where military and political problems meet. We have no tradition of systematic study in this area and thus fewly intensely prepared experts. The military profession has traditionally depreciations the importance of strategy where policy is important as compared to tactics. And now we are faced with novel and baffling problems where we try to adapt strategic ideas from the past. We may be better able to judge whether they fit the present and the future. So this was writ flen 1959 by Bernard Brody in his treaty strategy in the middle age. And i recommend it to all. His calls for new ideas in scholarship to deal with the atomic age help the u. S. Create the doctrine and capabilities that guided us for the last half century at least. But i would add there is a nomansland where political, military and economic problems meet wnd no tradition of systematic study in this area. And in our monograph and earlier seminars i have turned to earlier work and i and others did on the nuclear kill chain and thought about the app plick ability to the evolving cyber and Economic Warfare and there are indeed vast differences namely development and acquisition in use. And also what i call in the Previous Panels somewhat referenced it, could we be in a war and not notice metric. I think it is hard to ignore the use of a nuclear weapon. But as we heard in the last panel, we are fully engaged in a cyber enabled economic war. So the kill chain of needed capabilities so to speak may have to be thought about differently. But nonetheless, it is basic elements intelligence, deterrence forensic interdiction, consequence management and recovery serve as a useful way to gage our current capabilities an create the doctrine and technology that we need going forward. At this point i want to welcome our three amazingly talented individuals that will talk about technology and developments. The first is mark dubbo witz from the foundation of defense of democracies where he leads an sanctions and np nonproliferation and iran and the sanctions issue. He heads the center on sanctions and illicit finance and the coauthor of a dozen studies on economic sanctions against iran. So mark. Off to you. Great. Sam, thank you very much. First of all, sam, i hope you will keep me to my five minutes so maybe give me a nudge if ive over five minutes. Ill try to make my remarks short. I want to thank very much for involving me in this project. An amazing project amazing people. Ken, thank you very much for hosting this allowing fdd to cohost this and mark and michael good to be with you. And a special note to a young woman who coauthored this report with me any fixler who is based in new york who is the next generation of economic wars. And i know juan and samantha knows her well and it is satisfied to the three of us when were off playing golf in our retirement someone like annie will continue the fight. Well talk a little bit about the paper that we wrote together. And i want to put us in context. The paper is called cyber enabled swift warfare. And we call it swift warfare because the case study as part of the analysis is the Swift Financial messaging system so which is the global standard if i want to wire money to one my citi bank has swift codes and juans bank at chase can talk to each other and i can wire money to juan which i do often. Thank you. Absolutely. So the key of looking at swift swift was the high point of the u. S. Governments Economic Warfare campaign against iran. And it reminds me there was a point in time where we engaged in Economic Warfare against iran. This is coming at a particularly troubling moment for me having spent a lot of time working on iran to see the u. S. Government dismantle the sanctions infrastructure weve put in place in pursuit of this nuclear deal but that is a topic for another panel. But certainly for a period of time, as david sanger explained in the new york times, the u. S. Treasury department where juan worked and under juans leadership and stewart levys leadership and davids and now adam, it was described as the president favorite noncombatant command. For good reason. It was the locust for Economic Warfare against the Iranian Regime and it was a decade of measures that began under president bush and the designation of key iranian banks an revolutionary gardenities and it cul main ated in the passage of sanctions legislation by congress, congressman rogers played a key role in that and it was fascinated because as the sanctions escalated you saw over time, a dramatic impact on the iranian economy and the decisionmaking. And some of the key events along the way included the u. S. Treasury deposit patriot act 311 where there was a finding that the jurisdiction of iran, the Financial Sector was a jurisdiction of Money Laundering concern. It was legislation passed by menendez and kirk which designated the central bank of iran as the primary concern of Money Laundering. And in 2012 congress over the objection passed legislation threatening sanctions against the bords of directors of swift and that encouraged the europeans and eventually swift to excel dozens of iranian banks from the swift system. It was unprecedented. The first time in swift system it was the deswifting of Financial Systems an cut off iran from the Global Financial system and made it impossible through the iranians through the system to move money and finance trade and to repatriate their Foreign Exchange earnings. Now it was special a tool of very effective coercion but it was something our adversaries have learned from. And i would note when it comes to swift, weve seen called from the u. S. Congress and the British Congress and from propalestinian organizations to use swift as this instrument as economic coercion. And last year palestinian versions asked swift to deswift the branches in the territories. They asked to deswift russian banks an that led to the response of one of the largest banks vtb bank said that deswifting of the bank would be an act of war, an act of economic war. Weve seen our adversaries try to take our playbook on iran and use it in other ways. In russia, the russians are using Economic Warfare against our allies in central and eastern europe. There they are using energy warfare. The dependence that our european allies have on russian natural gas for example. There is a series of measures offensive measures against russian because of the annexation of crimea and invasion of Eastern Ukraine and retaliatory measures by the russians against our allies and the United States leading to the need for defensive measures. If you move to asiapacific the chinese has used Political Warfare against taiwan to persuade the International Community it should not be recognized as an independent state. The chinese cut off the export of Rare Earth Minerals for a couple of months and the Rare Earth Minerals were key to the japanese chick and in the South China Sea there is territorial disputes between japan and other countries and they have match add naval maneuvers with economic coercion. And so what you are seeing is our adversaries learning from us that the power of Economic Warfare and co ergs as a dominant instrument as coercive state craft. Now the United States and our allies in the middle east and asia and in europe are lucky because the United States is still remaining the dominant Global Financial super power. 81 i think it is of Global Transactions are done in the u. S. Dollar. 60 of Foreign Exchange reserves are held in the u. S. Dollar. 45 of Global Financial transactions are done in the u. S. Dollar. So because of the u. S. Dollars dominant position in the Global Financial system we still wield tremendous power. But make no mistake, that is changing and it is changing in fundamental rays. The russians an the china are creating an alternative to the swift football messaging system. It is in a nascent form right now and they have 10,500 institutions using the swift position but in time it may erode the global dominant position of swift. The chinese have a credit card and interact card which is available in 100 plus countries around the world and it represented 45 of the total number of cards in global circulation and Something Like 25 to 30 of the total transaction value is quite extraordinary. And for the chinese it is useful and the russians because it is delinked from new york. So when we imposing sanctions on russian banks and the chinese moved in and offered this who can offer a credit card delinked from new york and not susceptible to our sanctions. The china have set up the asian structure investment bank. And as a final example and there are many others, the chinese have gone to the imf and asked that the something called the sdr, special drawing rights, which represent a global asset, a Foreign Exchange asset and that asset is linked to a basket of currencies including the u. S. Dollar an the chinese yen and they are appreciate ooging to change the percentage allocation so the wand is more highly represented. And these are examples of how over time the chinese are trying to rerode our global dominance. We may witness a parallel Financial System over time that diminishes the power of the u. S. Dollar. And let me add on this with specific recommendations. Annie and i conducted inviews with folks in the u. S. Government and treasury and state officials, people in europe and asia because we really wanted to find out what kind of defensive measures were we actually taking. Weve been very good ons offense but how on the offense and how good have we been on the defense. In the u. S. , there isnt as much thinking about defensive Economic Warfare. How do we create a economic defensive shield to protect the u. S. And our allies from the use of offensive weapons by the iranians, the russians, the china and other the christians chinese and others. And the monograph came out with specific recommendations but within the government. Institutional changes within the interagency. The idea of create an office of policy and planning at the treasury. State has an office of policy planning and our recommendation is the Treasury Department should have a department where they think about these defensive measures and they have the time unlike those from the treasury who are drinking from a fire hose every day to think what kind of specific measures to put in place to defend the United States and the allies. And number two was Economic Warfare at a sub director from the nsc and there are folks there with a long of a lot of strong planning on the economic side and they understand markets and Financial Markets but having people at the nsc who understand sanctions and elicit finance in the use of Economic Warfare would be useful. And three was establishing a doctrine. We have doctrined from the nuclear age. We have doctrines about Missile Defense and we certainly have a new cyber doctrine that folks have spoken about and an Economic Warfare doctrine would be effective. How should we be using this offensively or defensively. But the idea of setting up an Economic Warfare demand. We have commands in the u. S. Government, most of them at the pentagon, but this idea is a kbhik warfare demand drawing the best and the brightest and the necessary resources across the interagency and our recommendation was to location it at treasury. Im sure there will be debates about that. But the doctrine and the institutional changes are so we can protect our allies against the use of economic coercion. And ill end with this. Israel is an interesting example because the boycott against israel suggests were seeing the canary in the coal mine. Here is a small liberal democracy, an ally of the United States and all of a sudden Economic Warfare is being used against israel in order to achieve political objectives of those who oppose israels position in the territories. Whatever position you take on the territories, whatever position you take on the these regional disputes, my assessment and my conclusion is we should be protecting our allies with Cyber Defenses, ballistic Missile Defenses and Economic Warfare defenses, regardless of the assessment of who is right with respect to a regional dispute. This is canary in the coal mine. As terrorism came to our shores Economic Warfare will come to our shores and we knee to think about the need to think about the economic doctrines to defend that shield. That is great. The only thing i would take with is Economic Warfare has reached our shores. And in their chapters they do delve in if we are going to be serious about this and lets be serious and what does that mean in terms of organizational changes necessary in the u. S. Government. But our next two speakers focus on where really the rubber meets the road, in terms of the technology needed. How we think about that. Because ultimately you know were going to have to be able to back up our words of deterrence with technology. And the first speaker is mikele hsieh in the Innovation Office at darpa which is the defense advanced response agency. Previously he was a Research Scientist at saic and a scientific consultant and holds a hpd in chemistry from princeton. Michael. Thanks. I think i speak for mark as well too when i say that those of us who work on the Technology Side of the house found this to be a very useful and fun exercise to think about the broughter context in which a lot of our work lives. And a premade remark since im still in government, all of the opinions are my own and not those of darpa or the u. S. Government. So im going to begin on a slightly down beat note. Today you cant you can barely turn on your news browser without seeing a fresh story about another u. S. Firm victimized by economic espionage or intellectual property theft. And what is vexing about todays state of affairs is there is not a good path out of this equilibrium. We hope to find new thinking to help us out of the state. One by taking the opinion of a timeless instrument of competition between nation states. And number two, a scientistic perspective on technologies that can potentially help us flip the script on the economic spies and the ip pirates targeting our National Industry and our strength. So to begin we have some history here. The notion of intellectual property noted over centuries as thenen shinement to the inventors of valuable ideas. The economy is sensitive to the climate in which such rewards are expected because in a report by the patent and trademark 75 out of 223 are category gorized as ip intensity and they account for 17 of all employment in the u. S. In 2010. According to the 2013 report by the commission on the theft of American Intellectual property, the us loses 300 billion in protection. If they did that overseas as they did here, it will include jobs and economic growth. Not all countries in the world are serious about protecting a rule of law based ip rights regime but perhaps one of the great ironies of history is the United States has been here before this this problem but on the other side of the problem. In the immediate aftermath of americas war independent from the u. K. Our young republic engaged in a no holds barred campaign of tolerated ip theft against british industry to super charge the young person manufacturing economy. Now the british response to this was quite rigorous. They were fully aware of the stakes of this conflict. They imposed export control on machines an designed and restrictions on grigs and acts of arson against u. S. Factors installing stolen ip. And i know there are hackbacks but this isnt what we have in mind. The idea of hack backs is not new but it has been tried. But arson aside it would not look unofficial to americans today. But the british policy completely failed to stop the diffusion of the most sensitive manufacturing ip into the families of the oceanic rival which went on to clip the u. K. As the manufacturers leader. All of this may sound distressing today and in 2013 it is america playing defense in this game. So to examfy the struggles of our to exemplify, will focus on the Software Industry not only because they are largest by export value but there are new ideas pertinent to the industry that might inspire new thinking for other industry protections as well. To give a portion illustration of what our Software Industry struggles with, in a report by the Business Software alliance. 19 of the software sold in the u. S. Is pirated. But across flarjs is copyrights. There is the deeper and far more morin sid yent theft made possible by extracting theal go ridges and ideas created through vast sums in research and development dollars. So how do we stop Something Like this. Through the lense of how we might protect our Software Industry we develop a new model of thinking how to protect our ip based not only on law of diplomacy but on technology and economics as well. That may change the dynamic between attacker and defender in the ip conflict. The status quo in defending the nations ip industry in general tilts toward the british and as weve seen through historical experience there are fundamental limitations to this kind after poach so it is useful to pull back a step and think about the problem at a basic level. Ip theft is fundamentally as much economic as it is a criminal phenomenon and we have seen through historical experience that laws and diplomacy are limited in deterring criminals from this kind of crime so the question is can we deter economic Decision Makers from deciding to steal as opposed to not steal. Can we raise the technical cost of stealing to such high levels it no longer becomes worthwhile to do so. The good news is the answer is yes but there are some major caveats. Today commercial software is defenseless against being wrung by ip by reverse engineers by the state of art in defending against theft largely consisted of in certificating passive junk code to enable the tacker to give him more code to read and to understand. However, this security through obscurity approach can almost always be defeated in under a day with Standard Software tools and universally guard assin effectual among Software Security experts. But a recent mathematic break through by collaborators has opened up the doors that can baffle even the best engineers. It requires writing the source code equivalent to computing a mathematical problem that requires lifetimes of effort even with the most Super Computers and algorithms known today. That is exciting. Because this is the break through could be the impetuous to imagining where our ip rights are governed by the laws of mathematics. But here are there luge caveats. Realizing such technologies not only for software but maybe for other products as well will radically require new scientific ideas that will take years if not decades of sustained research and effort. But if these efforts are successful, it could ensure far into the future. And to pivot to another problem one of the issues that we have in the cyber threat today is that victims are caught up in a very pathological dynamic in which they have sometimes an interest in concealing their own victim hood. We talked about this in the context of cyber threat sharing. So one of the things that has emerged over the past 30 years is the field called secure Multi Party Computation and this began as something of an academy problem about a little bit more than 30 years ago this was called the millionaires problem. And two millionaires wanted to see how much money each one has but didnt want to reveal how much they have. But this is a contrived problem but have a cryptographic matter it is not confusing and a whole field built up into this in what we call sm pc today. And given that wasnt a problem 30 years ago, what this has evolved into 30 years later is a very valuable and Practical Technology in a very real problem. So in space today there are some dozens, if not scores of space bearing nations. They have satellites going at high speeds and every interest has and every one has an interest in not having them collide but you can give away information but so how do you share information about your satellites would you giving away those kind of secrets. So where the research has gone from the contrived millionaires problem 30 years ago to technology, to actual software today that could help the likes of National Space agencies and Companies Share share their information without revealing private information. This is obviously exciting because these are not trivial problems. For the math gila bendeeks out there, there are objects going relatively speeds. So it is a heart problem and computationally very difficult. And again there is software after decades of investment that gets us closer to that problem. And it is not hard to see how this maps on to the kind of sharing problems within the cyber threat realm which has a nontrivial and important privacy component as well too. So to conclude i think it is fitting that the ingenuity of the american system that let us develop world changing ideas could be the source of defenses to protect those ideas. Thank you. Michael. Doesnt it make you feel hes in the government protecting us. Why should something feel good. Hes tremendous. But the modern day problem of the millionaires problem now is to figure out how much money does donald trump have. That is what it has evolved to. And finally, mark tucker is the founder and ceo of temperal Defense Systems and founding board member of the Cyber Insurance company of america. And at tds he leads a team of experienced white hat hackers and technology that are redefining the paradigm to safeguard networks in the cyber war era. So mark. Thank you. That was a mouthful. Thank you samantha and thank you for inviting me. This is a great way to look at the problem. It is a complex problem. And not quite understood. But when you marry the two terms of cyber war with economic cyber war it brings multiple notions that cross pollinate and define the problem. So before i go into a few things and ideas that i think might help correct the problem, i think were still at the point where we need to quantify and and basically understand the problems dynamics. And when i heard a few things in the Previous Panel i was opposed. And was down there and i couldnt talk to ive held some of those things and i understand where the comments were made and the comments were made because of the trends and the economic things happening and trying to understand the essence of what is going on here is what forums like this are about. And so when you look at cyber Economic Warfare, you are like well, what is it . Well it is war. It is not crime. There is a difference between a war environment and a criminal environment. Crimes happen in war. But i think it is safe to say that if we get some actionable assumptions and say okay maybe it is not approval 100 by preponderance of the evidence means this ascension is pretty good and we means this is start pretty good idea and we need the department of Cyber Command now and multiple departments of everything. But the core of the problem, i think is still a little bit illusive. So i think a few things in the first panel were perfect and spot on. So lets say actionable assumption. Cyber war is here and upon us. And i would go so far as to say when did cyber crime become cyber war . What Inflection Point in time did that happen . That happened in the stocks net attack. That was the shot heard around the world and that is when cyber war became kind of like the turning point of criminal gangs and all of the activities happening to something that became a a physical damage was caused and it caused geopolitical out comes because of it. And that is the shot heard around the world, we can assume that cyber war is herech and then we look at what is the dynamic of cyber war look look. It looks like low intensity. That is what it looks like to me. It is not the balance between the nuclear war area where everybody put up the huge offenses and nobody struck. Why . Because the proliferation has already occurred. That dynamic doesnt exist in cyber because there are too many actors and it takes one individual so that would be equivalent to saying well if we think about it like trying to do a Nuclear Power arms race buildup of offensive cyber weapons, it wont work because we cant control it. There are too many points of attack heading through. But if you look at it like a low intensity intensity conflict you can say cyber war is here for a long time and there are interesting things that will happen. And the Playing Field if i could compare a few examples of where a low intensity con flick is occurred conflict is occurred, we look at iraq in 2004. America comes in. We take the country over. I was there, so the ground truth i had then is equal to the ground truth i have now on the problem and so i see it on all different levels. So when i was first there there was a bomb here and in essence, there was a power void, saddam was gone and nobody knew what to do. The criminal gang started to move first. There was a little bit of activity happening. What happens when those types of low intensity conflicts evolve theres coordination and then theres six bombs going off at the same time and frequency going up. When we look at the threat horizon over a 20 year period basically were seeing a negative threat for 20 years, negative trend occurring. When most of that occurred think of it as cyber crime era now in the cyber war era weve seen the curve steepen. In essence, whats happening, you look at the battlefield and the battlefield is interesting because its all around all of us and its global. You say whats going on . The frequency of attack is occurring and battlefield softened. We see attacks on the banking system, on the Transportation Systems and all these negative economic pieces, we havent seen anything yet. This is the normal course of a low intensity conflict. The next stage is coordination. When coordination occurs people will get worried and scared and plan is completely required. What we should be doing is learning from these types of discussion points to get ahead of the curve and make this plan. If we take the assumption were in the cyber war era, it looks like low intensity conflict. Weve got a power void because nobody is controlling whats going on, then were saying, okay, well maybe we need to come up with some assumptions of how we got here. Why is security so bad . You can borrow economic principles to understand that. Its pretty easy. The question was asked is why dont the manufacturers share in the liability . You want to know why . Because bill gates dad was an attorney and very smart attorney. Every time you Load Software hit an okay button and basically take the liability and shift it over to you or company, you do shift that to your company. It makes total sense we have so many security holes because the economic incentive is not with the manufacturer of these products. A part of what steve was talking about, while i disagree with him, i understand how he got to those notions. You cant fix the problems so all we have is offense. I would suggest this, that we can fix the problem. The defensive problem is fixable. Like any problem, we have to be able to quantify it. If we dont quantify the problem and we cant measure the problem, we dont know if its improving or getting worse. We can see the attacks move up and down, but we dont know how to compare one technology against another technology. What is this security of this industry . What is the baseline . We dont have any of those metrics right now. One of the technologies that maybe wont shift liability back to the manufacturers, and people know one operating system scores a three and another scores a four in security. So what that will do is it will allow economic principles to basically take the security responsibility and allow the consumers and purchasing manages to buy more secure stuff. Once we know how to measure it, and that technology is in existence now, we can say, all right, we will change the evolutionary path of technology because now that we can measure it, its no longer good enough to say i have good security. I have a firewall, i have antivirus. And i have an intrusion detection system. What will happen is you will say your security is a 3. You may have all those things but those things arent basically raising your level of security so by raising the standard use of measure for technology, which is called qsm, which is one of our companys products which we worked with George Mason University over years to solve is a block to change this shifting liability landscape and allowing the security level to go back into technology. We look at these problems, theres an okay button. That okay button sure did a lot. Yes, it did. But theres also things that did a lot to technology. Moores law, for example, every two years a chip gets twice as fast. There hasnt been any interesting profound observational laws even, right . If we have this 20 year negative trend threats keep going higher and higher now at an increasing point, we can get ahead of that curve by lets say two years so all of a sudden, we have the ability to Measure Technology security and we can start to use americas creativity and americas production force and harness the countrys resources on a technological basis thats now focuses toward better security, we can come up with maybe the ravage law and say, well, if america stays two years ahead on security, then were basically going to hit an Inflection Point where that trend starts to go down. As long as we stay two years ahead, then all of a sudden were heading in the right trajectory for defensive security. In this american cyber action plan, kay, 85 of resources are some number. 85 is defense and the rest offense. For example. We have to come up with those measures and those metrics and then we basically have to coordinate as a country to utilize our resources to win. Were america, we own the Technology Market still. We way not own the manufacturing base, theyre still our ideas. Why do you think theyre stealing our ip . Were ahead. Lets use the things america can basically take to market and the fact that our vulnerability is the fact that were connected, right . Thats also our greatest strength. If we harness what put us here and look at it in a different way, i think we can make an improvement on the defensive side and on the offensive side if we start thinking of the problem like low intensity conflict and we create things to beat cyber insurgencies which is basically whats happening, and we kind of look at the surge, we can have a Banking Industry surge to basically take the fight back to them and to create those deterrent portions. Its not going to be police type of effort because theres no laws being enforced and ability to basically bring someone to justice is very difficult. It will look like a low intensity conflict cyber war environment. Anyway, my time is up. Thank you. Thank you, mark. Before we do to the questions, i wanted to mention, when we started this project, we really wanted to create a larger group of people that are interested in this topic that take different pieces of the research on to move it forward. We never wanted it to be that this is the be all and end all. Theres a lot to go forward on this. One of the things i think this panel and the last one really showcased are the needed kind of places where policy and new technologies come to bear. On that, i was Hudson Hudson institutes cofounder herman kahn, wrote the six desirable characteristics of a deterrent. A deterrent to be successful must be frightening, inexorable, persuasive, cheap, nonaccidentprone and controllable. If we even start with those six things and you can imagine having the policymakers, war fighters, technologists around a table saying heres the problem, how do we create a deterrent that rests with sound policy, doctrine and the technologies to be able to do what kahne recommended, i think we would really move this conversation ahead. My trajection yeah. Wait one second. Fdd center on sanctions and elicit finance. Great thought provoking panels. There was something said on the first panel that provoked a question i think is appropriate for you all which was the reference to us losing the space race. It made me think about president kennedy decades ago. He set the goal when he set the goalposts and the undercurrents of getting to the moon and the space race. The undercurrent was our competition with the soviet union and tremendous threat that was there. Over that decade he really galvanized the country galvanized with this goal inspiring and very positive. If we were to look at the cyber war, cyber race, what would be the goal or goalposts . Is there a way to galvanize this next generation of young people and others within our society to target a specific goal so we could win the cyber race, which were losing. Do you want to take this first . Thats an analogy often drawn. Of course its problematic because with a space race, theres clearly defined goalposts as to progress, sending a man to space setting a man on the moon, sending a device to mars and beyond and so on and so forth. The problem with cyber is the agenda is much more diffuse. There are the kind of cyber problems that exist on machines in networks and as chairman rogers mentioned to Previous Panel, anthropological problems. One of the things that tends to be a distracter on the cyber debate is overemphasis on technological dimensions. Theres homoen dimension as well. All Security Problems are human problems. Looking at statistics of the type of compromises that occurs, somebody opens an email or opens an attachment and goes to a link and all hell breaks loose after that. At the end of the day, youre not going to get away from that because we dont Design Software and networks for machines. We design them for ourselves. Where we could possibly direct one area of research actually is to say that we should stop blaming the human because we are human. We should be able to open up a link or attachment or go to a site without trembling in mortal fear it will compromise the entire enterprise. Whereas i think theres going to be a much more diffuse kind of agenda for the cyber problem i think there are some problems could still be very ambitiously stated, very much like the problems of the space race, too. Thats one of them, but im sure there are others, too. I would add to this, maybe too simplistic. When it comes to cyber the notion of winning were cautious about. Were careful about. We dont actually want to win in cyber, we want to survive. In historical terms we invent the cannonball. We dont want to win using the cannonball, we want to survive if the other side gets one. We invent missiles. Again, we dont want to just win using missiles. We want to create Missile Defense shields just in case the other side develops bigger missiles than we have. There seems to be hesitation when it comes to cyber. I dont work in the cyber field, but i sense it in the language. The goal should be we will win this cyber war and any country that launches a cyber attack against us will be met with fearsome retaliation. I dont know what we will do against chinese because of opm. No idea. I dont hear in the rhetoric of the president a commitment to actually win. I think we need to send a message, were the United States of america and whether you hit us us with cannon balls or missiles or Cyber Attacks, our retaliation is fearsome and our goal is to win in the cyber world as we won i think, in missiles, and we won in cannonballs. Its a commitment at that level before we get into exactly how we do it on a technical level and how we reorient the u. S. Government on an institutional and a doctrinal level in order to do so. Mark. I also think theres measurable goalposts along the way. For example when we hit this turning point in the 20 year trend ticks down, what is going to actually happen . If we say what will happen on the pla side or china side, unit 61398, all of a sudden, all the millions of agents theyre watching on their screens and monitoring, go dark. Thats actionable. When that happens you know what we will see . We will see that unit freak out. We will see them go back in the drawing board and working day and night start sending minions out to try to get new points so they can basically reinsert new types of agents. This is what i mean by weve got to stay two years ahead. If we can stay two years ahead the effects are dramatic. Right now, what we have done is stayed complacent and let all these agents and things and supply chain infections permeate everything. Just like that where were saying, lrtd, when the turning point hits, how will you know . That unit the biggest unit in the world right now that is basically one unit against us theyre basically, their agents go dark. Then well see actions because of it. I think we can measure the number of cyber events that occur and measure the amount of money thats stolen from a bank or credit card. I think we can come up with measurable are we winning metrics. Heres just a quick addition to that. Heres an indication how youre losing. I was read through the iran deal the other day and everyday its a new surprise. But my yikes moment of last week is i discovered that United States and our allies, we commit to protecting the Iranian Nuclear program against sabotage. Okay . So in effect what were saying is were going to predict the Iranian Regimes Nuclear Program against the ability of the United States, israel, other allies to use cyber offensive weapons against irans Nuclear Program. Regardless of what happens with that Nuclear Program in, ten years, 15 years time it will be of industrial scale with near zero breakout and sneakout. Theyll have an icbm and powerful economy and even then well commit to defend their Nuclear Program against cyber sabotage. So, thats not the shot to the moon. Thats not a commitment to winning. Thats actually, were going to harden our adversariys Cyber Defenses. Sir . My name is rich willhelm. I ran all of our business with the intelligence agencies. But 20 years ago i had a job similar to yours on Vice President gores staff, samantha, where we did round one of all of this. Youre so much farther ahead now. But im struck by one thing. Yes, we are much farther ahead. We understand the threat a lot better and theres a lot more technology out there. But im struck by how little progress weve made in solving the central policy issues that will be required to actually move ahead. And, you know, my thinking over the years, i think has matured some what and it seems to me that were essentially trying to solve the problem where boundaries dont count on a legal policy, an organization and bureaucratic framework where boundaries really do count. And im not just talking about geographic boundaries. Im talking about the difference between private and Public Sector responsibilities between domestic and foreign, you know, if you look at the Intelligence Community. And we need some new framework. What this is a question really for you, mark. You talked about i mean the government response has been to create new organizations but not fundamentally alter the existing boundaries that exist in law of our existing agencies. What do you think a likelihood is that we can solve that problem over the long run and that there is a new paradigm that will emerge so that so that the interfaces between the various agencies operate a hell of a lot more smoothly than they do right now . Right. Thank you for that question and for your service on these issues. I would say that im somewhat optimistic. I have seen it from the outside on the offensive side. I think weve done a pretty good job. A lot of credit to juan and the folks at the office of terrorism and financial terrorism and treasury. Who ever heard of tfi or ofac 15 years ago . I hadnt. Im sure lots of folks in this room hadnt. But what juan and his colleagues did at tfi and ofac had been around a long time, is they took institutions, agencies in the u. S. Treasury department, and they turned them on offense. I think that a really remarkable job not just leveraging government but leveraging markets. The real secret sauce of our financial coercion on offense was not what we did to governments. Its what we did to companies and Financial Institutions in changing their risk reward assessment with respect to doing knz with rogue regimes or terrorist organizations. It was giving them a fundamental choice. Can you do business with our 17 trillion economy or irans 3 auto billion economy. If you do business with their 350 billion economy, youre going to be doing business with the revolutionary guards and a number of very bad actors who are engaged in a range of elicit financial activity. That was the sort of genius of that program. Congress played a significant role, other agencies played a significant role. I would say its been a very successful program. Im obviously very skeptical about whether we actually use those incredible resources and achievements towards right diplomatic ends. But at the end of the day we certainly hone the instruments and our paper tries to look at it from the other point of view. Now with those instruments honed on offense and other countries and adversaries using the same powers, how can we reorient the government to start thinking about creating a defensive economic shield . We started to make moves on the side where we have Cyber Command. Im learning about the deficiencies weve got in that area. But from an Economic Warfare perspective, the folks at tfi dont have the time to actually think through defensive shields. Which is why an office of policy planning is useful. It will be useful to have that director at nsc. I think it would be useful to have an Economic Warfare command to think through on the cyber side and on the traditional Economic Warfare side, how do we defend the United States. And ill end with this. Heres a good news story to me. State of South Carolina just passed legislation. And the legislation simply says that any country that actually uses Economic Warfare against one of our allies will be denied federal state grants from South Carolina and that the state pension fund of South Carolina will have to divest from any Companies Engaged in Economic Warfare. Against one of our allies. Thats interesting. Thats at the state level. Its the state of South Carolina. Its effectively saying you use Economic Warfare against the United States or our allies, dont come do business in the state of South Carolina. And youre starting to see the spread across the country. Illinois just did something similar and other states are contemplating. Thats creating a defensive shield at the state level, which i think could be created at the federal level through executive orders legislation, and creating a defensive economic architecture led by many of the same people who have been so successful on offense. Thats great. And take one last question. And just so that you political scientists or ir theorists dont think that there is a place for you in this robust debate and moving forward and just a place for economists and technologists, we need a better understanding of how the different adversaries view their strategy towards us. There is absolutely no reason to think that what is in what the russians are doing or how theyre organizing is in any way similar to what the chinese are doing or the iranians are doing or North Koreans are doing. So an understanding of those states and how they view strategy and tactics is a must in all of this piece and one telling point on this is that in the weeks before the sony hack, the North Koreans were speaking out at every opportunity they had, screaming that the movie that sony that sony was going to release the interview was an existential threat to north korea. So the north korean watchers, you know, knew that the North Koreans may possibly be gearing up to take action, retaliatory action. Of course, when the sony hack hit, they were the first ones to say, you know, look over at pyongyang. All right. Last question, sir . Dr. Shea used the phrase cryptographicly sound. It reminded one that there are parts of the u. S. Government that are using cryptographically sound practices. Which raises the question how serious the u. S. Government is about the whole idea about being cryptographically unsound has its advantage, and any technology you have, the guy will get in a year or two afterwards. Any comments. I should preface all this by saying today im speaking as an individual and not as a representative of either my agency, department, or the u. S. Government at large. But i think i should also preface or append to my earlier comments that im essentially talking about things that still live very much in the research space. And so obviously cryptography means a lot of different things. When youre talking about mature technologies verses a lot of things that still happen in Academic Circles and so on and so forth. And so when i say use terms like security and this cryptograph context, maybe the better word should be provable security. In a sense that we can quantify how much security were getting given certain settings. I think that is a more accurate way to characterize that. Well thats wonderful. I think with that im going to wrap up unless you have one last statement . Okay. All right. I thank you so much. And stay tuned for the synopsis of this seminar, the survey results. Again, i encourage you all to take it if you havent. Its fast and anonymous. Thank you again. Have a good day. This month, cspan is looking back at the cities and towns we visited this year, showing you the history and cultural life of the areas. Today, we stop in austin, texas. That begins at 6 00 eastern. Tomorrow, the Senate Banking committee holds a hearing on sanctions relief thats part of the iran nuclear agreement. Witnesses include the lead negotiator for the u. S. , wendy sherman, undersecretary of state for political affairs. You can see live coverage on cspan3 tomorrow morning at 10 00 eastern. President obama goes to American University here in washington, d. C. Tomorrow to talk about the iran nuclear agreement. Hes expected to counter criticism of the deal and explain why congress shouldnt block it. Cspan will have live coverage of the president tomorrow morning at 11 20 eastern. Yesterday, president obama spoke to a class of 500 Mandela Washington fellows, part of a president ial summit for Young Leaders from subsahara africa. The purpose is to train them with entrepreneurial skills they can take back to their communities. President obama talked to the group for just over an hour. Thank you. Well, hello, everybody. Happy birthday to you happy birthday to you happy birthday to you thank you. Thank you. Everybody, sit down. Thank you so much. Well. This is a good crowd here. First of all can everybody please give grace another big round of applause. You know not only does she do incredibly inspiring work in nigeria, but i have to say following grace is a little bit like following michelle. You know shes so good that you kind of feel bad when youre walking out. Because youre thinking, im not going to be that good. But shes just one example of the incredible talent thats in this room. And to all of you, i know that youve been here in the United States for just a few weeks but let me say on behalf of the american people, welcome to the United States. Were thrilled to have you here. And your visit comes at a perfect time. Because yes, its soon my birthday. And thats a very important thing. But thats not the main reason its a perfect time. The main reason is because as many of you know i just returned from africa. And it was my fourth trip to subsaharan africa. More than any other u. S. President , and i was proud to be the first u. S. President to visit kenya, the first [ cheers and applause ] the first to visit ethiopia. The first to address the african union, which was a great honor. And the reason i have devoted so much energy to our work with the continent is as i said last week even as africa continues to confront many challenges africa is on the move. Its one of the Fastest Growing regions in the world. Africas middle class is projected to grow to more than 1 billion consumers. With hundreds of millions of mobile phones and surging access to the internet. African aare beginning to leap frog old technologies into new prosperity. The continent has achieved historic gains in health from fighting hiv aids to making childbirth safer for women and babies. Millions have been lifted from extreme poverty, so this is extraordinary progress. And young people like you, are driving so much of this progress. Because africa is the youngest continent. I saw the power of youth on my trip. In kenya. Richard ruuto helped build yes youth can, one of the countrys most Prominent Civil Society groups with over one million members. At the Global Entrepreneur center in nairobi they spoke about how they started Brilliant Footsteps Academy in nijore yeah, which uses education to fight religious extremism and provide more opportunities for young muslim youth. I met judith, an yauntentrepreneur who cofounded a nonprofit that trains young women living in the slums of nairobi in Computer Programming and Graphic Design and helps place them in tech jobs. So i saw the talent of young people all across the continent. And as president , i want to make sure that even as were working with governments, were also helping to empower Young Africans like all of you. And thats why ieded yali, Young African leadership initiative, to help you access the resources to help you access the resources and training and networks you need to become the next network of leaders in all areas, in Civil Society and business and government, and the response has been overwhelming. So far more than 140,000 young people across africa have joined our yali network. So Young Africans with new ideas can connect with each other and collaborate and Work Together to put their plans into action. I want to welcome all of the yali Network Members across africa who are watching this town hall today. Im proud of all of you. Im proud that weve made so much progress together after just a few years. And last year, i said we would launch a new set of tools for our yali network. So today weve got more than 30 online lessons available on everything from public speaking to how to write a business plan, mentoring. New ways to Network Across africa, around the world. New training sessions. Meetings with experts on how to launch a startup. And were launching three new online mandela fellow washington Fellowship Institute courses so that all members of the yali network can access some of the great ideas you have been sharing. Last year, i said that we would create yali Regional Leadership Centers across africa to provide skills, networks and opportunities to even more Young African leaders. And in kenya, i had a chance to visit the Regional Leadership Center in nairobi. This morning, we opened a new center, and two more will be open by the end of the year. [ cheers and applause ] last year, i said we would do even more to support young entrepreneurs with grants. To help you start a business or nonprofit. And with new training for thousands of aspiring entrepreneurs in small towns and rural areas. So at the recent Global Entrepreneur summit in nairobi i announced we secured more than 1 million in commitments from banks and philanthropists to support emerging entrepreneurs around the world, including in africa, with half the money going to support women and young people. And last year, i welcomed our first class of mandela fellows. This year, the response was overwhelming again nearly 30,000 applied. And today i am honored to welcome you, the second Mandela Washington fellows class. Were on track to double the Mandela WashingtonFellowship Program to 1,000 fellows by next year. And i know youve been busy. Over the past few weeks schools and businesses all across america, you have been taking courses, developing the skills youll need to make your ideas a reality. So that youre able to continue the great work that youre already doing, but take it to the next level. Thats what brian plans to do. Where is brian . Where is he . There he is right there . So brian uses music to advocate against things like genderbased violence and to educate youth on hiv aids. So while in the u. S. , hes learned about our health care system, met the founder of an american hiv aids organization, and now he plans to start a record label for music about social change. Brian, were proud to be your partner. Or weve got Kadijah Diallo where is khadijah . There she is. So, she helped lead unicefs Media Campaign to stop the spread of ebola. With the management skills she gained at wagner college, she wants to work on improving the lives of women and girls back home in guinea. Were proud to be your partner. Or weve got Jamila Mayanja of uganda. Are you posing . She is posing. Jamila is not a fashion model. Thats not shes started a doortodoor Laundry Company to employ more youth and teach them entrepreneurial skills and she hopes to take what she learned at her time at Dartmouth University to meet her goal of getting 1,000 youth to work in or run their own business. Were proud to be your partner. So thats just a sampling of the incredible projects that are being done by fellows all across africa. So this programs going to help all of you make a real difference back home. But fatou from senegal, where is fu futou. She wrote me a letter and said if the real value of yali is for young people to learn for mothers, maybe we should start sending Young Americans to africa also. She made the point, not just to help poor communities as they usually do, but to learn from other societies with humility. And which i thought is absolutely true. So i have good news. From now on well give americans an opportunity next summer, up to 80 american leaders will join [ cheers and applause ] up to 80 yearn american leaders will join yali and go to africa to learn from you and your countries. And you guys are going to have to look after them when theyre there. You know, show them good places but not too much fun. They need to be doing some work while theyre there. So these connections and partnerships and friendships they forge an understanding that brings our peoples closer together. After six weeks here, some of you are now officially Texas Longhorns or notre dame fighting irish. Youve shared african cooking with your american friends. But you have also had a burger and a hotdog and a fourth of july celebration. Im told many of you went bowling for the first time. I heard it didnt go that well. There were a few strikes. By the way, there was at least one marriage that came out of last years class. [ cheers and applause ] so who knows what might happen here. So as your time in america comes to a close, i want you to remember this is really just the beginning. We just started this. And the truth is that our greatest challenges, whether its Inclusive Development or confronting terrorism dealing with conflict Climate Change, increasing womens rights childrens rights. These are bigger than any one nation or even one continent. Our hope is that 10 15 20 years from now, when youve all gone on to be ministers in government or leaders in business or pioneers of social change, that youll still be connecting with each other that youll still be learning from each other and that together youll be reaching back and helping the next generation. That youll not only be making a difference in your own countries, but youll be the foundation of a new generation of Global Leadership. Generation thats going to be working together across borders to make the world safer and more prosperous and more peaceful and more just. Thats my hope for you. Weve brought you here because we benefit from your leadership. But were counting on you to Work Together to make sure that youre also reaching back to those who are going to be coming behind you. Couldnt be prouder of you so with that, let me take some questions. All right. Thank you very much. All right so i think you have been told how this works but im going to just repeat it. Im just going to call on as many people as possible. When i call on you, introduce yourself. Tell me what country youre from. Make your question relatively short. So that we can get as many questions in as possible. And im going to go boy girl boy, girl. To make sure that its fair. All right . Okay. So let me see who im going to start off with. This is such a good looking group. Im going to start with this young lady right here. Right in the middle. Yeah. There you go. With the african earrings. Very appropriate. I am from kenya. Yes. And my question is, im curious how you keep the balance in terms of your background as an africanamerican and the kind of struggles youve had to get over to get here and be married to michelle obama. Shes amazing, and as a father as a husband, but you seem to not let that interfere with your work, and you have been effective. So how do you keep the balance . Well, first of all, i wouldnt be who i was without michelle. So shes my partner. [ applause ] and thats true professionally but thats true in terms of my character and who i am. One of the things im very proud of is the fact that i married someone who is strong and talented and opinionated. And my equal. And part of the reason why thats so important to me is because shes the role model now for my daughters. And so malia and sasha, they have expectations of being strong and talented and being treated as an equal by their partners as they get older. Much older. You know the balance i have written about this, the balance isnt always perfect. I think one of the things that my generation but now even more your generation has to manage is if you have two people working in the house outside the home, how doo you manage that in a way that were both good parents were both able to succeed in our work, and what michelle and i found was that we had to recognize that at any given point in our careers, one person might sacrifice a little bit, maybe this was a time that she really had to focus on something and so i had to cover for her more. There were times where i was able to do something and she had to handle things more. Now, im not suggesting that its been completely equal because im the first one to acknowledge that shes probably made more sacrifices given the nature of a political career than i have. But what i have learned from her is that if she doesnt feel respected and fulfilled, then im going to end up being less successful ultimately. And thats something that i think that men in africa in particular, but men everywhere, but men in africa, i have spoken about this a lot. You know the best measure of how a country does economically in terms of development is how does it treat its women . And as i said in a speech a couple of the speeches that i gave while i was in kenya and ethiopia, if youre mistreating your women, then youre just holding yourself back. Youre holding yourself down. You may have some false sense of importance, but ultimately, you dont benefit if women are being discriminated against because that means when your rurre working, your family has less income. If theyre not educated that means your children are less likely to be educated. Typically, the mother is the first educator of the child. If they see you disrespecting your wife, then what lesson is your not just your girls but what lesson are your sons learning from you . And so, this is something that i really think everybody, especially the young generation of african men have to learn. And internalize. And i want to see more men creating peer pressure among themselves. If you see a friend of yours, a classmate, one of your buddies abusing a woman you have to say something. You know, you have to ostracize them. And say thats not acceptable. Because ultimately, this is not just an issue of laws although here in the United States were still fighting for equal pay for equal work. Were still fighting to make sure that women have the same opportunities as men. But its also a matter of culture and what our expectations are. And your generation is going to have to change expectations. You do not lift yourself up by holding somebody else down. And thats especially true within your own family and the people youre closest to. That young man right there in the striped shirt. Yeah, you. Thank you mr. President. My name is andre, from rwanda. We have a little cheering section here. Got the flags. Mr. President , there is a big problem of Climate Change, and research has showed that africa would be the most continent to Climate Change. Africa is the continent which is responsibility for reducing Greenhouse Gases in global warming. I saw that africa was the last continent to get the funding for Climate Change mitigation and adarptation. What does the president of the United States empower africa so our community can adapt themselves to Climate Change in the next future . Thank you. First of all, first of all, this generation has to understand that Climate Change is going to be one of the Critical Issues that you face. Now, oftentimes youll hear people say well, Environmental Issues, Climate Change we dont have time to worry about that right now because we have much more urgent issues. We have to educate our children, feed people develop, maybe later we can worry about Environmental Issues. Which i understand why a lot of african countries and, you know, poor countries in asia or latin america or other places would say that, because historically, thats basically what the United States and developed countries did. The United States used to be terribly polluted. If you went to los angeles you couldnt it was like beijing is now. It was very hard to breathe if you ran outside. You had lakes and rivers that were so polluted that one of them caught fire. Thats serious. Thats some pollution there. You know, the same is true in london. When london was first developing. During the industrial revolution. Because of all the coal that was being burned and the soot. Heres the problem. Whether its fair or not the issue of Climate Change is not like traditional Environmental Issues in the sense that its just isolated in one area. Global Climate Change will affect everybody. And because the changes could be so severe, frankly, the countries that are most likely to be adversely effected are the poorer countries. Because they have less margin for error. So if you have changing weather patterns in, lets say, the indian subcontinent and the monsoon rains shift, suddenly you could have millions of people whose crops completely fail. The same is true in africa if rain patterns and drought starts changing subsistence farmers are completely vulnerable. If you are in coastal communities and the oceans begin to rise millions of people could be displaced. So this is something that everybody is going to have to take seriously. Now, what were going to be doing is here in the United States, we are initiating some of the most aggressive action to start reducing the emission of carbon that produces Climate Change. Theres going to be a paris conference later this year in which were organizing china and other countries that are big carbon emitters to participate and set targets for reduction of carbon pollution. Now, africa per capita doesnt produce that much carbon, so some african countries have said, well, why should we have to do anything . Well, the answer is that you have to project where youre going to be 20 years from now or 30 years from now. If you get locked in now, in, for example, the way you produce energy, thats producing a lot of carbon, given the youth of africa and its rising population, you could end up being the major carbon emitter if you dont take plans now. So what were saying is learn from our mistakes and find new sustainable ways of Generating Energy that dont produce carbon. When i was in nairobi i highlighted the work were doing with something called power africa. Which has generated billions of dollars with a goal of electra electrification throughout seb saharan africa. But part of what were trying to encourage countries to do is dont automatically take the old models. Think about new models of Energy Production and try to leap frog over the old models. So for example, with solar energy, we were looking at solar panels that you could send into rural areas put on the roof of a hut, and for the same price per day that people are purchasing carekerosene, they could have a small solar panel and pack that generates light and provides what they need, and in fact, it will pay for itself in a year and then theyll save money after that. And so in the same way that you have seen banking and financial trancesactions off smartphones, cell phones, leap frogging some of the other ways of doing business in advanced countries, the same has to be true for energy. And we want to encourage new models. We are going to be providing the United States another wealthier countries are going to be provided billions of dollars in money for adaptation and mitigation, but how do we create the energy needed for africas growth and development in a way that does not make the problem worse but instead makes the problem better. All right. Okay. This young lady right here. Yeah. You got the mike coming. Hello. So my speak up just a little bit. Hello. My name is amel. Im 23 years old. So my question is simple. You, as a president , and you as a citizen, a u. S. Citizen, will you after leaving the white house keep up this program because we still need it . Yeah. It is a simple question. And ive got a simple answer. Yes. Now, heres where were going to try to do. We want to institutionalize the program so that the next president and future president s and the u. S. Government continue to sustain the program. So thats going to be important. And you know, since i still have this job for the next 18 months i havent been completely focused on what im going to do afterwards. The first thing im probably going to do is catch up on my sleep. Im going to do that for a couple months. But i can guarantee you that one of the things im interested in doing when i leave office is to continue to create these platforms for Young Leadership across the globe to network, get relationships, to Work Together to learn with each other. And by the way its not just in africa. So weve set up a Young Leaders program in asia. Were doing the same thing in latin america. Because the goal is, eventually, i want not only for there to be a network of thousands of Young African leaders who know each other across borders are sharing best practices sharing ideas, but i also want you to know Young Leaders in indonesia or Young Leaders in you know chile, or Young Leaders around the globe. Because as i said before ultimately, youre going to be Global Leaders not just leaders in your own country. It begins in your own countries, where you can make your mark. But one of the powerful things about technology and the internet now is you can learn and forge relationships and learn best practices from every place. So if youre an advocate for womens rights and youre doing great work in nigeria, it may be that somebody in burma can on the internet see how you organized your campaign and how you were able to finance it and what you were able to accomplish, and suddenly, what youve done in one country becomes a model for action all across the world. So this is going to be a top priority of mine. I will definitely continue to be involved in that. All right. Lets see. Got to call on a man now. Lets see. Lets see. Im going to call on this guy right there. You right there. No, no. Yeah, you right there. Just because just because i like that hat. Thats a sharp looking hat right there. My name is sabir. I come from madagascar. There you go. We are involved in the environmental entrepreneurship. What is the commitment of the United States towards young entrepreneurship and Climate Change . Well, as i said before, we are pledging weve got a billion dollars for entrepreneurship. Half of it we are going to direct towards Women Entrepreneurs and young people who are entrepreneurs because they have been underrepresented in terms of access to capital. And as i mentioned to the young man earlier, the opportunities for entrepreneurship related to clean energy, related to conservation, which oftentimes in a place like madagascar involves tourism and ecotourism theres huge potential there if its done properly. So the key is in some cases just the access to financing, but part of what youve learned hopefully with yali is part of it is also having a well thought out plan. Now, not everybody can afford to go to a fancy Business School and graduate and one of the things that were trying to do particularly through Online Learning is to create some of the basic concepts for how a business or nonprofit can get started and how it can be properly managed and do the accounting in a way that is sufficient. We wab to make sure want to make sure that we are a continuing partner for you as you start your business and you learn. And that is where the Regional Networks that were setting up is also useful. Because not only do we have Online Learning but the regional hubs initially in four regions of africa allow you to continue to network and access through the u. S. Embassy or the chambers of commerce or private sector participants partnering with us so you can have handson mentoring and learning as youre developing your Business Plans and trying to move forward. The one thing for those of you entrepreneurs or aspiring entrepreneurs is to remember, all around the world even in the United States, not every idea succeeds. So if you want to be an entrepreneurs with all your business, you have to believe in your heart you will succeed and if the business fails you have to get up an dust yourself off and learn from what you started and start another business. And eventually it is from continually refining your ideas and exploring what works and understanding what your market is and what consumers are looking for that eventually you have a chance to succeed, all right. Okay. So a young womans turn now. Well shes just dancing over here. So well have to call on her. That doesnt mean by the way that everybody should dance. I wanted to point out. Mr. President thank you. My name is madeline gamu from cameroon and i would like to find out when you will support africa offer for prerm innocencely as the u. N. Security council. Thank you. [ applause ] so the Security Council was formed after world war ii. And obviously the world and the balance of power around the world look different in 1945, 46, 47, than it does in 2015, 16 and 17. So the United States is supportive in modifications to the structure of the unationed nations Security Council. Ill be honest with you, how that happens and how you balance all of the equities is complicated. As a matter of principal i would think that there should at least be one representative from the african continent on the Security Council along with representatives from the other regions of the world and some of the other powers that have emerged. I will tell you that, because for example, latin america does not have a country that is represented. It does get complicated because you have to figure out how let me put it this way. Everybody thinks they should put it on it. So even in africa they say we should have an africa. Is it south africa is nigeria is it see. Uganda. See, everybody is thinking, well why not me. The same is true in japan considers itself one of the largest economies in the world brazil thinks it should be on india, the Worlds Largest democracy. So were going to have to design a process whereby all of the various legitimate arguments are sorted through. But what i very much believe is that for the United NationsSecurity Council to be effective it has to be more representative of of all of the various trend lines that have occurred over the last several decades. One thing i will say though about the United Nations, everybody wants a seat at the table but sometimes people dont want the responsibilities of having a seat at the table. And that is happening even now. And the one thing ive learned both in my personal life and in my political life is that if you want more authority then you also have to be more responsible. You cant wear the crown if you cant bear the cross. And oftentimes in the United Nations, and im dedicated to and the agencies there do critical and important work, but when it comes to who will actually ten up and contribute to peace keeping, who is gooding to write a check when it comes to making sure that were dealing with the ebola crisis . Who is going to show leadership in tackling Climate Change . Are you willing to speak out on issues even when it contradicts your own interest or when it is politically hard or when it is uncomfortable . If you are not willing to do those things, thos not just something were where i have a membership key to the club and now im just going to show off how important i am and you see that sometimes. This happens and sometimes it happens in our own agencies. On human rights when i was in kenya, i said it is not enough for the United States always to be the heavy who has to point out that it is unsuitable for leaders to ignore their constitution and try to cling on to power. Their neighbors have to speak up as well. Even if its uncomfortable, right. So my attitude is if you want [ applause ] if you want to participate then you have to recognize you have broader responsibilities and that is something that the United States, by the way, for all of our occasional mistakes or flaws or our policy is not perfect all of the time, the one thing we do try to be is responsible. If there is a earthquake or a tornado somewhere or a hurricane somewhere, were there. Were stepping up. When ebola happened we stepped up. Even when other people were kind of looking around and trying to figure out, well, i dont know what should we do . And that is part of leadership. That is true by the way, for you individually, as well. You have to be one to take some risks and do some hard things in order to be a leader. A leader is not just a name a title, you know, privileges and perks. So all right. Lets see. I think it is a gentlemans turn, isnt it . This guy looks sharp right here in the corner. That is a serious looking coat. Huh . Look at that. That is a goodlooking coat. Dont worry, ill call on somebody who is just wearing a suit at some point. Thank you, mr. President. Im franklin gochi from cameroon. So we are very grateful for the American Leadership in our fight against violent extremism and the military response. So my question is what kind of engagement and what kind of support can we expect from you in brazilian communities aespecially along the sahara where we are grappling with these issues. Well this is a sign that is is something that is very important. Look, the sources of violence around the world are multiple. And it is important for us to recognize that sadly the human race has found excuses to kill each other for all sorts of reasons reasons. In the continent of africa a lot of times it is along ethnic and tribal regions texas has to be with you speak a little different language than me or you look just a little bit different. In Northern Ireland it was religious. In other places it just has to do with trying to gain power or majority group