>> coming up tonight on c-span2, the "washington post" told a conference on cybersecurity issues. next cybersecurity experts from the public and private sectors discussed cyber warfare, infrastructure security and how the obama administration is dealing with cyber threats from foreign states like china and russia. this is part of the "washington post" annual cybersecurity summit. it's two and a half hours. [inaudible conversations] >> good morning. good morning. i realize people are still coming in so please don't be shy. there are still seats. thank you all for being here today. i am the vice president of communications and events here at the "washington post". thank you to those of you watching this on line. this is our sixth annual cybersecurity summit and it couldn't come at a more interesting time. this summer the democratic national committee was hacked likely by a foreign government. just last week yahoo! news announced that breach affecting hundreds of millions of people. just yesterday an nsa contractor was arrested for stealing -- so the question is what's next? this morning you would hear from government officials, security experts, industry leaders talking about the top cybersecurity issues facing us today and we want to hear from you including those of you watching us on line. please delete your questions to hashtag wp cyber. we will be taking those questions out the program. i'd like to introduce john davis of vice president and chief security officer of palo alto that work presenting sponsor of the program. he's going to say a few words. [applause] >> good morning everyone. it's an honor to be a sponsor for this event today. i'm really excited about the agenda and looking forward to hearing all the distinguished speakers. i joined palo alto networks about a year ago after a 35 year career in the u.s. military. most of that career was in special ops doing some really cool things that the last 10 years was in cyber operations, cyber strategy in cyber policy and i can tell you the u.s. military really takes cyber seriously and became a mission for us. i say that because palo alto networks just like in the u.s. military we have a mission. protecting our way of life in the digital age. it's very important to us and very important because digital environment is the underpinning for everything we do as a society, as an economy and a national security. i would like to quote another general, a famous, much more famous than me and i will paraphrase. he said the know your enemy and know yourself and then 100 titles you'll never lose or something to that effect. what do we know about the enemy? the modern cyberthreat. we know that as a professional marketplace of information sharing these days and we know the decreasing costs of competing power and the use of automation and cloud capabilities means an ever-increasing number of cyber attacks coming at us. with the explosion of polymorphic militias cote we know the attacks can happen in the thousands and millions in terms of everyday, every hour and sometimes even every minute. there is some good news about the threat. i can tell you from being on the inside there are only certain numbers of limited techniques that every cyber actor in every cyber organization uses. there are only 2000 and every cyber thread in every cyber organization uses a set series of steps called the cyber threat lifecycle or if you would like be a tack killed james. he steps provide an opportunity. in terms of buying yourself what do we know about ourselves in terms of cyber defenders and the cyber community in general? i believe we have been living in a failed model. where as we say the attacker may have to be right once and the defender has to be right everywhere and all the time. we just talked about the attacker leveraging automation and decreasing costs of computing power that comes out is an ever-increasing ways. while the defender uses a series of isolated point products that simply add complexity to the environment and use technology, the defense use of technology mostly oriented from a legacy view of detection and response instead of prevention. the adversary uses a marketplace of information sharing very effectively. we have trouble with cyber thread information sharing on the defense side what is does a good model of ourselves look like? i think there is no silver bullet. it has to be comprehensive that it has to include people processes and toality. one of the keys on the people side is education and training. that's the work worst that deals with i.t. in the ot as well as the general population and let's not forget leadership. today is about that. it's about education. on the processing side i think one of the most important processes we need to improve on is cyber thread information sharing. we need to do it at scale in its speed and that means automation and standardization. finally in technology we need to move from a legacy view of always standing at the crime scene by enn responding after-the-fact to a prevention first mindset. we need to be able to leverage automation in ways that the threat is used in order to keep up with that exceed the threats. we need to get out of a manual response has largely based on having to hire more and more people to deal with this and move to an automated capability that lets us save our people for all new what people can do. those are the keys to success in moving to a successful view of ourselves as cybersecurity specialists. i really look forward to today and the conversations coming up. i hope that you enjoy today and once again it's an honor for me to be here and to sponsor this event. thank you. thank you and i will turned over to to chris. [applause] >> thank you so much john and thank you to palo alto networks and their supporting sponsor raytheon. there are still people coming on there are still chairs so we will get a seat for everybody. i'd like to introduce robert o'harrow. he is going to bleed our conversation today. thank you. >> good morning everybody. hopefully everybody has some coffee. i am robert o'harrow, i'm a reporter here at the post and for years on and off i've written about technology, the rise of the internet and some years ago about cybersecurity. interestingly enough the issue of cybersecurity was very very urgent in the early 2000 and it's only become more and more important. literally i would say by the week. we all have heard about massive attacks and varied attacks that have exposed information that have lead to theft and created national security vulnerabilities and left us all a little more uneasy. today we have some people that are on the frontlines of trying to fight that on behalf of their clients and by extension on behalf of all of us to make the cyber world a little safer for all the social engagement that we have and all the business that we rely on and once again for national security. the head of trust and security is responsible for ensuring security for the company and the service. the chief executive and founder of a consulting company in d.c. area that works with industry and government on cybersecurity issues. she is a veteran of the telecommunications industry which is fundamental to cyberspace. and chief marketing and product officer to provide cybersecurity services for social media channels. i think we will start with a little bit of the news. we can almost cherry-pick the bits of news. it was announced this week that yahoo! was and the e-mail of users at the request of nsa. the company said they were abiding by the law. what at the margins here what extensions companies comply with the law even if they have philosophical and internal ethical differences with those requests? >> i am not going to comment specifically on the yahoo! case. i don't have enough details to have an opinion of whether was right or wrong but the philosophical issues i think companies do have the responsibility to abide by the law but they also have upon the the -- fundamental responsibility to the trustworthy of their service providing service to their customers so to the extent that they are compelled to do something like that has to be balanced with a certain degree of transparency to the industry as well. >> in this case it was a request from the nsa. how do you notify customers and protect this vague notion and very important notion called privacy? >> i think it's a balance. the first thing you do is figure out what is the law that applies and legal due process. if that's the case you have to comply. the next step is we will have you react to your customers and it's a balance. you want to do right by your customers. sometimes it helps the customer if you don't notify them right away. if you take the time to look at the intruder inyon network and watch them sometimes to figure out is if a big issue or not before you notify them. the first thing is to figure out what law applies. terms of breach of modifications there are different laws in every state. 50 plus bills in congress over the session talking about how that should be structured. should it be harmonized across the states and do companies know what to do? at the question that congress is debating. >> right into corporations have any civic role in pushing back on government requests for data to either embrace or encourage the change or reform in the type of loss that give government access to information? >> this is a situation we can leverage public-private strategies that have occurred in the past in terms of business working with the government set up standards to meet everyone's needs. i don't think we want a world where the government creates new rules or a world where business gets to do whatever they want to do. having established privacy and norms. we look at industries like financial services are incensed. their rules and regulations about how the banks operate and how they deal with financial information and so on and so forth. how can i get those kinds of relationships potentially developed between individual businesses and the government to get to a level of understanding and corporation? >> let's stick with the news here for a moment. we all know that there are a whole variety of cyber events that occur. there are the zero day attacks where the bad guys use heretofore unknown vulnerabilities and code. there are social engineering attacks which will come back to in a little bit. we all i believe. that the social engineering attacks which is as simple as you can get poses an enduring and profound threat to our security systems. but i want to talk about a threat that doesn't get a lot of attention which is the insider threat. we know that the insider hack as you say we know that the nsa what it was reported this week arrested another contractor who either took or was trying to take some really powerful code that the government was using to hack into systems of fraud. i would like to hear your thoughts and maybe you could start this time about the nature and gravity of the insider hack and how corporations and other institutions can prevent them? >> from the perspective looking at the insider threat is how the social become the source of data leakage? so you have to inadvertently gauge which is someone will share confidential permission. i would give a perfect sample. someone stands in front of an instagram picture and behind a white or does financial information so that inadvertent sharing of information and then you have the intentional. to what degree should the company monitor activity and computer association on an internal basis. am i communicating with bad actors in the social realm and she would be allowed to march or that it should the person be responsible for that or not? companies have a total right to monitor their own networks because they are the ones that are responsible and in charge. companies are allowed to do that. that's except that for a moment for the sake of the discussion. when does that kind of surveillance inside a company now the sixth and more broadly the governor has a right to go to yahoo! and look at e-mails. i don't think anybody here would disagree that kind of surveillance to improve cybersecurity but when does it become risk and how do we strike a balance between security and the emotional well-being if they don't want to be spied on all the time? >> i think anyone who looks at the insider threat realizes there's a lot of data from which to draw and data that's not necessarily sensitive on its face. a company for example has data when you show up and when you leave. the sites that who generally when you get to the office h.r. might be aware that you have issues at home or your bullying and employee. if you take all of those factors together and look at them holistic leaf contained it good picture when you could do something. >> that sounds like something i would. in counterintelligence. >> corporations have access to that data that isn't necessarily sensitive. >> do we have a choice not to take those steps? the human element here in cybersecurity is pretty important, is important, isn't it? >> it's very important but i don't think we have struck a balance between the capabilities of technology and what can we do in the policy behind it. i believe right now the capabilities exceed the policy discussion and the assumption that was made around and employers right to monitor people have different legal frameworks around policy. >> we talked earlier about social engineering. would you describe the difference between social engineering and which is prevailing as the tax of choice? >> at drop talks we have half a billion users around the world and we see a lot of the attacks have happened and the vast majority are very unsophisticated. they are so shaded with attacking and vigils in getting passwords and leveraging passwords to compromise accounts to get access to data. this doesn't involve very sophisticated attack tools. it's lots of automation and organize individuals working on it. the sophistication of the threat actor is high but the technical sophistication is relatively low. >> you use in terms of some of the people will recognize but quickly what is password reduce? >> that's currently the number one risk that consumers face. there's a tendency to use the same password on many different sites and what happens is like the weakest link of one of those passwords is compromise in and the password is stolen they are tested against many other sites to see what can the bad guy get into now? this is sophistication of the t. >> you are saying if i live long and prosper used as a password that's not very secure. >> not at all. >> we have been advocating for two-factor authentication. the white house has an initiative drive higher enrollment and we look at the data and there's a challenge that consumers. >> give me an example of that. some of them are lagging behind but it's very important stuff. >> to back her authentication very simply is on top of your password there something else that they need to get into your account and that could be responding to a message or could be an app on your phone with the code that you use every minute or could he a hardware device that you have to have and those options are made available on these sites but they are not, they don't have a high degree of visibility. they are not always turned on by users. at dropbox we offer three different apps that we see 1% of our users on. >> what about social engineering? >> the social media security company, our mission is to protect and safeguard our customers be at their enterprises or employees on social network. when we look at what has happened with social engineering our research team said a couple of months and a black hat shows how offensive tools can be used to have a technology called snapper. snapper can profile the user and that learns from your tweet stream and engages with ewing can get you to click on links. we have done testing a number of organizations. >> you just said a key thing. what is a malicious link? >> a malicious link would be a link to download ransomware or malware, a link to capture your credentials like a fake credit card site for logging into a fake bank or they get your idea and password. >> you say when i am procrastinating for cruising through twitter and clicking things i could expose myself to a virus? >> exact way about that you have learned an e-mail you shouldn't click on links from people you don't know. what we found on social is that people think it saved so that the come the link. the human condition of socialization that maybe i shouldn't click on bad links hasn't carried over and the bad guys know that. and so what we have learned is the social media ipaqs are typically six times more effective than e-mail a tax at hitting behind a firewall or stealing information. >> what do you tell your clients >> first of all is a lawyer i want to make sure the expectation of privacy is there at the outset. as an employee what if your expectations and make it clear that every device they use poses a very interesting angle. what is the expectation of privacy for that? i say lock it at the beginning so there's no question and employ some tools that are there. the tools like his wake and find out on social media what people are doing or prevent them from doing things before they hit your network. to factor out the vacation is key. educating the employees about that. i grew the white house campaign has been fantastic. some people aren't aware of that. go look it up. they can tell consumers what services they are using in two-factor authentication and employees if you are in a corporate context. >> it sounds like there's a theme emerging here which is that to stay ahead of the threat it's not just a technical response. it's an education. we are learning how to behave properly with good digital hygiene. that sounds so boring compared to the sophisticated cyber world how important is this and what about the technical solutions? >> it's incredibly important and the challenge has been that we have aliens of individuals that are on line right now and the education that i've seen recently affected the corporations but when you look at broad consumer space getting individuals to change behaviors has been very difficult. i'm not quite sure whether that's the long-term answer. i think much more research has to be done especially on the part of large technology companies on how can we realize that humans are going to be an element of failure and how can we help them? how can we compensate for those weaknesses that make retention response better? as an example we build sophisticated systems that detect fraudulent login activity and when somebodcomes in with a stolen password around 85% of time we have enough signal there to identify that it's a bad guy and we can block it actively. i think a large tech company has the power and the research abilities to do that type of work to protect users when they have not done their part in protecting themselves. >> terrific. >> what we are finding when it comes to the corporate enterprise and the agency side of the house's education is as important as the technology behind it and simple socialization strategies where most of these organizations are probably already promoting good hygiene on e-mail, simply amend that with good hygiene on social. there's a simple step where you can say just like you don't click on bad links in e-mail don't click on them on social and educate them on two-factor authentication on everything including your social network and not just your agency technology and tactics like that , the same things you learn before. >> let's go away from the grassroots of the users in the behavior up to the top corporations for a moment. it's been my impression going back a long way that corporations will sometimes make short-term decisions that are profitable that create a hellish cyberbullying and i'm thinking about credit card companies issuing instant credit cards at point-of-sale retail outlets which helps spur the blossoming of the identity theft issue. when should corporations be held accountable for cyber threats that they create further all up bottom line is that in fact because the world is so interconnected create threats for the rest of us and how do we address that? >> i would say they should be held accountable that they have and take the right precautions and that could mean any number of things for any number of companies. going to be dependent upon the type of customers, the level of threats the type of infrastructure they have. they are not looking at cyber security as a risk issue. >> you are advocating deeper government regulation of companies that use technology. >> no am not doing that all. i think the securities exchange commission took one of the most influential steps when i published a couple of different guidelines reminding companies that they had to include cybersecurity breaches and issues in statements for disclosure. >> what about privacy? >> that's a trickier question. >> also don't have the insight to their activities because by law they don't have to tell us what to do. >> and then it becomes a business case. is it her risk to reputation or commercial property threat? is that the consumer and you are not protecting their data? what is the risk and reacting accordingly. >> not to be women do here but i visualize a giant mass and it's all companies and users in the world in based on what you just described there are huge black holes and black information in this giant interconnected world and those giant black holes represent unknown security threats because of the behavior and the corporate use. how when we all bus around the world rely profoundly on cyberspace for everything and this is not trivial our social interaction and our national security and our power grid and our credit grids how do we fill in those black holes. >> the question is how black are those holes and i think in the consumer space verses the enterprise space there are some differences but obviously when a company is selling to other companies they generally go through certifications around their security in their processes. they do testing. as a consumer one of the interesting at indicators that is a great test for the maturity of a company want to do business with is do they submit themselves to open hacking into the compensate hacker's? if you find a vulnerability of their products they will pay which is amazing. give hackers oriented in a positive direction to make money and help solve issues but it's also a great indicator that the organization that puts that out there feels comfortable and they want to learn more. they have a culture that is trying to identify new holes in the system put to protect themselves and their users. >> you talked on the black holes and the math. >> what's interesting in all my years of technology we will it invent something new every five to 10 years and create a new set of potential black holes. the social media today we could not have happened 15 years ago. i think it continues to be this notion of mixed public private and in trying to coordinate a process organization predicting think most businesses meanwhile so finding more ways to partner in finding more ways to work together to make sure we are covering things. how come we don't have one bad guy database? there are interesting places where the federal agencies are now trying to encourage sharing across organizations encourage sharing of tactics that the bad guys are using and the adversarial space. >> is the best in the world unto itself or it a panel later will be getting to the policies of information sharing between government processes and found a long-term peace of the answer. we have some questions from twitter and one of them is very interesting. can you offer it buys to bring along at doctors who are still interested in protecting their turf? may be each of you can take a at that. >> the white house issued a few executive orders that are helpful for this. they created the best cybersecurity framework that provides no laundry list of standards and a framework for assessment. companies of all sizes can use this framework and it will help them assess what is my level of risk and what should i do in response? itself policing. it definitely creates an awareness of what standards and processes are available for the level of business you have. >> my advice would be to focus on the problem we articulated earlier which is your own password as a consumer. use a password and management tool like one password. they are there lots of them out there that make it easy. most of your problems are solved as a consumer. >> were talking about the things that people put into e-mails. what does that have to do with cybersecurity and should people be careful about what they put out about themselves on social in her e-mails? >> were talking earlier about one of the rules is putting something on the front page of the "washington post." that's reality and i talked about the graham inadvertent posting. it happens a lot more than you would think. people don't tend to think about it so you were on a were on the trip and why and you are posting like crazy and in hawaii that someone surveilling of property knows you are in hawaii to now's a good time to rob your house. you might be in a social world where you want your friends know how much fun you are having in that part of the world but you don't even think about sharing that level information. there's an interesting human condition where we have this sharing economy and community especially around social networks. what is the appropriate level of sharing of that information and who do i want to be a will to see that? i also use the privacy policy to restrict my social codes only my friends can see it and not the rest of the world. >> what a fascinating audience, a fascinating panel with very interesting ideas. thank you very much for joining us. >> thank you. [applause] [inaudible conversations] >> hi everyone. welcome to the post. happy to have everyone here this morning. i am a national enterprise reporter and former cyber reporter also in cyber still unhappy to be on the stage with this panel and talk about what occult leaks and hacks, the vulnerabilities of d.c. institutions to our cyber adversaries. a lot of people here in town are thinking about come i also want to say hi to our viewers at home and hope that folks in silicon valley are -- early. let's introduce our panel. to my left is michael sussman a member of the cybersecurity and privacy board. lots going on there. brett dewitt as staff director of the cybersecurity infrastructure protection and security technology subcommittee for the u.s. house homeland security committee. then michelle di gruttolo commissioner of the election assistance commission and finally rich barger. actually want to start with rich and talk a little bit about the motive of ours fiber ever terry terry -- cyberadversaries of my three russia and china are constantly probing if not gaining access to institutions around d.c. and it's not really an overstatement to say that they are adjusted in the intelligence value of information that they find. can you talk a little bit about that? >> with regard to the intelligence value it really depends on what motive, what operation, what affects they are trying to deliver. you might look at some of the traditional chinese espionage we have seen that has gone after a variety of companies and businesses as well as organizations such as opm that they could use to leverage that information for a variety of purposes, to bolster the economy market quicker with certain technology or perhaps buttressed counterintelligence activities that they wanted to look for various targets for recruitment or operators within their borders. with regard to what we have seen recently with some of the russian attacks you know we are still kind of looking at this activity and trying to assess what their motives might be but it certainly looks at the very aggressive in terms of trying to shape the narrative around just a question mark over our system and it the case of the hacks in american exceptionalism and the social media the fact of whether or not our metals are really fun to our athletes are not so there can be a variety of different votives and with these types of groups are trying to do and trying to effect for their own national -- some of the things we have been kicking around the office is for every story that runs and every conversation in and around the election what is the thing we are not talking about? we are not talking about syria were talking about what's going on the ukraine. there are broader issues and what rush is doing in the rest of the world where we are hyperfocused on ourselves and particularly what we are seeing delivered here that this is a convenient distraction to keep us locked up in a very interesting time and a very polarized event. >> i would follow-up follow up on that by asking do you think that there is special attention being paid to the democratic party given hillary clinton's run for president? do you think it's possible that adversaries are as tuned in as we think it might be to the goings-on of our election and are they adjusted in one party and the outcome that way? >> i think that's that ultimately what is at hand is that there's a sinking leverage and that i would not necessarily seek that leverage at one party alone. i would make sure i covered my bases depending on how this resolves. so i would be very surprised if this wouldn't affect both parties and perhaps might be a new normal. we see campaigns targeted going back as far as 2008. the president has indicated his campaign has been targeted. might we want to consider this in the next election cycle? and just really start to focus that this may be a new way of life. >> you have to more questions. do you think that our cyberadversaries are prolific in that way? do you think they pay special attention to the dnc for the potential of clinton losing? >> we really don't know what they are doing. i think that we are in the middle of a book. someone's going to write a book about the events now. we really don't know the political theater to find out who is doing what. we know that it's russian state sponsored and we know the groups that are doing it is sophisticated and in fact this is their day job. when we were looking activity we saw the most activity began at 9:00 a.m. until 5:00 p.m. moscow time and there were people when we talked to the victims in and the political parties who would say unlike a company where a state actor would say let's find a company. the doors are locked really tight and we'll move on to somebody else, for these organizations someone's day job to get into this organization and they are not going to go where they are going to be persistent so they are persistent and what they are doing. it's a guessing game as to why they are doing what they're doing. >> do you think we have seen more e-mails or documents out of the dnc hack and you think that's possible? >> it's a broad campaign to hack party and campaign systems personal e-mail accounts of people and collected all. we don't know what we will see and the interesting thing is that when we see documents we don't know who they are very often. it initially when the it goes up or documents were posted, the big question is this is yours and is that your sense not layer. the document may have been created by one troop in -- group some of the documents have been altered in some have been found to have malware on them. the campaign and the parties are really really busy trying to elect candidates so it has become a side job but it's not a full-time job and there isn't a lot of effort being put into looking at every document that's been stolen and posted in the graph whose it was and is it authentic or isn't it? >> brat but stirred to you. your boss michael mccaul said that the rnc was hacked in and walked out that back to them wondering whether you are aware of specific g.o.p. operatives who have been hacked and whether your boss was telling us the true story? >> i would say to point chairman mccaul was trying to make when he was on "cnn" was the point that both political parties have been hacked and trying to make the point that this is bigger than that and you have to look at the motives and times of what these hackers are doing and look at the psychological warfare to undermine the integrity and competence of the entire electoral service -- system including republican and democrat. those are the motives that we have been briefed on an appointed chairman mccaul was trying to make is both parties are being hacked. we cannot allow nationstates to target either political party and there needs to be strong consequences when those actions take place whatever the actor is. so that is the point that my boss is trying to make. >> do you think republicans are equally vulnerable? >> absolutely. like i said there have been reporting set republicans and operatives have also been hacked with their e-mails and campaign related issues. both parties have been and i think looking at the political organizations i think we all need to be vigilant that this is real, this is the way of the future and we need to be vigilant. it's a warning that all political parties and all state or local state and federal need to be aware that this is the new world we have to live in and we need to be prepared for that. we need to be looking towards november 8. there's a lot we need to do to ensure that we are prepared for that. >> thomas let's go to you. for younger viewers and predict where the question of on line voting pops up at this time in the election cycle and many the people watching will understand why that's a bad idea. i'm hoping you can walk us through a think of that idea. >> thank you for having me here today. one of the things i know a lot of folks probably don't know about the election assistance commission, it's a small agency that deals with elections. in terms of internet voting there is a small portion of folks who are around to use the internet to vote in those are military and overseas voters. most of them have to be in harm's way but it's a very small segment of the population. in terms of expanding that out it has to be more of a discussion that we need to get into when we have think about these incidents that have been occurring in the last year or so we need to look at best practices and see how we can expand that out. what her agency is doing now is we are working on our voluntary voting guidelines which hasn't been updated since 2007. 2007 was basically when the icon came out. technology has changed so at that point we should be looking at ways to make it more convenient and more efficient for people to use their technologies to vote but also to make sure those votes are secure and counted accurately as well. >> internet voting is one piece of the puzzle and people talk about electronic voting machines if they have access to the internet can be vulnerable on their own. i'm wondering if that's something you are thinking about headed into next month. >> we think about all of that and we have been taking about that for years on end but it's not something that's going to change overnight so i'm hoping that this conversation doesn't end on november 9 that we continue on in january and adoree and on so we can look towards the 2018 election in 2020 election to make it more convenient and more secure than our elections right now the most secure they have that prevent that we can do better so we must. >> rich again thinking about this election issue i'm wondering if looking towards november if there's anything in particular what comes in tax? >> when it comes to threats i never cease to be amazed. i'm never surprised when i see these sorts of things. i just think we need to speak creatively about how might the adversary continue to meet their jack tip. short of a crystal ball it's very hard to say what we might see but they are president precedent for the leaks. leaking of some of the indications we so recently might be indicative of some things that closely match activity we saw occur in the your current -- ukraine during their election so we have to look at the precedent and the way we see some of the ukrainian elections. might they be operating from a similar playbook? i can't say for sure but maybe that's a good rubric to look at and think creatively as to what we might expect to see. >> michael when you think about the threats in the d.c. institutions in particular everything from up party commissioners and think tanks everyone is being broke all the time. what would you suggest that people who haven't been ahead of the curve on this should do now? how would you introduce them to the problem? >> the big change is this broad dock thing. the idea that people are learning about you through intelligence collection is one kind of threat. now people are seeing their personal e-mails and can indications and papers are being posted to embarrass them and i don't think anybody who would be proud of everything in there e-mail inbox posted on the internet. so it's a threat for companies and is a threat for people and the education is investing. i think for the political parties and campaigns now republican and democratic there are two commentaries. there is next month before the election and in terms of cyber readiness and response and then really important is thinking about what to do. all of these political organizations want to put all their resources and promote candidates. traditionally this hasn't been like an equipment analog where the annual budgetary line item for $4 million for cyber. it hasn't been the case. there is thinking about financing and how we will find the money to spend on this and thinking about longer-term plans. it's not just about keeping the boat afloat now but to continue the metaphor building a stronger ship. the one point or to make for the question i want to ask about the city of elections is my understanding is that the elections and voter systems on election day is reasonably safe from cyber attack because the 8000 or so districts we have are not interconnected. they all run different systems. some are purely paper and some are back sell my understanding is there isn't a voting virus or a malware that's going to go out or an attack on the nation's voting system. we are very safe and outweigh because of the diversification and heterogeneous nature of all the different districts none of whom are connected to the other. >> one of the things i would say as our system is decentralized so with the system you would need an army of folks to basically try to get into the systems. bea certified voting equipment and 47 out of 50 states use our certification program in one way or another server system we certify none of them are connected to the internet so there will not be any sort of internet hack into the voting machines themselves. >> michael just one other question. when it comes to individuals looking at their own cyber hygiene and e-mail passes -- passwords is there anything -- do you think there's a culture change going on as we approached us to knowledge a? >> there's a culture change in their couple of simple things that everyone should do everyone in this room and everyone to think return on two-factor authentication. two-factor authentication means you have to waste a lot and the one i use my personal e-mail i put in my e-mail address in my password and i get a code and a prompt to put in the code. two-factor makes a huge difference. the bad people use your social media and your personal accounts to create spear phishing attacks. these are targeted e-mails that look authentic to try to get too caught click on a link or an attachment and these are so sophisticated that most of them start with a very simple piece of human engineering which gets you to click on something. it's more about your privacy in a certain setting and facebook has a one click solution. there is one thing you can click to make all future posts in everything from the past friends only. when you have a colony look someone up, and some people on facebook have a person in a bathing suit, a person drinking a beer and a person with their kids. lastly there are peer-to-peer encrypted apps like facetime audio and signal and other apps that allow you to have guaranteed private communications. those are three quick tips. >> the culture on the hill is the idea that you are being probed all the time. you have to drop authentication as part his year system? >> if you look at the systems we have like any other organization they are training. you need to have everyone in the organization aware because it takes just clicking on a malware an e-mail and a phishing attack that can undermine the entire system. i would say we have training programs and i think we do set an example of what we do internally for that. >> jeh johnson recently talked about making our election system count as critical infrastructure officially. can you explain about what that would mean and whether you agree with the idea of? >> i can't speak to it dhs wants to do what i can talk about the fact that states are looking or resources to make sure their systems are secure. if dhs wants to offer those resources i think that's a great idea. >> additionally we pass legislation through congress back in 2014 that basically says that dhs can provide voluntary and upon request assistance to critical infrastructure but also to state and locals for various tools. it's all optional, voluntary. there's a suite of tools available. it could be those tools or could be private-sector tools but the bottom line is i think states and localities need to invest in technologies and make sure that they are secure. the capabilities that dhs has more than half have signed up for voluntary assistance. the congress we have legislation that passed out of our committee last year that passed the house of representatives in december pending in the senate that basically further clarifies the role of dhs and this bollettieri assistant to states when they requested. it's about clarifying the law and i think it will make a big difference in showing that absolutely not do we want to federalize the election system in the united states. with the unconstitutional. the constitution that observes the rights of states to observe elections but we do think are fighting tools and capabilities would be a good thing if it makes sense for those localities. >> on that topic could you give us a quick forecast of the lame-duck and what you expect to happen there back. [laughter] >> we are working on several pieces of legislation right now. one would we one would rear up and i said department of homeland security to more effectively carry out its cyber mission. we passed several bills to the congress. the big one is for cybersecurity act giving dhs the authority. we are trying to move here in our committee moved it back in june and we are now to get it to the house that would restructure and streamline and organize the ability to carry out those authorities that we just gave. that's a big one we are trying to get through. there are a lot of other committees involved so we are doing the best we can to hopefully get this done by the end of the year. it's definitely a top priority for chairman michael mccaul mike bost. one is the state and local cyber protection act which clarifies and loss in the 50 states and strengthening the local crime-fighting act that would provide tools to state and local law enforcement, judges to go after cyber criminals so we think these assistance tools will go a long way. those are pending in the senate so we are trying to shake them loose over there. these are the bills we are trying to get not just in the lame-duck we will see if we can though. >> we have gotten a couple questions from twitter. i might go to your rich on the something is that cyber espionage as well pack discussion seems to suggest that the u.s. and americans are -- victims. >> i think everybody, large countries and even emerging economies are seeing the power of cyber and how the world has adopted it and how they work, but i'm play. the internet permeates every area of life. how you go after those national objectives within that perspective domain. some countries might seek to alter their economy. others might seek go after terrorists. others might seek to undermine an election. it really just depends on probably their perspective to who is a good guy and a bad guy and the motives behind leveraging that domain to enable that perspective nation. >> the next question sounds a little bit like a plot for an action film. we talk about international attacks but is there a chance domestically to see hacks between parties? michael, any comment on that one? >> i think and hope that everyone is working on the support of their candidates winning the election and so to make it possible for there to be another water like -- watergate type break-in? we will leave that to good fiction reading. >> absolutely. .. >> we are not going to sit idle either late by to go after information. we do not want to use the kinds of tools that we have. we do not want to engage in a different kind of warfare. but we will defend the citizens of this country. the russians need to understand that. i was so shocked when donald publicly invited putin to hack into americans. >> as far as cyber, i agree with parts of what secretary clinton said. we should be better than anybody else and perhaps we are not. i don't think anybody knows it was russia, she is shane saying russia, russia, russia. it could be or could be china, it could be lots of other people. it can be somebody sitting on their bed that weighs a 400 pounds, okay. >> if we could go down the panel, i would be curious what questions you think presidential candidate should be able to answer about cyber in this day and age. what do voters need to know to evaluate the candidates. >> they need to take it seriously. they need to understand how serious it is and understand the seriousness of the consequences. one of the most difficult things about considering retaliations are considering the consequences of that retaliation. keeping in mind and i hope that short both candidates are aware of this, our economy, our internet economy and internet lives are very fragile. so, going to cyber war with a country like russia or smaller, sophisticated country could result in grave consequences to our economy and our critical infrastructure. it is a difficult difficult thing. something that has not been something a large scale concept that we have not waged it before. there is a lot of thinking going into what the next steps will be. >> what about you? >> i would say look at the last several years. we have worked in the congress in a bipartisan basis to get important foundational cyber security legislation through. going back to the five bills we passed in 2014, the big belt we passed the cyber security act are bipartisan efforts to address a thread in national security and economic security issue. i think going into the next administration it is important that we realize this is the number one that we have heard from. this is now the number one threat we are facing as a nation. i think looking to the next administration and investment into cyber security. there did is a lot that needs to be done. we need to beef up and make stronger our cyber defense strategy. we. we need to do more to show our adversaries there will be consequences when cyber attacks take place. i think i would answer the question. >> i would answer to full, one, one of the best ways, is my microphone not working question what can you hear me now? how about now? >> speaking, speaking, speaking. no? well, i will try to speak loudly. two of the best things that can be done is on the front lines is basically to have additional workers. having additional workers so they can see what is actually, the best way to see the administration of elections is from the inside. becoming a poll worker allows you to do that. that is what i would say. the other thing i would add i would add is both president bush and president obama added billions and billions of dollars and for the administration. so i would hope that whoever becomes president looks at elections not just in terms of november coming up, but as we go on. elections happen every two years. states and locals are at their wits end in terms of funding for schools, roads, military and so forth. we all know those things are important. but our democracy is also important. we need to make sure we have that investment into it. >> do you want to close us out here? >> sure i would just go analog here, it seems analog here, it seems like we have had some issues. i think all our next leader and/or any new world leader is going to see and understand how important the internet really is to everything from our economies to elections, it is really a new domain that we have a lot of power. i think it needs to be respected and understood. it is certainly complex and so those who seek to wield it there needs to be norms that are stylish. there needs to be greater understanding and an o round what the possibility is that it certainly an interesting time to see the effects the internet holds, not only here in the states but maybe the world at large. >> a great. help me think our panel. [applause] >> there is actually long history of the russians trying to interfere with and influence elections, going back to the 60s. so there have been several documented cases of previous elections that would appear that they were trying to somehow -- there's actually a long history of the russians trying to interfere with war. >> there is actually long history of the russians trying to interfere with war and influence elections going back to the 60s and the heyday of the cold war. there has been several documented cases of previous elections that would appear that they were trying to somehow influence the election. of course there is a history there, there is a tradition in russia of interfering with elections. their own, and others. so it should not come as a big shock to people. i think it is more dramatic maybe because now they have the cyber tools that they can bring to bear in the same effort. it is still going on, but i will say it is probably not real clear whether there is influence in terms of outcome, but i worry about more frankly is just sowing seeds of doubt, where doubt doubt is cast on the whole process. >> okay i am tim berg the national technology reporter at the national post. we are here to talk about cyber war. this is a reminder to tweet your questions and comments using the # wp cyber. i will not roam the audience like phil donahue to get your question appear if you'd like. immediately to my left were may be right if you're watching a tv is one, he is the cochair and founder of -- he worked under george w. bush. richard is the chief strategists, he was a director with general electric and started his cyber security career as an officer in the air force. on the far side is frank, our associate vice president at george washington university where he directs a set or for cyber and homeland security. limits are with the general issue that i wrestle with all the time. what we mean when we talk about cyber warfare question think we know it hacksaw. a lot of what we read about in the press and some of what i write about us espionage. what his cyber warfare. let's start with frank. >> thank you. i'm glad you asked that question because a lot of the coverage of cyber security today reminds me a bit of's kids walk soccer. everybody's chasing the ball. we. we need to recognize not all hacksaw same, their intentions very, their capabilities capabilities very. if you were to stack the threatened environment you have nationstates at the very top of the list. those at the top of that list is a country integrating computer network attack and exploit into the war fighting strategy and doctrine. obviously you have foreign terrorist organizations, criminal organization and hacks. not all are the same cut is very different. different. countries that are marshaling and organizing cyber capabilities are the very top of the list. from u.s. national security perspective russia and china are at the very tops of that list. in terms terms of capability. a lot of what we have seen is computer network exploit our espionage and cyber space. but they they have been done intelligence in the data field and into their war fighting strategy in crimea and as russia did in georgia. but those who be at the very top. you have other countries that may lack the capability of russia and china but unfortunately what they lack an ability they make up for with intent. this is where you put north korea, iran, more likely to turn to a disruptive or destructive cyber attack. so they have fewer constraints in terms of those capabilities. not all hacksaw the same, not all nationstates are the same, not all capabilities are the same. and ultimately it hinges around intent. if hinges around intent. if you can exploit you can attack, the line is very thin and it's hinging upon the intent of the perpetrator. >> and do things need to break for it to be cyber warfare in your mind? my answer to that question is that cyber warfare is way call your book or documentary if you want people to pay attention to it, that or -- either college cyber war and it will get someone's attention. my definition of cyber war is the imposition of will using a digital means. now, there are are two schools of thought. one is that in my phd advisor who wrote a book called cyber war will not take place. the reason he called the book that is that he believed that wall war equals violence. if you don't have violence don't have war. he believes that cyber cannot be used to impose violence, therefore cyber war will not take place. so take place. so that's a school of thought. another is it is much more expansive and this is where the russian and chinese think about it. they believe that war is not just violence, it can be any means by which you are trying to get your way. in fact they tend to come from a tradition especially the chinese essay you're better off not fighting and achieving your way. so i tend to take the position that if you're imposing your will using a digital means, that could be war. to take it further, we may be in a situation 5 - 15 years where this thing we call cyber so integrated into every aspect of life, even more so than a that it makes no sense to talk about a cyber war. because an f 35, 35, is that a cyber weapon, and f-22 could be considered a cyber weapon. one of the benefits it has is to network with other fighters to get a better picture of the battlefield. >> and if i ran for example you cyber tools to attack a big u.s. bank for example, is that an act of war? >> that's a great question. i'm a bit more forgiving for the five girls soccer problem because i think we are in uncharted territory because you have a blend of actors, state and nonstate, both in attempting to acquire data as well as disrupt and even destroy systems. you have a change of concept of what warfare even means. so the very notion of russian hybrid where warfare combined with cyber capabilities becomes interesting. we don't have doctrines who defined what the clear lines are. so as we think of it we do not think of these tools as true cyber warfare tools until there is an element of destruction. something that is demonstrable. that's part of the reason why we have not has much awareness around the issues as we see nationstates and non- states engage in cyber aspirin each. to answer your question specifically, one of the challenges is the fact that we do have nationstates already attacking private actors. you have had iranians entities, syrian entities attacking western banks as part of a denial of service set of attacks, not destructive but certainly intended to send a message. you've had north you've had north korea attacked south korean banks as well as sony. you have had other state actors like russia attack systems, government and nongovernment. but you have is an open field and the cyber domain where actors are feeling out the bounds of what is permissible. one challenge in the space is how do we define the boundaries of what is acceptable or not. how do we respond. that puts great stress on things like how do we attribute attacks improve them? how do we respond in a proportional way without unleashing other forces or other warfare. that is part of the reason why you have not seen officials wanting to be to open about russian hacks despite what was said. it raises fundamental questions about what is the end game. that is not well-defined. >> can i pick pick up on a couple of quick points. so, all forms of conflict today and tomorrow, almost 100% unanimously will have a cyber dimensioning component. to pick up on some of the points my colleagues raced, cyber is its own domain but those that are integrating computer network attack tools into the other domains, air, land, sea, space, that is were cyber is that its own entity but it enhances the lethality of other weapons and different tony domains. it enhances the ability to seize territory. it's important to recognize that the battlefield today has been extended to incorporate all of society and companies are on the front line. that's what makes us different. targets are not merely government on government targets or the like. at the financial services sector, the switch back to me is an incident that rises above. not because the central bank of bangladesh lost 82,000,000 dollars and we could've known it could've been $900 million. it's a bad day for the banking customers, but the global economy could absorb it. but what it did recognize is a systemic risk. the entire financial service sector is dependent upon swift. it. it was a hack through swift that we're talking billions of dollars of transactions are being settled daily. these are the different targets in the ukrainian hack that was a big deal. the ukrainian grid hack, not because of 250,000 people losing power for a couple of days but the line was crossed were cyber weapon had a effect that took down power. >> so to sum it up if there is a kinetic physical effect that is clearly cyber war. sounds like cyber wars going to be part of any shooting war, certainly the united states we get into in the foreseeable future. if we are actually at war with someone we are going to be sending bits and bytes to them. i wanted pick up on your attribution, this is what you think about a lot when we hear sometimes on the record sometimes not that so-and-so attack so-and-so. yahoo when it had its data breach said it was a state-sponsored actor. it's hard for us as journalists to find out if it's true. it's also hard for the experts to find out if it's true. and this creates you norma's problems. in the old kind of war they should've asked that and we should back at them. that sort of makes and fits into a strategic moral framework that makes sense to all of us. i guess i would ask, let let me start with you richard, are we ever going to know who is shooting us well enough that we feel comfortable shooting back, i'm not talking about private companies but it nationstate level. >> absolutely. we know all of the time. >> how do you know? >> are 2013 mandate report, there were indictments levied based on that. so there are certain levels of a community that they would not even believe if they were a camera on a person typing at a keyboard hacking into an american bank, they would say that this effect that the cia created as a plot. >> after they landed on the moon. >> because they didn't land on the moon apparently. >> let's remember it astounds me that people doubt the u.s. government to do revelations after the snow and revolutions. if the u.s. comes out says that the u.s. was behind an attack on sony you have to believe that. the app he i would not the best vehicle to explain it but for example, just strategically at the present level president obama's not looking for fights. he does not want to fight with north korean soda, and say it was the north koreans, that introduces a level of complexity that he doesn't want to address. >> is it worth acknowledging that president obama's only present for the next few months. depending on your point of view whether it's hillary clinton or donald trump, it may be your comfort in the assertions of the u.s. government may go up or down. as a journalist who lives on the outside of these things let's talk about the golf attack, that turned out to be basically not true. we all reported it it's true at the time in the press because we didn't know better. so even if the u.s. government can know, how know, how can the public be be assured to any extent that it's worth engaging and hostile action with another country that may involve other kinds of weaponry and death and destruction. if we we just have to believe the nsa or the president. >> that's a fascinating and important question. there has been attribution revolution. in the technology has really advanced in ways that are incredible in terms of cyber forensics. not to mention overall cyber intelligence assessment that the government can bring to bear. not just forensics on online but everything to have at their command. the problem is all of this is cloaked. to your point there's a sense in the public and internationally of how do you prove it? i think part of the answers that much of this has migrated to the public sector. companies like fire i, some argue there too close to the government, but there are private sector entities that are serving as external validator's. you do have private company that is doing this work internally. so this is a space that is not being left to the u.s. government. but you are right the challenge u.s. government faces is to pull. how do you prove this in a way that doesn't demonstrate or reveal sources or methods that will make it more difficult in the future. that is the first barrier. that is a criticism in the sony hack. in fact one of my colleagues at harvard law priest questions as to whether not we could leave the fbi's assertion. the second problem as richard said, okay let's say we do attribute the attack as we did with north korea, what then? what is the right response? what is proportional? should be cyber, should be sanctioned, should it be something else? we? we have not figured out those doctrines. but you are right a key element is how do you prove it. by the the way, our adversaries know that. so china and russia, the first question publicly and diplomatically will be, prove it. it. how can you prove that we have done this. not to mention the moral equivalency argument that says everyone does it. >> let me just raise another point. these fights are inevitably going to be asymmetrical. so we may have the best weapons of the world but i presume we are not going to be shutting down north korea's electricity grid because that means people in the hospital will die. so if we got into a real shooting war where we are sending cyber weapons across the internet and damage people who we believe have damaged us like how does that go when anybody with a computer can essentially disable a water plant or maybe change the way the water is going to the nuclear plant. isn't this like, doesn't this get messy very quickly? >> absolutely it is complex. attributions improved exponentially in the past few years but by no means 100 percent. at the end of the day knowing precisely who is behind the keyboard and finding the smoking keyboard is not easy to do. especially because most of the actors that are very capable are going to use proxies or surrogates so they're going to try to send the money footprints anywhere. that said, there is a difference between having this cyber equivalent of a drive-by shooting capability where you can have loan actors cause disruption harm to a particular target and a sustained computer network attack capability. so any kid, 400 pounds or less can actually sit in there and attack someone. but that that is not the same as a nationstate. ultimately here's the other thing, do not think that the only means that we have retribution is cyber means. cyber means. we have other intelligent capabilities. that's why we don't lean so far because we would be compromising other sources and methods. it is a complex set of issues. if your entire attribution is based on cyber forensics the best actors are going to run circles around you. but if you have other means in addition to that historical trend to see what their tpp czars then he can start putting the pitcher together. >> have an illuminating why this is a complex matter, what about the private sector? if you get hacked by the north koreans and you know who it is or you think you know who it is, is it ever okay for a private company to be hacking back against a nationstate? >> i have written a paper in controversy arguing for a cyber private model. given keep in mind congress has the right. >> mark an appraisal. which was in the context of a maritime security domain which was not controlled by state actors that was involving private actors that had the ability to influence maritime security. i think we're in a similar context was cyber security. the internet of things is becoming more and more predominant. frankly, the capabilities to understand vulnerabilities in real-time sit with the private sector. so we actually have to think very differently about what our model of defense looks like. we have to do all these things attribution, shape the natural landscape, create redundancy and resilience, take some systems off-line, but you also have to think creatively about how do we work public and private with each other to create cyber model that allows defense. it doesn't wait for the proof in concept, the prove to be indicted in court to be able to react in real-time. i think the private sector, in some corners at least they will tell me are looking for that kind of sanction, looking for a bit of a safe harbor to work closely with government, not all the time and not in a wild west wild west format, but to go after cyber actors. in some cases to retrieve data that has been stolen. >> so richard used to work for the air force right, so you are now in the private sector, you're you been on both sides of that divide it is run right? >> the question i have for the hack back advocates. >> i gotta get in there to. >> what are you trying to accomplish? what's the goal? if you're trying to get better at your fusion or know who is hacking you there's no better way than to break into the adversary computer, find his list of targets see that you're on the list and they have an active operation against you, it's the same as a counterintelligence model. that's the best way to do it. does it. does that involve the private sector, probably not. they tried to do any long-term suppression? if if you trying to do long-term suppression of an adversary and trying to use cyber means i don't think it will work. you have to go to the other tools, diplomatic, financial and legal type tools if you want to have long-term suppression. if you're trying to use it to the legal case there might be questions about how you gather that evidence. those are the problems i have what i hear about private sector trying to break into other people's. >> call me goldilocks, too hot, too cold, i'm in between. >> in all sincerity i really had an unspoken thought. we are releasing a major study on active defense at the end of this month on the 31st back to order for. i think there is much more to the active defense set of issues that right now are great areas short of hack back to build higher walls and motes. we are not going to fire our way out of this problem. we cannot simply defend, build higher walls, deeper boats walls, deeper boats and protect it, that would be every time are home is rob we call the blacksmith. that is doomed for failure. that is the only crime we know that we still blame the victim not the perpetrator. we have to get to the point where we have a deterrent, and impact on the actor, and that includes taking more proactive steps. short of malicious hack back that is intended to be retribution. there are things technically that perimeter is totally blurred. if it's your perimeter outside your perimeter today. there are things you can do in terms of beacons and honeypots. all sorts of things that are technically capable but legally questionable. our laws are circa 1986, literally before the world wide web was what it is today. we have to start questioning this. >> we are when dining out of time. we will do a lightning round. we'll start with you on the end. what would you tell hillary clinton and donald trump about cyber war. one piece of advice as they prepared to potentially become commander-in-chief. >> they better get comfortable with the issues. they better get comfortable with the fact that you are not going to get the smoking keyboards all of the time. there's going to be ambiguity just like there is an counterterrorism. secondly, rules of engagement. we need to clearly defined what the rules of engagement are for computer network attack. thirdly we need to articulate and demonstrate a cyber deterrent capability we start putting pain on the bad guys. >> it is a myth that an individual can have a strategic effect on cyberspace. stuff that really matters will take place over days, weeks, months, possibly years. it will require teams of individuals working against teams who are trying to defend. we need to have a longer-term campaign model. the ultimate answers generally lie outside of cyberspace and the tools we can bring to the arena. >> you are going to have to think differently and come up with slightly different models with how we deal with the issue. models for how we shape with that environment. i agree with frank in the area of the field of deterrence is not well defined. we are going to have to define doctrines response the capabilities and deterrence. we are going to have to find a new model for public, private engagement. one that rebuilds that rebuilds trust in the post- snowden area. make come up with creative elements of active defense. we will have to think about new forms of resilience and that may mean pulling key systems off-line. running against the market trend of putting everything on the internet and connecting it. >> excellent. thank you for being here today. [applause] >> that was pretty good. the next panel is going to be run by my colleague at the washington post, brian and i think they are headed in here in just a minute. thank you for being here. thank you again. >> the morning -- you have been a very patient to audience and stuck with us all morning. thank you for coming. a quick quick reminder that you can tweet your questions which will show up on my ipad at wp cyber. joining me this morning we have three awesome guests. to to my left is brett was the assistant section chief of the cyber operational section of the fbi. he previously served as a supervisor and special agent over national security measures. we have michelle, the senior managing tractor and career consulting group where she leads a geopolitical geopolitical advisor practice and finally we have michael, the senior director of information security at johnson & johnson. he specializes in digital asset risk management. i thought i would start with a personal bit. one of my jobs is explaining to people what critical infrastructure is and why it matters and how we are vulnerable. it occurs to me that critical infrastructure is not a very accessible term. a lot of the companies that are in the space you're trying to to convince to get on board defending themselves, we're just talking about how hard it is to get buy-in from companies when it is a low priority for them. it is 2016, why have we not come up with a better term for critical infrastructure? >> from the government standpoint there is pp d21 which defines critical infrastructure. we have 16 structures for helping private sector in that regard. hopefully prevent, detect, and mitigate threats to critical infrastructure within those 16. we are looking at those corporations that contribute to this stability economically from a national security standpoint as well as health, life, and safety to the american people. from the government standpoint we have defined critical infrastructure through ppd 21. the fbi and department of justice and the department of homeland security work closely with those sectors. i know you serve on the health -- who are bringing together those public, private partnerships to help defend networks. >> first off, thank you for having us and it is a pleasure to be here. >> . . we are johnson & johnson, we are the largest, most comprehensive healthcare company in the world. we have significant resources and we realized that we need to give back, we need to help the little guys out with providing services. he has spoken at a few of our summits recently and it's a great organization where we are able to protect and defend the national health portion of a critical infrastructure. >> i think in the commercial sector, we are getting better, but part of the reason why we haven't defined what could've critical infrastructure is, it's a work in progress. where where building the bridge as we walk on it. firms that provide enterprise risk management consulting services sort of have to help their clients understand what their critical risks are. i think the more that we do that and the longer we identify those risks and what the critical infrastructure consists of, the better the definition will become and the firmer it will be. how does the need, our need to understand critical infrastructure and the way we define it need to change as we learn better what the landscape of capabilities is and the risks that are out there. >> i think generally speaking, if you take critical infrastructure and boil it down to a corporate perspective, we look at it through three phases of business. we have the commercial part of the business and the supply chain part of the business and the research and development. each of those, threats and risks are different in each of those and the protections therefore it need to be different. supply chain is really about availability. you are dealing with risks and lifecycle management issues where the business is trying to squeeze every penny out of that technology platform if you can make that pillar make that medical device and build that drug so there are certain risks there. r&d is very collaborative. we are dealing with multi- national, educational institutions and protecting the infrastructure that research and development rides on is a much different, more agile, more flexible approach. it's similar to commercial sales and the financial data, making sure that we are in line with serving oxley. these are critical areas of our business that we make sure were looking at. >> can i just follow up on that, can you tell us how those three areas of the business coordinate their cyber defenses? is there much coronation there or is it, comes from the top and is spread out. >> great question. we have a very centralized viewpoint from a security strategy and design where we have a baseline of working with different types of frameworks such as security controls that we apply. there's also it's done through the different business groups we are trying to have the technology to secure the enterprise. >> what is fascinating to me, you guys probably have very robust interaction between your various teams but what we see in our incident response is many companies don't have that interaction. they're responsible for network defense but they don't engage thought prevention teams. they don't engage the general counsel office. one case we responded to what turned out to be a large cyber compromise and they started working with the chief compromise officer to engage the threat and mitigate what was happening while also allowing us to pursue the threat. a few hours into that, the general counsel learned this was happening and came down and rightfully so and said let's stop what were doing, we have a government agency in here, worse sharing information and we haven't determined what information we want to share with the government. they sent the fbi team home and they continue to work in their environment to try to determine what they could share. over five days later they invited the fbi team back. by that team they had communicated uncompromised infrastructure that the fbi teams are here whether we want to share and unfortunately, i think a lot of organizations don't bring general councils. physical security folks, they all lined the business together and what that information sharing plan might be like with the federal government. >> when you are working on stuff like this, is there something they can do, organizationally, structurally speaking to help ease those lines of communication. >> absolutely. what we like to do when we work with firms, all tell tell you, i've seen these plans very widely. even some of the larger firms that we work with don't have very good plans in place and they kind of wait until it's almost too late before they have a plan. what we try to do is help them identify where they might be vulnerable, what things could be a threat or at risk and then we, after they identify those things we help them prioritize. this is a problem because not all companies are at the same stage in their life cycle. companies that are smaller but more technical, they have high-risk but they have lower revenue stream. sometimes they're hesitant to put resources toward this eventual event because it is an eventual event. it is going to happen at some point, it's just when. hopefully it will be at a time in their life cycle where they have been able to plan. we do try to get them to incorporate as many parts of the organization as possible, but some of them don't even have their own general counsel. some of them will contract that out when they need it or, it depends on how mature they are in their business cycle. >> we have a really great question from twitter. it ties directly into a question that i wanted to ask. i'm just going to ask the twitter question. considering how much nationstates depend on satellite for critical infrastructure, has any international ponzi and put in place west mark what are the necessary steps to take in order to protect satellites and other space assets from being involved in the hijacking attack? >> i'm not aware, i'm not not part of the policy teams out there in the u.s. government. certainly, satellites and any kind of infrastructure utilized for communication in the it environment are susceptible to various cyber activity. satellites are an asset that we have to look at and like any form of risk we have to build response around that. i know it is being addressed by some of our partner agencies to build controls around that risk that's associated with those communications. >> to what extent should be thinking about things like election systems as critical infrastructure or e-mail systems is critical infrastructure? we've had a number of reports about russia potentially having hacked our political election and people are clearly worried about the impact that other nationstates may take in cyberspace to affect the way we live here. >> in terms of e-mail, i think it's just part of our daily lives. i was reading the article coming down on the train that half of our time, over a thousand hours a year is spent reading and doing email. of course it's part of our infrastructure. there are several established and great technology in place to secure communications around e-mail with encryption. there are a lot of different messaging that goes back and forth with infrastructure to secure that. i think there's a lot of options out there to secure and as we've said, depending on the resources, what technology is right for you largely depends on how many resources you have available. >> from an intelligence perspective, i think it goes back to something that i learned in the army which is no yourself and know your enemy. when it comes to e-mail, no what information you are sharing and know who might want to exploit that information. once you have a good understanding, i think it helps you be safer with e-mail or any communication or any means that could be hacked or anything that's vulnerable. that goes for any type of company, corporation, industry, sector. >> e-mail remains one of the top compromiser's anywhere. i know it's been mentioned many times. i would like to say there's a thursday night football game on tonight and i will use authentication. if i can do it, i hope businesses can start to do it. on the issue of should we consider the election critical infrastructure and others, it goes back to our original question of what is critical in the structure. the lines. we have these defined sectors but what we have to look at is day-to-day operations. it's a cloud -based environment or a mom-and-pop shop who has to connect to billing networks and some might spend millions of dollars on cyber network, if there's a small mom-and-pop shop that has trusted access to their critical data, they've shown the propensity to use the path of least resistance and why force yourself into a robust network when you can go off some small business that has access. we've seen that in several sectors. what's convenient for us, many times is a third party or connecting internet device to our trusted networks, what's convenient for us is convenient for the adversaries. >> this may be a question for law-enforcement, would you say, are critical infrastructures compromised when we learned of the back door that even yahoo's chief information security officer did not know about. >> i will do for my comments to these folks. i'm happy to talk about that a little bit. so, i can't comment on that yahoo event, but what we strive to do an fbi cyber division is recognized that private sector companies are equal in the plain environment. in counterterrorism, if if you see something, say something, that was kind of the extent of what we did with private-sector and we met with witnesses and victims and under the u.s. law we work with private-sector companies that see this on a regular basis. we have to be agile and get the information quickly. likewise we have a look in to it that they don't have. notwithstanding recent media reporting, we do have robust abilities but it will always suffer by legal frameworks. i think it's important to detect quickly and prevent. i think if we help companies and firms to put in place detection mechanisms and know what to look for, i think that brings that response time cycle much smaller and attack techniques and vulnerabilities with these partners and it is simple to say you just need to communicate, but the what is one thing and how you go about doing it is a completely different dynamic. there is great organization such as the critical infrastructure and other programs. there are several great organizations where their mission is to increase the resilience of these companies and bringing together that public partnership that is essential for making sure we are secure. >> i think the u.s. is actually much better primarily because of the better resource to do that and it goes back to that same problem that we have. when we have countries that are struggling to feed their populations and keep social unrest at bay but they don't put resources toward securing critical infrastructure, we advise a lot of our companies at arm multinational and global companies this is a problem. if you're looking to expand your operations overseas it something you need to take into consideration in your risk management plans. i do feel the united states is ahead of our. competitors, but only for so long. i think some of our. competitors will catch up to us soon and we can only hope that will proliferate to some of the other places we have critical infrastructure or businesses that rely on the critical infrastructure of those countries. >> can you give a concrete example? and to what extent does the lack of readiness among other countries provide an opportunity for american warriors? >> i think some examples would be where we rely on electric and data grids, and countries, there so many of them, africa, we have companies that do mining and extraction in several african countries and they don't have the resources to put towards supply or protect their electrical grids or critical infrastructure, their water supply or anything these companies need. some of them, if you shut them down for a day, they will lose millions of dollars to bring things back online. some other examples would be, we were talking to investors that were looking at opportunities in cuba and cuba is another country that has excellent cyber capabilities that they don't feel they are a target so they don't spend a lot of resources on protecting their infrastructure. if countries or in businesses wanted to invest, they could say it was a risk. >> i wonder if we can talk a little bit about your work in partnerships and tell us a little bit about a buzzword that often describes the ideal and aspiration. what does it actually look like and what does that look like to make it work. >> in cyber it's a willingness to step out early and often on the part of private sector and the u.s. government. what we have learned is that sharing threat indicators two weeks after we see them is no longer acceptable. if you look at the advanced persistent threat environment where adversaries are able to gain, that is significant and can happen in two weeks. the fbi in partnership with the nsa are now rapidly the classifying indicators and getting them out to the private sector but we also have to get the information from cyber. being able to see the malware and analyze it quickly is key to protecting infrastructure. fortune 100 companies and small businesses, we have developed and our job is operationalizing our relationship with private sector. i would encourage you if you're small to medium business and you're not getting information from the government, check out their website. it's an fbi partnership with private sector across the board to be able to share information and rapidly. criminals are partnering all the time. if we don't partner together, we will continue to lose that battle as opposed to gaining on the adversary. >> you manage a database. tell me how that works and how many notifications do you get a day? >> i would have to get back to on the numbers. we get a lot we get that information rapidly but we don't get enough. cyber reporting is underreporting. we some of those other plans. >> it seems like a great place to wrap up. i will now be joined by my colleague on stage. [applause] [inaudible] good morning, thank you for being here. with me on stage is lisa monico, assistant to the president for homeland security and counter terrorism. good morning. she is responsible for policy coordination and management on issues ranging from terrorist attack and cyber security and national disasters like hurricane matthew that's heading our way now. the president likes to call her doctor do. prior to going to the white house she spent years at the department of justice in the fbi where she helped shift the fbi focus after 911 to prevent terrorist attack and that the department of justice she started the cyber justice program. thank you for being here. >> thank you so much. >> reminder to the audience to tweet your question at # wp cyber. i will get to your questions at the end of our discussion. lisa, you briefed president president obama every morning on national security threats. how have they evolved over the past three and a half years? are you seeing more threats in the cyber domain now than terrorism? >> i certainly am seeing a lot more cyber information threats that are appearing prominently in that briefing. every morning he received something called the president's daily brief which is a briefing delivered to him from the director of national intelligence, giving an overdue view of what has happened in the world overnight, what are the strategic issues and what are the biggest threats and concerns to our security that we are facing. i participate in that meeting along with other advisors and we meet with the president every morning and we go through this set of concerns and we also have an opportunity, in that meeting, to raise the things that are on our own mine and things that i think they need to know and be concerned about. what i have found in the three and half years since i've been in this position is that cyber threats have consumed a greater and greater portion and the issues that i am raising with the president, absolutely absolutely are always going to be terrorist attacks here at home and issues like ebola and pandemic concerns but increasingly, over time and over the years, i find myself on a daily basis talking to him about a cyber threat issue. i've also noticed that i've been struck by the breath of the problems that we are facing. against the government, against the private sector. the range of actors that we are concerned about from nationstates like russia, iran, china, north korea and nonstate actors and activists and your garden variety criminal activity another has been the range of tactics that we are seeing. gone are the days, not completely gone, but added two issues like service attacks and the actors in the siebel realm like we saw with the north korean actors to something that is of great concern to me and others which is how can we be certain of the integrity of the data that we hold and are responsible for. increasingly, i think that will be a midterm and lawn term concern. >> the data for instance that's flowing through our election machines, is that high on your list right now. >> certainly. we are obviously focused on, and you've heard myself and others talk about this in the past several weeks. we are always going to concern about fibrous threat to our system and our critical infrastructure and we have seen efforts at probing state election systems and the state election infrastructure. what people need to know about this is that our voting infrastructure, our election infrastructure is really quite resilient. what do do i mean by that? it is owned, operated and managed by states, localities down to the meniscal level. it is diversified. that's a good thing from a security perspective because there is no single point of failure. the checks and balances in the oversight from the officials from the media as for when it comes time for the media, there's a great deal of resilience in our election system and people should be quite confident in it. that said, we exist in a wired world world and we know there are actors out there trying to breach our defenses across the board. while we have been doing is, along with the department of homeland security and others in the government has been trying to make available to state officials and election officials expertise, resources to bolster their defenses for their voting machines and their voting rolls and last week we had a bipartisan letter from congressional leadership in congress from the majority and minority leaders in both chambers who wrote a letter to the governors and officials indicating that we need to be vigilant and they can provide assistance. >> to be clear, have you seen any efforts by any actor in nationstates such as russia to manipulate data going through the voter registration or other systems. >> i think director, he has spoken to this in the fbi is very focused and assisting with investigation when they do experience breaches or other intrusions. director, he has said we've seen a lot of probing to get that information but have not seen indications of manipulation. >> do you see, are you looking at, do you think there has been an effort by another nationstate such as russia to cast out on the legitimacy of our election. >> whether it's a power grid or election systems, they indicted some iranian actors for assault on our bridge and our private sectors. we need to be concerned about them trying to breach our critical systems, whether to generate insight and whether to use it in the future or have confidence in our system and my messages, frankly our democracy in the form of its systems and systems that we have in place and in our greater democratic system is stronger than any one of these actors. >> your background is in counterterrorism. let's talk about how you have tried to take lessons learned from that and apply them to the cyberspace which you have done the past few years. >> it's a great question. this is an area that i have been very focused on. i've spent my career, largely as a prosecutor in the justice department and then the fbi focused on national security issues. what we learned is that a country and the government after 911 is we needed to shift our focus and our imagination and our privatization of the threat and i think we did that quite effectively. we needed to reorganize ourselves and integrate our information and our unity of effort around making sure our law enforcement and intelligence services had the same information and a greater picture of the threat that we had an ability to respond quickly and agile he and effectively to terrorist threats and i would argue to the great work of some professionals across to administrations, we have done that quite effectively. we are applying those lessons in the cyber round. how are we doing that? by prioritizing and recognizing the threat that malicious cyber activity poses. at the beginning of the president's administration, he labeled the cyber threat one of the biggest national security and economic threats that we face. naming it and pry prioritizing it for the administration. in terms of integrating our information, we did something two years ago in applying the great lessons we learned in the counterterrorism realm to cyber. we created, after 911, the counterterrorism center. one place where terrorism professionals and analysts and intelligence personnel came together under one roof to share their information so we as policymakers all have the same picture, the same.that everyone refers to pre-911 to connect one of the greatest threats we face. so that briefing that i mentioned just a a few minutes ago, everyone who is critical is seeing that same information every morning about terrorism threats. how is that helping you? is it helping you make faster decisions on who's responsible and what to do with it? up until about two years ago, we didn't have one place in the government that did the same thing for cyber threats. we created something called the cyber threat innovation center and we brought together all the analysts and experts into one place that could fuse the information we had about cyber threats so policymakers like myself and others have one critical picture. what that does is it says, what do we understand to be the greatest threat, how should we understand it, what are the options for policymakers to act to disrupt those threats and then the other lesson we have applied in the terrorism realm, we apply all tools. what's the best will we can use at our disposal to disrupt a threat. is it up prosecution or military action or diplomatic overture, we are doing the same thing in the cyber realm. you have seen that play out. >> i like to talk about that because it's almost the end of the administration and clearly this administration has dealt with incredible evolution of the cyber threat coming at you every day but there are credit critics who say the obama administration just doesn't have a coherent framework for all of these threats coming at us. we've seen russian hacking of the dnc, how do you respond to them when they say there's no framework. in fact, do you think maybe you're doing it more on a case-by-case basis where there's an event such as espionage and you respond with indictment or sanctions, are you building a de facto. >> to your audience, i disagree with the critics that we don't have a strategy or defense policy. we believe very strongly that there needs to be a set of norms around cyber behavior. what you have seen is the president working very hard and very carefully over the past several years to build a set of norms and international support. things like countries should not attack another countries cyber infrastructure. another country should not engage in economic espionage for property and theft in commercial game. what are the country that should not engage in cyber off engine activities, that's a set of norms we have worked very hard to put in place. when countries violate those norms, there's an isolation and an agreement they can impose sanctions or maybe there is act of aggression if those norms are violated. there's a framework there. in terms of specific responses and specific activity, you talked about a few cases. i would argue we are putting in place a framework and you have seen it in some of the cases you mentioned. we take a whole government approach to particular malicious cyber incident. you see it in the case of north korean attacks on sony pictures. what we did there is we gathered all the information we could, whether it's from law-enforcement or the community and combine that and understood it and were reached a level of confidence that it was the north korean government that did this and then determined code to disrupt their system so they know it's you but other countries don't know where the public deterrence is, what's the strategic impact? how are you upholding that norm. >> these are the discussions that you can imagine policy makers having around the situation on the table. what is in our interest, is it in our interest to attribute that activity to name and shame, if you will, to isolate that actor the actor on the world stage, to garner international support to say sanction or impose diplomatic costs. is that our interest to publicly indict and use our criminal justice problem as we did with the chinese case? we began that against the five members of the pla. when i was the head of the national security division at the justice department, you referenced the program that started. it was the national security cyber specialist program. a set of prosecutors around the country focused on bringing cyber prosecutions for national security cases. we built on a set of terrorism prosecutors that we established throughout the country post 9/11 working with the joint terrorism task forces that the fbi has. so it's the same idea in cyber rome and we brought this case against the members of the pla. the point is you're calling out that activity. you are identifying it, your naming it, you're showing that you can attribute that, identify those actors, pictures of these chinese military members at the keyboard and even if you don't physically get your hands on those actors and bring them to court, they can't travel, that warrant will be out for them and you've identified and called out this activity and i would argue it strengthens our hand in the diplomatic realm. you saw a diplomatic agreement with president she almost a year ago when he visited washington and signing up to a set of agreements that we are monitoring quite vigorously so these things feed into each other. in fact, they slapped the indictments on the five chinese pla members and then you are about to impose economic sanctions, i believe somebody reported and it would've been the first of this new tool created by president obama last year which you still haven't used. are you going to use it by the way? >> i'm eager to have all the tools at our disposal which is one of the reason we set up that sanctions regime. that was another tool we used. >> you're going to do the sanctions and as you noted, she came to the table. how effective have these been? are you seeing any change in behavior? >> i would characterize it that we have seen a diminishment however, i think this is something we have to be continuously vigilant on and be very clear, as we have been, with the chinese that we expect adherence to this commitment and we will continue to be watching for adherence and that we reserve the right to impose costs if we see that commitment is not being honored. >> you seem to have had some success with china. what about russia? russia has been in the news lately, maybe some 400-pound person, but any case, there is strong evidence, the intelligence community is looking into how intense they are undoing influence operation in the united states. why haven't you taken any public action so far against russia? >> i'll go back to the framework as you noted that investigation and understanding that activity is ongoing between the fbi, the intelligence community, we are employing the same framework as i explained a minute ago. gathering that information and the professionals have to do that and it won't surprise you to know that i'm not point get ahead of that on the stage, gather the information, understand it, reach a it, reach a level of confidence. importantly, look at it and decide, and the intelligence has to do that, what can be said about that activity and our ultimate ability to use those tools in the future, and then decide is it in our interest to describe that activity. again, this is the broader framework that we apply as we did in china and with iran and in other cases, and then, response tools on the table and some may be public. >> what are some of the considerations going through your mind with diplomatic issues with russia and syria, political concerns, how much much of a concern is it that as we get closer to the election, taking any action and it could be seen as politicizing. >> what i would say is the set of concerns i laid out as we apply this framework are going to be the same in terms of general categories. is it in our interest to act response billy, proportionately and do so in a time and place of our choosing. questions about, i think what you have seen in the cases that we did with iran, china, those and with north korea and the primary guiding an overarching focus in those discussions is about what is in the national security interest of the united states. that is the northstar for those missions. >> i think last week you mentioned that no actor gets a free pass. they say it will only embolden them. what's your response? >> i absolutely understand that. what i would say and what i think we've been discussing is there is a whole range of tools at our disposal to apply to hold malicious actors to account. you have seen us demonstrate that using economic sanctions and other and those are on the table and they all get considered when were talking about malicious actors. >> as time is winding down, i would be remiss of i didn't ask the? the minds of many reporters here now comes the news of another risk of this contractor and this comes after the obama administration has taken steps to take tighten control to prevent the occurrence of such episodes. what happened here and do you need to do more. if so what more can you do to tighten these controls? >> you are referencing the criminal complaint that was unveiled yesterday with regard to a contractor. i'm not going to comment on the specific case, but criminal charges are in the public domain and your readers in the audience can look at those in that process will go on and i'm sure we will be learning more about that. this is the type of activity we take exceptionally seriously. the protection of national security and classified information, i would also say because, as you mentioned, these cases have involved government employees but the vast majority of the professionals serving the intelligence communities are patriots who have forgone lucrative salaries in other areas to work very hard to protect this country. that said, you can't complete lee guarantee a determined, the threat of a determined insider who is determined to steal information. that's a very hard challenge, but as you noted, with the with the president has been crystal clear about is the need to constantly review and learn from some of these instances. that's why you saw the establishment of an insider threat actor after the case. that's why you've seen, just last week, the establishment of something called the national background investigation bureau setting up a stead of standards and strengthening of our background checks. we've got to constantly apply lessons learned, vigorous appeared security measures. we are in a wired world. it's going to get harder and harder. we have to constantly be reviewing and understanding the new technology that we can apply. are there new steps we can take. the president and the other leaders of his administration take it very seriously and are constantly looking into what we can do. >> this contractor is suspected of also having stolen hacking tools used by the nsa to gather intelligence. this is a very potentially significant action. how concerned are you about the potential damage to national security rising from this case. >> without getting into the specifics of the case, as a person who is responsible, as you said, starting out this discussion to talk to the president every day about the threats facing our country, i am exceptionally concerned about anything and anyone who would do something to jeopardize critical tools that we have and the tools that we use to keep this safe. that's why i think we have to constantly be reviewing what we are doing and applying new tools and technologies. >> we are running short on time, but i have to ask you, about four and half weeks out from the election and they have promise there will be a massive leak on wikileaks. what might we expect from an october surprise? >> for several reasons, i am not going to speculate on that. one of which is, one of of the things that i do want to have to find my windowless office in the easement of the west wing is not getting into politics. i think i will continue this in this relatively windowless room as well. with that, i have to wrap it up or. thank you so much. thank you for being here. thank you for being here. we will have clips from the program posted later. thank you. [inaudible conversation] coming up on c-span two, a look at the 1986 arms summit between the u.s. and the soviet union. then new legislation that would make distributing explicit images without permission of the federal crime. later the washington post host a conference on cyber security issues. : >> >> what will happen and how will this unfolds from? >> it happens annually in with other wisconsin officials and those familiar said he exposed interest and has a right now that are out there with the donald trump to end paul ryan appearing together and to distance himself even after he did officially endorse him it would be awkward for paul ryan. >> and he is being challenged by a former senator russ feingold. this is one of the state's that both party say they need to capture or maintain control of the senate next year. >> that's right. but this is the first event that they are going to. but the same strategy of some of the other vulnerable like pat to meet the was very much distance itself don't even like to say in the name donald trump base say the nominee. and now will appear in person with donald trump. >> going back to the relationship and then the nominee saying he is a vice people for gary jones and. al will this change or evolves with 30 days before the election? we'll let have an impact quick. >> just right before the second presidential debate and the last 10 days are some of the worst of the donald trump campaign from his derogatory comments so that is the moment for donald trump to make a comeback. >> dollars round in wisconsin this weekend end the work is available on line and the hill. thanks for being with us. [inaudible conversations] >> ladies and gentlemen. i would like to welcome you to brookings to let everybody in the audience know that our colleagues are here we will try to be appear from the podium as well. and we're very pleased to be here and this is a very special event to mark the anniversary of the reykjavik summit in iceland. it is my pleasure to be here today to be with three extremely distinguished men who have their own connections. fans and and to the younger people in the audience. we are using this occasion to get ahead which is the 25th anniversary of the collapse of the soviet union. the net includes the russian federation. but we felt t11 was part of the university and you wanted to welcome down here in front of the audience but t11 was a key event. it was between the nine estates in the soviet union one that preceded with the fall of the berlin wall. the first part will focus on the summit itself of those that were there to walk back that confrontation but the second panel with arms reduction and control with the new relationship and is a bill amends over the last couple of days with that disposition we didn't know that what happened. want into hold the event. i know a few knew that something else would have been. that puts felt whole agenda back at the top of the agenda. a want to begin the panel if the audience will remember but it is worth reminding the years of high end cold war confrontation with the few quick points and then for a discussion of this. we'll end in the 1960's and '70's the soviet union was condensed with a clear and present danger. with the u.s. defense budget and the soviet borders that sounds like some of the problems. with the white house and pentagon officials to increase operations by the cia and elsewhere. by 1981 was of a nuclear threat. just after ronald reagan started the anti-ballistic missile defense system from the soviet nuclear strike. and then meeting uh kgb rather briefly in 1982 it was showing reagan and of a nuclear holocaust. one and during the british war game with that soviet nuclear strike that queen elizabeth the second actually drafted a world war iii speech that was filed away in the archives. hawaiian that you might expect to be reunited. but this is drafted at the same time of the evil empire speech one about the dangers posed to the united states. meetings were pretty bad that the soviet plan to this south korean airlines it was u.s. spy plane. one with the impending nuclear war but 1984 just to run up to monitor these events to have those international affairs. and have to tell you today we signed legislation that would begin bombing in five minutes. pdf also looking in the archives nobody got the joke so when gorbachev came into power with the general secretary and ronald reagan the first meeting in seven years. and then start to put those in early 1980. that was the key part of the process into the nuclear forces treaty and laying the ground for the start treaty. and his table here in the panelist and one of those cold war scenarios one of the u.s. embassy in moscow actually from the u.s. embassy spend most of his time having to fill an it to be expelled to drive the truck and if course the u.s. journalist who later became a professor was arrested and imprisoned in a soviet jail. but that is all that was going on but behind-the-scenes of reykjavik things were quite different. first of all, to kick this off we have brookings president who was covering the meeting as say washington appear chief with time magazine and we never good colleague who is a veteran cbs and nbc news correspondent. one and then distinguished candidate who had just published a new book on sale outside you sought at the beginning probably. and he was there with president ronald reagan behind the scenes and with gorbachev and after we get those observations and we will find what went on behind closed doors. we do have such a great panel that can talk about the offense and we want to hear what you have to say. >> that is a terrific set up for a quite important story and pose of us who were there including marvin and kent knew there were possibilities if that i don't think any of us had an inkling of how far these two leaders would actually go. ken is the only person probably in the room or on the podium that was behind closed doors. martin and i were listening through keyholes of we could find any. but just to fill out what fiona just said just with some of blossoming of the personal relationship of the president of united states before the attorney general of the communist party of the soviet union. there were signs that they might warm-up. the geneva meeting that happened one year before, the atmosphere was pretty good. they certainly were better than the relationship between president reagan from previously. but we had no idea as we headed to reykjavik of all places. [laughter] by the way will whole site was thick because it was more or less halfway between moscow and washington. so neither leader had to go to far in the direction of the other which was the idea . it was october obviously. it was blustery. though boathouse. can we see that? i checked with the ambassador before who confirmed it and that it was reputed to be haunted by laugh -- [laughter] that is where everything went on. so we began to get briefings , and they think secretary shultz came out on one occasion and is surrounded as though there would be not just a place holder for a more substantive meeting later in the year but things were going on in the house. and we at "time" magazine on friday night and to have a number of photographs one in one of which one and was already to go? and uh koppers story as the end my editor walter isaacson was helping me putting the finishing touches on it four-o'clock in the afternoon on sunday. but when that but the next morning george shultz k. mount and you could tell from his face that tears were in his size -- is that the whole thing had collapsed. this led to one of the more exciting moments in my journalistic career to get on the telephone immediately to call new york that was the equivalent of navy get me rewrite. from what we were hearing about why the talks had collapsed and the word laboratory kept coming up and i will save that for you. from so we managed to flip back story into the unhappy story with the unhappy picture of laugh of the two leaders and "time" magazine got into your hands the next morning. but that really isn't anything more than background. what i think is really important of what we will be talking about is that while it was a busted summit, it shows the degree to which these two men by the way are getting a lot of push back from their military and their political divisors committees to men were determined, rather than have united states and soviet union causally be at the brink of nuclear war, they were serious not just arms control but massive reductions of the arsenals of the two countries. and even though the reykjavik summit did not achieve mostly with sdi it was a launching pad for the arms control agreements that were reached the decades that followed. that will braying us to the melancholy president where there's so much about progress that has been stalled or will be very hard to pick up. with that vial will turn back to my traveling companion i just put on my tie for all of you. certainly didn't have one on one of is rewriting the story. >> it is of pleasure to be with you. i have covered many soviet-american summits. it is my great pleasure to do so. there were great stories for someone who's spent much of his life in russia or studying russia russia, assassinated by what was going on most especially with the arrival of gorbachev on the scene. and reykjavik was an enormous disappointment. some said the almost should not have happened i appreciate what he was saying that it did set things up, but to men were that close to something that was truly historic and could not pilaf. if you look at the secretary shultz face that if his wife and children were killed in an automobile accident. so then you look at that because then you realize that gorbachev was trying to reach out to the west and was aware that three of his leaders had died. he was a young man and thought he could do something different with russia. for so very quickly initiated a program called class noticed perestroika batf to reform russia with the thinking you can hold on to communism and you could reform the system that was broken. the truth is it was so broken you could not continue but he did not know that. and he started january of that year floating the idea of eliminating all nuclear weapons but the number of people in the city there was a lot of propaganda in a lot of nonsense. >> that is what he said and put that out there than the following month with the soviet foreign office came word that the zero linkage that was the soviet requirement but it was all or nothing they would pull back to say maybe you could get one. behind it all was the awareness of afghanistan which was a monstrous headache and obvious defeat and how does the soviet leader acknowledged that to his people of 15,000 soldiers killed? were the mothers and the fathers? one when he first came in he said it is a bleeding wound bomb. he was aware and under incredible pressure trying to do something different. the stage was ready. and for a reporter there you could realize it was a big deal although we were being told by others that this was just a set up for gorbachev's visit to the united states following year following a reagan visit to moscow. one but yet yet, behind-the-scenes they were discussing things that are unbelievably important to the world and the two countries. gorbachev was there with the idea of eliminating nuclear weapons. all nuclear weapons by the year 2000. the president was fascinated by the idea and reagan despite the image of the conservative he wanted to get along with russia. but on his terms. and and he had a romantic attachment to what we call star wars and the romantic attachment was if you had a choice that a certain point in negotiations to save maybe we can both agree on eliminating by the year 2000 and abut gorbachev wanted first elimination of the adn the end of possibility that reagan wanted the ability to test not only in the laboratory but gorbachev was prepared to accept the area of testing in the laboratory. but the president would not accept that. so at the end of the day as was explained to us by secretary shultz was that yes, it was possible the president could not get sdi and was not responsible. and as someone who was given of journalism long ago, i think that is now absorber writing about this experience and ourselves and our feelings with russia. to think back to that time my god there has been nothing like it since then or before how fantastic that would have been with the final brink of the advisers who kept saying no. easy does it. and the president really wanted to do it. everything that moved and to make a statement felt was a love with sdi and could not pull that off so that is a sad story for. >> and while you have tears in your eyes as well we should mention of course, there was chernobyl and then to deal with the secretary general's earlier in the term with that biggest accident ever that has a very large effect in iceland and in northern europe. so low he was also thinking about this in a different way. so now to be portrayed with those ideas what was a like behind-the-scenes? ticket was a sad event but i thought it was a very happy event for an amazing. but on monday when we got back to citi magazine the picture on the cover and i was thinking this is the printed distribution of the first quarter. that was floating out there. >> there were some grammatical errors. [laughter] >> i thought it was you. [laughter] those i overlooked. with lassie's said but gorbachev on the scene was an amazing change. but 1983 there was staff that was replaced them for two months later one died then another one was there then he died and both carol and i were very good friends with the eighth italian and passenger in we would go to his funeral in say why? he said i bought tickets for the entire series with so he was used to going back and forth. so to give a happy story and to cheer you up. one of my objectives in life [laughter] >> i just want to show that three things. field you were great to give us the background. number-one to tell you what actually happened, and number two coming to tell you the significance of what happened, and number three tel you how my views differ of those that we heard in some respect from the moderator and key participants. this house is amazingly isolated reported to be haunted even now is called the london house. and a very small and beautiful house on the outskirts of reykjavik very beautiful because we are going there on friday because iceland is doing in the event for the 30th anniversary summit will be terrific to go back and see. my wife does not like me to say this but it was the greatest weekend of my life. [laughter] with the thrill when and the misery so this is "time" magazine that he wrote about 1983 as a collection of all men of the year on the wall. with reagan's signature can and he is looking right there. >> is seen as a year in the dual. and they will go after each other with their thermonuclear evens. did it was of very scary time as fiona pointed out and that was written in the cover story man of the year looking very somber. pdf you can see the size of the house. i will give you a quick to worry the upper left was the american chamber where we were waiting with the president and now with the president and with the upper right bedroom was the of soviet parlor and in between was the demilitarized zone. and the window on the left on the need for that is where they met 10 and half-hour's. i don't know about you i never met anybody 10 and half-hour's without notes, without talking points, the most genuine either man was in office i know when your president but general secretary you always have the scripted meetings and the talking points with memos. none of this. , is you are summit free-floating the likes of which will never be repeated. it was the smallest bubble ever made in a room. there were eight in the bubble jammed shoulder to shoulder in announcing the president of the united states so we'll stand up i thought if i am going to stay in the bubble and i will, a better give up president my chair so i said sit here for the next 40 minutes i was leaning against a the presidential needs -- his knees. this is in this world. not miss universe. but she was just crowned the month before i thought would make a great cover for redbook. the summit of the publisher thought it was a little off. [laughter] like 50 shades of vice. -- iceberg of the prime minister of iceland bright they're talking to a young tom brokaw they wanted to do interviews but iceland was not equipped to handle the world's attention. so the opening of the summit every 3,000 members in the press and the prime minister i don't know why they didn't give him a tall but he does the interview. you have a very small room george shultz he was still alive in '92 doing great he came to a book party in spoke 45 minutes about reykjavik it was just wonderful. the president and gorbachev then you see the two translators better simultaneous common not sequential in the note taker is important because george washington university took notes on line american in the soviet notes from the summit. that is something i did not know what the time. with that garbled 10 minutes recap but until you see the notes you don't see the back and forth and it is very very interesting 10 and half-hour's. here is where we met saturday night for armistice appointed because there was a concert downtown and a street festival and i was talking forward to that but made off was in charge of the group and richard perle was in the audience. we met at 8:00 tonight. we took of break 315 in the morning we adjourned at 6:20 a.m.. i don't know about you but i had never done an all-nighter before. not even college. by our estimation we accomplished more strategically in the one night they and seven and a half years of negotiations with the soviets. we did not do much on imf as he would go back and forth we didn't do much with sdi because natalie did like to talk about it they were above to talk about it that was the remarkable part one would jack up the other one and then promise from reagan they were just flights of fantasy of both sides but they did as well. this is made off of the left who later committed suicide actually when the soviet union fell. i kept up with him over the years and it was quite a shock when that happened. sunday afternoon. correct me if i am wrong it is the only segment in the u.s. russia summit going into overtime it was to end all in new on sunday that they thought because they were back-and-forth it would go into overtime the president comes up at 3:00 in the afternoon on sunday and sits in the corner and says several go down one more time but that is then i promise to nancy i would be offered in a. we explained that she knows where you are. it is not like you would stop at the bar on your way home. there is one story in and the world and he said but i told her i would be home. so we are going over that. we did the all later. -- all major and here is the circle of that good looking guy who shows his bedside -- best decided he had never looked better. that was before i died my hair white. i look for distinguished now. but trying to come up with words that would bridge the gap that was fundamental that gorbachev wanted to confine sdi to the laboratory and reagan did not. and wanted 10 more years but not in the laboratory. and then they came up as marvin mentioned with the advisers all over the place place, that isn't exactly what happened because ronald reagan knew what he wanted. so i don't think there was one time of the weekend he knew what he thought. it did not work. they went back and forth. but the notes of the transcripts of the american and soviet note takers because what is wonderful wonderful, as a case study, the last half-hour they were trying to bridge the gap but they started to talk about seeing the situation in each other's shoes. regular talk about the problems gorbachev would have with the kremlin and he started to talk about the problems of reagan that was beautiful and they were pleading with each other. you can do this. reagan we went back to the ambassador's house where he was staying because the ambassador was kicked out for the weekend he was just walking back and forth. but his handler that was with him senate handle where he goes by from the miller center that basically he is never seen a president so agitated except when nancy was going into surgery. and he was. there is the picture that you chose with no deal. i did not think that was fair i thought that gorbachev with the end of the sun and would sink that the seven you were right that was at the center of the controversy and was one big failure. so that is basically what happened. details could be filled then you can buy many copies of the book and give them out for halloween as a great present your thanksgiving. the second part what came out of that? >> number one is signing the imf agreement from the white house in december 1987 basically it was the zero option for the negotiations back in '82 and it eliminated if the class of weapon system from the soviet side and the american side because by then there were 5500 warheads on the capitals of europe. that was the number-one issue when reagan came into office and that was eliminated. that was signed in the white house. number two fbi enough level with the strategic level it started on the basis of what we agreed with the negotiations was down to equal levels of real reductions for the strategic nuclear weapons. this is important because every other arms control that was a bad idea to tell you the truth but limit the growth of nuclear weapons. '01 reason we would change start film but to go to the future strategic arms reductions talks. that was a very big move the right no in terms of their stockpiles. that was second on the strategic ground but then it came during george herbert walker bush and then during those clinton years and then the obama latest. that is on the second panel. first did reykjavik really contribute to the end of the cold war? there is a lot of argument about this. the simple answer is you cannot say because causation in any case is always a mystery. i personally seem to believe that reykjavik is several things. it's legitimize the no nuclear clause. and before reykjavik that abolition would have folksinger stews sing about white nikes people and the nobel laureates. it was not mainstream but with ronald reagan as the poster boy the number of key participants that brought on the movement to show them the centerpiece food new more about nuclear weapons would be chairman of the joint chiefs in a lot more it became a respectable movement and the main argument i would make reykjavik contributed one because there was no way the only way that he could get sdi that was absolutely the most threatening weapons system into the role into an take it away at a proportion he took the first address as a soviet leader did after for a meeting on the night he got back from t11 but sdi is a threat to the very existence american tree and to mankind everywhere. but in the pentagon that may someday show somme promise and he blows it up as the threat of all time. he could get reagan to give up sdi if he gave an offer on reduction of nuclear weapon but it totally failed. and then to reform the soviet union. and once he started the reforms they were vastly accelerated with the meeting and then the next year was a party conference that implemented these reforms. that is my thesis. i know marvin will disagree but we can talk about that later. two or three points. to have the great background i learned never pick a fight with of moderator. [laughter] at what i would disagree with khomeini they feared the nuclear attack and because of the succession and ideas to share birthday with robert mcnamara and then make the same point every year to show you how effective that was to always come back from moscow and said basically a blip scared out of its mind putting nuclear attack. i said the last time that i checked the older bombers are lined up bunny their field all of the submarines are in the port at any one time. we never had 50 percent of the bombers on any airfield that was pretty standard i did not believe that for a minute. hi billy looked if he was sincere and that it was just propaganda. and to be the first soviet leader to believe that. but it did not come from gorbachev but ronald reagan. that reagan comes up with the idea. but he is the push her but i never suspected he was. and the last point is why reykjavik was the failure. and from the breakup of the soviet union. in with the reductions of strategic arms but neither are expected. to go to zero for the ims systems of course. with although strategic gains. and then in dow laboratory. but this was in his ada to get that done. it was good news. unless you go along but that is what sent sunday into a tailspin. >> actually may have run the risk to go to far with the description because there isn't much left in the book. although to have a blow by blow. but we actually do know because there is a lot of material from the cia in the intelligence security. and even from the spymaster who talks about the kgb and the counterparts were hounding him. with those that are out there. and to prepare for that nuclear war we can talk about that. >> even with that material is assisted steven there's a lot of people. >> so why don't they take action? you have to be careful because the robbers are here. that i would lock my door. >> but they don't want to turn this into back-and-forth because it is important to appear if it was a genuine fear. but it was just as real in the soviet union. so the questions of where they lead was very important. >> so we will turn to the future and we want to rekindle. but as it was on the table for this discussion a very piece of background that goes back one of the reasons the of the new round jeff for the soviet union was a robust antiballistic missile system that we, the united states of lyndon johnson to beat over the head on why the seemingly perverse principal that defense is an ad and destabilizing is a critical way to the u.s. position of a long time to limit that antiballistic missile system. and the soviets bought that. and while president reagan sincerely believed it was out of danger just plain wrong including some who were there with him in reykjavik that sdi would be stabilizing and would not work. >> the russians were concerned. they tried to head office sudden appearance of the sdi system. it could not be developed over time. but their concern was really in the minds of the americans. in taking roughly the same place at the same time. and what did they do with that? to make it easier for them to lose four more difficult? but of those armaments of today as you know are among our best friend in afghanistan. where is sdi today? does anybody keep track of that? . . >> nothing than the u.s. soviet relationship or for that matter in terms of arming the world for an armageddon. reagan was the one who use that term, armageddon in 1983. it was in his my and in the 84 presidential debate i asked him about that. he sorta backed backed off and made the point again and again, a nuclear war cannot be won and ought not to be fought. he was very much opposed to it but he could not bring himself to the end of the day and historically and forgive me for going back to my disappointment that to me stands out as a huge moment when we could have gone one way but ended up going another. >> thank you. i think the next panel will be checking this further. certainly of missile defense has come up during two of the administrations of bush and obama. also in many respects -- i would like to bring in the audience for some questions. we're going to pick up the questions and the more detail with the second panel. oh take two or three and they will come back. please identify yourself. >> i'm retired from the u.s. government. i remember the economist ran a cover showing reagan and gorbachev dressed as peace demonstrators, peace signs, love beads and the whole thing. underneath it was titled the specter is haunting europe. the theme of the story was, abolishing strategic weapons would make it a higher risk there would actually be a war in europe, either conventional or limited nuclear war that would be confined to the battlefield. then about a year later freddy and others published a report which gave concrete expression to those fears. so what i would like to ask is, what role did that play in raising the concerns about the credibility of extended deterrence and heightening the debate over inf and short range nuclear weapons and europe in the 1980. >> that's a great question. >> one quick point, i think it bears on the question of how we should now regard what happened, at the very last session, the session that ended without agreement there was a proposal on the table, it had been put in writing and in these matters proposals in writing have to be given precedence over the chatter that surrounds it. that proposal, which gorbachev could not accept, it was an american proposal, that proposal called for eliminating all offensive ballistic missiles over a decade. at the end of the decade with all offensive ballistic missiles eliminated both sides would have the right to deploy a defense if they had a defense capable of deploying. the reason why this is important is that if you want to claim that fbi sank the summit you have to explain what the objection of sdi would have been after the missiles that it was uniquely tailored to shoot down had been eliminated. it was this fall and the soviet argument and i've had this argument a dozen times, the soviet side could never give an adequate explanation for why sti was relevant in the absence of offensive nuclear weapons. >> thank you. the lady over over here and then in the front. >> i'm with the university of washington. marvin, you talked about the importance of two men coming to change the nature of the confrontation really, but have there is a push back from their respective militaries and the political advisers. i think this is very important to highlight the relations in both countries. if you can reflect a little more, the three of you on how much there is for individuals and presidents in the united states on national security and foreign policy versus an institutional continue a day that comes from the military having their own views of what is important and what is not important and the fbi be in a case in that. if you can tell us more about what the military having the small research program, what they saw in that or the political advisers as well. >> let me just take a few more comments because we only have 15 minutes left. >> thank you very much. i write the mitchell report and i wanted to just say that this discussion is a to me an important reminder of the power of world history. listening to that story and the bet stories from the participants is powerful. this is not something i would say anybody in this auditorium is going to forget soon. so i really cannot thank you enough. >> stop right there. why would you want to go on. [laughter] >> i have a list of things. this is probably a rhetorical question but let me pose it anyway. what is so powerful to me about this among other things, is these two people, in a place called iceland, in a very small building, managing the future of the world over the course of a couple of days. i say to myself, is that is that ever going to happen again? can that happen in the age of twitter et cetera? and that is really what you have left me with. thank you. >> i'm being told we can have a little bit extra time here. so i will go back to the other questions and comments and see if there is anything that we would like to and. >> thank you very much for being here richard thank you very much for -- i think you have made an important point and reminded us of why the soviets were so scared of sdi. and, why they were not ready to sign up to the elimination of all ballistic missiles. they saw american technology in general and military technology in particular is a black magic that we had and they didn't. they felt inferior in their technology to thwart sdi. they never never thought they would get in sti anywhere near capable as the american sdi, with the regard to the prospect of eliminated ballistic missiles that would still leave the united states with non- ballistic delivery systems such as cruise missiles with stealth. for years i have heard that i would be surprised if you did as well. >> so the young lady raises the point of the military budget and the role of the military, i cannot remember president eisenhower leaving office making a very specific point about the power of the military industrial complex. here it comes from a man who is a general who fought in a war so he was not, he did not catch a cold when he dealt with military people, he knew them. yet, in terms of the relationship of the military as a power in the united states, measured up against the diplomacy, the congress and even the president, there is an enormous strength there. there is kind of not fear but awesome respect that people have when a guy in a uniform auxin and he has a lot of metals around him. so if two men had an opportunity as gary was saying before, if two men had an opportunity to do any number of things with arms control but one of them was the possibility of both of them addressing that single issue, then you get to a point where sta he comes terribly important. it isn't today but it was at that moment. and you say to yourself, what is the russian position on this? they were ready to buy and we wanted both lap and outside. think about it in terms of proportionality. think about logic, think about the power of history and the lessons of history. i will go back to that moment and i know that you may be unhappy with me saying this but -- had very little to do with the end of the soviet union. the end of the soviet union was created by the system itself. it was dreadful. it died because it deserved to die. it had very little to do -- but if diplomats feel good having participated with him saying we held off a fantastic russian adventure they may have done awful things, they were falling apart. we should have recognized it at that time. but our intelligence was woefully inadequate on the collapse of the soviet union. thank you. >> marvin is going to ask you about the credibility, what is your sense was at the idea of people later but there has been this move to get rid of nuclear weapons and getting back to richards. >> people mentioned that who now believe those who were alive that getting rid of all the nuclear weapons really is a fantastic game and we all are to do that and they have now all pledged to do that. why didn't they do it then? what was it that was so important about that extra moment of sdi that you cannot make that. i still don't understand it. >> okay let me just start with a last point that marvin may come i think it's most important point to tell you the truth and then get back to sdi and the talk of no new. the relationship between rhetoric and the end of the cold war, the end of the soviet union, marvin makes a point that is talked about in the past and i think it's conventional was dumb right now that the soviet union collapsed of its own weight. as marvin said it was a lousy system. they were very poor. it had to collapse. why why did it have to collapse? we've had poor countries for long time, they didn't collapse. go around from country to country, they are not collapsed. north korea. north korea is now -- people are eating grass and bark, there's no revolution there is not collapse. cuba has been under -- since 1959. he gets nine. he gets poor and poor, there's no collapse. they raise the and the rise and fall of the roman empire, this intolerable situation lasted only another 300 years. they were intolerable. it was bankrupt and it lasted 300 years. when you look at the data that what was going on in the soviet union then, now this i will open up a can of worms of controversy but the cia estimates in 1986 at the time was that the soviet economy was growing at two and a half%. now you can say marvin, i know. >> that's my point. >> they could've been wrong, they could've been right, it wasn't a desperately a desperately wrong estimate, people were making fun of it at the time but it was thought to be respectable that they were growing. you can talk about the conversion all you want and that is a very hard thing of knowing how much it would cost to build the military and there's a wilderness of data on that. i think the cia was better to in relative prosperity and relative decline of the soviet union during those years than it was u.s. soviet -- in any way the cia was reporting and 86 and 87 until the reforms really got underway that there is a growth between two and a half and then it jumped to 4% and then it came to two and one percent. this is not precipitous decline. this is not depression, this depression, this is not one third reduction. and at least in terms of again the cia estimate of per capita wealth in the soviet union, soviet citizens, at that time it was higher than where americans go to vacation every year. higher than israel, italy, ireland, it had a it had a per capita income of $8000. so this idea that the soviet union was so poor and so out of it and getting poorer all the time and empires that are real poor have to have a revolution, have to have a total dissolution like the soviet union i don't buy it. i don't think you can see evidence in history. the empire look lost in years and decline. they go on and decline. >> so i didn't break up? >> up? >> because gorbachev wanted to compete with the united states in terms of technology and just what you said, there's no way the high-tech of sdi could be matched by anything in the soviet system. therefore he had to change the incentive and he had to change the way the system operated. and as marvin said, perestroika was a mess because he could not imagine how you reform. i don't blame him. at that time we had about 30 countries who had gone from communism to capitalism. but not one country had gone from capitalism to communism. but not one country had gone from communism to capitalism. there's no roadmap. he wanted communism with a human face just like in 1968 there is no communism. it was a mess that he had no clear idea of his path. and much to his detriment it was a raging success because he opened up in the close pages of our pass. when you open up the close pages of the past you have two big headlights in your face one is called london and one stalin and neither is very pretty at all. >> i hate to interview but i feel like i have to. intervention is one of the reasons the soviet union collapsed. use short on your last picture on the slide that we might be able to put up a reference to yeltsin's. and there was a considerable number of books an article on boris nelson. there are several people in the audience that are scholars of russia and the soviet union who are shaking your heads is your beginning to speak. one of the precipitating events to bring something down was really a decision first of all by a group including -- we mentioned to launch it cool against gorbachev. not because what he did related directly but because he is trying to have a new union treaty which decentralizes soviet union and then a decision by force yeltsin and a number of other republican leaders within the soviet union. mostly boris yeltsin to actually get rid of the soviet union behind the scenes. >> now they made those decisions for different reasons. i like to try to get back. i think it played something of a role because many people in the military and elsewhere were not happy about gorbachev negotiating with united states in such an open way. gorbachev resigned and he signed himself into history. >> thank you for mentioning the coup attempt. >> so very quickly there is a few other important people in the audience so a couple people want to jump in here who i like to bring back and then we can get into the next. >> could you tell us about the reaction of president reagan's principal advisors to what was on the table. richard perle i think alluded or suggested his comments suggested that the delegation tried to come up with variants that probably some strategically minded advisors were less destabilizing. >> a gentleman here so we'll get a microphone back to you. were getting two microphones. >> i was a young italian musk out correspondent. in your discussion you mentioned margaret thatcher, edward -- all the western europeans they are very seriously enemies of any kind of america. maybe they are much more conservative. and i remember they were conservative to any change to the system in europe at the time. i just remember after. so much german that would have two germanys rather than one. so could you talk about the european. >> okay it will come back to that. >> i want to thank you so much for a very stimulating discussion. bob schadler with american foreign policy council. one of the things that came to mind with the discussion was how much people got it wrong throughout and at the time i was at the u.s. information agency and the jab we had was to explain to form publics who reagan was and what he was trying to do and what it was all about. it also has i guess in trying to connect the dots of this year where it seems every intelligent informed person has been wrong about most everything regarding domestic policies. so it should not be surprising that most everybody, including reagan's closest aides and his worst enemies in the press and elsewhere got things pretty much wrong both about what reagan wanted to do and what was going to be the result. just ask for some reflections on how the informed audiences should try to screen out the quick impressions of people who are very close to what is going on and highly intelligent and informed as they try to inform the rest of us in the way that u.s. ai was supposed to do when it existed. how should we screen out what is going to be terribly wrong such as how long the soviet union is going to exist. i have a very fickle volume of testimony in 1989 before congress and all the russian experts, almost nobody saw a glimmer of its demise. >> is a student at that point i decided -- i was very upset in december december 1991 when my newly minted degree disappeared on me. i went back to study history. so on the european front as our colleague who was also there from italy noted there was quite a different view on the part of the europeans. i'm sure there are not very happy about what happened on the saturday morning, a lot of sunday morning proposals on europe. >> you're absolutely right. we all remember and were there and traveling in europe at the time. had the deal gone through, our year. i lies seen basically the nuclear deterrent posed by the united states collapse. it was that simple. as for the speculative question, i occasionally, particularly in preparation for this conversation have gone back to see how close actually it did come on several occasions including i can imagine the soviets actually picking up the last or maybe even the second to last american proposal that might have, if the president had allowed it, if reagan had allowed it to keep the adm treaty in place for another ten years while sdi was developed. imagine what the world would be like now if that had gone through. by the way, there would have been a great deal of angst on the part of our allies and our nuclear priesthood, but the two presidents had the ability to sign a treaty like that. it would've been with the another set of anxiety and controversies different from the ones that we are dealing with here. >> that's a fascinating question. if they had signed it in the french and the british had established they wanted their independent nuclear force, so what would we have done it would been difficult to persuade them but that idea that the two big boys simon and how does the rest of the world adjust to that signature? would they have objected and done horrific things? may be. the likelihood is they would've come on board eventually. these things happened in stages. the man who raised the question about how you get this information out, keep reading history because you're not going to get it up front very often. you get headlines and that's what we journalists do, provide headlines. we. we do it day by day, after a while, actually we do describe what has happened but it is with perspective that you really can pick up things and biographies. for to these these two men really think? the gorbachev story is still one having read his book and books about him i still have a feeling there is a great book to be done. if gorbachev had accepted reagan's proposal -- would've gotten on a separate plane and flown back. >> we are going to talk about think that the nuclear powers in the next panel. they've written an article about -- plane is an issue and now we have the north korea dimension those [inaudible] the agenda. i like to thank our panel is very much for the time, they're giving us the most spirited vivid recollection of the 2i hope you have left plenty of other stories to read in the book luck with your trip i'm sure your colleagues will be putting on a good reception for you there. i going to get a chance to stay another night, come back. and thank you very much for also giving us that real-time recollection i hope people get coffee and come back for the next session. >> i think the house is going to be haunted by gorbachev and reagan. >> thank you everyone. [applause] [inaudible] [inaudible] [inaudible] [inaudible] >> the second panel, we have a very interesting and enlightening first panel. i am angela, the the director of the center for european studies at georgetown university. i'm also a nonresident fellow. i have to say that i am very before we get into the question about what is happened since the collapse of the soviet union to make brief remarks about 1986. one of looking floor, and the question why the soviet union collapsed. when gorbachev came to the united states in the early 1990s after the soviet collapse he gave it talk at the library of congress. and the librarian of congress and said what was your biggest mistake? and he said, i underestimated the nationalities problem. so i problem. so i do want to come back to what he'll set at the end. the collapse was the inability to work out an agreement between the center and the republics of the soviet union. that was related -- but in the end it brought the soviet union down. and the other brief reminiscence about 1986 to show how gorbachev had been through a major transformation before he left