I am pleased to welcome shane harris to discuss the new book war the rise of the militaryinternet complex in which he chronicles the emergence of cyberspace as a system made of warfare. How Government Agencies are teaming up with the likes of google and microscope microsoft to monitor cyberspace and collected from asian and what that means for us as individuals and as the nation. The second book the watchers with a New York Public Library book award for excellence in journalism. Currently a Senior Writer and also worked as a Senior Writer for Foreign Policy and his work has appeared in numerous publications and a the Washington Post and a fellow at the new America Foundation were pleased to welcome him back for a second appearance at politics prose. Shane harris. [applause] thank you for the great introduction. Thank you for coming out tonight. Queue to be sitting on a veranda to enjoy a the summer evening. It is great to see friends and colleagues as well. We were talking before i have been touring with the book and speaking at bookstores and this is prized the way it brings out through the community so thank you very much you make me very happy. Sos this book war is a story but it is a narrative that cybersecurity became a fixation of faye parity in the United States right now. Cybersecurity that we define as threats in cyberspace for cybercrime, attacks over Computer Networks that damage physical infrastructure like power grid or to disable the Water Utilities but the risk of these attacks has topped the list of global threats. Every year it is a big thing that keeps people up that night and cyberthreat is that the top. And the new fbi director formerly the Deputy Attorney general said the risk of cyberattacks and a related risk of cybercrime is the most Significant NationalSecurity Threat over the next decade and putting that at the top of the list above terrorism. And testifying before congress that cyberattacks are costing hundreds of billions of dollars u. S. Companies and multiple foreign governments have already probe the systems that regulate the power grid it is not theoretical but a truly significant catastrophic failure well occur if we do not take action. How did we get to this point rawl officials tell us the risk of a catastrophic cyber attack and espionage is what we should be most worried about and what does that mean for all of us that exist in cyberspace every day . And the book tries to stand to those questions. And for a book like this it is a scary story. Begins this summer of 2007 the ceo of the major defense contractors like boeing and Lockheed Martin are called over to a meeting at the. Did not know why the figure is short notice and see the competitors in one room it is not good news. Their ushered into a sensitive compartment did information facility it is where you have to drop your cellphone outside before you go into the soundproof room that is an impermeable to eavesdropping and only receive the most secret of secrets. So they are given a briefing where it is described how hackers believed in china are accessing Computer Systems that contain the most classified information in the military like plans for the joint Strike Fighter that is the next generation military aircraft and all of them overrun by cyberspies. That seems pretty scary but they did not access the information by getting into military networks but through the ceos companies. They made an end run around of pentagon to attack the contractors instead working on the sensitive military programs. As described by several executives went in with our care when they came in they turned white there were very disturbed not only they had gone inside their systems but they knew very of little about it. The pentagon said to have a security problem therefore we have a security problem. If you want to continue to be contractors you will take our help. Once again in epitomizes the National Approach the Pentagon Team up with contractors with information and intelligence sharing. Contractors agreed to report the threats they would see on their network and when it was breached and the pentagon agreed not to disclose publicly and in return they would provide the corporations with the affirmation that was gathering from its own intelligence six operation and what nsa was gathering. So this partnership is set up privatesector and public come together for the purpose of the Computer Networks this is true across the board companys own roughly 85 percent of the Network Infrastructure in the United States. The government to sadistically control and so they have to participate in this intelligence sharing if we protect the internet. Of the effort that began was the Defense Industrial base initiative called the dib 100 members of members today barely a dozen originally but it is now expanded to mothers so today the National SecurityAgency Shares a Threat Intelligence from networks overseas with the Internet Service providers in the hopes they will program those threat signatures tuesday and for Malicious Software then protect the people that our customers downstream. Bigname Technology Companies have struck up relationships church and one that i read about is google. It appears internet works all over the of world with the Communications Traffic and it struck up a secret relationship with the nsa in 2010 after it was attacked by chinese by so they agree to share information and in turn to provide information to them. So spying and attacking is a cooperative effort between the government and the Intelligence Community and its partners in the Technology Industry that is what i write about with a military internet complex the coming together of these powerful forces and hearkening back to eisenhower militaryindustrial complex speech that we will talk about a year. This begins at the tail end of the Bush Administration mitt check a few years to take the threat seriously. There was talk of the highest level for many years but it did not catch on until the end bush was not the most technologically inclined in once said he used the google to look at satellite images of his ranch and clinton is only send one email the entire time he was in office. But where this takes off with the National Security prairie is obama to use the internet masterfully very much the first internet president and he got a firsthand experience with cyberis the and irish and believed to be in china and they have done that can pay a system of but he comes in with a firsthand glimpse with an appreciation with the full their facilities from cyberspace and from day one to is this is classified briefings cyberis placed near the top so he has ahold their approach and may 2009 bombing gives a speech in the east river of the out why house it is a very larger reserved solely for the most momentous of speeches on the president knows there will be a big crowd and to draw attention. He unveils his plan for security of cyberspace he says that the electrical grid had been probed by outside does not say government but the president says effectively put the machinery is wide open to attack. And hearkening to the model to say the vast majority of critical information and infrastructure is owned and operated by the private sector we will collaborate to find technology to promote our prosperity the internet is a Strategic Asset and we will protect it as such so obama defines cyberspace as a National Asset even a live is privately owned. He sets out as the Ambitious Program to put the government at the center to secure cyberspace to influence that. But what is important here is obama starts to see and describe cyberspace as a battlefield the military briefers as the fifth domain after levant see had air and airspace to achieve supremacy as vital as the other four. To give a sense of how the of military has prioritized to look at the budget for cyberprograms in 2014 just with cyberdefense programs to share intelligence with industry it is 13 billion is still has not touched the offensive side of the ledger to put that into perspective the government plans to spend 11. 6 billion on direct efforts to have Climate Change that obama called the greatest threat of our time. The 2012 pentagon budget had the word cyberin it 2012 at the 2014 budget is in there 147 times. So now it is a joke within the pentagon is the only part of the budget that is growing to get money for your project just slap the word cyberon it but a couple of weeks ago the senior official who ran policy said he is starting to see a lot of proposal like this cybertanks crossing his desk. [laughter] theres no such thing. So government officials are talking about our vulnerability is the way we are victimized which is true but there is a cynical calculation a good way to focus attention to drum up money for defense programs but it obscures the other side of the story since. We are quick to portray ourselves as a victim but we do many of the same things that other countries do to us for our corporations. We are masters of offense we are very good at waging cyberwarfare and it will become an integral component of how we fights wars in the future. Fox one story that i like that captures how cyberis integrated, this place takes also, in 2007 that is the year things took off. He remember president bush ordered tens of thousands of combat troops to iraq that is engineered to quell the of pirate violence spiraling out of control and to do battle with the insurgent terrorist group known as al qaeda at that morphed into isis. So we form alliances as two pillars of the search strategy but the third pillar has never been explored six. The nsa tapped into the telecommunications and internet infrastructure of the country of iraq and effectively owned the entire network of the country and intercepted every cell phone call, email message, a text message. What was it doing . Partly to understand the way that the terrorist network said organize themselves by studying the patterns of communications. I read about a guy a young Army Lieutenant at the time who deployed to iraq gathering Electronic Communications he was a fan of this series the wire for there is a character in old Police Detective who decides he will unlock the hierarchy not by walking the beat but by monitoring the sell funds that they use for a couple of calls in the stores to map out the networks based on the calls. And misinformation was handed off to Ground Forces is boots on the ground to fight these insurgents to capture or kill. Not the only thing with the daring exploits to individual insurgence posing as people that they knew to meet debt a particular place they fell into a trap. They penetrated websites so when people go to the chap forms the computers were infected that would hold it on their location. This was a genius hacking not just to steal information but to locate people the people interviewed for the book absent this dimension it does not stand trial or become a temporary victory that we all know now to prevent a civil war to bring stability back into the country. The surge was one by a cyberwar campaign. David petraeus said intelligence gathering operation was a prime reason for the significant progress made by u. S. Troops in the surgeon directly responsible to enable the removal of almost 4,000 insurgents from the battlefield. You can chart that against the book that change the play they fight wars and it shows that cyberoperations are part of that. Lied is this matter to us . Site argue in the book of the National Security industries the nsa is the center of gravity that the government is doing things that fundamentally undermine the protection of the internet that we all depend upon that makes it less safe place. En say is breaking into a technology we all use commercial technology as a proprietary force it is constantly looking for ways to find flaws in the operating system to give them away that nobody knows about. You hear about this is the technical term that once someone has found a way into the computer than there is zero days to defend against it. So they are gobbling up this information so one might argue it was in the business did you should disclose those for their abilities vulnerabilities. To be a Security Guard in your neighborhood if there was an open window but did not tell you that a flock of all the windows but did not tell anybody that is the analogy that i draw that to look for the weaknesses to exploit but not telling the public the nsa is not to win the job to make the internet safer. The other is to undermine encryption. It is basically a way that only you and the recipient can unlock it you can use encryption in your email or with your bank doing transactions online. And we know the nsa has been inserting flaws into a encryption products that are marketed with the seal of approval from the nsa. Theyre experts at breaking cuts and we know it has essentially been putting a recommendation or endorsement of what they know to be flawed. This is like if the government would market to say everybody buy this lock it cannot be penetrated but the nsa has the key but somebody else has it. As of battlefield makes it less safe all of this has emerged with no debate with their growing technology as president eisenhower described the previous generation and changing how we used the internet. To vaster were too pervasive to allow a antiand i argue in the book it should not be vested inside a secret intelligence agency. We come to depend on them like a public utility also with privatelyowned devices but it is a collective lie it is incumbent on everyone who attaches to take a stake to find what eisenhower calls the essential agreement a wise resolution to better shape the nation and i will be happy to take your questions. [applause] you could come to the microphone it is being recorded not by the nsa. [laughter] the director has said he is very much opposed to a google and apple have done to make it so even google and apple will they be successful to have them change . The short answer is not. And jim kolbe has said for this device is of threats because of fear arrest somebody with a phone it is a scripted it cannot be done in group did even in the major fracture if fido and though the code the fbi does not get an. This is a proxy for a mission to extend Surveillance Authority but there are laws in place to build networks so they can be tapped when they have a lawful order to intercept the Internet Technologies have never been precisely government by that law and to the fbi would like them to be. Director, e is overstating the particular risk of this device and should be talking about the broader debate to expand more surveillance to cyberspace. How paranoid should we be . To make everyone asks that question. You are not paranoid if it is real. I was afraid to go to search and web sites that would flag something i thought of as being paranoid but then nsa broken and it was worse than i could have imagined. Shays said dont go to wikileaks. What if i want to learn about al qaeda . Are they watching everything . I iraq was a particular example because it is not the United States. Theyre our surveillance laws for what that nsa and fbi can do with the individual communications. They cannot listen to emails or your phone calls that was not necessarily the case but if they want to target you figwort if youre in communication with someone overseas however in that Commission Persons communication is scooped up ended is collected incidentally the government can search through the data to come across your information and read it without a warrant because the perception it was illegally collected in the first place. Ltd. Is difficult to know at any particular given time was a legal theory the government uses but it is safe to say if they could find a way to technically and legally acquire information they will do it. So the rules should be a tight of the acquisition. Are certain things like . I dont know if you could visit wikileaks it would flag hero maybe if you were on a government computer it wired. Government employs have been told him to not go to wikileaks because there are classified documents but if you sit here today in washington d. C. I dont think so. That is reassuring. [laughter] how much do we know of what we can do to them . To make you can be sure we can do to them and we have done it. And at what to give everything away but, as. Go ahead. [laughter] i bought the books to make then plug your ears. [laughter] as the military very elite cadre of hackers theres one group that i read about like the impact the Impossible Mission force these are the guys that they call in. So were very, very good. The problem is we not have enough people to rage these operations. If we ever go to war with the big country how do we match up . The chinese sell thousands of more people with digital spiles but it comes right Technological Prowess just today there was news you may have read about the new computer virus discovered maybe reagan . From norse mythology. Sophisticated bellwether discovered and dissected that it could gather huge amounts of information and was probably engineer around 2018 and looks suspiciously like another virus that we know the nsa designed. Have not convened at confirmed it that we are one of the few that could decide that. Were very good. I once spoke with British Intelligence officer that the chinese get into everything but they are afraid of the russians because we dont know what they can do is that accurate . The attorneys are audacious and dont care if they are caught they are shameless and deny everything but the russians are very good to cover their tracks in several years ago after the demise of the soviet union you have high rescaled computer engineers a lot of these people have gone to work for a criminal organizations david teeeighteen and abetting a wistful but one official they found a number of cases were they zeroed in on a russian hacker to find out the government said change your name and identity there on to you. It is a government and an apparatus that is highly skilled and is good and not leaving traces. As a slight aside that the internet is not a utility but if it changes the rule to get them to treat it as a utility then what defects with that have been this arena . Mckewon major for the government chiru and forced Security Standards the mustapha minimal standards even obama last week talked about trading phaedra as a utility that is part of the neutrality if companies should be allowed to recharge more for higher volumes of traffic but if you treat that as a utility the government can regulate it just like security the sec has to go along with that i would suspect that opens the door to much tougher government regulations, those favor government coming in to regulate the threats are devolving so fast there is no way to know the most uptodate intelligence even en google has received threats briefings from the government and have been unimpressed because they said we heard about this we already know about this. So there is no answer they have the right answer for setting Security Standards. Would you comment on congressional oversight with respect to the military the internet complex . I get the impression our elected officials are at of their depth. There is a learning curve to be sure. Intelligence oversight in general i has been a critic the lot of this activity takes place under the auspices we havent had a great oversight where congress has been focusing to set the basic minimum standards and they have been shot down for companies to fear regulation this is the real issue if it rich legislators are not smart to become more proficient and that the threats are more severe than they are in to give them money that they dont need it is incumbent for congress to take the intelligence agencies words. Yes our threats but they need to be more in depth and flew went with the complexities. If i could follow up on this ladys question and having worked in the journalistic capacity he is the great journalist and it is gratifying to see the scope of his work. And with secretary hagel, is there something that he should have done or could have done or is it too much with the nsa that leads to the next defense secretary . So what assistance should they focus on . There is leadership in interNational Security agency. We have u. S. Cybercommanded is four years old to be like Central Command but if you talk about cyberoperations that should be run by of military organization. The head of that is of cybercommand so you can see how the deck is stacked. Secretary hagel made very few statements at all. And to put them over with cybercommand the you can get better oversight. Is this a defense policy with the Justice Department has scooped up with those hotbutton issues . The white house was involved and aware of what the nsa was doing. And the director of the nsa manage to accumulate in they are masterful. And his predecessor of probably fahrenheit better as to be a gate keeper as a National Security advisor. I talked to obama to make it a National Security priority. So the political momentum comes from there. So you need to take that authority back. So with the electric grid care gsa things that could be on it . But every device is now connected to the network your phone, airtraffic control i dont know specifically is metro runs through the internet but it creates a marvelous efficiency but the more divisive issue put on the definition anything connected to the network can be hacked or compromise. And that nobody thought of protecting it. But as we keep adding more and more devices we are putting the security of the devices in the people that use them. That will change with a higher profile breaches but as these devices start to fail you may see some urgency but itll take people getting wounded to focus the attention. I manage a website that is connected part of my church community. In october we had a huge spike of hits in the dash board report showed almost those hits came from china. Says that the in the red army is monitoring our church . It depends whether you minto into . It is innocuous. [laughter] but it could not have the universal significance. We be for propaganda in china. At some point should we be concerned . You should always be concerned somebody he should not be in the network but it does not surprise me at all. But there whole idea is to throw lots of bodies that the problem and to see what sticks. Who knows why. So the question is should we be concerned . And the q should have never security and Major International been emails from people you dont know dont be scared but there are some basic procedures you can take to make yourself less vulnerable. If they just pings the network and dont get in then dont worry too much. Can you speculate a little about the future to make an analogy to see a point to the mutually assured to cyberwarfare or is somebody took the first step to have the advantage of the power grid . O lot of the cold war models mutual destruction is one but there are incentives for large nation states said chinese were of not crash crash, theyre the biggest lenders will fall back on them. If there was an attack on the power grid to shut off the lights in the belief it came from china it was part of the larger military campaign. This is not that easy to rich tribute the source said the attack is the attribution problem. How can we respond to read. But as of today could launch an attack like this there would not know who to retaliate against. So how do deal with cyberspace as a huge unanswered question . In the educational aspect sarah said article there was an article as they trained the next generation of cyberwarriors or hackers. But if you read anything about anonymous that whitehead and blackhead can be slippery. Is there that complex . The nsa for a number of colleges and universities whole directory to love and severs security by where they will pay for the four year degree of Computer Science a jeering then they work for that nsa to pay them back. One person went to school the became a hacker then left and started a private start a been a Silicon Valley so yes there is a connection and it feels like colleges and universities and it takes talent. Has people who are attracted to that type of work for those who had a streak but that said the military is another source of recruitment and for them the draw of service is very alluring and they will have success. And thus which emphasis by way we killed one another by the defense establishment but what about the field of medicine our health . To understand and though there are people working with molecular structures the law how far is that process that we can use that technology with that scenario . I will give you one scenario. So search of a with date Data Analytics with threats to Computer Networks absolutely with experimental drug treatments. With a highpowered computing to do tremendous good so tapping into that big data revolutions of mentioning health care the vulnerability of medical devices so homeland fans may remember the pacemaker some people out there who had scenarios cut and there was the scenario that a foreign dignitary comes to the United States for medical treatment those who want to kill and find out where he is staying. Because these are all not regulating connected to the internet. Changing medications and the nurse kills him so medical Device Security is actually a place that people are worried about and hospitals have defined as a Critical Infrastructure sector saw anything connected to the network. And was sinking the have millions of cells in our body and cancer it is impossible to track bed is a life think of not to kill a dweeb. You are determined to make it uplifting but going back to the data mining with the same type of technology