Cspan. Org coronavirus. [background sounds]. Good morning everyone. More people are expected to arrive but i think i saw Michael Waller come i dont know where he is, hes in the back now. He is becoming shy. Is the Wilson Centers supporter best supporter of the planet predict and we are giving him a name tag. But welcome michael and welcome everyone else. I am jane harman, president ceo of the wilsonso center. It is the best job on the planet because i get to talk to geniuses every single day. One of them it was not in my script, she will hide somewhere is make king. Some may nothe know her but she runs our Science TechnologyInnovation Program and is responsible for the schools we have on fridays to teach capitol hill staff about cyber and Artificial Intelligence and today genius, that would be van buchanan is our go to guy and teach some of the schools. Lsben buchanan. And hes beeno trying to teach e for a while and think i have been the repeater of all time that some of those schools i know i am kinda getting it but i have an analog brain. And i thank him for his patients. Van is a global fellow he will discuss his latest book right now called the hacker and the state. Spoiler alert, hackers have changed the world. Cyber operations are now indelibly part of the International Relations and the gap between the United States and other countries, as narrowed considerably. From north koreas efforts to hats for cash, a Million Dollars worth pretty against the bank of bangladesh to russia milan activity for disinformation to electric blackouts in ukraine and there is plenty to talk about. Understanding how cyber tools are usedde and abused is bens specialty. Often taking care of analog brain to grandmas. Ill give him credit for that. It is a marshall scholar received his phd from Kings College in london and he knows everything. Even more ported i though. Larry said this, as a former member of congress that would be me. Try to ensure our Technical Intelligence collection tools were notot cumbersome, they were legal and regularly reviewed by experts to prevent abuses i really salute been for the kind of teaching he is doing to all of these staffers who come here not knowing enough about the subject and not knowing each other. In the contribution he has made is just colossal. So my theory is i just hinted is that politicians are analog but our problems are digital in the Wilson Center is kind to change that. In here to moderate the conversation with van, then the genius this courtney qb of nbc news, courtney is a ncorrespondent covering nationl security and military and has spent a lot of time reporting on the intelligence and digital issues we are discussing today especially election interference. Did you know there is interference it really means a lot to us if courtney and she would come here and do this and take a little time away from endless conversation about our ongoing primary election and courtney thank you so much and over to you and enjoy everybody in thank you every much. Courtney we have been the genius and courtney be adequate. Ive been an early copy of this pretty soon probably one of the few people who had the luxury of being able to read this fascinating read. Were lucky to have been tells a little bit more about it. And since most people in the room have not had a chance to read printed can you give us just a basic overview of what the thesis of the book is printed. Ben too often we think about packing between the two nations like it is hypothetical. Its often the distance, its like it cyber of 911 or pearl harbor and pieces of the book is that there is the wrong way to look atch it. That in fact, hacking between nations happens every single day. Theres not an extraordinary activity but it is a daily one. And part of the way in which nations compete in the modern era and as part of the way it was a project car. So i what i want to do is take this discussion of above in a very hypothetical academic theoretical and make it very real. These are the stories of how nations attack one of each other. And this is what it means and why. So every chapter in the book is a different way in which nations projectch power rated fiberoptc cables and inscription backdoors and hacking banks to seal passion blackouts and beyond. Not untill the stories of what actually happens everyday in cyberspace. Courtney youre looking at, many people americans are the world, these attacks and even Cyber Espionage us art potential for casualties mass casualties and chaos beyond the assorted the states in between like the gray matter what happens and happening every single day. What do and will get into some of the specifics and fascinating cases that you detail in the book how would you characterize the cyber attack on a nation, how does that generally work look today. Ben awaiting with planes crashing in cities burning, you miss the activities the matter the most and that actually happened. But we do see between nations and persistent and pervasive espionage. China United States russia, the use Cyber Capabilities as espionage. We see attacks and to blackouts because by russia hackers in ukraine we also see what i call a deep stabilization, election interference. Nation saying revenues hacking tools to mess with your elections. These are categories espionage attacks and almost everything we see its into one of those buckets e pretty and very little of it involves casualties but all of it is important. Courtney so Cyber Attacks are pervasive but potentially less destructive. Ben of the sort of insidious harm that happens. His close or maybe two, change than it is to a forest fire. Courtney kills explaining the book that one of the major reasons that nations hack one another is sort of this endless struggle to dominate. Nominations over other countries and over the world. Is that or do you still think thats true and has happy become harder to prevent it was in the past. Ben not only is in order to prevent but nations getting for 0progressive. In attacking business between nations and what n we see is tht hitions are Getting Better and are also being less inhibited and below the russia, go back ten or 15 years, russia is doing very stealthy actor in cyberspace. Were in contrast to the chinese snatch and grab burglars, russia would be slow and methodical and high below the radar. And what weve seen since and in the case of russias that god much more aggressive and more capable. In the two blackouts in ukraine, certainly Everybody Knows here about the election interference in 2016 under other cases two. The text in 2017 as well pretty and destructive Cyber Attacks. 10 billion in damage are of the world and that is the low end. Also perpetrated by russias another link hackers Getting Better, there also getting more aggressive. Speech of humans ukraine and twice that russia attacked the power red. What do you believe after all oi this, we believe the russias goal was that was it messaging for distractive measures that they had the m camp capability. Ben if it was for distractive measures they fell short. Most remarkable remarkable that the 20152016 in ukraine, they were for the caused by a cyber attack. In pierce but they did less damage than they could have. And they also bangmac and it leads to question two what were they trying to do. And i think there is two possibilities. The first is it some kind of test used in line and the second is this is a signal that this is processing to ukraine or to the world, we have this capability, this thing that you will have all long feared was a cyber attack, we can do that. Lets particular remarkable especially about the 2016 blackout is it a tool the russians deployed to carry out the attack was automated and scalable it seems could work against american systems as well. That may be a suggestion not just to the ukrainians but to American Society this capability is in the arsenal and theyre not afraid to use it. Courtney did that allow western nations in the United States to put in some sort of preventative measure. Ben is certainly tips or handle bit could they develop a different capability. It is certainly c possible. The United States improved theres certainly possible. One hopes to up to the defenses and certainly election Grid Security is aso lot of dentition in the United States. It is not all dume and gloom. We are making progress. Courtney large financial implications congressman armen mentioned bank hacking. Our details in a book that i had never heardd about. Ben North Koreans have a remarkable admission. The most isolated sanction country ontr earth. In one of the ways that they get hard currency for the regime is to pack other banks. The most famous hack is the one against make a dish. They aspired to still a force of a dollars. Get access to banks accounts they used to account or interact with a an initiate transfer from the new york fed two counts of north korean central. Was a little bit funny about case the main some type of transfer some of the transfers were blocked and the only god anyone million and 7 billion. It was an expensive typo. North koreans made that mistake it was significant about the cases that show the omission of north korea and some of the discussion that the bank hacking stops there. This is actually much broader campaign. Theyll actually have other banks. Less success in the hacked crypto currency exchanges with a great deal of success. Theyve also hacked in operation against the bank in india. Atms all over the world and with drool the money in a decentralized way. So characteristic of them is that they are evolving. Courtney you mean this is something that is by the state run sanctioned and funded. Ben directed by the government. Its a priority for them to raise cruising hacking is one way to do it. Courtney i was surprised that you wrote the north korean operators risk tolerance this sort of opens up the next question printed both oher risk tolerance and enable regime doesnt seem to care about the International Laws and whatnot, what you think they could do next and hacking world. Ben this is only a question i dont want to say this is real but one hypothetical thing that has the race in north korea is capable of interfering withh the integrity with to be comfortable to do transaction in interfering to do damage. In a a bankable say that these transactions and records are at the core or are modern Financial System and again at this point hypothetical worry but one worries that north korea might t come back to the kincaid hacking but to try to punch back in a crisis. Courtney he also talk about espionage in cyber world. Sort of like the cat and mouse game that exists in espionage. Its called candor. Ben Chinese Group is cutting for the chinese hacking group. Courtney is essentially a spear fishing campaign right hundred and evolve over time printed. Ben it was a part of a a broader set of operations, being the codename for this. Lowest ranking about skinner was they were region striking many targets across the United States defense establishment in the work your spearfishing to get access to the computers of american officials and pulling information back. And what is striking is what the nsa did pretty they said the american in the they essentially hack the hackers pretty so they the computers for which the chinese operatives with part of the people of the british army was hacking in the hacked those computers in the hacked Home Networks and the Broader Network that was coming out of these operations hacking Internet Company from selling the tiny their Internet Service that they can look at the recordsli and confirm who was behind these activities and they got advance information on the chinese operations in the use that information to go and be ready tost defend against the attacks when the chinese showed up in the espionage. When they shouldve. And it as you said the cat and mouse game that is happening in at a daily competition. But this is a daily competition in this case between the ics china. Its how we operate in cyberspace. It. En courtney the u. S. Was able to counterspy in china and how many years did this one. Ben is unfolding for years. This was one battle in a much broader war. One hispanics case and the United States very well. Aeditors. The chinese activity but there are many others in which the chinese activity went uninhibited. I tell the story of an extensive Chinese Campaign against military aviation in the United States. The c17 warplanes pretty the cutting edge plane being built in the u. S. And chinese hackers plot reams of information about this plane. Information is so extensive they cant transport even digitally back to china so they just made lists of the filenames and filenames list for thousands of pages. They take the names of the files. And of all of these files we could pull back, which ones are important. It gives you a sense of the extensive breach of chinas efforts in this area. Courtney chinese example what was interesting b was the point that the chinese use break and explain how that works and how the nsa was able to intercede or intervene. Ben what is so fascinating about that operation is is all cat and mouse is all about spy versus spy an assumption in one way in which the chinese were carrying out this deception was they would Hack Computers and the thirdparty countries and then they would the United States from those computers. And with the nsa had to do, they hacked back was they had to have the thirdparty computers search which had no idea that this was happening in the systems and then went upstream and eventually made their way to the chinese networks. Lets not just the chinese to do this. Every nation takes precautions to try to disguise his hand. And we have hot points as well in the russians have an existing thing that they were doing for a period of time where they would have Satellite Phone information and payment down to africa. It is a constant game of trying to hide your hand so you get more freedom of operation. Courtney again birth fascinating, running sample of the nsa taking an offensive role in this and it paid off in the end. It was successful for them. Im surprised thehe character is characterization of the pla. When van describes the pla action specifically this case he said the chinese hackers were sloppy at times. Lack of discipline operational security. It was sometimesil even login on their stock and pornography. Ben and is true. Everyone has a boss in a budget and you can imagine the chinese hackers want them to hit more targets. The going to be sloppy and take shortcuts. And they get bored and lazy. And they decide, the odds of us getting caught are exceptionally low. So then they do other activities or took the market or whatever. That shows a human side of this business. Second person and hoodie behind keyboard. But in this case are also checking facebook. Courtney tell about shadow brokers. Ben there probably the single biggest mystery. Every author has his white well. Every journalist probably has it as well. There are mine and i got pieces of the story, fascinating story but we dont know all the details but what we do know is at some point in 2016 beginning in august of 2016 nsa tools and prep credibly powerful hacking tools, one is so powerful is like fishing with dynamite rated we dont know where it came from, a Mysterious Group of twitter another platforms of the shadow brokers. And proceeded for about 11 months or so and continually posting and burning nsa tools and then it stopped. And their theories about who did it. About why they did it. Many people guess it was russian intelligence. It seems to have its roots, at least at some level that even now to the state, three or four date trend years later we d dont know who did it despite it being one of the most significant leaks of classified information ever. See when they made it clear they wanted money was as nothing more than a criminal enterprise . Guest that is certainly aera theory. They talk all the time about how if they got paid enough money they would stop. One theory was a former insider contractor decided this was something they would do to try to get money and then disappear. Again another theory of the case weve seen many times is the masquerade and as a criminal element its actually an intelligence operation. Its remarkable that we still dont know. Host it opens up another iinteresting idea when it comes to hacking and Cyber Espionage. There is an article that New York Times this morning t and said a program that cost 100 million from 2015 to 2019 but it produced only two unique leads his face often ig report that question whether in fact this was an efficient use of money, a significant amount of taxpayer dollars. But we have quite a few congressional staffers in here and it gets to the larger issue of policy and oversight of this. Is there enough oversight of u. S. And government Cyber Espionage . Guest its hard is the congressman said at the outset e creating and denying keeping the adversaryve from doing what you want to be doing. The question scholars are raising will that lead to escalation . Will this work . Just moving it to classified settings or is more appropriate to ask and answer them. Host with yourr experience do you think that oversight at this point is adequate . You think theres enough attention to it, theres so muchch going on . Guest imo with more attention and oversight sign me up for more that if its a possibility. It really is a question of not only the amount of oversight given how complex these arent some of the jurisdiction that makes an intelligence activity overseen by the Intelligence Community versus Armed Services over by the Armed Services committee we worked it out before one time it was a discussion on who oversees what. You think there needs to be a Standard School rule of ethical practice that exists that is specifically with hacking and the u. S. Government that needs to be adhered to . Speak to United States government has policies on this that have governed the activity and many have classified and are hard to know. The broader question is more pessimistic is can we get otheret nations to agree to that standard can we have norms here the way weve had norms in other categories of warfare. The way we have seen technologies emerge in the arpast. Were billed norms to try to counteract to them. I am very skeptical of that i think its an opportunity where it serves the interest of all nations of the perceived interest of all nations to compete in cyberspace. The norms that have been outlined so far in the un have been very high level, very general i dont think are constraining a lot of state behavior. When you have those that conduct the most destructive attacks on the u. S. And the west, we dont seem to adhere to any kind of Ethical Practices and norms. Guest thats fair. Host because of that are they Getting Better had they surpassed the United States their capability . The way i like to phrase it and you hear it a lot. We have a lot of rocks will eliminate glasshouse. When it comes it intricate i dont use this lightly, beautiful cyber offense american abilities are extraordinary. Its extremely intricate operation. Just because we can do that doesnt mean we can defend very well print got the long tail of vulnerability that our adversaries have not been shy at exploiting. Pry no different than the aqua fax indictment where the chinese basically because they could, hack to the personal information of 140 billion americans, probably anybody here in who has a credit card is likely in this file maintained by aqua fax. Most people dont know these exists they dont defend it gets information about Many American adults and thats the glatt glasshouse element of this. At what point do these attacks, if we are talking about more of the gray area, not destructive loss of lies a child life not in the streets. At what point are these attacks the beginning of an actual cyber war . We have not found yet. Whats remarkable is where we thought that point was we kept pushing it back. In 1999 the russians carried out a campaign moon light maze against unclassifiedun networks. The deputy secretary of defenseef came to congress with a classified briefing and said we are in the middle of a cyber war. This is what cyber war was at the time and they really spun up the apparatus to try to figure out how we were going to respond to it. Theyre going to go to war about they push back. Now that seems almost passe. All along the way we said o there must be some redlines here, whether its doing a billion dollars in damage with its killing someone turning out the lights with its election interference time and time again we keep redefining this gray zone to allow more things to go closer to the piece side one of the biggest policy questions is where is the line, whats the activity were going to punish at what cost are we willing to bear to enact that punishment . Thats part the administration on both parties had less of the competition layout and lets state short of war. Guest out of it with the answer is by what a make sure theres a strategy authors hill and others can say where is the strategy what is the line for reducing the threat for factors like china and russian. Re i do think there are some overhanging deterrence where no one is going to kill people the nine save a cyber tax and not expect in this response for it we want to make sure we are drawing that line in the first place. Host what about attribution . Has the u. S. Got better at attribution . And at what point is that, without g the smoking gun, how can there be an actual Even Connecticut or response unless the u. S. Puts that forward. And potentially shows methods . Guest thats one of the biggest issues in cyberspace can we figure out who did it . I think the conventional wisdom unlike the cold war was impossible. If the United States saw a million Nuclear Missiles coming they knew words coming from. The thinking here is we wont know where cybertek comes from. Donald trump and trent trump talks about the 40pound hacker in the basement that anyone could do this. What is striking is i think the complexity is we make it seem harder than it is for a nation like the United States. North korea hacked sony in 2014, destroyed about 70 of the infrastructure according to one estimate. Gets these juicy emails about Angelina Jolie and the question immediately emerges, who did this . The u. S. Government comes out and says north korea some people in the Cyber Industry said it wasnt. We dont know but it was not north korea. It emerges with time that the way the United States knew with such certainty is it was it north korea was that in fact the United States was in North Koreans networks and that leads the New York Times. I think its how the nations attribute making. Itre isnt forensic evidence that comes back to the cat and mouse game that happens every single day. The u. S. Was in the north Korea Networks despite 11 suit then covered covered after the fact. Thats why the attribution business like so much else in cyberspace gets into this messy tangle competition will morepe time. See what it across the nation to. Guest and thats for sure and thats why they talk about sources and methods which is why some folks say thats is not credible because you have not proven the evidence. Host would you say the u. S. Is Getting Better at determining attribution and a stronger and more appropriate way . Areet there natures jet nations as well . Guest the United States as its best to hide but certainly the case that other nations seem to have countered intelligent success against the u. S. If it was a russian operation, that was an extraordinary counterintelligence that revealed tremendous access to some unknown mechanism about safe files and great insight onto how they went about their business. Host i want to talk a little bit on Election Security. You have a fascinating story in the book about june of 1940. Think the audience would be surprised maybe you know the story i didnt but who was interfering and the election in june of 1940. Guest i did not know the soaring flight wrote the book. The answer is in britain and that striking. Go back to 1940 it is a tense. In history, world war ii has begun the United States is not yet in it, britain is fighting a very tough battle with germany and britain has a priority. It is to get Franklin Roosevelt reelected. Hes running for his third term he is a pro war democrat. They worry he will not win the reelection so they tried to influence who the republicansp put up as a nominee against him. The Republican Convention is in chaos of trying to determine who the nominee will be and suddenly out of the blue comes a poll saying mandel a jet man name wendell winky was leading and that would be the favored republican choice. This poll did not exist, it was fabricated by british intelligence. It was the beginning, one part of an Extensive Campaign to get wendell winky he was a former democrat, pro or republican at the time. The republican nominee. To make roosevelt defeat him in the fall. And then to get isolation republicans out of congress. The brits carried out the campaign in 1940 with the president ial election. And then the congressional campaigns and 42 and 44. What it shows is its not new. What is new, and what is striking is how hacking operations can supercharge this old tactic. Weve got this wool a jet old craft in elections in a hacking operation can, like we saw in 2016 supercharge it six effectiveness. Thats what i like so much about studying this stuff. You can place it in Historical Context and gain much more appreciation for its richness. See when you talk about the advancesap made with tween the 2014 and 16 elections when you see the biggest threat for 2020 and is there any way the u. S. Can do to stop the disinformation or potential hacking . Guest we send the election business as they have two purposes. The first is to pick the winner and the second is to cconvince a loser hes lost. They can try to change your mind so that influence campaign, they can try to change votes with Hacking Campaign or can try to create chaos. And they can get the winner to think they won in the loser to also think they won. You can imagine that would imagine a lot of complexity in 2020. I worry about operations that might happen that could threaten the perceived legitimacy of the vote. Even if it is legitimate if its perceived as not it transfers to the peaceful transfer of power thats essential to democracy. Host russia shown its intent to show chaos all over, militarily, cyber, elections whatnot. What about some of the other potentials like china. What do you see is the biggest threat for how they could interfere in the election and what you think their ultimate motive would be . Guest china is tricky, we just dont have the track record we had with russia. With rush of the history tells that election interference, nfactive measures campaign to something theyve done for decades going back to the early days of the kgb, the russian secret intelligence service. China does not have that track record. They may have motivation, they may have capability but the very hard Vantage Point to know what they will do if anything in 2020. That should cause policy makers to take a step back and say what can we find out between now and the fall to get ready for threats not just from russia but from around t the world . Host canan the u. S. To anything that will absently stop forward interference . Guest theres nothing perfect it is cat and mouse game once more, everyone should vote on paper for verified paper ballot we need that afterthefact risk limitingte audits its a risk limiting audit that is a math method to make sure votes are counted properly goes beyond an account. Thats a tremendous variety in the audit procedures, statebystate. Day also think is important for the government, to come out and say we treat elections as critical infrastructure. We treat this as a core function of democracy and if you interfere in our election we will respond. What striking is how few consequences they suffered for it. Host we have a couple more minutes before we get to the chance to ask them questions before reduced i ask you who do you think is the best, i will use the word best, or most effective, most dangerous hacker . Guest the most dangerous hackers are the Russian Hackers its not only their capability but the nice itshe in china are as well. It is the aggression and risk tolerance, turning off the power launching these huge Cyber Attacks with millions of dollars of damage, interfering with elections and suffering very few consequences. Thats a recipe for nation thats going to continue to use it them oppressive capability in an emboldened way and for people United States thats worry. Host you talk a bit about the shadow workers, but what is the one case in the book that you found the most fascinating, the most surprising. I dont say her favorite story of hacking but what was your favorite story packing . Guest i could talk about that case forever not just because we still have things we dont know, the mystery aspect of who did this. It shows how the tradecraft evolves. It evolves from the databe espionage, the attack, the attacking and leaking parade this a new terrain of hacking and leaking not for publicity and Information Services but have it tangible on the other side. We have seen other groups pop up like them. S theres a group on twitter called intrusion truth no oney is really heard of them they have anointed with air coming c from. They are posting and burning chinese capabilities doing attribution on chinese hacking capabilities. Wevese seen leaks with hacking over the last year so parade the shadowke brokers in addition to being a mystery on their in is a new vanguard of this essentially counterintelligence in the sphere that simplex ordinary. Host to think the shadow brokers will reemerge . Guest they emerge in the election last year so set your watches im notat sure. They came out at a high of tight and shanghai tension and we are entering one as well. Certainly be striking and deepen the mystery if they came back. Am host how do they look at the shadow brokers is that their white whale essentially . Guest the fascinating thing is we dontou know what they know. Theres beenee so little public discussion and oversight of them in contrast to the office of personnel tax stealing 20 million security clearance of workers. The shadow brokers are so rarely discussed. If everyone has a favorite chapter, if i had a favorite chapter thats the one because its an extraordinary storyor and even years later we dont know. We dont know what the Intelligence Community knows. Host i want to take a couple questions from the audience, sir . I am a member of the Wilson Center national cabinet. Great conversation. My impression is the Power Rankings and hacking capabilities are bothab. Functional of physical assets and intellectual capital. If you were to do a hate map of the world and rank the intellectual capital of that power country by country, both in terms of current intellectual capital and talents in thehe pipeline, what with those rankings look like . And from a policy perspective should the u. S. Be doing more to recruit more and better talent into this area . Guest the United States still probably has the edge in the sheer talent available was single and diligent agencies. China is up there on a. Capita basis, israel certainly has incredibly ingenious hackers, some of the Israeli Operations are intricate and how they are carried out. So those three are probably a cut above the rest. We shouldnt sleep on russian operations. They have demonstrated for a long time they complained this game. Surprisingly furred incredibly did isolated country, north korea has done a great job of educating their hackers and punch well above their weight so thats probably the top five in that order. Guest i am from the Strategic International studies thanks for the conversation its a great adiscussion. I look forward to reading the book. Imnd interested in what you mentioned about alexa and esecurity and sorted the vein of Election Security more in terms of the resilience measures that we can take from the United States government perspective to sort of calm away from the wac mole approach to Cyber Attacks and thinking along the lines of Digital Literacy and those kind of measures. I wasn just wondering your thoughts on that . Guest its a really hard question. You hear a lot, cant we just educate people to spot this information . Thats probably part of the problem. But i also wonder about what platforms like place and jen facebook and twitter could do about this. The former chief Security Officer is big on this issue is great is saying the freedom of speech should not equal the freedom of reach. That could say you have a r right in the american to Say Something that is not true. But it does not mean facebook new sample fight. I think at a time context in which we have not many months, seven or eight months until election season really picks up, its hard to educate the on literacyation in seven months. I doo wonder if theres three things platforms can do to try to manage the content that goes viral. It is the plat form perspective its a tricky hill to go down. They know theyve got to do it to some degree. How they are managing all of it is certainlygi complex. This is a business where there are no easyy answers. I just got your book this morning, congratulations on this publication. Rightted reading it away and i noticed in your second footnote, where you introduce the shadow brokers, that you referred to these tools that they release there were online, now they no longer are but we can still find them in internet archives. That points to a one among many methods you have beenhi using to get at some of this information. Some of which seems possibly classified. Im wondering if you could speak a little bit of some of the variety of methods you have used. Perhaps as the great whale is your biggest s mystery forced you to really rely on some unique tools for getting at things. Guest this is the great thing about coming to the Wilson Center you get questions about footnotes. [laughter] thats impressive. This is a broader pitch that i make and how we study Cyber Operations. Think a lot of scholars say you have to treat these capabilities as if theyre hypothetical orhe theoretical i want to talk about stories that really happens. So how do you find those cases . The first is there is an incredibly robust private sector that studies what nations do every single day in cyberspace because they defended betty of the targets and they get great visibility into these intelligence attack programs that would otherwise be completely out of view. They published reports, often in technical language, if you eat all of the footnotes its based on the private sector analyses with highly incredible analysis all from Intelligence Community tracking china and russia and the United States is a go about their business. Thats one source. Second source is Computer Science literature its theres two chapters in the book about encryption, spy versus spy they play out in math. They are fascinating and how math becomes a frontier between nations. Thee Computer Science literature which is very technical reveals and helps me sort through a lot of what happened in that case. And the third source our government documents. Some of these documents are actively promulgated by the United States government, indictments of hackers show extraordinary light on how they go about their business some are leaks i will never write anything the chinese and russians already note. Every footnote in this book showin something that is publicly online. These documents themselves tell a story about what happens in cyberspace is worth telling. We just came out of a cold war where there is a theory of deterrence that worked on the grounds, there is a theory and then it worked on the ground. Is there any development of theory of deterrence in this new warfare . And should the u. S. Become more aggressive to stop attacks on the United States . Guest beyond some. [inaudible] im skeptical of deterrence. In oneve of the themes of this book is some conceptualize Cyber Operations as operations for signaling purposes just like the cold war. For coercion, deterrence. Simply changing how the other side plays. But i argue is Cyber Operations are much better for shaping. Not for changing how the other sides plays are bluffing but for stacking the deck and stealing cards. Thats as messy cat and mouse business beyond some very high thresholds of killing a lot of people we have ari military strike i think we probably over rate deterrence as feasibility inhi this domain and we underrate how useful it is as a tool of competition. So you think the u. S. Is doing too much signaling or not enough shaping . Guest i wouldve said that there four years ago. I changed the strategy it was much more aggressive im not saying they got me but its a happy coincidence we got to the same place. Cyber command has a strategy which is persistent engagement which means organ engage every single day, not only going to worry about this broader deterrent strategy. Host this is d. C. Everybody takes credit justice take credit. News in this field breaks incredibly quickly, from the moment you submitted the draft until today, what stories have broken you wish you could reopen the book and why . Guest i wrote a very good description of the aquifer actsts breach by the Chinese Government in twor weeks ago the department of justice comes out the official version of the story which lines up and thats a good thing in journalism. [laughter] thats a good thing when it lines up i wouldve had a little more color and that wouldve been the paragraphs longer if the d. O. J. Had given me vans copy of their indictment whichr they did not true. Thats one case where i was glad i was correct in identifying it as china what i think we could have had more details in the book if the department of justice had acted earlier. Sue and story of our lives we know that feeling. Good morning i am an army officer andff im doing thesis on russian political warfare. Kind of a debate, as this evolution or revolution and ulterior affairs can speak on that . I think its a revolution tactics especiallyis the russia, thomas ridge is running a great book on russian active members of influence and disinformation. They did not invent this activity in 2016, but what they did do is a supercharged. They married their propagandist and their hackers and a powerful operation. Thats very much the shape of things to come does not about to revolution . I dont know maybe your thesis fun answer it its certainly taking this old idea make it much more powerful and dangerous for democracies like ours. Sue and there dont seem to be repercussions fortis that one of the things that need to happen for this to shift . There is no doubt they should draw a clear line in operations and say that we will take these very seriously and will punish you. The Obama Administration did not have much time he kicked 35 russian agents out of the countryy enclosed to consulates. He tried to impose s some cost in the eight or so weeks he had but that really has not continued and probably something we should go back to you. I am state department with the carlyle group. Two questions, one is psychological operations that are being used to impact and influence anti vax or whether its election, related themes that push people away from science lets say. Is that from a definition standpoint, do you consider that hacking . They are using public amines that have been developed here in the u. S. That are accessible to everybody to essentially perpetrate or put forward ideas that are then being shared by americans and others around the world. So thats the first, if you could clarify that so we can understand what were talking about in terms of if that is defined as hacking . The second one is to bring this conversation a little bit to the conversation and if we arent to dissipate what were doing there going to set the standard for 5g as a move forward to the next generation. How will that impact the ability of china and others to use that hardware infrastructure to get to what you have been studying, assessing and writing about in terms of information and influence . Guest i would not consider what you describe in your first question hacking i would consider a Cyber Operation they are not quite synonymous hacking is taking malicious code and placing h it. Cyber operation might include for example tapping fiberoptic cables unsightly at hacking its a wiretapping conversation i would consider whatly you described as a Cyber Operation certainly disinformation is well within the scope of what i study and what i write about. Its whats known for mostformation its effective when you can identify crack and then drive a wedge into that crack so much of it we have seen the russians do for decades has been identified as points of debate or division and try to widen them. Try to make both sides feel like the truth does not matter, science doesnt matter we are all divided here and that serves the russian interest very well we see that in the anti vax disinformation you just mentioned and will probably see it not just russia but from others on coronavirus as well these things are getting a lot of attention but maybe not well understood by the body politics first subjects right for disinformation. On the second piece we didnt talk about because its impossible to socket whatever thing its in Telecom Companies and intelligence. How this is an advantage for manydu nations they can work with Telecom Information to get information that flows througho it, certainly the United States does this. Seems to me one of the real risks is china could do that as well. I certainly think that concerns t are founded and thinking about do we want to let an adversary or potential adversary havers access to Court Telecom networks would just beat to ban them maybe thats part of the solution certainly not the entire solution there much much more complex questions about supply chain no matter who the company is, whos making the equipment, his making Component Parts those are much harder to answer. Maybe we get to a point we realized everything is compromised or could be compromised certainly if you go down the rabbit hole of Cyber Operations long and if is a hall of mirrors and theres always one more level of deception seems kind of true. That is a worry in and of itself. As a polisario or right to be concerned. You do worry about a that . Seems like the u. S. Is getting more on an island with some of the European Partners get on board you think its a concern for security . Guest every nation will use every tool available to it to compete in whats acceptable to it we expect the chinese use. We talk about the coordination was also surprised how much at t is help couldnt china make the reverse argument if the u. S. Is able to build for 5g infrastructure they could then make it pervasive, could the chinese make that same argument that provides americans the ability . Guest they certainly could thats the mousing cat game this is not a business where trust is a wise idea this is a business where you should not trust in you should definitely verify. And with the association for diplomatic studies and training other than in on you have not much mention iran. My question really is what about hacking expertise for higher, the israelis are great at selling stuff, north korea hires out to other nations and state actors, people have the expertise is for sales how does that affect . This is a remarkable trend i think iran got on the cyber scene before a lot of that was available they home grew a lot of their capability. You are certainly right to say a lot of nations look around the world and say hey we need to compete in cyberspace as well how can we get up to speed quickly . Nso or groups they turned to her that her companies that hire outes hacking expertise. You can go down the list of nations who have done this, overworked with companies to essentially level up there hacking capabilities and infuses capabilities. What isat remarkable is the use them notsa just to project power against adversaries, but to repress the send at home they see hacking capabilities of controlling the population, a couple of traditional policing, this is a book about the relationship between nations. If you want to add one chapter about Cyber Security and Cyber Operations and domestic policy that would be the chapter to add which is how can authoritarian regimes use these tools as tools of repression. See event we are out of discussion im sorry our hostess is correct you are an absolute genius on this. Thank you for writing this book in a way that peons like me can actually understand and enjoy and learn more about it. Thank you all for being here. I know there are copies of the book for sale right out here in the lobby. Thank you very much. [background noises] youre watching a special edition of book tv now airing during the week while members of congress are in their districts due to the coronavirus pandemic. Tonight, life in America FirstAmerican Enterprise institute s as a futures bright for those who want to become successful United States, then the Washington Examiner offers his thoughts on why the American Dream is less attainable today and later Pulitzer Prize winning journalist report on the issues facing the working class in rural america. Enjoy book tv now and over the weekend on cspan2. Cnet the coronavirus pandemic is having an effect on the congressional schedule. House majority leader steny hoyer announced members will not be back for legislative business until monday, may 4. Thats two weeks after the chamber was originally scheduled to return. Furthermore members have been advised they would have sufficient notice about returning to capitol hill if legislation, related to the coronavirus was to be considered before may 4. The senate is currently scheduled to resume legislative work on monday, april 20, but that is also subject to change due to the pandemic. Watch live coverage of the house on cspan and the senate on cspan2. So kevin kycovid19. Ky. Gov why is espn putting out a readers book called the fierce 4