All of these issues are a concatenation to say the least. We have terrific people here and we have terrific people for all these questions. He is a senior fellow at the cyber statecraft initiative. Hes Program Director for strategic centers. We welcome alex. Were glad to have you here. She is a former deputy secretary of the department of Homeland Security and one of the most knowledgeable who was right at the heart of many the debates that the u. S. Government had. Welcome. Most recent addition to the cyber initiative, previously director of glover intelligence which is one of the premier Cyber Security firms in the whole world, welcome very much. And he will join us into the moderation. Shes a political reporter for cnn focused on Cyber Security and other National Security topics. We have a great group and some fundamental questions. They span a wide set of issues. Me turn it over to alex. He will give you a summary of the discussion and lay out some things that the panel can get into. Thank you. Its a great pleasure to be here. Im very proud of my affiliation with Atlantic Council. My other affiliation is harvard but i seem to spend more time here than i do there. I truly value this place for its commitment. I think its clear those values mean a lot more than military alliances or governments. They also include an important gender balance. We have a fantastic panel. Its not easy to get such an impressive assortment of ladies in cyber. I think well talk quite a bit about values and will have a chance to get into our actual discussion later on. I want to you a rough outline of what i think some of the main impertinent points in my book are, namely the u. S. In particular but the west in general, fairly often concentrates on seeing Cyber Security is a technical issue while countries like russia and china focus on Cyber Security as a psychological issue and Information Warfare problem. The consequence of this is that we are in the middle of a Global Internet since the invention of the wheel, and my point of view, and most people consider it to be a universal good that we might see this universal good transformed to something quite darker. It could be used to become a medium of control. This is a nightmare for some but a dream for others. Some are pursuing with vigor. The dreams and nightmare are no useful analogies for security threats. I once conducted an experienc experiment at harvard to try to figure out what is more common. Common nightmares or common dreams. We came to the conclusion that people tend to have different dreams of what something should be, but they have common nightmares that they are afraid of. This is actually one of the reasons why strategic arm talks had a good point of departure. There was one single nightmare that we were all afraid of, that one Mushroom Cloud that really bound to the east and west together and basically made sure we had a proper honest discussion on the threats that we wanted to avoid. We dont have that in cyberspace. We dont have a single nightmare that both sides equally fear. For the west, the most common fear is cyber war occurring due to inadvertent exploration. It all goes catastrophically wrong and what were looking at is infrastructure that can be restored and a society thats either thrown back to the 1950s or to the iron age depending on how gloomy you actually are. For authoritarian states, this is the worst pop possible outcome. This isnt what they fear the most. They see the internet as primarily being a means to them courage to send to undermine the rule and allow for nations including the u. S. To interfere in domestic affairs. For them, the most realistic threat is not any type of kinetic attack but effectively their rule would be undermined through some sort of uprising through the internet and that will quite physically a threat to them personally. Theyre much more concerned with matters related to governance and Law Enforcement and they are with fixing the application of the International Law and cyberspace. I call these states that have a simple goal. They want to fundamentally change the way its currently run which is by a loosely linke linked. [inaudible] by the way, that is the order of priority because Civil Society has coded most the private sector and maintains it in government can blow things up and spy on things. Other groups want to move to control the internet as many actors toward a model that is dominated by governments. They want to move away from the californian registered nonprofit that internationally minded which runs big parts of the telephone book of internet. The reason they want to do that is because ultimately see information as a weapon and they want the ability through control of different parts of the internet to enact the Law Enforcement regime that would allow things to happen like walking translated copies of the New York Times are taking down websites or things like that. They see the internet as a threat to make you the control as the only way to ensure their stability. The key to accomplish this is to articulate a rethinking way of governance, particularly in the west. The russians have been encouraging this type of rethink since the late 1990s. They have been introducing a bill on the code of conduct in many different ways they have been pursuing this. They are hindered in this attempt primarily by the way the internet really works which means its quite difficult to say weve now found the un agency will that will take things over but there also helped by the fact that everything time there is a cyber attack or every time is a report of a supposed attack in cyberspace, the agenda is advanced again in the direction they would like it to have which is one that is based on intergovernmental solutions and not a stakeholder solution. Joseph nye has talked at length about comparing cyber as a disable or to the nuclear period. He has roughly put there are discussions between east and west around the 1960s so we are still figuring things out, but he also cautions that putting too much stock in this because the actors are too dissimilar. In the case of Nuclear Weapons it was pretty clear who you needed to have in the room. Today, governments in the room but who decides if its facebook or google, who else is supposed to be in the room. Governments dont play that big of a role in cyberspace and therefore, deciding who else should be in the room is part of the problem. The biggest problem is the discussion itself. By having governments as the sole arbitrator of security can concerns, they are furthering the objective of pushing governments into the controlling role. Its a sticky problem. The more i try to push the issue away, lets say the government stands up, the more the government is taking up too much of a plague in the space and their diminishing the role of other actors and their furthering the agenda of those who want to see cyberspace controlled by governmental organizations. Getting us to do something, it was very often the objective of many of these Cyber Attacks. To give you two examples that are quite pertinent, a French Tv Network went off air catastrophically for two days and the perpetrators are supposed to be isis claiming we are cyber jihadists and we will strike you everywhere. Two weeks later they leak that they established it was Russian Military that was behind the intrusion of the Critical Infrastructure. Now the question was, why would they do such a thing. From my point of view, the question was that they wanted to have cyber terrorism. We have terrace use of internet, that is a big complicated issue but we dont have cyber terrorism yet. This would put cyber terrorism on the agenda and it did. Her six months and spent a lot of time in europe running after new discussions that the government had put out until it one point the discussion moved away from cyber terrorism because fundamentally in the west one of our agreements is that we dont support it because ultimately it means control of content that terrace use of internet means something else. Cyber terrorism, is another example. We just look at want to cry and other attacks and you have another example of where it might be more interesting to blow something up and call it a fuss rather than steel data. This is why keep coming back to how important it is to understand why a cyber attack might not be Information Warfare attack. They may not be interested in simply trying to steal your data, they might just be more interested in pushing in a narrative that we saw the past couple weeks which has been clearly established to be not ransom, they have no interest in decrypting your system. Its quite simply to destroy things. Given the fact that their target was not military essential, what was the purpose . Those attacks like other attacks have a pattern. Those patterns are simply pushing governments to do something in cyber by effectively grabbing the narrative, and the narrative is also construed around Security Issues. Just give you another example, in the uk after the terror attacks they announced they want her to take the leading role in the regulation of data and didnt dismiss comparisons in the chinese way of running the internet. Were already in the state where even a country that was formally referred to as the mother of democracy is actually considering a level of intrusion that only the Chinese Government wouldve considered. Buckley its not been included in the queen speech so maybe it wont be implemented. In any case, that was the narrative. Our moderator said there are many analogies for cyber and those tell a lot about you. If you talk about cyber war then you might think governments the answer, if you talk about Public Health issues then you might think some type of technological model might be the answer. If you talk about climate chang change. I think all these models are useful to think there is one macro problem we should keep in mind above all else. What is the worst pop possible outcome we are trying to avoid when we engage in regulation and activity on the internet. Anything we do. Including regulation treaties, developing cyber capabilities, what is the worst pop possible outcome . That is something we havent talked enough about. For me its quite simply that we need to avoid falling into the trap of Information Warfare. The weaponization of information means that cnn, the washington post, the Atlantic Council all become pawns in a larger game that are sanctioned only by government. This is a very scary vision and its not likely to happen in the next five or ten years. At the possible nightmare and i think its much more likely than the armageddon that kept us on our toes for 50 or 60 years. I think the only way we can avoid this is by having a full commitment and a proper segmentation of Security Issues that need to be highly separate so they dont contaminate each other. Without free speech we dont have any free society. Thank you. Thank you alex who now you are all familiar with. I am a reporter that cnn. Our other panelists feeding get a chance to put a face with the name is laura and then we have jay we heard about earlier. We will just i write in, fascinating stuff and a lot to cover. I think it might be appropriate to start with the particular case that were perhaps all too familiar with but the russian meddling in the 2016 election. Its interesting because it has become discussed as some sort of cyber event, partially because it involves the hacking of personal emails with a sophisticated spearfishing campaign and dumping those on the internet and the destruction of a hacker figure that was used to disseminate these and then there was sort of separate scanning incidents of voter role, one that has been confirmed and possibly one other, although there was no data filtration or changing. My question for the panel, to get us started, is it actually useful to think about what happened as some sort of cyber event, or do we risk limiting public understanding, a conversation of what to do about it by viewing it only through that lens . Do we want to hear from someone else. So ill jump right in. And think anyone views it totally as a cyber event. I think there is a broad sense that yes this did happen and theres broad outrage. Whether or not your outrage moves you to action is a completely separate story. What do you do about what you know. What do we do with what we know . And that brings us to the heart of alexs book and i think frank also framed the question very well. The internet and their founders, they never imagined the evil to which this instrument might be put, but it has been put. Its also universal good for so many. Its really a universal good. The next question, who will keep the good. Maybe the russians hacking of the electoral system and the intrusion, none of us really thought it would happen. It was in the realm of the unimaginable, but i think it does allow us to focus on who will keep the internet good. Out of this point, i think the 2016 example and the russian interference shows us the clash that alex detailed so wellin her book which is we have this Information Security layout of how countries will use russia and china, see information as the main currency of what cyberspace is about, and then we have this other side, led by the u. S. Were rethinking about fiber and more of a technical round, and what 2016 signified in a huge way is two ships passing on the night on how to think about the problem. Russia spent a good 16 years at that point particular rating how Information Security works in the russian mindset, protecting this information, thinking about information as a weapon, and also something that needs to be used to protect people. They been advocating the sovereignty approach saying cyberspace is a place that can be sovereign. Well, when youre willing to say that youre putting that out in the u. S. Is doing its best to ignore that or disagree with sovereignty as a principal in cyberspace because it goes again so much of the principles that jane was articulating, when you have those two different views of sovereignty, and then the dncs network gets hacked by the russians in a move that would breach the 7d of the u. S. In the way that russia sees it then you are really at a challenge for how do you ask government to start to address that, and its putting us at the center of this debate what we want our National Cyber state base policy to look like and how should state exhibit power in this domain and how do you define the domain. I love how much your book has started to unpack some of those questions and i think we will finally start to deal with those two different mindsets and see a real different example. I thought it was very appropriate that your book actually starts with terminology that becomes such an essential component of this, and to give you a chance to respond in framing a little bit, laura brought up, how do you respond. You talk about Information Warfare and how sometimes the response can play directly into the hands of the person orchestrating the event. How do you start think about, if youre on the receiving end of one of these campaigns. I think theres the general concept that we need to come back to that operations are not only significant in achieving the system or stealing data or prepositioning for war, but it might also have a clear political objective and this is something that is more aligned with the kgb and soviet union have conducted its experiment rather than how the west will construct their thoughts. Its always been a constrained issue on the military level fairly low down. Russia and china has always seen us as being the most important paradigm. Its just how a lot of these have been raised and they come to see it naturally. I think its quite important that we also just come back to what can be done about it and how should we view it. The european view is interesting. They will say to the americans, look, weve been putting up with this for four or five years. Its nothing new for us. The level is ramped up massively but if you look at sweden, sweden has been undergoing Information Warfare that puts the u. S. To shame. It has everything in it. Has blackmail and smearing people, it had over it over military threats, everything was there. What happened, effectively, if i get the numbers right, the Approval Rating for joining nato went from Something Like 16 49 another reintroducing the draft. If failed. One of the objective was itself. Why was it so successful in the u. S. . If failed in france and germany and estonia in denmark and sweden, a lot of other countries. I think this is one thing i only addressed the tail end of my book because it happened after i finished writing it, but its quite easily summarize about. If you look at numbers that i put in the back to me can see with the level of trust work. With only 20 of the u. S. Public thought that the Mainstream Media was doing a good job and only 6 that congress is doing a good job it can be a real surprise that the u. S. Was such a target. Why was there such a low level of trust . You cant find anything like that in the western european nations. This was for me, the point that we havent sufficiently addressed, how can you even have an Approval Rating of six or 7 . Chinese to say if Economic Growth drops there would be mass unrest. It used to be an official position of the Chinese Government. Now theyve lowered it because the world has amended for them, but fundamentally they dont think they could get by with 20 or 30 or 40 Approval Rating. No democracy can surv