He is currently a Senior Writer at the daily beast. He is also worked as a Senior Writer for Foreign Policy and his work as appeared in numerous publications including the new york times, the wall street journal, and the washington post. Also a fellow at the new america foundation. Were pleased to welcome him back for his second appearance at politics and prose. Hell me welcome shane hairs. Shane harris. Thank you for coming out. On a night like tonight you could be sitting on a veranda, drinking wine and enjoying this summer evening. So im glad you chose to spend the evening with me. Great to see so many people and friends and colleagues as well. We were just talking before we began, ive been touring with the book, and speaking at a number of book stores around the country, and this one really is just prized for the way it brings people out in the community and its so great to see such a large gathering. This is great for a book talk. Youre making me very happy. So this book, war is a story, really, and youll find a lot of stories but its a narrative how it is that cybersecurity became a fixation, a top priority for National Security in the United States right now. Cyber security, which we define as threats in cyberspace to include espionage cybercrime, attacks over Computer Networks that can damage physical infrastructure, like disrupting power grids or disabling Water Utilities or affecting banks. But the risk of these attacks for the past two years has topped the Intelligence Communitys list of global threats. Every year the Intelligence Community puts out the big things that keep people up at night and cyberthreats have been at the top of the list. James combie the new fbi director, the former Deputy Attorney general said the risk of Cyber Attacks and related risks in a rise in cybercrime will be the most significant National Security threat over the next decade and this is above terrorism. Last week the director of the National Security agency, Michael Rodgers testified about congress that cyberattacks were costing how much billions of dollars to u. S. Companies and multiple foreign governments had already probed the systems that control and regulate our electric power grid. He said this is not theoretical, quote, it is truly significant, almost catastrophic failure will occur if we do not take action. How is it we got this point where our top National Security officials are telling us that the risk of a catastrophic cyberattack, espionage directed against u. S. Companies,er is the thing we should be most worried about, and what does that mean for all of us who exist in cyberspace and use the internet every day. That book tries to answer those questions. It starts with a story, and for a book like this, rather scary story, which ill relate to you now. This begins in the summer of 2007. The ceos of the major defense contractors, boeing, lockheed martin, are called over to a might at the pentagon they dont exactly know why theyre there but they figure if they have been called here on short notice this cant be good news, all their competitors in the room. Theyre ushered into a room called a sense stiff compartmented facility its the thingy you have to drop your cell phone outside before you go in this sound proof room that is actually impermanentable to eavesdropping player, where you only receive the most secretive secretes, and the executives brothering in and sat down and given what is called a threat briefing. Military officials describe to them how hackers believed to be in china are accessing Computer Systems that contain some of the most classified information in the military specifically things like plans for the joint Strike Fighter the f35 our next generation military aircraft, as well as a number of other started classified military programs have been overrun by cyberspies. And that seems pretty scary to this ceos. What is even more scary the spies did not access the information by getting getting into military networks. They got into networks of the companies the ceos companies. The hackers made an end run around the pentagons rather formidable and attacked contractors working on military propers. Some described to me who is familiar with this meeting. A lot of executives went in with dark hair and when it came out turned white. They were very disturbed to find out not only the spies had gotten in the their systems but they knew very little about it. The pentagon said you have a security problem, therefore we have a security problem. We have to too something about this and if you want to continue being contractors for the department of defense youre going to take our help. What begins at this point is something that i think really epitomizes our Current National approach to cybersecurity. The pentagon teamed up with these contractors and in an information and intelligence sharing arrangement. The contractors agreed to report to the pentagon threats they were seeing on their network, including when they had been breached. The pentagon agreed not to disclose this publicly because companies do not like to say when they have had hackers, and in return the pentagon was going to provide these corporations with information that it was gathering from its own intelligence operations, effectively the fruit of espionage that agencies like the nsa were gathering about these threats in china and how they might affect american businesses. So this partnership essentially sets up whereby private sector and public are coming together for the mutual purpose of defending Computer Networks. The companies are essential in this arrangement and this is true across the board when we talk about defending Critical Systems in the u. S. Companies own roughly 85 of the Network Infrastructure in the United States. The government does not physically control it. So companies have to participate with the government in this intelligencesharing and mutual security arrangement if were actually going protect the internet. The effort that began after that pentagon meeting became something known as the Defense Industrial base initiative, or the dib, which kind of recurrs throughout in my book. 100 companies are members in this today. There were only a dozen or so when it ghana late 2007. The model has been expanded to other seconders of the economy beyond the Defense Industrial base. So today the National Security agency via the Homeland Security department, shares this kind of Threat Intelligence that its monitoring from various networks overseas particularly with Internet Service providers, and the hopes they will then program the threat signatures into their own systems scanning for malicious soft square intrusions and then protect the people who are their customers downstream. Bigname Technology Companies have struck up relationships with the Intelligence Community. One day i write about in the book is google. Google obviously has a privileged kind of peering into networks all over the world. They move much of our Communications Traffic that were all using every day. Google struck up a secret relationship with the nsa in 2010 after it was hacked by chinese spies where they agree, like the defense contractors to share information theyre seeing on networks and in turn for the nsa providing information to them. So defending cyberspace and also spying in it and attacking in it has actually become a cooperative effort between the government and the Intelligence Community, and its partner inches the Technology Industry. That is what im referring to when i write about the military internet complex the coming together of two powerful forces. And i am deliberately harkening back to president eisenhowers military Industrial Complex speech which ill talk about later. This arrangement glynns at the tail end of the bush administration, and it took a number of years for president bush and some of his senior National Security advisers to start taking the threat of cyberattacks and cyberespionage seriously. There have been talk about this at the highest levels in government for many years but really did not catch on until the end. Pressure pressure was fame newsily not most technological inclined chief executive. He once said he used the going toll look at satellite images of his ranch in texas. Not to pick of president bush president clinton only sent one email in the entire time he was in office. The internet was a fair live nascent infrastructure at the time. Where thats really takes off as far as the National Security priority is under president obama, who, of course, used the internet masterfully in his campaign, very much our first internet president , you might say. President obama actually got a firsthand experience with cyberespionage when he was on the campaign and his Campaign Email system was hacked by spies believed to be in china. As an equal opportunity offender here they hacked john mccains Campaign Email system as well. So obama comes into office with the firsthand kind of glimpse of this and a real appreciation for the vulnerabilities in cyber space, and from day one, when he is given his briefings his classified briefings about various National Security threats, cyber is placed very near the top. So not one to waste time he adds a whole new dimension to the governments approach for dealing with the threat in may 2009 obama gives a speech in the east room of the white house. Its a very very large room and reservedded for only the most moment to us speeches the president wants to give when theres going to be a big crowd. So he gives a speech stands up, and unveils his plan for securing cyber space. He says that his Campaign Email was hacked home actually acknowledges the electrical grid, the systems that control the grid had been probed by outsiders. He doesnt say governments and doesnt name them. This is the profit the United States standing up and saying effectively, our Critical Systems, the things that control the machinery that we depend upon for our daily life are vulnerable and theyre wide open to attack and he intends to do something about it. And again, harkening to model developed this internet military complex, he says quote, the vast majority of our Critical Infrastructure in the United States is owned and operated by the private sector. We will collaborate with industry to find technology to ensure and secure and promote our prosperity. The enter northwest is a Strategic National asset and we intend to protect it as such. So you obama really defining cyber space as national asset, even though it is something that is largely privately owned. Theres a tension there as well. He sets out on a very ambitious program, putting the government at the center of efforts to try to secure cyber space to try to influence it, not control it, and i write more about this in the book. What is important here is that obama, just like bush before him, is starting to see and to describe cyberpace as a battlefield. The military refers it also the fifth domain of warfare, are land air, sea and outer space and views trying to achieve supremacy there as vital as it is on the other four. To give you some sense of how the military has prioritized this, its always good to follow the money in washington as we know, so if you were to take a look at the Defense Budget for cyberprograms, in 2014, just in cyberdefense programs, mostly on protecting Government Computers and sharing intelligence with industry, the government allocated 13 billion on cyberdefense programs. This doesnt touch the offensive side of the ledger or Intelligence Agency programs. So 13 billion on defense. Putting that in perspective in 2014 the government plans to spend 11. 6 billion on direct efforts to combat climate change, which president obama called in his speech quote the greatest threat of our time. So 13 billion on cyber defense, 11. 6 billion on climate change. The 2012 pentagon budget had the word cyber in it 12 times. The 2014 budget had the word cyberin it 147 times. A 12fold increase in just in mention of the word. Its become a joke within the pentagon that because it is really the only part of the dod budget that is growing, sayinger security, if you want to get money for your project, slap the word cyber on it whether it has anything to do with cyber at all. In fact 0 couple of weeks ago the senior dod official who runs cybersecurity policy joked he was starting to see a lot of proposals for thinks like cyber tank crossing his desk. No such thing as a cyber tank. So government officials have really taken to talking publicly about are you vulnerabilities and the way our companies are being robbed by spies, which i true but i think theyre theres a bit of a cynical application here playing the victim is a good way of focusing National Attention and drumming up money for defense programs. But it tends to obscure the other side of the story, which is what this book is also about. Were pick to picture ourselves as a victim but were doing many of the same things we blast other countries for doing to us, and to our corporations. We really have become masters in offense in cyberspace. We have become very good at waging cyber warfare. Its going to become an integral component how we fight wars in the the future. One story i like that i tell in the beginning of the book that i think really cap tours how cyber is being entity integrate ited into lou we fight wars. Theres a lot of 2007 activity in this book. The year things took off. That was the in 2007 youll remember that president bush ordered tens of thousands of additional combat troops to iraq as part of the surge, which was engineered to quell violence out of from iraq to prevent a civil war, in particular to do battle with an insurgent terror grist group known as al qaeda in iraq which later morphed into isis. So the tens of thousands of troop goes. We form aligns with sunni tribes to turn them against al qaeda in iraq. Two pilfers the surge strategy. Theres a third pillar that has never been explored. The nsa tapped into the telecommunications and internet infrastructure of the country of iraq and effectively owned the entire network of the country of iraq. It intercepted every cell phone call. Every email message, every text message. What was it doing with the information . Part i it was to try to understand the way that these groups, these terrorist networks had organized themselves by studying the patterns of their communications. Write about a guy in the book who is a young Army Lieutenant at the time, who had deployed to iraq and was work neglect signals Intelligence Group to getting electronic communicatings for the army and working with the nsa. Bob was fan of the hbo series the wire. So theres a character in the wire an old Police Detective named lester freeman, who decides he is going to unlock the hierarchy of the drug rings in baltimore who these shadowy players are, not by walking the beat and trying to tap human sources but by monitoring their cell phones and particular live the disposable cell phones they use for a couple of calls and throw away. And lester starts mapping out the networks of who these people are and who is important in the hierarchy based on these calls. Well bob did that as well a lot of people did this. This information was handed off to Ground Forces boots on the ground, who would then go out and find these insurgents and capture or kill them. This isnt the only thing the nsa and the elite hackers working are for them were up to. Some more or the daring exploits i write about, they started second fake Text Messages to individual insurgents posing at people they knew and directing them to meet at a particular place where, when they got there, they fell into a trap. They pain treated websites that were used by these groups and implanted spy ware on them so when people would go to the chat forums thinking nobody was watching actually their computers were being infected with viruses and spay ware that would home in on their location and give the nsa access to emails and communications on their computers. This i engenius hacking with a physical goal. This wasnt just to steal information it it was to locate people, and to help a war effort on the ground. Cyber was being integrated into the conventional military conflict. People i interviewed faux for the book that said an sent this dimension of the summer, the surge does not stop violence in iraq, does not become a temporary victory we all know now where we did prevent a civil war and managed to bring some stability back to the country. The is this secret weapon, the surge was won by a cyber war campaign. David petraeus said publicly that this intelligence gathering operation was quote, a prime reason for the significant progress made by u. S. Troops in the scourge was, quote directly for the surge and was directly responsible for removal of 4,000 insurgents from the battlefield. You can chart the violence going down and how the intelligence operations were ramping up. So, iraq changed the way that the nsa spied, but it also changed the way that the United States fights wars expect showed us that Cyber Operations will be part of that. So i argue in the book that in the government zeal particularly the National Security agencies efforts to dominate cyberspace, and the nsa is the center of gravity for our cyberoperations that the government is doing things that fundamentally undermine the security and the protections of the internet that we all depend upon and its making it actually a less safe place for all of to us operate. Give you a couple of examples. Nsa is in the business of spying on breaking into technology. Well we all use commercial technology in this country that i found in other countries as well. Theres no proprietary u. S. Systems or propriety tear technology. The nsa is looking for ways to find flaws in Software Computer operating systems that would give them a way into a system snow one else knows about. Frequently called zero day vulnerables. Youll hear about this in the technical jargon meaning once someone found a particular way into a computer that nobody knows, there would be zero days to defend begins if you chose to attack it or exploit it. So the nsa is gobbling up this information and hoarding it in order to build offensive capabilities, cyber weapons. One might argue if the nsa was in the business of defending National Cyber space you should be disclosing those vulnerables to the companies that manufacture these products and letting the public know about it. Imagine that the nsa was sort of a Security Guard in your neighborhood or a cop on the beat and it found that there was an open window in your house but didnt tell you or that it found that there was flaw in all the windows being used on to the block but didnt tell anybody about it. Thats the analogy i draw in the book effectively by looking for weaknesses to exploit but not telling the public bat them that the nsa is not doing its job of making the internet safer. Another example is the nsas efforts to undermine encryption. Encryption is basically a way of jumpling up a communication so only you and the recipient can unlock and it understand what it says. You can use encryption in your email, may be used with your bank when youre doing transactions online to make sure you can only see the information and your account dat a a cant be storm. The nsa has been secretly inserting flaws into encryption products that are marketed with the seal of approval by of the nsa. The nsa are experts in making making and breaking codes and we know of instances in which the agency has been putting a recommendation or an endorsement on a product sold commercially that they know to be flawed in a way that only the nsa thinks it understands. This would be sort of like if the nsa if the government was marketing a particular kind of door lock and said everybody in america buy this look for your front door. Cant be penetrate, but the nsa has a key for that lock, and i actually is not a key that is particularly well hidden. Someone else can find it, too. So i argue that these efforts of the agency undertaking as its to dominate cyberspace are actually making cyberspace less safe for us and put us at risk. All of this has emerged this story i right about in the book with practically no debate. And with actually very little reporting in public commentary. This conjunction of a huge warfighting machine with a growing Technology Industry is i income as president eisenhower described, the military Industrial Complex of a previous generation quote, new in the American Experience and it is changing how we use the internet and exist in this fifth domain. I think cyber space is too vast too pervasive and to important to how we live now to allow a single entity or any alliance to govern it or dictate the norms of behavior. And i argue in the book this authority should certainly not be vested inside a secret Intelligence Agency. Theres no neat way to define cyber space and i dont attempt to do so in the book. Its not a commons but also not private. We have come to depend upon it like a public utility, like electricity and water but it is still mostly a collection of privately owned devices which makes making policy in this area particularly difficult. Yet a cyber space is undeniably a collective which is why i think its unculp bent on all of tuesday take a stake in how we treat it and as president eisenhower said a wise resolution of which will better shape the future of the nation. Tanks thanks for your attention. Ill be happy to take your questions. [applause] if you could come to the microphone because his is being recorded. Not by the nsa as far as i know. The director said several times in recent weeks that he is very much opposed to what google and apple have done with their Encryption Technology making it so that even google and apple, if they wanted to, they couldnt decrypt their own devices. Do you think that the director will be successful in any effort to force google and apple to change their current right. The short answer is i think probably not. At least not in the near term. What is interesting about this argue. Jim combie said among other things this device, for instance, the iphone 6 is essentially a threat to Law Enforcement and obstacle to Law Enforcement because if you l you arrest something with this phone and its increpted it cannot be uneven crippled including by the manufacturer so the fbi wont get into it. So i think this is a proxy for a much Larger Mission the fbi has been on to extend Surveillance Authority to the internet. Without getting into the weeds of it there are laws in place that require Telephone Companies to build their networks in certain ways so they can be tapped when the fbi or another agency has a lawful order to intercept communications. But Internet Technology in Companies Like google and apple have never been precisely or neilly governed by the law and the fbi would like them to be. I think the director, who ill know and think very highly of, is overstating the particular risk that this device poses to Law Enforcement, and he is actually really should be talking about the broader debate, which is that the fbi wants to extend more Surveillance Authority to cyber space. Thank you. Im wondering how paranoid we should be . Everyone asks that question. You know, youre not paranoid if its real. I was afraid to go to certain web sites like wikileaks, that it would flag something. I thought i was being overparanoid, and then nsa stuff breck and it turned tout to be much worse than i could have imagined. I know someone at Homeland Security, has high position and i told her i was i uwanted to check out wikileaks and she said dont go to wikileaks, and now im wondering if you access certain web sites that you flag what if i wanted to learn about al qaeda and just wanted to learn what it believes in and right. Are they watching everything . What you said in iraq they have control of everything. In iraq was a very circumstance example because its not the United States. We should remember there are surveillance laws and restrictions in place for what the nsa and the fbi in particular can do with american citizens individual communications. They cannot listen to your phone calls without a warrant. They cant read your emails without a warrant. Is that right . Thats right. Used to not necessarily be the case but it is correct if they want to monitor your individual phone call target you that they need a warrant to do that. If you are in communication with someone overseas however, and that persons communications are scooped up, which by the way doesnt require a warrant the same way it does for your, and your information its collected incidentally to that collection the government can go back search through the data collected, and ping certain key words and come across your information and read it without a warrant because the presumption is that it was lawfully collected in the first place. I know. Kind of puzzles me a little bit and this is a debate going on right now within the corners of National Security law that cover this stuff. Its very difficult to know at any particular given time what legal theory the government is using to access certain kinds of information. They use different parts of the threw access different kinds of information, but i think its safe to say that if they can find a way to technically and legally acquire information, they probably will do it. So that would lead to us conclude that the rules should be tight on the use of information as opposed to the acquisition of the information. I dont know if that puts your mind at eels any about not at all. Web sites you can go so, are certain things flagged . I dont know that if you were today to go visit wikileaks, it would necessarily flag you. If you were on a government computer it would. If you were in fact government employ yearees have been employees have been calleddont go to wikileaks. Whether you sit heath today from your computer in washington, dc would that be flag ned i dont think so. Thats reassuring. Hi, shane. What do we know about how much stuff we can do to them . So, you can pretty much be sure that anything that were afraid of people doing to us, we can do to them and we very well may have already done it. The first half of the book is about the offensive side of cyberbar and i dont want to give everything ware and spoil the story. Go ahead. Go ahead go ahead. Thanks john. You helping my book sale. I already bought the book. Youre fine. Everyone else plug your ears. We have as a military in the nsa shy say very elite cadres of hackers one group i write about theta tailored access operations unit, like the Impossible Mission force of nsa hackers if when they really want to break into a very secure hard to get system these are the guys they call in. In fact some people i write about in the book have worked in it so were very, very good. The problem is we dont have enough people to go out and wage these operations compared to our adversaries if were measuring this in terms of if we were to ever go to war with a big country inspireber space, how would cyber space, how would we match up against them . The chinese have thrown thousands of people at gathering information from companies we have digital spies going out and gathering information. Our advantage probably comes from our technological prowess. Just today in fact there was news you may have read about this new computer virus that was discovered called regin name from norse mythology, sophisticated piece of malware that was discovered and dissected and found it could gather huge amounts of information from Computer Systems and barely be detectedded. Probably engineered around 2008, and looked suspiciously like another computer virus called stucks net which we know the nsa designed. So we havent confirmed it yet but very few countries in the world could design something that sophisticated and were one of them. So were very good on the offensive side of it. I once recently spoke with a British Intelligence officer, cyber guy who said that the chinese get into everything but the people most afraid of are the russians bops the dont leave fingerprints and way dont know what they can do. We only know theyre good. Is that accurate. Accurate. Russians have tremendous technological prowess. The chinese are audacious and dont care if they get caught. I they just deny everything. The russians are very good at covering their tracks. You have a lot of well, several years ago after the demise of the sovietupon you had a lot of very highly skilled computer engineers with suddenly not many great employment prospects. A lot of these people have gone to work for criminal organizations, they employ very sophisticated highly trained people and the russian government not only turns a blind eye to this they aid and abet it to some degree. Fortunately crime in particular. I was told by one senior u. S. Official who works on sign enter cyber investigations theyre zeroing in on a russian hacker and find out that the russian government tipped him off and said change your name and your identity theyre ton you. So were dealing with a government that and an apparatus that is very highly skilled and as you said is go at not leaving traces. This is a slight aside but you mentioned that the internet is not a utility in the United States and its not legislated as one but if the fcc changes the rule and the administration gets them to treat it as a utility, what sort of affects do you think that would have in this arena . I think it would make it easier for the government to regulate and enforce security standards. So telling companies you must have the following minimum protocol and procedures, and president obama last week, in his week live address, talked about treating the internet at a utility. This is in the context of Net Neutrality and the debate over whether or not companies should be allowed to charm more for higher volumes charge more for higher volumes of traffic. What i found striking was that, wait a second. I if you treat the internet as a utility the government can regulate it and that means they can regulate security just like they regulate security at Food Processing plants and any number of physical infrastructure facilities. The ftc would have to go along with this but if that happened that would open the door to much tougher government regulations of security. And we have been having this debate. There are those who very much favor government coming in and regulating this. The flip side of that i writ about there is in the book the threats are oinvolving so fast theres no guarantee the government is going know what the most up to date intelligence is, and in fact a number of companies, including google, have received threat briefings from the government and been very unimpressed by what theyve been told. They say weve already heard about this. Tell us something else. So theres no guarantee the government has the right answer for setting security standards. Would you comment on congressional oversight with respect to the military internet complex . I get the impression that way too many of our elected representatives are totally out of their depth when it comes to these kinds of questions. Right. There is a technological learning curve to be sure. Yeah think that look intelligence oversight in general is ive been a critic of it for a long time. Its anemic and a lot of this activity is taking place under the auspices of an Intelligence Agency, the nsa. I dont think we have had really great oversight of these operations. Where congress has mostly been focusing is on legislation that would try and set some of these basic minimum standards for security that companies would have to follow. Those efforts have been shot down largely at the behest of companies who fear regulation. This is a real issue and if legislators arent smart about this and really becoming more proficient in the language of technology they risk being duped, frankly, by intelligence officials who are persuading them that the threats are maybe more severe than they actually are, and persuade them to give them money they maybe dont need and authority they dont need either. Its very much imculp bent upon congress to not simply take the Intelligence Agencys words for it. Yes, there are threats but they need to get a lot more in depth and fluent in the complexity of the threats before we begin making permanent laws. If i can actually follow up on this ladys question a very brief intro that a few of news the room have worked with shane in his journalistic capacity, and its been gratifying. He is a great summerrist and its been gratifying to see the scope of his work and no doubt more is to come. So but to take so really to pose a journalistic question if we can do that. Take todays news about secretary hagel moving on. Notice his name is not in i assume that may Say Something about hagel. A is there something that hagel should have done could have done or is it just too much nsa and now leads to the question of the next defense secretary and the changes in Congress Republicans taking the senate and new chairman in the house . What would you advise them to do . What kind of policy issues should they be focusing on . I do think in general theres too much authority and leadership on the issue of vested in the National Security agency. We do have this new organization, about four years old now, called u. S. Cyber command and its blend to be a combatant command, like central command, which i running the war in iraq and afghanistan. I think if youre going to Start Talking about Cyber Operations and warfare and integrating that into military doctrine that should be run bay military organization, not by an Intelligence Agency. The nsa is also a military organization, a military Intelligence Agency. The head of that egg is also right now the commander of Cyber Command. So you seek how the deck is stacked in favor of nsa. Hagel never made many very few public statements at all about Cyber Security and cyber warfare. I hope that the next defense secretary will come in and start to make it a priority to get some of those authorities out of the agency and put them over with Cyber Command where i think they more properly belong. You can get better oversight of the military organization than you can of the nsa. If i can interrupt, just one other followup. Is thats another part of the defense policy where the white house and the nsa or even the Justice Department have scooped up some of the sexy aspects of the hot button kinds of issues . To some extent. The white house certainly was involved and aware of what the nsa was doing in this realm but theres somebody i write about in the book, Pete Alexander director of the nsa the longest serving director and retired recently elm managed to accumulate the bureaucratic momentum and the mojo really masterful at it. Some people in washington who can do that. Leon panetta was another one. Hagels predecessor who probably faired bateer in the job than secretary haigle and understood Cyber Threats by the way. I think lot of this just kind of captured by the agency and the white house probably needed to get more involved as the kind of the gatekeeper setting policies. I talked to obama kind of kicking off in the east room of the white house in 2009 and making it a National Security priority and it definitely is but the energy slipped from the white house. The political moment was coming but the engine is in the agency and you need to take some authority back. You mentioned our Water Systems and the electric grid. Could you say some more about the internet of things and other systems that might be on it, like, for instance, does it really run metro off the internet . The internet of things ising this motion that everything every device is now connected to the network, your appliances your phone the air Traffic Control system. I dont know specific live whether metro is run via the internet but absolutely could be. It creates these marvelous efficiencies and interconnectedness and makes or life easier but the more devices you put on the network the more vulnerable the devices are. By definitionally anything that is connected to the network can be hacked and compromised. Youll often hear people talk about the internet was designed with security in mind. Began as a Research Network and then flourished and nobody erv thought about protecting it elm thats generally true. And as we keep adding more and more devices to the network were not putting the security of those devices and be people who use them first and foremost. I think thats going change the more that you see some of these higher profile breaches, things like them home depot and target breach. Data being stolen. As some hoff thieves devices start to fail or be manipulated you might see urgency on the part of the users of the devices to protect themselves. Its going to take people getting wounded really to focus the attention. Well take the questioners already lined up and after that well, this will be quick. This is not universally important but i manage a web site that is connected that is one of my church community. And in october we had a huge spike of hits on the web site, and the dashboard report showed that almost 50 of those hits on the web site came from china. Does that mean the red army is monitoring our Church Web Site . Depends. What do you know and what are you into . Totally innocuous. Important for the community but could not possibly have any kind of universal significance. Sub subversive group using propaganda in china. There is some point we should be concerned about this kind of you should also be concerned about somebody who is not supposed to be in your network. In a wait its bizarre it sounds your church group would be being ping by the chineseat the same time it doesnt surprise me at all. Their whole m. O. Is throw bodies at the problem and threaten just sort of see what sticks. Know is why they were poking around that day on your Church Web Site. So the question is, should we be concerned . Is anything that we can do. You should have good Network Security and if you have somebody managing your web site make sure you have the right protocols and Antivirus Protection in place and do not open emails from people that you dont know. Be careful about opening email friday people you do know. I dont want you to be scared but there are basic sort of procedures you can take to make yourself less vulnerable. And if theyre just pinging the network and not getting in dont worry too much. I just wondered if you could speculate about the future and sort of make an analogy. Do you foresee a point in the future where theres something roughly similar to mutual assured destruction evolving and this is with respect to cyber warfare and especially as you say allout cyber warfare. Is there any technical reason why if somebody took the first step theyd have a decided advantage and be thinking about the power grid or whatever . Right firststrike capability. Right. A lot of the cold war models work up to a point. Mutually assured destruction is one. A lot of incentives for large nation states not attack our Critical Systems them chinese arent going to crash the American Financial system because theyre our biggest lender. So think they do to us is going to flow back on them. I think if there was an attack on the power grid that shut the lights off in a major city and we believed it was coming from china, we would probably have bombers on the way to beijing because we would presume that was the opening salvo of some kind of larger military campaign and not necessarily an isolated event. But those deterrents in place. Where this starts to break down is mutually assured destruction worked abuse we knew it would the soviets firing at us and us to. The its not easy in cyber space to attribute the source of the attack. You heard about the attribution problem. We dont know where the take came from, how do we responsibility emthe government has gotten better at who to retaliate against. Thats where we find ourselves as sort of groping how to deal with cyber space. Thats huge unanswered question. Hi. Im sort of interested in the education aspect of this. Theres an article in the post a little while back about certain universities that are offering programs of courses training the next generation of Cyber Warriors or socalled whitehat hackers, but if you have read anything about say anonymous, the relationship between being white hat and black hat can be very slippery. Im wondering if the government is involved in the educational process at all . Are they aware of these programs . Working with these programs . Is there a military internet education complex . There is. Yes. So the nsa actually for a number of colleges and universities helped write curriculum in Cyber Security, and it does that because it wants to help field and educate a new generation of potential employees. It has a program whereby they will pay for the fouryear degree in Computer Science and engineering of someone and then that person comes and works for the nsa for four or five years to pay them back. Actually interviewed one person about this who went to school via the nsa became a hacker issue went to work for the agency for five years, and then left and started a private Cyber Security startup in silicon valley. So yes theres absolutely a connection between those and the nsa and colleges and universities are where the next best talent will come from and its taking steps to influence that process and attract new talent. A post snowden thats not going to be as easy as it may have been pre because the kinds of people who i think are attracted to this kind of work, many of them may have an antiauthoritarian streak. And may not necessarily be the ones who are that interested in signing up for this. That said the military is also another source of recruitment and i write about a number of soldiers in the book who became Cyber Warriors and for them the draw of service and also being part of a new kind of war and a new kind of warfare is very alluring and i think the nsa will have a lot of success recruiting from the ranks of the military for these operations. Our last question. Thats really amazing, what im hearing. Just to switch emphasis from this being a tremendous tool whereby we kill one another which is usually the emphasis of anything done now by the defense establishment, how to kill other people more successfully. What about in the field of medicine . The field of health . Is there are there people working in the field specifically with health trying to understand well exi know there are people working with molecular structures and trying to understand but how far is their progress and does the one feed off the other . Any indication we can use this kind of technology to improve our Health Scenario . Sure. Ry give youup uplifting story and then a scary one. Certainly in the realm of Big Data Analytics and the kinds of capables we bring to bear on processing threats to Computer Networks absolutely. Theres potential for that to conduct. Genetic modeling and sequencing and experimental drug treatments and all that and theres tremendous promise in this level of highpowered computing that the nsa specializes in to do tremendous good and scientist are tapping into that and its big data revolution. Where my mind was going when you mentioned health care was the vulnerablity of medical technology and devices. Homeland fans may remember the pacemaker plot line with the Vice President okay. So there are people who actually entered view for the book who kind of game out scenarios to train particularly people at nsa and network defenders, and the guy i interviewed had a see anywherey whereby he said, okay foreign dignitary is coming to the United States for medical treatment at a pick your name brand hospital. People who want to kill him find out where he is staying. They hack into the prescription dispenser in the hospital that regulates his method indication because these things are all regulated and many hoff them are czeched to the internet for offered didding purposes. They change the dosage on his medication. The nurse give gives hmm the wrong amount and kills him. So medical Device Security because of this internet of things is actually another place that people are very worried about. Hospitals have been defined as a Critical Infrastructure sector of the same way that the electric recall grid and the system have been. So anything that is connected to the network can be manipulated, and there are people who are trying to head off people who would execute this kind of dastardly scenario. I was thinking more from we have millions of cells in our body and cancer is just been impossible to track what is what and how does it change. Thats the kind of stuff im thinking before. Not to tills dweeb who ends up in not to kill some dweeb. Youre determined to make neume leave this on the uplifting note. The data mining and highpowered computing used to tackle these problems and cancer rears are using the same technology that can be deployed for less helpful ends we should say. Ill leave it to you to promote that field. Okay. Thank you all very much. Ill be happy to sign your booked. [applause] were going to form a signing [inaudible conversations] every weekend booktv offers programming focused on nonfiction authors and books. Keep watching for more here on cspan 2 and watch any of our past programs online at booktv. Org. A familiar face to cspan and booktv viewers ted olson, the former solicitor general and coauthor of this book, redeeming the dream the case for marriage equality. Along with david boise. Mr. Olson did you surprise a lot of people with your position on gay marriage . Apparent live i did. I didnt surprise me and i didnt surprise people who knew me because i think i grew up in california, i feel its wrong and ive always felt its wrong to discriminate against people who are gay or lesbian, and when i was first asked to take this case, i thought it was something that i could do and that i wanted to do. So so i was surprised that people were surprised because im a conservative, a lot of people were, and i felt that it was then my mission to try to convince as many of. The as i could that this is the right place to be. Host whats the conservative case for gay marriage. Guest the conservative case for gay merge is easy. These or two loving people who want to come together in an enduring relationship and form a part of a community and have a family and be part of our society and to live together. What could be more conservative