To say the least. We have terrific people here today for all these questions. Alexander klimburg as i mentioned has really written a book on this called the darkening web turkeys a senior fellow with the Council Cyber statecraft initiative. Is a Program Director at the hague center for strategic studies, an associate fellow at the Austrian Institute european policy. The welcome, alex. Delighted to have you. Ceo of north america, former deputy secretary of the department of Homeland Security and one of the most knowledgeable in the whole arena. And was write at the heart of many of the debates use government has. Again, welcome, Jane Holl Lute. Laura galante come most recent addition to the cyber is good initiative. Previously director of Global Intelligence at fire i which is one of the premier cybersecurity firms i would say in the whole world. Welcome very much. And then tal kopan, joining us today. He will do the moderation. Shes a political reporter for cnn focus on cybersecurity as well as other National Security topics. I think with a great group. We have fundamental questions that span a white set of issues. With that let me turn it over to alex. Hes going to give you a summary of some of these issues, some discussion from his book and just lay out some things that men the panel can get into with respective moderation. So alex, i invite you up. Thank you, frank. Its a great pleasure to be here you come very proud of my affiliation with Atlantic Council. My affiliation is hard but i think i spent more time Atlantic Council that i do there. I truly value display centigrade for its commitment to transatlantic values of think its very clear right now those values mean a lot with the military alliances were even governments. They also included very impressive commitment to gender balanced to grab a fantastic panel and to stop it easy to get such impressive assortment of folks in cyber. I think well be talking quite a bit about values and i will have a chance to get into the weeds during our actual discussion later on. I want to give you a rough outline of what i think some of the main and pertinent points in my book apart. Namely, the u. S. In particular but the west in general they often concentrate on seeing cybersecurity as a technical issue and a worse cyber airfare side will for issue like countries like russia and china concentrate on cybersecurity as a psychological issue and a worst Information Warfare problem. The consequence of this is where in the middle, on the journey we might see the global internet, may be one the most transformative inventions since the invention of the wheel from my point of view. What most people would consider to be a universal good advance our personal freedoms that we might see this universal good transform into something quite a lot darker come something that is used to suppress individual freedoms but also potentially to become one of a medium of control. This is a nightmare for some individuals but for others it is a dream. They are pursuing with vigor. The dreams and nightmares are useful analogy for security threats. I once conducted an experiment at harvard with some of our students to try to figure out what is more common, nightmares or common dreams. We came to the conclusion people tend to have different dreams of what something should be but they have, nightmares they are afraid of. This is one of the reasons why strategic arm talks on Nuclear Weapons had a good point of departure. There was one single nightmare we were all afraid of that one Mushroom Cloud that really bounced east and west together and basically make sure we had a proper honest discussion on the existential threats that we wanted to avoid it. We dont have that in cyberspace. We dont have a single nightmare that both sides equally. So the west, the most common fear is cyber war narrative, of effectively cyber warfare occurring due to inadvertent escalation. Thats accidental war or once conflict starts they could spiral out of control due to the unknowns we cant assess. Aside society that as i thrown back to the 1950 the 1950s or tt iron agedependent on a gloomy you actually are. But for others this isnt the worst possible outcome. This isnt what they fear the worst. The most. The most realistic physical threat is that their own existence. They see the internet is primary to being a means to encourage dissent, to undermine the rule, to allow for nations including the u. S. To interfere in domestic affairs. For them the most realistic threat is not cyber get on friday type of connecticut attack but effectively that there will be undermine through some type of uprising plants and connected to the internet and that will quite physically be a threat to them personally. They are much more concerned with matters that relate to governments and Law Enforcement than they are with, for instance, fixing application of International Law, the cyberspace. I call them cybersecurity faction, i have a simple goal. They want to fund and will change the way the internet is currently run which is by loosely linked actors in the Civil Society, the private sector and governments. Thats the order of priority because Civil Society has coded most of the internet. The private sector builds and maintains it and government can blow things up and they can spy on thanks. The groups want to move the control of as it is amongst as many Different Actors towards a model that is dominated by government. They want to move it away from the californian registered nonprofit but is there internationally minded which runs conference its a big part of the Domain Name Service which is something called the telephone book of internet. The reason why they want to do this because only ace information as a weapon. In one of the building through control of different parts of the unit to enact the Law Enforcement regime that would effectively enable think seven such as blocking translated copies of the New York Times or taking down websites or similar things of that nature. They see the internet primarily as a threat and a see the control of the internet as the only way to ensure their own regimes of billy. So the key to accomplish this is to articulate a rethink aware of governments see the role in cybersecurity, particularly in the west. So the russians have been encouraging this type of rethink since the late 1990s. Theyve been introducing a bill on the code of conduct in the u. N. General assembly and many other different ways they are pursuing this. They are hindered in this attempt primarily by the way the internet really works which means it is difficult to simply say we have no form a u. N. Agency the takings over. They are also helped by the fact every single time theres a cyber attack on every single time theres a report of supposed u. S. Malfeasance in cyberspace, the agenda is advanced again. The agenda is advanced in the direction didnt like to have it which is on one of the inner governmental solution and not a multistakeholder solution. Comparing cyber as a strategic disable or to a nuclear time. The state discussions between east and west on this issue roughly around the 1960s. Were still figuring things out but he cautions putting too much stock in the spirit of because the actors involved are just too dissimilar. In the case of Nuclear Weapons it was pretty clear who we need to have in the room. Today while governments in the room but who decides if its facebook, google, who also supposed been the room . Governments dont play that big role in cyberspace. And, therefore, decide you will should be in the room and the intergovernmental discussions part of the problem. The biggest problem is the discussion itself. By having governments as an arbitrator and security concerns, the authoritarian states are furthering the objective effectively pushing governments into controlling rule of the internet. Its a sticky problem. The more i try to push the issue away, the government stands up and says the more we defend the multistakeholder form of running the internet, the more the same time governments are taking up too much of a plate n the space, the more their diminishing the rule of the other actors, the furthering of those agendas want to see cyberspace control the governmental organizations. In fact, getting us to do something was, getting governments to do something in cyberspace is very often quite clear if the objective of many of these Cyber Attacks. Just to give you two examples that are pertinent. In 2015 a French Tv Network went off air catastrophically for two days, and the perpetrators are supposed to be isis who claim we are cyber jihadist and will strike you now everywhere. Two weeks later the french government leaked that they establish it was, in fact, Russian Military intelligence who had been behind the intrusion and destruction of effectively Critical Infrastructure. The question was why would they do such a thing . And from my point of view the question was quite obvious, they wanted to have cyber terrorism as an there to pick cyber terrorism hasnt ever could. We have terrorist use of internet. That is a big issue and its a complete issue but we dont have cyber terrorism yet. This would put cyber terrorism on the agenda and it did. For six months i spent a large portion of my time in europe running after new discussions at the french government had put up regarding cyber terrorism. Until 1. The discussion would away from cyber terrorism because in the west one of our agreements is we dont support the narrative of cyber terrorism because ultimately it means control of content. Thats what it means. Terrorist use of internet mean Something Else. Another example, you dont have to go back to 2015. Look at wannacry. Another example of what might be more interesting to basically blow something up and cause a fuss and a political narrative rather than steal data. This is why i keep coming back to how important it is to understand why a cyber attack might be, they might not be simply interested in trying to steal your data or preposition for war, they might be more interested in pushing a narrative. I narrative, the wannacry successor that we saw in the last couple of weeks has to have include established to be not rancid mcnab no interest in decrypting the system. You can even reach on like the its simply to destroy things. Given the fact their target even though it was ukrainian or not military essential in any way, what was the purpose . Those attacks like other tax i think at the pattern to them. Those patterns are simply pushing governments to do something in cyber by effectively grabbing the narrative of the narrative is also construed very much about security issues. Issue. Just to give another example, theresa may in the uk after the uk terror attacks announced she wants the uk to take the leading role in the regulation of control of data, and even didnt dismiss comparisons to the chinese way of running the internet. We are in a state, a country that formally referred to as mother of democracies was actually considering level of intrusion that previously only the chinese governments would have considered. Luckily, its not been included in the quaint speech maybe it will not be implemented. In any case that was narrative. Our moderator tal kopan wrote some years ago that are many analogies for cyber and those analogies tell a lot about you when you use them. If you talk about cyber war than you think government might be the answer. If you talk about Public Health issues, then you might think that some type of model might be the entity you talk about climate change, maybe you think another option is answered. I think all of these models are useful but i think theres one macro problem we should keep in mind above all else. What is the worst possible outcome were trying to avoid for ourselves when we engage in government regulation of behavior on internet . Anything we do including, and regulation, treaties, developing Cyber Capabilities, what is the worst possible outcome were trying to avoid . And that is something i think we havent talked enough about. For me it is quite simply we need to avoid falling into the trap, explicit trap of Information Warfare. That effectively notes weaponization of information. The weaponization of information means cnn, the washington post, the Atlantic Council all become pawns in a larger game that effectively sanction only by government. This is a very, very scary vision and is not likely to happen in the next five years or seven is, maybe ten years that its a possible nightmare. Its a much more likely nightmare and the nightmare of cyber armageddon that kept us on her toes or 50, 60, 70 years. The only way we can avoid this is really having a full commitment multistate kodama about the internet is run. A proper segmentation of how we discussions on cybersecurity issues which need to be highly siloed and separate so they dont contaminate each other as fundamentally endanger the Free Internet as it is today. Without the Free Internet there theres no free speech and without free speech we dont have any free society. That id like to move to our panel. Thank you. [applause] so thank you, alex, who now youre all familiar with. My name is tal kopan as introduced, im a reporter over at cnn. Our other panelists who didnt get a chance but a faced with the name but we have Laura Galante and then Jane Holl Lute who you heard about earlier. We will just dive right in. Fascinating stuff, lots to cover. I think what might be most useful to start with a particular case that perhaps were all to play with at this point, but the russian meddling in the 2016 election. Its interesting because its become discussed as some sort of cyber event partially because it involved hacking a personal emails with a sophisticated spear phishing cammy and then dumping those on internet, at a construction of a hacker figure that was used to disseminate these, and then there were separate scanning evidence of voter rolls, one actual breach that has been confirmed and possibly one other, although there were no Data Exfiltration or changing perhaps. So my question for the panel to get us started is, is it actually useful to think about what happened with the 2016 election as some sort of cyber event . Or do we risk limiting public understanding, conversation of what to do about it by viewing it only through that lens . Maybe ill jump right in. I dont think anyone use it only as a cyber event. I think people view it and i think there is a broad sense that yes in fact, this did happen and there is broad outrage but whether or not your outrage miss you to action is a completely separate story. What do you do about what you know . What do we do as a country with what we know . This brings us to the heart of alex is book and i think frank also framed the question really very well. The internet was envisioned by its founders and we all know them. They never imagined the evil to which the instrument might be put. But it has been put. The internet represents such a universal good for so many pickets empowering, uplifting, informing, connecting, the miniaturizing. Its really a universal good. The next question, who will keep it good . So maybe the russian hacking of the u. S. Electoral system and the intrusions into our electoral system, none of us thought it would happen. I think we all, it was in the realm of the unimaginable but i think it does for many focus the mind now who will keep the internet good. Laura, thoughts . I would add a bit to her points. I think the 2016 example and the russian interference and the 2016 election shows us is the clash that alex details so well and artful in your book, which is we had this Information Security layout of our countrys will use russia and china but particularly russia sort of the thought leader in this sea information as the main currency of what cyberspace is about. We had this other side, the Free Internet faction here to lead by the u. S. Where were thinking about cyber and more of a technical realm. What 2016 signified in a huge way is two ships passing in the night on how to think about the problem. So russian spent a good 16 years at the point is that more articulating how Information Security works in the russian mindset come protecting this information here, think about information as a weapon and also something that needs be used to protect people domestically. They have been advocating the sovereignty approach saying cyberspace as a place that can be sovereign. When youre willing to say that and youre putting that out in the u. N. Year after year and the u. S. Is doing its best to ignore that or at least disagree with sovereignty as a principal in cyberspace because it goes against so much of the principles that jane was her particularly on how the use cc internet. When you have is to give abuse of sovereignty and then the dnc is network gets hacked by the russians and a move that would bridge the sovereignty of euros in a way that russia sees sovereignty in cyberspace then you really upping the challenge for how the u. S. Government can start to address this. Its putting us by that the center of this debate of what we want our National Cyberspace policies to look like but more largely how should states exhibit power in this debate and how do you find the domain . Another much a book and started to unpack some of those questions and to think were finally, starting to do with us to get a mindset since you a real example over the last year. Alex, i thought it was very apropos your book starts with term, terminology become such an essential component of this. And to