We are being followed on twitter and i welcome all those folks who are there on line. I encourage you to join the conversation ac cyber abc scowcrofts. The attack in ukraine and multiple sets of questions. The internet raises issues that the originators really never thought about is going to keep it going and how do you really do that and at the individual level theres issues of privacy, privacy from government, privacy from corporations. Theres an approach called a multistakeholder model and questions fo who are the stakeholders and how do they relate to the. All these racing sets of issues and as you think about the questions, it is useful to have at least the framework in your mind at will change over time it certainly changes in mind. But what problem are you trying to solve not the technology but the problems, what are you trying to do, and the problems range vary considerably mentioned privacy already individually give us a. Then you have the whole influence arena if you will some people talk about hybrid and implements and how it is implemented at her from attack on the operational systems you have the meaning of exchange of information and what is the role of government and all o in all d the private sector the eu about a year ago recently established a code of conduct for online hate speech where you can notify the platforms and is illegal in many places in europe and they are required to take it off and they created legislation to that effect so all these issues are front to say the least we have terrific people here for all these questions, alexander has really written a book on this called the darkening web is a senior fellow at the initiative as the Program Directo a prograe hague center for strategic studies at the institute and European Security policy counsel welcome, glad to have you here. Jan is also the board of directors of the council and ceo of north america and former deputy secretary of the department of Homeland Security and was right at the head of the department. The most recent addition to the Cyber Security initiative previously the director of one of the premier Cyber Security firms, welcome very much. And then for the moderation of political reporter for cnn as well as other National Security topics. So i think we have a great group and fundamental questions that span a wide set of issues and with that lets me turn it over to alex who is going to give you a summary and lay out some of the things the panel can get to a. Thank you it is a great pleasure to be here and im very proud of my affiliation. I spent more time at the Atlantic Council then i did there so i cherish this place for its values and i think it is clear that right now the values far more than the governments and they also include an impressive commitment to gender balance. We have a fantastic panel and its not that easy to get the sourcassortmentso congratulatios well. We will be talking quite a bit about values and hope we have a chance to get into the weeds and discussion later on, so i want to give you a rough outline of what i think some of the main points in my book are namely the u. S. In general very often concentrates on cybersecurity and cyber warfare while the countries like russia and china concentrate on cybersecurity as a psychological issue. The consequence of this is that the r. In the middle of the most transformative invention in the field from my point of view and what most people consider to be universal good that advances the freedoms that we might see this universal good transform into something darker that is used to suppress individual freedoms and also potentially to become the medium of control. This is a night nightmare for some individuals pursuing. So they are useful analogies i once conducted an experiment in harvard some of the students to try to figure out what is more common, common nightmares or Common Dreams and he cam we came conclusion that people tend to have different dreams but they have common nightmares they are afraid of and this is one of the reasons there was a good point of departure. There was one single nightmare they were all afraid of anyone cloud that bound us together to make sure we had a proper discussion on the threats we wanted to avoid. We dont have that in cyberspace. We dont have a single nightmare that both sides equally fear so the most common is the cyber war narrative due to inadvertent escalation of the accidental war to spiral out of control that we correctly assess and all those catastrophic infrastructures that can be restored to the 1950s or the iron age depending on who you actually are this isnt the worst possible outcome, this isnt what they fear the most. So the most realistic threat is their own existence. They see it as the means to encourage and undermine the rule to allow the nations including the u. S. To question and interfere in domestic affairs. For them the most realistic is not cyber or any type of attack that effectively the world to be undermined for some type of pricing that would be a threat to them personally so they are concerned with matters of governance and Law Enforcement then fixing the application of International Law. So i call these the cyber serenity faction but the simple goathat has asimple goal they wo fundamentally change the way that its run which is by the linked complex of actors and the Civil Society for the private sector and government and by the way that the order of priority that the private sector builds and maintains it and the government can blow things up but it hasnt really been built or financed in its early stages. They want to move the control as it is among the different acto actors. They want to move it away from the registered nonprofit that is very internationally minded from the Domain Name Service sometimes called the telephone book of internet and the reason they want to do that is ultimately they see the information is in control of different parts of the internet to enact the law and present regime that would effectively enable things to happen such as translated copies of the New York Times were taking down the website or similar things of that nature. The key to accomplish this is to rethink of the way the governmengovernment sees a roleg cybersecurity particularly in the west. So the russians have been encouraging this since the late 19 90s theyve been introducing a bill on the code of conduct and many other different ways they are pursuing this. Primarily its the way the internet works which means it is quite difficult to run the agency to take things over so everything there is a cyber attack or a report. For a talk aso they talk at lent comparing cyber as a disabler to the nuclear period so they are on this issue roughly around the 1960s so we are still figuring things out. But he also cautions putting too much stock in this paradigm because the actors involved are dissimilar in the case of Nuclear Weapons it is pretty clear. So who else is supposed to be in the room and the governments as i said dont play that big of a role in cyberspace and therefore deciding who else should be in the room and the discussion is part of the problem. The biggest part of the discussion itself by having the government is the sole arbitrator and the authoritarian states are furthering the objectives pushing the governments into the controlling rule is a quintessential problem. The more i try to push the issue away, the government stands up and says the more the government is taking up too much in this space and diminishing the role of the otheof theater actors ane the furthering of those that want to see cyberspace controlled by the governmental organization. In fact aiding us in something was behind getting them to do something in cyberspace is very often the objective of man objee Cyber Attacks to give you two examples that are quite pertinent for instance a French Tv Network went through a number of channels, went off the air for two days into the perpetrators are supposed to be on this who claim people straight everywhere. If in fact the intelligence that had been behind the Critical Infrastructure. Now the question was why would they do such a thing and from my point of view they wanted to have cyber terrorism is the narrative. Thwe have the terrorist use of e internet is a big issue in a complicated issue but we dont have cyber terrorism yet. For six months i spent a large portion of my time in europe running after the new discussion the french government put out and at one point it moved away from the cyber attackers and because fundamentally in the west, one of our agreements is that we dont support because ultimately it means control of content. There is another example of where it might be more interesting to basically blow something up rather than to steal data and this is why i keep coming back to how important it is than to just stand what a cyber attack might be in the Information Warfare attack they might not be interested simply in trying to steal the data, it might be simply more interested in pushing the narrative. As we saw the last couple of weeks its been established to be not grandson. Even though it was ukraine and the nonmilitary essentially, in any way what was the purpose . Does like others have a pattern to them and the pattern is simply pushing the government to do something on cyber by effectively grabbing the narrative and the narrative is also construed around Security Issues just to give you another example in the uk after the attacks they wanted a leading role for the data and even to dismiss the comparisons to the way the patriots actually considering the levels of intrusion. Theres many analogies for cyber and they tell a lot about you that you talk about cyber war than you think the government might be the answer. If you talk about Public Health issues then you might think some type of model will be the answer. Climate change could be the answer. I think all of these models are useful but there is one problem we should keep in mind above all else. What is the worst possible outcome we are trying to avoid for ourselves when we engage in the government regulation lacks anything that we do including regulation, treaties, developing the capabilities. What is the worst possible outcome that we are trying to avoid and that is something i think we have to talk about. For me, it is quite simply we need to avoid falling into traps of Information Warfare that amounts to the weaponization of information that means cnn, the washington post, Atlantic Council become pawns of the larger game sanctioned by government. This is a scary vision that is and likely to happen and five, seven or ten years but i think it is a much more likely than the cyber armageddon that kept us on our toes. The only way we can avoid this is by having a full commitment to how the internet is run and in the proper segmentation of these issues that need to be highly silo and separate so they dont contaminate each other and in danger oendanger the free int is today because without the Free Internet there is no free speech and we do not have the free society. With that i would like to move to the panel. [applause] thank you, alex, who you are all familiar with. I am a reporter over at cnn. Our other panelists we have laura and into her life be if jane who youve heard about earlier. We will dive right in. Fascinating stuff and lots to cover. What might be useful is to talk with a particular case that perhaps we are too familiar with at this point, but the russian meddling in the 2016 election. Its interesting because it has become discussed as some sort of cyber event because it involved the hacking of personal emails with a sophisticated spearfishing campaign and then dumping them on the internet and the construction of the figure to disseminate. They were sort of separate spamming incidents of the voter rolls. One actual breach that has been confirmed and possibly one other, although as you mentioned there was no data exfiltrate should or changing perhaps. So, my question for the panel is actually useful to think about what happened as some sort of a cyber event, or do we risk limiting public understanding, conversations of what to do about it by viewing it only through that when . I dont think anyone t anyons onlto useit only as a cyber eve. I think there is a broad sense that ye yes this did happen, and there is broad outrage. Whether that would seep into action is a completely separate story. What do you do do about what we know and this brings us i think to the heart of the book and framed the question very well. They never imagined the evil to which this instrument might be put, and it represents such a Universal Group for so many it is connecting, it is a universal good. The next question who will keep it good to through none of us really thought that it would happen. It was in the realm of the unimaginable but then who will keep the internet a good. To add this point, the 2016 example in fashion interference showed a clash that alex detailed so well in the book which is we have this Information Security layout of how countries, we will use russia and china but particularly russia as the leader in this juicy information in the main currency of cyberspace is about, then weve got this other side of the Free Internet section. So we are thinking about cyber as word of a technical realm and 42016 signified in a huge way is to shapes passing in the night on how to think about the problem. Russia spent a good 16 years or more at that point on how Information Security works, protecting the information, thinking about it as a weapon and something that needs to be used to protect people. Theyve been advocating the sovereignty approach saying cyberspace is a place and you are putting that out there year after year and the u. S. Is doing its best to ignore that or disagree with sovereignty as a principal cyberspace because it goes against these principles. When you have the different views of sovereignty and defend the network gets hacked into the breech the sovereignty in a way that russia sees the sovereignty and cyberspace and youve are at a challenge for how the u. S. Government can start to address this and its putting us right at the center of the debate for what we want to cyberspace policies to look like and how the state should exhibit power in how you define the domain. I love how much the book started to unpack some of those questions and start to deal with those mindsets to deal with those over the next year. I thought it was very apropos for the terminology to become such an essential component and to give you the chance to respond, you talk about Information Warfare and what we are witnessing and sometimes how the response can play directly into the hand of the person orchestrating the event how do you start to think about it if you aryoure on the receiving ef one of his campaigns. Theres the general concepts we need to come back to operation significance might not only be about achieving a total in the system or stealing data or repositioning for the war but also might have a very political objective and this is something more aligned with for instance how the kgb and soviet union conduct at this point experiments rather than how the west psychological warfare has always had a highly constrained issue. Its what can be done about it and they hear the interview is interesting. They will say weve been putting up for this the last four, five, seven years. The level of this ramped up if you look at the countries like sweden, theyve been undergoing and it puts the u. S. To shame. It had everything in it, threats to individuals, military threat, there was every thing there. Everything there. And what happened . Effectively if i get the numbers right, the Approval Rating being neutral went from Something Like 16 to 49 and now they are reintroducing the draft so whatever the objective was, it failed. Why was it so successful in the u. S. When it failed in denmark and sweden and a lot of other countries. This is one thing i address of the tail end of my book because it happens after i finished writing it. Its quite easily summarize the. If you look at the two numbers in the back you can see the level of trust and only 20 of the u. S. Public health at the Mainstream Media was doing a good job in only 6 of the populists think congress is doing a good job then it cannot be a surprise to u. S. As a soft target and the question should be why was there such a low level of trust . You cant find anything like that even in the eastern Eastern European nations and this was from the plat point we have not sufficiently addressed how can you have an Approval Rating. China used to say the Economic Growth dropped and there would be a mass unrest in the position of the Chinese Government and now they word it but fundamentally they dont think they can get by with 20 or 30 or 40 Approval Rating. No democracy can survive that so howd we get that Approval Rating . That is the question that we need to ask. The United States is exceptional but we are not particularly exceptional than the public is angry. Everywhere around the world of the public is angry whether it is in the streets of london, paris or in the United States. The Occupying Movement for many was a manifestation of this unproductive and unguided im not going to take it anymore. But i think its fair to say the public trust in institutions globally have collapsed. We dont trust banks, businesses, the media, the market. In these institutions are they react to. The institutions have to go back to the fundamenta