Are giving him a name tag. Welcome, michael and everyone else. I am jane harman, president and ceo of the Wilson Center. It is the best job on the planet because i get to talk to geniuses every single day. One of them who is not in my script but i will call around is meg king, she runs our science, technology and Innovation Program and is responsible for the schools we have on fridays to teach capitol hill staff about cyber and Artificial Intelligence and todays genius, that would be ben buchanan, our go to guy when we teach those schools and he has been trying to teach me for a while. I have been the repeater of all time at some of those schools. Im getting it but i have an analog brain and i thank ben for his patients. Been is a global fellow and he will discuss his latest book right now called Meghan Bedsted to Meghan Bedsted to hackers have changed the world. Cyberoperations are intelligibly part of International Relations and the gap between the United States and other countries has narrowed considerably. Got that . Narrowed considerably. From north koreas efforts to hack for cash 1 million worth against the bank of bangladesh to russias malign activity, from disinformation to electric blackouts in ukraine there is plenty to talk about. Understanding how cyber tools are used is beens specialty. Also taking care of analog brains, i give them credit for that. He was a marshall scholar and received a phd from Kings College in london and he knows everything. Even more important, i already said this. As a former member of congress, that would be me, who tried to ensure our Technical Intelligence collection tools werent cumbersome, were legal and were regularly reviewed by experts to prevent abuses i really salute ben buchanan for the kind of teaching hes doing to help staffers who come here not knowing enough about the subject and not knowing each other and the contribution he has made is just colossal. My theory as i just hinted his politicians are analog but our problems are digital in the Wilson Center is trying to change that. Here to moderate, a conversation with ben buchanan the genius is courtney kube, a correspondent covering National Security and the military and has spent a lot of time reporting on the intelligence and digital issues we are discussing today, especially election interference. There is election interference and it means a lot to us that courtney we come here and take time from the endless conversation about our ongoing primary election. Thank you so much and over to you, enjoy, everybody. Thank you. Hopefully we will all learn a bit, but one thing, i got an early copy of this, one of the few people who have the luxury of being able to read the hacker and the state Cyber Attacks and the new normal of geopolitics the hacker and the state Cyber Attacks and the new normal of geopolitics. Since most people havent had a chance to read it. Can you give an overview . What is the thesis of the book . Guest too often we talk about hacking between nations as if it was hypothetical like nuclear war, something off in the distance. Cyber pearl harbor or cyber 9 11 and the thesis of this book is it is the wrong way to look at it. In fact hacking between nations happens every single day. It is not an extraordinary activity but a daily one, part of the way nations compete in the modern era of statecraft and project power. What i wanted to do was take the discussion that is often very academic, very hypothetical, very theoretical and make it very real and say these are the stories of how nations hack one another and this is what it means for the international system. Every chapter is a different way nations project power in cyberspace from tapping fiberoptic cables to hacking banks, to blackouts and beyond. I want to tell the stories of what actually happens every day. Guest many people, americans around the world see Cyber Attacks and even Cyber Espionage as potential for casualties, mass casualties, chaos but you are looking at the space in between, the gray matter of what happens in hacking every single day. Get into the specific and fascinating cases, how would you characterize a cyberattack on a nation. How does that generally look today . Waiting for a cyber attack with planes crashing in cities burning you miss the activities that matter most, that actually happen. We see persistent, pervasive espionage, United States, china, russia, all these nations used Cyber Capabilities as tools of espionage. In some circumstances we see attacks, we have seen two blackouts caused by Russian Hackers in ukraine and destabilization operations, election interference being the primary example of a nation saying we will use hacking tools to interfere in an adversarys election. The categories are espionage and stabilization. Almost everything fits into one of those buckets, very little involves casualties that almost all is supported. Host you would say the Cyber Attacks are more pervasive but less destructive than in the past . Guest yes, insidious harm that happens, it is closer to Climate Change than a forest fire. Host one of the major reasons nations hack one another is this endless struggle to dominate for domination over many, even domination over the world. Do you still believe that is true . And has hacking become harder to prevent than it was in the past . Guest not only it is it harder to prevent but nations are getting more aggressive. This is a study of what happened in the last 20 or so years in this hacking business between nations and we see nations Getting Better and being less if you look at russia, if you go back to the 15 years russia was known as a still the actor in cyberspace. In contrast to the chinese smash and grab burglars russia was going to be methodical, slow, would hide below the radar and what we have seen since then, they have gotten much more aggressive and capable. I mentioned the two blackouts in ukraine. Everyone knows about the election interference in 2016 but there are other cases too. Probably the most distractive cyber attack in history did Something Like 10 billion in damage around the world and that is the low end estimate perpetrated by russia. Not only are hackers Getting Better but also more aggressive. Host you mention ukraine, russia attacked the power grid in ukraine 201516. What do you believe russias goal was . Was it messaging . Was it messaging the rest of the world they had the capability . If it was for distractive measures they fell short of their goal. What is a markable about 201516 blackouts, the firstever publicly known blackouts caused by cyber attack is it appears the attackers did less damage, they held something back. It leaves the question what were they trying to do . If it wasnt an allout attack what were they trying to do . There are two possibilities, the first is this was some kind of test refining the capabilities for use down the line or it sends a signal that this is russia saying to ukraine or to the world we have this capability, this thing you all have long feared, causing a blackout with a cyber attack, we can do that and what is particularly remarkable about the 2016 blackout is the tool the russians deployed to carry out the attack was automated and more scalable and it seems could work against American Power systems with some modification and that may be a suggestion not just to the ukrainians but the americans, this is capability in our arsenal we are not afraid to use. Host did that allow the United States or other western nations the ability to put in some sort of preventative measure so it couldnt happen in the us . It up to some of the russians hand, showed how the russians would carry this out. Could they develop a different capability . Strongly possible. Can the United States learn from it . Certainly possible. One hopes when you see a hypothetical fear blackout becomes real, certainly election Grid Security gets a lot of attention in the United States. It isnt perfect but not all doom and gloom. Where making progress on the electric security front. Host something that gets a lot of attention is massive bank tax or anything that involves large financial implications. Congressman harmon mentioned bank hacking. Mentioned that case, there are details in the book i have never heard about. Guest it is a remarkable ambition the North Koreans have that this is a country that probably is the most isolated country on earth and one of the ways they aim to fix the problem, to get hard currency for the regime is to have other banks and their most famous hack is a hack against bangladesh, the central bank for the country where they aspire to steal upwards of 1 billion, they get access to the bank account to interact with the International Banking system and they initiate transfers from the new york fed where the bank had its money to accounts the North Koreans control. They made up 5 of transfers so the transfers were blocked and only got 81 million instead of 1 billion. I posit these might be the most expensive in history the North Koreans made. What is significant about that case is it show the ambition of north korea in the discussion of bank hacking stops right there. This is much Broader Campaign that north korea hacked other banks, less success, had crypto currency exchanges, with valuable crypto currencies. He hacked atms and withdrew the money in a decentralized way. Nowhere is it more truth than banking operations. Host it was statement sanctions. Guest this is a priority for the regime to raise currency and this is one way to do it. Host i was surprised he wrote, north korea operators, that opens up the question, if they are risk tolerant and do they have regime that doesnt care about International Norms and laws what do you think they could do next in the hacking world . Guest this is only a question. I dont want to say this is real but a hypothetical thing that has been raised is if north korea is comfortable deleting transaction laws and interfering with integrity of the Financial System, and interfering with the integrity of the Financial System to do damage and any banker will tell you these transaction records are at the core of modern Financial System and one worry, that north korea might come back not for the purposes of funding the regime but for the purposes of trying to punch back against the west in a crisis. Host you talk about cyberespionage. It is so illustrative of the cat and mouse game that exists in Cyber Espionage and he was called the byzantine candor. Guest it is an nsa could ever chinese hacking grew. Host essentially a spearfishing campaign in the early 2000s. Tell us how it started and how it evolved over time. Guest byzantine candor was part of a broader set of chinese operations, the nsa codename for this. And they were striking many targets across the United States defense establishment, to get access to american officials and pulling information back and what was striking was what the nsa did. The Intelligence Agency said we have to stop this. The nsa hacked the hackers, figured out the computers from which the chinese operatives, they hacked those computers, had the home network of chinese hackers, the broader pla network trying out these operations, hacked the Internet Company that was selling to the chinese their internet service, to confirm who was behind these activities and they got advanced information on the chinese operations to come and they use that information to go and be ready to defend against the attacks when the chinese show up. It shows as you said the cat and mouse game that happened in cyberspace, this is a daily competition. All of this was out of public view. On a secret, this is the daily competition between the United States and china that is endemic to how nations operate in cyberspace. Host there was a stretch how many years between the us was able to counterspy on china . Guest it unfolded for a year and this was one battle in a broader war, when espionage case in a Broader Campaign. And they did very good. And stop the chinese activity. There are many in which the chinese activity went uninhibited. I tell the story of a Chinese Campaign against military aviation, gaining plans for the c17 warplane which is a cuttingedge plane being built in the us, chinese pull out reams of information about this plane. The information is so extensive they cant transport it all even digitally back to china so they make lists of the filenames in the list go to thousands of pages and they took the names of the files and set of all the files we couldnt pull back or read, which ones are important and it gives a sense of the extensive reach of the espionage efforts. Host something i found interesting in the chinese example is these hot points the chinese use. Can you explain how that works and how the nsa was able to intercede or intervene . Guest what is fascinating it is all cat and mouse, spy versus spy and deception and one way the chinese were carrying out the deception is they would Hack Computers in thirdparty countries and they would hack the United States from those computers. With the nsa had to do where they hacked back, they had to hack thirdparty Computers First which had no idea things were happening on their systems and they went up stream and made their way to the Chinese Networks and it is not just the chinese the do this, every nation takes precautions to disguise its hand when carrying out Cyber Espionage, the United States and its allies have hot points as well, the russians have an extensive thing they were doing for a time where they would hack Satellite Phone communications and beam it down to africa because they thought russian intelligence agencies might not be looking for western intelligence agencies were looking. It is constant game of trying to hide your hand to get more freedom of operation. Host Something Else that was fascinating, not only was it an example of the nsa taking a very offensive role in this and it paid off in the end, it was successful for them but i was surprised by the characterization of the pla. It is a sort section. When ben buchanan describes the plas actions, the chinese hackers were sloppy at times, demonstrating lack of discipline and Operational Security and even logged in on personal email accounts to check the stock portfolios and watched pornography. Guest all true. There are two reason someone could be sloppy in this business, the first is everyone has a boss, everyone has a budget, you can imagine the chinese hackers have a boss who want them to hit more targets faster so they will be sloppy and take shortcuts. The second is they get bored, they get lazy and they decide the odds of us getting hot caught are exceptionally a, why not see how the market is doing or other activities. That is shows the human side of this business. We think of hackers as the canonical stock art with the person in the hoodie behind the keyboard but in this case the chinese were also checking their facebook profile. Host you focus on shadow brokers. Tell us about them and what you learned about shadow brokers. Guest they are the single biggest mystery in the world of Cyber Operations. Every author has the one story, every journalist has it as well and the shadow brokers are mine and i got pieces of the story, a fascinating story but we dont know all the details. We do now at some point in 2016 nsa tools, in credibly powerful hacking tools started appearing online. One of these tools was so powerful nsa operator told the Washington Post it looks like fishing with dynamite. We dont know where it came from. Just came from a Mysterious Group on twitter and other platforms, shadow brokers and it proceeded for about 11 months or so, continually posting and burning these nsa tools and then stopped. There are theories about who did it, why they did it. Many people guessed that it was russian intelligence, this was a way of taking arrows out of the nsa quiver and handing it to others but what is remarkable about this case is it led to devastating cyberattacks. And with other capabilities, the leaked nsa tools. One was the most restrictive cyber attack in history, 10 billion of damage. Through four years later we cant pin it down we dont know who did it and thats why its one of the most significant leaks of classified information ever. I think they made it clear that they wanted money. Was this just nothing more than a criminal enterprise . Thats certainly a that certainly is the degree. Shout a brokers talk about how the get paid enough money they would stop. 13 of the case that a former insider or former contractor who decided that this was something to do to try to get money and then disappear. Again, another theory is we see many times, the masquerading as a criminal element is a mess great and its an intelligence operation. Its remarkable we still dont know. It opens up another interesting idea when it comes tracking and Cyber Espionage and theres a story in the New York Times this morning about it nsa phone program the cost 100 100 billion from 20152019 but produce only two unique leads. This is based off an ig report that questioned whether, in fact, this was an efficient use of money, significant amount of taxpayer dollars. We have quite a few congressional staffers here so gets to a larger issue of the policy and oversight of this. Is there enough oversight of u. S. Government Cyber Espionage and hacking . Its hard. This is an activity that is incredibly complex. The program you describe is one of the simpler nsa collection programs and even that was hard to oversee, even that was entirely in secret for long time. The biggest challenge in overseeing this program is often just understand them. The world of Cyber Operations of the particularly tricky business. What significant and will b plae where we should be asking more questions and congress should be asking more questions is what happens with the change in strategy we seem to last couple of years . United states cyber command, but a military on the carries out american hockey operations for military purposes has been clear that it wants to be more aggressive and they called the strategy persistent engagement. They want to take the fight to the adversary and adversary networks and be less shy about pushing back not just from deterrence but also from a degrading and denying perspective. Keeping the adversary from doing what they want to do. These are questions that congress should be asking in classified sessions words were appropriate to ask and answer them. You are someone who provides a lot of guidance. Do you think that oversight at this point is adequate . Do think theres enough attention to it . There so much going on all the time. Its a question of not just the oversight of how adept it is given how complex some of these programs are and how complex some of the jurisdictions are. Versus an Armed Services the city overseen by the officers in the bank. Do you think there needs to be a standard rule of ethical practice that exists that specifically with hacking and the u. S. Government did you have to tier two . Yes governments policies on that they govern activity. The broader question that is more pessimistic is can we get other nations to agree to a standard and can we have norms the way we have had norms and other categories of warfare and the way we seen technologies emerge in the past and then we build mars to try to counteract them. This is an opportunity for serves the interest of all all nations or at least the procedures of all nations to compete in cyber space in the norms that have been outlined with the u. N. Have been very highlevel and general. Some of the nations that conduct the most if im the west lawson west iran or korea china russia who dont seem to adhere to any practices or norms. Have they because of that or they Getting Better and have they surpassed the united United States in a capabilities . Away like to phrase it is the United States has the nicest rocks that we still live in a very glasshouse so when it comes intricate and dont use this word lightly dutiful cyber offense american capabilities are truly extraordinary. Talking about stuxnet an extraordinary operation against the Nuclear Program but just because we can do that doesnt mean we can defend very well and get this long vulnerability better adversaries have not been shy about exploiting to their recent equifax indictment where the chinese basically because they could hack the personal information of 140 million americans probably almost everyone here who has a credit card is likely in this file by equifax. This is a case in which most americans dont know these companies exist. The companies are clearly not defending it adequately but its reams of information about american adults. Thats the glasshouse part of it. At what point and this is more the military side but at what point do these attacks if we are talking about something in a gray area but not destructive loss of life or chaos in the street at what point do you want are these attacks the beginning of a cyberwar that could lead to a kinetic war . That point we have not yet found a whats remarkable is was we kept pushing back so in 1999 the russians carried out in Espionage Campaign called moonlight maze against Unclassified Networks in the United States in the deputy secretary of fred defense john hamrick came to the classified briefings where in the middle of the cyber war. This is what cyber war was at the time and they spun up the apparatus to find out how we would respond. They didnt go war but they get ready to push back. Now that seems almost passe. Along the way we said there must be some red lights or whether its doing a billion damage of damage were killing someone or turning up the lights or whether selection of interference in time and time again we kept it redefining this gray zone to allow more things to fit closer. When the biggest policy questions for any administration is to say wheres the lion and what the activity we are going to punish and what causes it to enact that punishment in bus far both parties have been willing to say well let the combination play out. Did the saudis not sure i know what the answer is. Is want to make sure theres a strategy and the hill can say what is the strategy here and what is the plan for reducing or mitigating the threat on the various factors like china and russia here. I think there is some overhang of deterrence where no one is going to kill in a cyber attack. What about attributions . Has the u. S. Gotten better at attributions and at what point without some sort of smoking gun without some sort of smoking gun how can there be a kinetic response and then potentially shows sources and methods of how they were voltage terminate . It this is one of the big questions, can we figure out who it is and the conventional wisdom for a long time was unlike the cold war is virtually impossible. If the United States saw it newer was coming from the thinking here is we wont know where a cyber attack is coming from. Anyone could do this. Whats striking this complexity and attribution we make it seem harder than it actually is. Take the saudi hack. North koreas hack sony in 2014 destroyed 70 of saudis Creative Infrastructure according to one estimate and got these juice emails about Angelina Jolie in the question emerges who did this . Some folks in the industry say we dont know what it was in north korea. It emerges that time the way the United States knew with certainty that it was korea was the United States was in the north korean networks. I think its emblematic of how a nation does attribution many cases. Its not just forensic evidence, its also hacking adversaries and hacking them for so much what they are doing but that is the cat and mouse game that happens every single day. This is what they uncovered afterthefact. Like so much else in cyber space he gets into the messy thank you of competition one more time. And thats obviously not something which is why some folks it is not credible. Snooki said say the u. S. Is Getting Better at determining attribution in a more concrete way . For sure. And other nations as well . United states is but it certainly is the case that other nations appear to have Counter Intelligence against the u. S. Go to back to the shadow brokers predict that was a russian adversary that was an extraordinary counterintelligence attack and never felt tremendous access to some known mechanism to an essay files and presuming great insight into how the an essay one about its business. I want to talk a little bit about Election Security because you have a fascinating story in the book of june of 1940 and the audience was surprised to us interfering in the elections in 1940. I do know the story until i wrote the book. Its striking. Go back to 1940 the tenth. Making history world war ii had begun the United States is not yet in it written as fighting a tough battle with germany and britain had the party which was to get Franklin Roosevelt reelected. Hes running for his third term hes a pro war democrat and they worry he wont win reelection so they tried to influence who the republicans put up as the nominee against him. Republican conventions and chaos trying to determine who the nominee will be another live comes the poll saying a man named wendell the former democrat was leading it would be the favorite choice. This poll was fabricated by British Intelligence and i was one part of the campaign to make wendell who was a pro war former democrat republican at the time the republican nominee make roosevelt defeat him in the fall and get republicans voted out of congress. Election interference is not new. The United States has done it. What is new in what is striking is how hacking operations can supercharge this old coolest tool of statecraft in the hacking operations like we saw in 2016 supercharge effectiveness and thats whats striking and thats what i like about studying this stuff the complacent and Historical Context and get much more appreciation for its death. In the 2014 to 2016 election we see as being the biggest threat for 2020 and is there anyway the u. S. Can do anything about disinformation . What worries me is the same election businesses elections have two purposes. The first is to pick a one and the second is to pick the loser. Election interference operations can interfere. It can try to change voters minds with an imposed campaign a contrite he change votes of the Hacking Campaign nor can cause chaos and try to get the winner to think they have won and the loser to think they won and you can imagine that was a larger complexity in 2020 and i worry about operations that might happen that could threaten to perceive the vote even if the vote is legitimate but if its perceived as legitimate that interferes with the peaceful transfer of power is so essential democracy. What about some of their potentials like china. What would you see as the biggest threat for how they threaten the election and. Chinas tricky and we dont have the track record than we have with russia. This is with russia but history tells us election interference with the caught active influence campaign to something they have done for decades going back to the early days of the keychain kgb and the russian secret intelligence service. They may have the motivation and the capability but its hard to know what if anything youll do in 2020. It causes policymakers to take a step back and as will begin find out for threats notches from russia but around the world. In the u. S. Do anything that will absolutely stop foreign interference . That theres no perfect security system. There are things we can do to improve election integrity. Everyone should vote on a voter verified paper ballot and you can use the paper trail to track the voters intent. Most states have this but not all. Afterthefact we should do is call the risk limiting audit which is a method to ensure the votes were counted properly that goes beyond the account. Theres tremendous variety in the audit procedures day by day. And this is where the can help to come out and say we treat elections as critical infrastructure. We treat this as a core function of democracy and if you interfere in our election thats crossing the line they whats striking about what the russians did in 2016 and how few consequences they suffered for it. We have a couple minutes before you guys a chance to ask questions and i think theres some great questions. Before we do i have to ask you who do you think nation wise is the best i will use the word vast are most effective or the most dangerous hacker . Spent the most dangerous hacker are Russian Hackers. Its not only their hacking capability its the aggression and the risk tolerance turning out the power of massively unguarded Cyber Attacks interfering elections in largely suffering few consequences. I think thats a recipe for a nation thats going to continue to use this impressive capability in an emboldened and empowered wait way for someone in the United States thats worrisome. What is the one case in the book that you found the most fascinating and the most surprising and i want to say your favorite story of hacking but whats your favorite story of hacking . I think the shadow brokers team is remarkable not just because we have things we dont know in the ministry but because it shows how the tradecraft evolves and it evolves from espionage to be able to attack to those new terrain of hacking and not for publicity or Information Purposes but to actually have a tangible sector on the other side and whats striking about the shadow brokers we have seen other groups pop up like them but as a group on twitter called intrusion truth. No ones really heard of them and no one is aware of where they are coming from but they are posting in chinese capabilities doing attribution on chinese capabilities. We have seen leaks of iranian material that seems like a shadow brokers might be the vanguards of essentially counterintelligence in the public sphere that something that is simply extraordinary. You think the shadow brokers will emerge . That they merged an Election Year in an audit in 2020 so set your watches for this august. Im not sure but they came out at a time of high tension so they would certainly be striking and even a mystery they came back. Is a considering intelligence world and how do they look the shadow brokers . Of the fascinating thing about this case is we dont know. There has been so little public oversight on the shadow brokers. In contrast stealing 20 million security clearance files of American Government workers to the shadow brokers so are so rarely discussed but again everyone has a favorite chapter. By the favorite chapter thats the one because its an extraordinary story. We dont know what the Intelligence Community knows. A want to take a couple of questions from the audience. Serve. Michael waller, great conversation. My impression is the Power Rankings in hacking capabilities are a function of fiscal assets and intellectual capitol. If you were to do a heat map of the world and ranked the intellectual capitol function of that power country by country both in terms of current intellectual capitol and talent in the pipeline what would those rankings look like and from a policy perspective should the u. S. Be doing more to recruit more and better talent . Thank you. The United States probably still has the edge in terms of the sheer talent available. The nsa is United States largest employer of mathematicians which is usually very useful to four codebreaking. Israel certainly has incredibly ingenious hackers. Some of these operations are intricate and how they are carried out. Those three are a cut above the rest of we shouldnt sleep on russian operations. They have demonstrated for a long time they can play this game and an incredibly isolated country north korea has done a great job of being able to punch well above their weight. Jason gresham from the center from strategical studies. To great discussion about the book and i look forward to reading it. Im interested and you mentioned Election Security and the vein of the Election Security and those resilience measures that we can take from the United States government perspective to sort of come away from the whackamole approach in terms of cyberattacks and thinking along the lines of those measures and i was wondering your thoughts on that. You hear a lot can we educate people with information as part of the problem but i also wonder what platforms like facebook and twitter can do about them in the Security Officer alex stamos is very fond of saying freedom of speech shouldnt equal freedom of breach which is to say you may have the right in the United States as an american to Say Something thats not true but it doesnt mean facebooking simplify it and in the context in which we had not many months of her eight months until election season picks up is hard to educate the entire population but i do wonder if there are things that platforms can do to mend the content the goes viral. That is a tricky hill to go down and its something they are very wary of doing and i have to do to some degree but how they are managing this is something that certainly complex. This is a business where there are no easy answers. Technology Innovation Programs i just got your book this morning. Congratulations on its publication but i started reading it right away and i notice in your second footnote when you introduce shadow brokers you referred to these tools that they released that were on line and now they no longer are but we can still find them in the internet archives. One among many methods you are using to get at some of this information some of which seems to be classified and wondered if he could speak a little bit to some of the writing perhaps the great whale as your biggest mystery to really rely on some unique tools. This is the great thing about coming to the Wilson Center is you get questions about sputnik and its impressive. This is a broader. She that i make in how we study Cyber Operations. Think a lot of scholars like a set of the outset treat these capabilities as if they are hypothetical and theoretical. How do you find those cases . Theres an incredibly robust private sector that studies what nations do every single day in cyberspace because they defend many of the targets and big get great visibility in the use of intelligence that otherwise would be completely out in a published report in technical language. If you read all the footnotes based on these kinds of private sector analyses with highly credible analysts from the Intelligence Community and down the private sector tracking china and russia and the United States as they go about their business. Thats one source. The second source is Computer Science literature. We didnt talk a ton about it but there are two chapters in the book on encryption that essentially play out in maps. They are very accessible but they are fascinating and how it becomes a frontier for competition between nations. The Computer Science literature which is technical revealed and help sort through a lot of what happened in that case. The third source or government documents. Some of these documents are actively promulgated by the United States government russian and chinese hackers shut extraordinary light on how they go about their business. Some of these documents are every single footnote in this book points to something thats publicly available on line. Can be sure the russians and the chinese have seen in these documents tell a story about what happens in cyberspace between nations. Dave ottaway at the woodrow Wilson Center. We just came out of a cold war where theres a theory of deterrence. There was a theory and it worked on the ground. Is there any development of theory of deterrence in this new warfare and should the u. S. Become more aggressive in order to stop the attacks on the United States . Beyond some pretty high thresholds i am skeptical of deterrence to when it came to this book that comes through no most every chapter is that so many policymakers in so many scholars conceptualize Cyber Operations as operations for signaling purposes just click in the cold war where coercion and deterrence. Changing out the other side plays its hand. They are much better for not laughing at for stacking the deck. Thats a messy cat and mouse business and beyond some very high thresholds where we responded with the kinetic strike i think we probably overrate deterrence feasibility in this domain and we underestimate how useful it is as a tool of competition. The u. S. Is doing too much signaling or not enough shaping in the cyber world . I would have said that three or four years ago. After he started the book it changed its strategy and was much more strategic. Precision engagement is saying we are going to engage everyday and not worry about this. Ca just take credit that was your idea no one will push back on it. Newsbreaks are incredibly quickly broken them all use a bit of the trattou today what stories that broke the neck you wish the book include an why . I did write a very good description. Of the equifax breaches perpetrated by the Chinese Government in and two weeks ago the proper justice comes out with the official version of the story which lines up. I would have had a little more color and there would have been a few more paragraphs had they given me an advance copy of their indictment which they did not do. I was glad that i was correct but i think we could have had more details in the book if the department of justice had been activated earlier . Im an army officer in doing a thesis on russian political warfare. Theres kind of the debate is this just evolution nor revolution of military affairs . I think its revolution particularly with russia theres an extraordinary history. My colleague is writing a great look on the history of the russian active measures. They didnt invent this activity in 2016. What they did do is they supercharged it and they married their propaganda and their hackers and a powerful operation. Does that amount to revolution . A dont know. Maybe your thesis can answer it but it certainly is making this whole idea in making it much more powerful and much more dangerous for democracies like ours. There dont seem to be repercussions for. Is that one of the things that needs to happen in order for this to shift . Theres no doubt that the United States should draw a clear line on Information Operation saying well take these very seriously well punish you for the Obama Administration didnt have much time between the election and leaving office kicking russian agents of the country and close to consulates. He tried to impose some cost in the eight or so weeks that he had and its something we should go back to. Im a fellow at the carlisle group. Two questions. One is psychological operations are being used to impact and influence antifacts whether its election related themes to push people away from science lets say. Is that from a definition standpoint, do you consider that hacking or is it using public means that it then developed here in the u. S. That are accessible to everybody to essentially perpetrator put forward ideas that are then being shared by americans and others around the world. We can clarify that we can understand what we are talking about as if thats defined by hacking. The second one is to bring this conversation a little bit to the huawei conversation if as we are anticipating or we are seeing huawei is going to set the Technology Standard for 5g is relieved forward to the next generation. How will that impact the ability of china and others to use that hardware infrastructure to get what youve been studying in assessing and writing about in terms of information . I would not consider what you described in your first question is hacking but i would consider the Cyber Operation. The terms of the hacking Cyber Operations is competing in cyberspace. Its a wiretapping in space so i would consider what you describe is a Cyber Operation certainly disinformation well within the scope of what i studied in what i read about. Its most effective when you can identify fischer and drive that wedge and so much of what we have seen the russians do for a decade is to identify these points of debate or division and try to widen them and try to make both sides feel like the truth doesnt matter in science doesnt matter we are all divided here that serves the russian interests very well. We have seen not in the antifacts as you mentioned and probably will see it not just from russia but other coronavirus is well. These things are getting a lot of attention but not well understood by the body politics. On the second piece the huawei piece its impossible to talk by the thing that the role that Telecom Companies play in intelligence and how this is an advantage for many nations that they can work with the Telecom Industry to get access to information. It seems to me that one of the real things with huawei is china can do that as well so certainly since the concerns are founded thinking about do we want to let an adversary or potential adversary cat access to Telecom Networks . He would think its an easy solution which is ben huawei and maybe thats part of this solution but not the entire solution. They are much more complex questions about supply chains and no matter who the company is whos making the component parts. If maybe we get to a point where her realize everything is compromised and certainly if you go down the rabbit hole long enough the fact that theres always one more level of deception it seems kind of true. Thats in and of itself but we have a right to be concerned. So make you to worry about huawei but the u. S. Is becoming more of an island with its european partners. Do you think its a concern for security . My sense of studying the last 20 years of Cyber Operation every nation will use every tool available to compete in cyber space and its an opportunity that we would expect the chinese to try to use. You talk about coordination and how much at t has helped. Couldnt china make the reverse argument with a 5g infrastructure and they could then be as pervasive as is huawei theoretically. I think they certainly would and thats the cab and mouse game in the telecom. This is not a business where trust is a wise idea. This is a business where you should trust indefinitely should verify. Singer james fowler james fowler. My question really is what about hacking expertise for higher. North korea hires out to nationstate actors and people who have expertise for sale. How does that impact . This is a remarkable trend. I think iran is come on the cyber the cyber seen before that was available in the home grow a lot of their capability but you are certainly right to say a lot of nations look around the world and say hey we need cyber space as well as how can we get on board quickly . There companies that essentially higher up hacking expertise and you can go down the list of nations that have done this that have worked with companies to essentially level up there hacking capabilities and how to use those capabilities. Whats remarkable is that they use them not just to protect power against adversaries but to repress the hacking capabilities as a tool of maintaining control the population coupled with traditional physical policing. I think thats something, this is a book about nations but if you want to add one chapter about cybersecurity in Cyber Operations and domestic policy how authoritarian regimes use these tools. We are out of time. A fascinating discussion. You are absolutely a genius on this and we thank you for writing this book in a way that people like me can understand it and enjoy it. I have seen your reporting i seen your reporting. Thank you all so much for being here. Anothers copies of the book for sale inre the lobby right out here. Thank you all very much. Thanks very much. [applause] [inaudible conversations] television has changed since cspan began 41 years ago but our Mission Continues to provide an unfiltered view of government. Already this year we brought your primary election coverage, the president ial impeachment process, and now the federal response to the coronavirus. You can watch all the cspans Public Affairs programming on television, online or listen on our free radio app and the part of a National Conversation to cspans daily Washington Journal Program or through our social media feed. Cspan, created by private industry, americas cabletelevision company, as a Public Service and brought to you today by your television provider. Hi everybody. Thank you so much for coming and filling up the house. This is pretty godless. My name is adam kushner, the editor of the sunday outlook section for the Washington Post, and im very lucky and you are very lucky to be a tonight with alexis wichows