Started a few months later, in spring of 2006. I felt like i still was having some restlessness having had thatster generals. Host we have been talking with dr. Dinah miller coauthor of some shrink rap. Booktv is on facebook. Like us to get publishing news scheduling update, behind the scenes pictures and videos author information and to talk directly with authors during our live programs. Facebook. Com booktv. Shane harris talks about the militarys use of cyber space to wage war. He discusses the involvement of private Companies Like google and microsoft in this fifth domain of warfare. This hourlong Program Starts now on booktv. Im pleased to welcome shane harris this evening to discuss his new book, war the rice of the bill tear internet complex. Hello ands how Government Agencies are teaming up with the likes of google and microsoft and finance companies to monitor cyber space and collect information and what that means for us as individuals and a nation. This is harris second book. The watchers the rise of americas surveillance state when the income public librarys book award for excellence in journalism. He is current lay Senior Writer covering intelligence and National Security at the daily beast. He is also worked as a Senior Writer for Foreign Policy and his worked has appeared in numerous publications, including the new york times, the wall street journal, and the washington post. Also a fellow at the new america foundation. Were pleased to welcome him back for his second appearance at politics and prose. Please hem me welcome shane harris. Thank you for the great introduction. Thank you all for coming out on a night like tonight. You could be sitting on a veranda and drinking wine and enjoy thing summer evening. Im glad you chose to come out here and spend it with me. Greet see so many people and friends and colleagues as well. We just talked before we began i have been touring around with the book, and speaking at a number of book stores around the country and this one real isy just prized for the way it brings people out in the community, and its so great to see such a large gathering. This is great for a book talk. So thank you very much. Youre making me very happy. So this book war is a story and youll find lat of stories but it is a narrative about how it is that cybersecurity became a fixation, a top priority for National Security in the ute right now. Cybersecurity, which we define as broadly speaking are threats in cyber space to include espionage, cybercrimes attacks over commuter networks that can disrupt power grids or disabling Water Utilities or affecting bank. The risk of these attacks for the past two years has topped the intelligence communitys list of global threats. Every year the Intelligent Community puts out the big thing that keeps people up at night and cyberthreats have been at the top of the last for two yankee. James comby the new fbi director, has said the risk of cyberattacks and relate risk in a rise in cybercrime will be the most significant National Security threat of the next decade that and is above terrorism. Just last week the director of the National Security agency, michael rodgers, testified before congress that Cyber Attacks were costing hundreds of billions of dollars to u. S. Companies and multiple foreign governments had already probed the systems that control and regulate our electric power grid. He said this is not theoretical, quote, it is truly significant, almost catastrophic failure will occur if we do not take action. So, how is it we got to this point where all of our top National Security officials are telling us that the risk of a catastrophic cyberattack espionage directed against u. S. Companies, is the thing we should be moats worried about and what does that mean for all of us who exist and use the exist in cyberspace and use the internet every day . That book tries to answer the questions. It starts with a story, and then for appropriate a scary story. This begins in the summer of 2007. And the ceos of the major defense contractors, the boeing, lockheed mart tons, raytheons north group grummans, are called to a meeting at the pentagon. They figure if they have been called here on short notice and seeing theyre competitors in one room, this cant be good news. Theyre ushered into a room called a skiff sensitive compartmented information facility. If youre a fan of homeland, the skip is the thing where you have to drop your cell phone outside before you go in this sound proof room that is actually impermeable to eavesdropping. The place you only receive the most secretive secrets. Executives are given what is called a threat briefing. A number of military officials describe to them how hackers believed to be in china, are accessing Computer Systems that contain some of the most classified information in the military, specifically things like plans for the joint strike fighter, the f35 which is to be our next generation military aircraft, as well as a number of other assorted classified military programs have all been overrun by cyberspies. That seems scary to these ceos. What is even more scary the spies did not access the information by getting into military networks. They got into the networks of these companies. The crowes candidate. Hackers head made an end round round the pentagons rather formidable cyberdefenses and attacked contractors who were work only the most sensitive military programs. As it was described to me by somebody who was familiar with the meeting executives went in with dark hair and when they came out it had turned white. They were verdict concerned that the spy gold their systems and they new little about it. The pentagon said to them you have a security problem therefore we have a security problem. We have to do something about this and if you want to continue being contractors for the department of defense youll take our help. What begins at this point is something that i think epitomizes our Current National approach to Cyber Security. The pentagon teamed up with these contractors in an information and intelligence sharing arrangement. The contractors agreed to report to the pentagon threats they were segue on their network, click when they had been breached. The pentagon agreed not to disclose thats publicly because companies could not like to say when they have had hackers in anywhere network in return the pentagon would provide these corporations with information that it was gathering from its own intelligence operations, effectively the fruit of espionage, that agencies like the nsa were gathering. So the partnership essentially sets up whereby private sector and public are coming together for the mutual purpose of defending these Computer Networks. The companies are essential in this arrangement and this is true across the board when we talk about defending Critical Systems in the u. S. Companies own roughly 85 of the Network Infrastructure in the United States. The government does not physically control it. The companies have to. Tis pate if were going to protect the internet. The evident that began after that pentagon meeting became something known as the Defense Industrial base initiative or the dib, which recurrs throughout my book. A hundred companies are in members today. There will only a dozen or so when it began in late 2007. The model has been expanded to other sectors of the economy beyond the Defense Industrial base. So today the National Security agency via the Homeland Security department shares this kind of Threat Intelligence that its monitoring from sayreous networks overseas with enter set Service Providers in the hopes theyll program the threat signatures into their own systems, scanning for Malicious Software and intrusions and then protect their customers downdream. Big Name Technology companies have struck up relationships with the intelligence community. One i write about is google. Going obviously has a privileged kind of peering into networks all over the world. They move much of our Communications Traffic that were all using every day. Google struck up a secret relationship with the nsa in 2010 after it was hacked by chinese spies where they agree to share information theyre seeing on their networks in term for the nsa providing information to them. So defending cyberspace and also spying in it and attacking in it has actually become a cooperative effort between the government and the intelligence community, its partners in the Technology Industry. Thats what im referring to when i write about the military internet complex coming together of two powerful forces. I am deliberately harkening back to president eisenhowers military Industrial Complex speech from 1961, which ill talk about later. So this arrangement begins at the tail end of the bush administration. It took a number of years for president bush and his senior National Security advisers to start taking the threat of cyberattacks and cyberappearsage seriously. Cyberespionage seriously. Thats been talked about at the highest levels for years cut but did not catch on until the end. President bush was not the most technology contractual inclined chief executive. He once said he used the going toll look at his ranch. President clinton only sent one email the entire time he was in office. The internet was a fairly nascent infrastructure at the time. Where thats really takes off and takes steam not surprisingly as far as National Security priority is under president obama, who of course used the internet masterfully in his campaign. Our are first internet president you might say. President obama actually got a firsthand experience with cyber enunable when he was on the campaign and his Campaign Email system was hacked by spies believed to be in china. As an equal opportunity offender here, they hocked john mccains email system as well. So obama comes into the office with a firsthand glimpse of this and a real appreciation for the vulnerabilities in cyber space, and from day one, when he is given his classified briefings about various National Security threats, cyber is placed very near the top. So not one to waste time he adds a whole new dimension to the governments approach for dealing with this threat. In may 2009 obama gives a speech in the east room of the white house, and east room, its a very very large room and reserved for only the most momentous of speeches when he president knows its going to be a big crowd. So he gives a speech stands up and unveils his plan for securing cyberspace. He says his Campaign Email was hacked. He actually acknowledges the electrical grid the systems that control the grid had been probed by outsiders. He doesnt say governments and doesnt name them. This is the president of the United States standing up and saying effectively our Critical Systems, the things that control the machinery we depend upon for our daily life are vulnerable and theyre wide open to attack, and he intends to do something about it. And again, harkening to this model that has developed this, internet military complex he said, quote, the vast majority of our critical information and infrastructure in the United States is owned and operated by the private sector. We will collaborate with industry to find technology and ensure and promote our prosperity. The internet is a Strategic National asset and we intend to protect it as such. So you have obama really defining cyberspace as a national asset, even though its largely privately owned. Theres a threatens as theres a tension there as well. He sets out on a very ambitious program, putting the government at the center of efforts to try to secure cyberspace. Not to try to control that but to try to influence that and i write more about this in the book. What is point here is that obama, just like bush before him, is starting to see and describe cyberspas as a battlefield. The mail tear now refers to cyberspace as the philadelphia define of after land air, sea andouter spays and views trying to achieve spremtyly as vital also the other four. To give you some sense how the military has prioritized this in particular its good to follow the money in washington, also we know. If you were to take a look at the Defense Budget for cyberprograms, in 2014 just in Cyber Defense programs mostly protecting government computers, the government allocated 13 billion on Cyber Defense programs. Doesnt even touch the offensive side of the ledger in 2014 they will spend 11. 6 billion on efforts to combat Climate Change which president obama called the greatest threat of our time. So 13 billion Cyber Defense 11. 6 billion on climb change. The 2012 pentagon budget had the word cyberin it 12 items elm 2014 budget has it in 127 times. So a 12fold increase. Its become the joke now in thing bus it is only part of the dod budget that its growing, psychber security. I you want to get money to your project, slap the word cyber on it whether it has anything to do with cyber at all. A couple weeks ago the senior dod official who runs Cyber Security policy joked he was starting to see things proposals such as cyber tank that cross his desk. Government officials are talking about our vulnerabilities and the way our companies were robbed by spies but theres a sin calculation in here. Playing the victim is a good way of focusing National Attention and drum us money for defense programs but tends to obscure the other side of the story, which is what this book is also about. Were quit to picture ourselves as victim but were doing many of the same things we blast other countries for do to us and our corporations. We have become masters in offense in cyberspace. We have become very good at wagele cyber warfare. Its going to become an integral component how we fight wars in the future. One story i like that i nell the beginning of the book, that i think really captures how cyber is being integrated into the physical realm how we fight wars, this tapes in 2007 a lot of 2007 activity in this book. The year things took off. That in 2007 you remember that pressure pressure ordered tens of thousands of additional combat troops to iraq as part of the summer which was inning part of the surge, inning cheered to quell violence spiraling out of control in iraq to prevent a civil war and in particular to do battle with an insurgent terrorist group knowned a al qaeda in iraq, which later morphed into isis which were hearing loot more about today. So those tens of thousands of troops go, we Form Alliance with sunni tribes to turn them against al qaeda and iraq. Two pillars of the surge strapping. Theres a third pillar that has never been explored and i report in the book. The nsa tapped into the telecommunications and internet infrastructure of the country of iraq and effectively owned the entire network of the country of iraq. It examiner sented every cell phone call, every email message, every text message. What was it doing with the information . Farly it was to try to understand the way these groups, terrorist networks, had organized themselves by studying the patterns of their communications. I bright bat guy named bob who as young Army Lieutenant who deployed to iraq and was working in the signals Intelligence Groups so gathering Electronic Communications for the army and working with the nsa. Bob was a fan of the series the wire. Theres a, which in the wire an old Police Detective named Lester Freeman who decided he is going to unlock the hierarchy of the drug rings in baltimore, who these shadowy players; not by walking the beat and tapping human sources but by monitoring aring their cell tone, particularly the disposable cell phones and lester starts mapping out the networks of who these people are and who is important in the hierarchy based on the calls. Well bob did that as well and a lot of people did this. This information was then handed off to ground forces, boots on the ground, who would then go out and find these insurgents and capture or kill them. This want the only thing wasnt the only thing the nsa and elite hackers were up to. Some of the more daring exploits, they started sending fake Text Messages to individual insurgeons posing at people they knew, and directing them to meet at a particular place where, when they got there, they fell into a trap. They penetrate web sites used by the grouped and implanted spay ware on them so when people would go to chat forums thinking nobody was watching actually their computers were being inticket witness viruses and spy wear that would home in on their location and give the nsa access to their emails and communications on their computers. This is ingenious hacking with a physical goal. This wasnt just to steal information. I was to locate people and to help a war effort on the ground. Cyber was interesting integrated into this conventional military conflict. People i interviewed for the book will say absent this particular dimension of the surge, the surge does not stop violence in iraq, does not become this temporary victory we all know now where we did prevent a civil war and managed to bring some stability back to the country. This was the secret weapon. The surge was won by a cyber war campaign. David petraeus not one given to hyperbole, said publicly this intelligence gathering operation was, quote, a prime reason for the significant progress made by u. S. Troops in the surge and was, quote, directly responsible for enabling the removal of almost 4,000 insurgents from battlefield. You can actually chart with a surge the have i lens goes down and you can chart against how the intelligence operations were ramping up. So iraq changed the way the nsa spied but also changed the way that the United States fights wars and showed us that Cyber Operations will be part of that. So i argue that in the book that in the governments zeal, particularly the National Security agencies efforts to dominate cyber space, and the nsa is the center of gravity of our Cyber Operations that the government is doing things that fundamentally undermine the security and protections of the internet we all depend upon and its making it actually a less safe place for all of to us operate. Give you a couple of examples. Nsa is in business of spying and breaking into technology. Well, we all use commercial technology is in country found in other countries as well. No proprietary u. S. Systems or proprietary other foreign systems. A lot of this ubiquitous technology. The nsa is always looking for ways to find flaws in software and computer operating systems that would give them way into a system that no one else knows about. Frequently called zero day vulnerabilities you. Hear about this in the technical jarringon, meaning once someone found a particular way into a compute are that nobody else knows there would be zero days to defend against itself if you chose to attack it or exploit it. The nsa is out there gobbling if up this information and hoarding it in order to build offensive capables, cyber weapons. One woulding are if the nsa is in the business of defending National Cyber space you should be disclosing those vulnerabilities to the companies that manufacture these products and letting the public know. National if the nsa was a Security Guard in your neighborhood or a cop on the beat, and it found that there was an open window in your hovels but didnt tell you or found there was a flaw in all the windows being used on the block but didnt tell anybody about them. Thats the analogy i draw in the book. By going out and looking for weaknesses to exploit but not telling the public about them that the nsa is not doing its job of making the internet safer. Another example is the nsas efforts to undermine something calls encryption. You may not be familiar with this but encryption is a way of jumpling up a communication so that only you and the recipient can unlock it and understand it. You can use encryption in your email encryption may be used with your bank when youre doing transactions online, to ensure that only you can see the information and that your cant data cannot be stolen. The nsa has been secretly inserting flaws into encryption products that are then marketed with the seal of approval by the way of the nsa. The nsa is a crip tollingal agency, experiments at making and breaks codes and we know of instances of the agency putting a recommendation or an endorsement on a product sold commercially they know to be flawed in way that only the nsa thinks it understands. This would be sort of like if the nsa the government was marketing a particular kind of door lock and aid said everybody in america buy this look for your front door cant be penetrate, but the nsa has the key for the lock and its not a key that is particularly well hidden. Someone else could find it. Too. I argue that the agencys mission to dominate cyber space are actually making cyber space less safe for all of us and putting it at risk. All of this has emerged with practically no debate and very little reporting. This conjunction of a huge warfighting machine with a growing Technology Industry is, as president eisenhower described, the military Industrial Complex of a previous generation, quote, new in the American Experience and it is changing how we use the internet and exist in the fifth domain. I think cyberspace is too vast too pervasive and too important to have how we live now to have any sing entity to dictate the norms of behavior and i argue this authority should not be vested inside a secret Intelligence Agency. Theres no neat way to define cyberspace and i dont attempt to do so in the book. Its commons but not private. We have come to depend upon it like a public utility, like electricity and water, but it is still mostly a collection of privately owned devices which makes making policy in this area particularly difficult. Yet a cyber space is undeniably a collective which is why i think its incumbent on everyone who touches it to take a state in how we treat and it follow what president ice hero sauce, a wise resolution of which will better shape the future of the nation. Thank you for your attention. Ill be happy to take your questions. [applause] if you do come to the microphone because this is being recorded, not by the nsa, dont think. The director comby said several times in recent weeks he is very much opposed to what google and apple have done with their Encryption Technology making it so that even google and apple, they wanted to, they couldnt decrypt their own devices. Do you think the director will be successful in any effort to force google and apple to change their current right. The shortandprobably the short answer is probably not. The interesting thing, jim comby said this device, twisp, the iphone 6, is essentially a threat to Law Enforcement and obstacle to Law Enforcement because if you arrest somebody with this phone and theyve incrept ited, it cannot be unincrepted including by the manufacturer. Only i know the code and if im not giving up, the fbi is not getting into it. This is a proxy for a much Larger Mission that the fbi has been on to extend Surveillance Authority to the internet. Not getting too much into the weedes, there are laws in place that require Telephone Companies to build their networks in certain ways so that they can be tapped win when the fbi or other agency has a lawful order to intercept communications but Companies Like google and apple have never been precisely or neatly governed by the law, and the fbi would like them to be. So i think that director comby who i know and think very highly of is overstating the particular risk that this device poses to Law Enforcement, and he is actually really should be talking about the broader debate which is that the fbi wants to extend more Surveillance Authority to cyberspace. Thank you. Im wonder hogue paranoid we should be . Everyone asks that question. Youre nor paranoid if its real. I was afraid to go to certain web sites like wikileaks, it would flag something, and i thought i was being overparanoid, and then the nsa stuff broke and it was much worse than i could have imagined. I know someone at Homeland Security, has a high position and i told her i i just wanted to check out wikileaks, and she said dont go to wikileaks and she was in a position to know. I wonder if you access certain websites what wanted to learn about al qaeda and wanted to learn what it believes in and are they watching everything . What you said in iraq, they have control of everything. Iraq was a particular example because its not the United States. We should remember there are surveillance laws and restrictions in place for what the nsa and the fbi particular can do with american citizens individual communications. They cannot listen to your phone calls without a warrant. They cant read your emails without a warrant. Is that right . Thats right. It is correct if they want to monitor your individual phone call target you, they need a warrant to do that. I you are in communication with someone overseas, however and that persons communications are scooped up which doesnt require a warrant, and your information is collected incidentally to that collection, the government can go back such through the data that has been collected and ping certain key words and come across your information and read it without a warrant. I dont know if you today were to go visit wikileaks that it would necessary flag you. If you arent a government computer it would. In fact Government Employees have been told to not go to wikileaks because they are classified documents displayed on it. Whether or not you sitting here today from your computer in washington d. C. Would be flag i dont think so. Thats reassuring. Yeah. [laughter] hey shane. What do we know about how much stuff we can do now . You can pretty much be sure anything we are afraid of people doing to us we can do to them and we may have already done it. The first half of the book is about the offensive side of cyberwar and i do want to give everything away and spoil the story but. Go ahead. Thanks john. I heard about the book. You are fine. Everybody else plug your ears. The military and the nsa i should have had very elite cadres of hackers. Theres one group that i write about called the Operations Unit and theyre sort of like the Impossible Mission force if nsa hackers. Whenever they want to break into a secure system these are the guys that call in. In fact the guy a ride about in the book worked in it. The problem is we dont have enough people to go out in wage these operations compared to our adversaries and if we are measuring in terms of if we were to ever go to war with a big country in cyberspace how would we match up against them . The chinese have drawn thousands more people at gathering information from companies that we have digital spies going up in gathering information. Our damage probably comes from our technological prowess. Just today in fact there was this new computer virus called reagan. Im not exactly sure how to pronounce it. Its reagan. This is fascinating hugely sophisticated malware that was discovered and dissected and found he could basically go out together huge amounts of information from Computer Systems and barely be detected. Its probably engineered around 2008 and looks suspiciously like another computer virus called stuxnet which we know the nsa designed. We havent confirmed it yet but there are few countries in the world that could divine something design something a sophisticated so we are very good on the offensive side of it. Just a followup by raids recently spoke with the a British Intelligence officer cyber giata said the chinese get into everything but the people that are most afraid of the russians because they dont leave fingerprints and we dont know what they can do. We only know that they are good. The russians have tremendous technological prowess. The chinese are audacious and they dont seem to care they get caught. The russians are very good at covering their tracks. You have a lot of several years ago after the demise of the soviet union you had a lot of highlyskilled computer engineers is that suddenly not great employment prospects. A lot of these people upon to work for criminal and investigation organizations. They ate and abetted to some degree. I was told by one senior u. S. Official who works on cyberinvestigations they found a number of cases where theyre zeroing in on a russian hacker and finds out the russian government tipped them off and said change her name and your identity they are onto you. We are dealing with the government and an apparatus that is highlyskilled and as you said good at not leaving traces. This is a slight aside that you mentioned the internet is not a utility in the United States and its not legislated as one or anything in that way. If the fcc changes its rules and the administration gets them to treat it as a utility what sort of effects do you think that would have in this arena . Speak i think it would make it a lot easier for the government to regulate and enforce security standard so to Tell Companies you must implement the following minimum security protocols and procedures. President obama i think last week in his weekly address talked about treating the internet as a utility. This is in the context of Net Neutrality in the debate over whether or not companies should be allowed to charge more for higher volume traffic but what i found striking about that was wait a second if you treat the internet as a utility the government can regulate it and that means it can regulate security just like they regulate security at Food Processing plants and any number of physical infrastructure facilities. The fcc as you said would have to go along with this but at that happen i would suspect that would open the door to much tougher government regulations security. Theyre those who very much favor government coming in regulating this. The flipside of that the threats are evolving so fast there is no guarantee the government is going to know what the most uptodate intelligence is an effective number of Companies Including google have perceived threat briefings from the government them have and am impressed by what they have told. Every security researchers know about this, tell us something out so theres no guarantee the government has the right answer for setting security standards. Would you comment on congressional oversight with respect to the military internet complex . I get the impression that way too many of our elected representatives are totally out of their depth when it comes to these kinds of questions. Theres a technological learning curve to be sure. Intelligence oversight in general i have been a critic of it for a long time. I think its pretty anemic and a lot of this activity is taking place under the auspices of an Intelligence Agency the nsa. I dont think we have had great oversight of these operations. Congress is mostly about focusing on legislation that would try and set basic minimum standards for security and the companies would have to follow. Those efforts have been shot down largely at the behest of companies who fear regulation so i think this is a real issue and i think if legislators arent smart about this and become more proficient in the language of technology they risk being duped frankly by intelligence officials who are persuading them that the threats are maybe more severe than they actually are and persuade them to give them money that they dont need and authorities that they dont need either. Its very much incumbent upon congress to not simply take the intelligence agencies word for it. Yes there are threats in cyberspace that they need to be a lot more indepth and fluent and the complexities of those threats before we begin making permanent laws. If i can follow up on this ladys question. A few of us have worked with shane in his journalistic capacity and its been gratifying. He is a great journalist and its been gratifying to see the scope of this work and no doubt more is to come but to take, so really to pose a journalistic question if i could do that, to take todays news about secretary hagel moving on and i noticed his name is not there and that may Say Something about hagel. And i will give you a couple of ways of going at it. Is there something that hagel couldve done or should have gone the done and that leads to the question of the next defense secretary and the senate and the changes in congress with republicans taking the congress and the new chairman in the house. What would you advise him to do and what kind of policies should they be focusing on. I do think a general theres too much authority and leadership on the issue vested in the National Security agency. We do have this new organization thats thats about for your socalled u. S. Cybercommand. Its meant to be a combatant command like Central Command which is running a war in iraq and afghanistan. I think if youre going to Start Talking about cyberoperations in warfare and integrating them into military doctrine and should be run by a military organization not by an Intelligence Agency. The nsa is a military organization. The head of agency is also the commander of cybercommand so you can see how the deck is stacked in the favor of nsa. Hagel never made very few public statements at all about cybersecurity and cyberwarfare. I hope the next defense secretary will come in and start to make it a priority to get some of those authorities out of the agency and put them over with cybercommand where he think the more properly belong. I think you can get better oversight of the military organization. If i can interrupt for one other follow on. A followon question. Is this a part of defense policy where the white house and the nsc or the Justice Department has hooked up some of the aspects that are the hotbutton types of issues . To some extent. The white house certainly was involved and aware of what the nsa was doing in this realm but Keith Alexander who was the director of the nsa and the longest serving and is retired recently he managed to accumulate a lot of the bureaucratic momentum and the mojo really masterful way. There are some people like leon panetta was another one. Hagels predecessor that probably fared better in the job and secretary hagel and understood Cyber Threats by the way. I think a lot of this which is captured by the agency and in the white house probably needed to get more involved as the gatekeeper of the National Security adviser setting these policies. I talk about obama kicking off in the east room of the white house in 2009 and making it a priority and it is. But then i feel like the energy slipped a bit away from the white house so the political momentum is coming from there but the bureaucratic engine of it was over this other agency and i think now you need to take some of that authority back. You mentioned our Water Systems and the electric grid. Can you say some more about the internet of things and other systems that might be on it like for instance do they really run the mets are off the internet . The internet of things, every device is connected to the network. Your appliances, your phone the air Traffic Control system. I dont know specifically whether metro is run via the internet but it absolutely could be. It creates these marvelous efficiencies and this interconnectedness that makes her life easier but the more devices you put on the network more vulnerable those devices are. By definition everything connected to the network can be hacked and compromise. You will often hear people talk about how the internet was not designed with security in mind. It began as an Research Network in the forest and nobody thought about protecting it. Thats generally true and as we keep adding more devices to the network we are not putting the security of those devices and the people who use them first and foremost i think thats going to change the more you see these higher profile breaches with things like the home depot and the target breach. And some as some of these devices start to fail and are manipulated you might see urgency on the part of the users of those devices to protect themselves but its going to take people getting wounded really i think to focus the attention. We will take the questioners who are already lined up but we have to wrap it up. This will be quick. This is not universally important that i manage a web site that is connected to part of my Church Community and in october we had a huge spike of hits on the web site. And the dashboard report showed almost 50 of those hits on the web site came from china. Does that mean the red army is monitoring our Church Web Site . It depends what you know. What are you into . Is totally innocuous and important for us those of us in the community but could not possibly have any universal significance. Its probably propaganda in china. Is her some point when we should be concerned about this . You should always be concerned about somebody who is not supposed to be in your network and in a way as bizarre as it sounds your church group would be being pinged by the chinese at the same time it doesnt surprise me at all. Their whole mo is to throw lots of bodies at the problem and see what sticks. Who knows why they are poking around that day on the Church Web Site. So the question is should we be concerned and is there anything we can do . You should have network security. Make sure you have the right protocols and antivirus in place. There are basic procedures you can take to make yourself less vulnerable. And if they are just pinging the network and not giving and dont worry too much. I just wondered if he could speculate a little bit about the future and make an analogy. Do you foresee a point in the future where there something roughly similar to mutually assured destruction and this is with respect to cyberwarfare and special issues or is there any technical reason why if somebody took the first step that they have a decided advantage in thinking about the power grid . For strike ability. A lot of the cold war models work up two points in mutuallyassured destruction is one. There are a lot of incentives for large nationstates not to attack our Critical Systems. The chinese arent going to trash the american landing because we are their biggest lender. If there was an attack on the power grid was shut the lights off in a major city and we believed it was coming from china we would probably have bombers on the way to beijing acres with a person but thats the opening salvo of a larger military campaign and not necessarily an isolated event. So theyre those deterrence in place but where it starts to break down his mutually assured destruction would would be soviets firing missiles at us and we would be firing at them. Its not easy to attribute the source of the attack. The african labor for this to the education problem. If we dont know where the attack came from how can we respond to it . I right it . I right in the book and how i think the government has gotten better at attribution and they would like to live on but thats where thats deterrence model breaks down. If someone were able to cloak where they came from we would necessarily know who to retaliate against. So thats where we find ourselves as we are groping for how do we deal with cyberspace thats a huge unanswered question. Hi. Im interested in the education aspect of this. Theres an article in the post a while back about certain universities that are offering programs and courses training the next generation of cyberwarriors socalled white hat hackers but if youve read anything about say anonymous you know the relationship between being white hat and black hat can be very slippery. Im wondering if the government is involved in the educational process at all and are they aware of these programs and working with these programs . Is their military internet education complex . There is. The nsa for a number of colleges and universities helps write curriculum in cybersecurity and it does that because it wants to help field and educate a generation of potential employees. It has a program whereby they will pay for the fouryear degree in Computer Science and engineering of someone and then that person comes and works for the nsa for for five years to pay them back. Actually i interviewed one person about this who went to School Thanks to the nsa and became a hacker and went to work for the agency for five years and then left and started a private cybersecurity startup in silicon valley. So yes there is absolutely connection between those they the nsa in particular feels like colleges and universities are where a lot of the next best talent is going to come from and taking steps to influence the process and attract new talent. Post noted its not going to be as easy because obviously the kinds of people who i think are attracted to this kind of work many of them may have an antiauthoritarian streak and may not necessarily be the ones who are that interested in signing up for this. That said the military is another source of recruitment and ive read about a number of soldiers in the book who became cyberwarriors. For them i think the draw of service and also being part of a new kind of war and a new kind of war open warfare is alluring and i think the nsa will have success recruiting from the ranks of the military for these operations. Yes sir last question. Its really amazing what im hearing. Just to switch emphasis from this being a tremendous tool by how we kill one another which is usually the emphasis on anything done now by the defense establishment how to kill other people more successfully. What about in the field of medicine, the field of health . Are there people working in the field specifically withheld trying to understand . Another people working with molecular structures and trying to understand them but how far is that progress and is the one feed off the other . Is there any indication that we can use this kind of technology to improve the scenario . I will give you one uplifting story and i will leave you with a scary one. And its a depressing one. Certainly in the realm of Big Data Analytics and the kinds of capabilities we bring to bear on assessing threats to Computer Networks absolutely there is potential for that to conduct epigenetic modeling and sequencing in an experimental drug treatment theres and by the way many of them are connected to the internet for a vetting purposes. They change the dosage on his medication and the nurse gives him the wrong amount and she kills him. Medical Device Security because of this internet of things is actually another place that people are very worried about. Hospitals have been defined as a critical infrastructures sector the same way the electrical grid in the Financial System have been so anything thats connected to the network can be manipulated and there are people who are trying to head off people who would execute this dastardly scenario. I was thinking more from you know we have millions of cells in our body and cancer has been impossible to track what is what and how does it change . Thats the kind of stuff im thinking of. Not to kill some dweeb who ends up in a Hotel Downtown that you want to take out. You are determined to leave this on an uplifting note and that is why we point back to the datamining and highpowered computing that can be used to tackle some of these problems. Cancer researchers are one of the places that are using the same kind of technology that can be deployed for less helpful and i guess we should say. I will leave it to you to promote that field. Thank you all very much. [applause] i will be happy to sign books. We have books behind the register and we will form the signing line. [inaudible conversations] [inaudible conversations]