Its liz30am. Now on bbc news, hardtalk. Welcome to hardtalk with me, zeinab badawi. How dangerous is the superpower rivalry in technology and information . Well currently, there is much focus on the tensions between the us and china over the chinese tech giant huawei. Soon, sg networks will be of critical part of our world in transportation, power supply, Payment Systems and so much more. Washington says the chinese cant be trusted because they may use that Technology Infrastructure for spying. Beijing says this is nonsense. My guest is the us top official on cyber information and security, ambassador robert strayer. He is on a mission to dissuade europeans from doing business with huawei, but is washington losing the cyber war . Ambassador robert strayer, welcome to hardtalk. Thank you for having me. What are your fears exactly about using Chinese Telecommunications technology . Well, we are very excited about the promise of 56 technology because its going to power all types of Critical Infrastructure, autonomous transportation networks, autonomous vehicles, telemedicine and traditional types of infrastructure like the delivery of electric power but we are concerned that in building those networks out, that a country like china, because of its National Intelligence law, could cause a company like huawei to take action that is not in our interest or another countrys interest like in the uk. We are concerned they could use their authority over that company to cause disruption of that Critical Infrastructure or the removal of data back to china. You make certain statements, as does the us secretary of state mike pompeo, when he said we are against allowing open doors for beijingss spy masters. What evidence is there that they are doing this through huawei . We know there is a tremendous number of vulnerabilities in the system, as the uks own Oversight Board found for huawei, hundreds of vulnerabilities, and to quote that report, there are serious and systematic defects in huaweis Cyber Security engineering and competence so there is really in effect what we could call a bug door, bugs and vulnerabilities that one could easily take advantage of. But couldnt that be said of lots of other Telecommunications Giants cisco, for example, the us tech giant . There is no conflation of the authority of the government and its control over a company like you would see in china, where there is a deliberate direction without an independent judicial review that we have in the United Kingdom and the United States. That is a fundamental difference when the entire company is in the direction of the Chinese Communist party, potentially. You know what huawei says, a spokesman for the company says, huawei is an independent privately owned company that has never been involved in a Cyber Security incident in 30 years of operation. Its got about 30,000 employees who own almost 99 of the company, they say they are not being used as a backdoorfor spying. 0ur concerns are when the time comes, if it is in chinas advantage, they will then compel a company to take certain actions. There are Chinese CommunistParty Members on the board, the founder of the company has committed his loyalty to the Chinese Communist party. Again there is no. Well, the founder of the company, ren zhengfei, told journalists injanuary that no law in china requires any company to install mandatory backdoors. It requires them to participate. A bit of tit for tat . In the end, the arbiter of that will be xi jinping and the Chinese Communist party so it is not the ability of mr ren to stop the mandate. You have these concerns and you have been on various missions trying to dissuade europeans from allowing huawei and other Chinese Telecommunications to be involved in the sg auction. What are they saying to you . A number of governments are understanding we are on this path of education together about the potential risks that can come from the supply chain. Everyone knows we should increase our Cyber Security capabilities across Telecommunications Infrastructure but they realise with 56, because of what it presents, they need to be more careful about the supply chain and a number of countries are now saying they will exclude huawei from the core of the infrastructure of the future. We think that is insufficient because in the future, 56, there are going to be smart components, computing throughout, so no part of the network would you want to be subject to compromise by an adversarial power. What are they saying then . Youre saying you dont want them to do this. Youre saying they are not even allowing it. But france, italy, the United Kingdom, germany, they have all said no equipment supplier including huawei may be specifically excluded from 56 auctions. Theyre not listening to you. I think theyre beginning to listen. Were on a path together. What they are understanding is the potential threat from the supply chain to the future of the Critical Infrastructure they are going to be building. None of them have made final decisions and the European Union commission as well as a Conference Held in prague came out with sets of intervals which said that we need to Pay Attention to the threat from a third country over the telecommunications vendor. That is a positive sign. They Pay Attention to that criteria and it should lead them to excluding a company like huawei which is under the direction of a foreign power. You said if a trusted vendor has been used by any western country, you would have to reassess the United States ability to share information with that country. Does this mean the us would not share intelligence with western allies anymore if they did use huawei . Its really a hypothetical. We have to reassess. Not really a hypothetical, given what you are saying. Its a hypothetical over how its going to be inserted into the network. Its very important we protect that intelligence information. People literally die when our intelligence information is leaked out. We have the very high responsibility to make sure we dont lose control of that intelligence information. Other sensitive personal information we are sharing all the time, so we would have to reassess how our sharing is conducted with countries that have huawei in their 56 networks. It sounds like you are almost issuing a threat to the europeans if you are to use huawei in your non core, even 56 technology, were not going to share intelligence. Thats a threat. Our partners like the uk, which is our closest security partner, as well as all our partners in europe, understand we can have a frank dialogue. We want them to understand how serious this concern is to us and how important to have a reassessment of our intelligence sharing because of what we think is at stake. Have you made any progress in your talks with other members of the administration . Are they beginning to say, hmm, youve got a point, were going to ostracise huawei. A lot of countries are saying they dont want huawei in the core of their networks. We think it should be anywhere, that is information or the Critical Infrastructure taken down which is riding on the part of the network, even if its not considered the core anymore. But what youre saying here is slightly tempered by presiden trump. You say youve said this to the uk and otherfriends in europe. But when he visited and was asked whether he would limit the flow of us secrets over his position, he said no, because we are absolutely going to have an agreement on huawei and everything else, we have an incredible intelligence relationship and we will be able to work out any differences. Yep, i couldnt agree more. It sounds very concillatory. 0n the one hand you are saying dont use it, on the other, good friends, this wont come between us. Over time with the uk, we always find a way to move forward , we are the closest of partners. Where as we talked about huawei, but where are the biggest risks to Cyber Security coming from . Because, its quite a big field, its notjust the use of telecommunications. Telecommunications is the underlying infrastructure but as we were seeing since 2017, an increasing number of destructive cyber attacks. Two of those were in 2017, the wannacry attack which caused systems to be locked up in the uk including Hospital Systems and we saw the russians launched the notpetya attack, which was initially launched against the ukraine but affected transport networks around the world including the distribution of drugs in the United Kingdom. Those types of destructive and debilitating attacks caused billions of dollars of damage and that is why nation states feel empowered to use those tools against civilian populations. The kremlin of course says it has not been involved in these attacks youve cited, we must point out, but youre pointing the finger at russia, is responsible . The wannacry attack was north korea, other countries joined us in that attributionm and the notpetya attack, 10 countriesjoined with United Kingdom in attributing that to russia so an increasing ability for us to join together among a number of like minded countries to attribute that to russia and we had the organisation for the prohibition of chemical weapons, an attack, 22 countries joined together to attribute that to russia. We saw in 2007, the Estonian Authority said that russia had launched this cyber attack which nearly shut down their systems and really debilitated them. And in terms of these kind of attacks, the secretary general of nato, jens stoltenberg, said a cyber attack on a member could lead to article 5 being invoked. There would be a response from more nato members. Hes just said that. Is that a position the United States supports . It is a nato wide position agreed to. If there was a cyber attack to be significant enough to be a use of force, it could trigger what they call article 5 which is the collective response mandate of nato. What would constitute that . Threat to life or actual life being lost . Typically under, and i dont want to get into the passing of International Law here, typically it is the destruction of property and loss of life. Have seen a number of disruptive attacks which havent risen to the level of which we would call the use of force. That may not necessarily be a military or cyber response. There are other ways we can respond to bad activities. Taking the example of what happened with the poisoning of the skripal. The russian attack. The russian attack on the russians in salisbury, england, the skripals, that was responded to in a way that did not involve a similar manner to where the attack occurred. We expelled a number of their so called diplomats in countries around the world in response. We could think about other responses. Like what . Like non military means . The wayjens stoltenberg was painting it, invoking ideas of the mutually assured destruction we had in the cold war, when we were talking about nuclear attacks. Nuclear tit for tat. Just obliterating everybody. We are not talking about that, about mad. Countries such as the us and uk adhere to Armed Conflict law where we must respond proportionally. We will put on the table a full range of options, including military depending on the type of attack and what it means for our societies but in between, there are Law Enforcement efforts to prosecute the individuals or companies involved, sanctions can be put in place against individuals or entire sectors of economies and there are other tools that we could use to affect that country in negative ways to change their calculus, how they think about doing that kind of attack in the future. Thats part of our overall effort to have cyber deterrence in the future. Is this hypothetical or has it actually happened . Have you managed to prevent this type of attack happening . What weve done so far is done this attribution together, a collective action of naming and shaming which has some impact. It hasnt stopped all malicious cyber activity, but we are seeking to build an understanding about norms of responsible state behaviour, and they should act in cyberspace, not in ways that cause damage or disruption to Critical Infrastructure so that is one of the most important normative behaviours that we want to establish. Over time, we can start bringing together consequences with a range of other countries against malicious state actors. All right, but you dont want to specify who, where, any potential attacks that youve thwarted, were coming from. I will say, of course, weve responded to russian and chinese actors by having sanctions and indicting individuals and also iran by indicting individuals so were taking action is sending a message, about the types of activity they were undertaking. There is also a different kind of warfare, going to call it information warfare, and it doesnt rely on technical ability and im referring to, for example, the us special counsel report by robert mueller, looking at russian interference in the american president ial election in 2016 and obviously his long detailed report showed that there was, and you know, you had misinformation being put out on the internet and so on. Its always possible so we have to be prepared for it. And are you prepared for it . Yes, we think were prepared but we know that the actors on the other side are dynamic and we need to be able to respond to them so we need to keep upping our defences. We think we were successful in 2018 in our mid term elections but we know 2020 is a different level of election with the president ial election at stake and so we need to be able to dynamically respond to the threats that we are seeing coming from adversaries that might seek to use Information Operations against our very open societies. When it comes to this kind of information warfare, the United States is also accused of also being at it. I mean, russias National Security strategy in 2015 very clearly set out in its report that it sees the United States and its allies as seeking to contain russia by exerting, informational pressure in an intensifying confrontation in the Global Information arena. Its not just one perpetrator, is it . We cant draw an equal footing here between the United States and russia. Russias activities during the 2016 election and their other types of online activities are quite malicious in the sense that they, in 2016, stole documents and then released them through cutouts in various venues online. Theyve also basically used their computational abilities of our platforms to leverage their message against us. We do not participate in similar kinds of activities against russia. But what do you do when you make these kinds of statements about fake news and deep fake videos and so on when you have the recent example of the speaker of the us house of representatives nancy pelosi with this fake video of her, showing her purportedly drunk while shes making a speech and its retweeted by the president of the United States . You can re tweet things, that doesnt cross any lines as far as i know and it doesnt usually indicate support for something. No, i mean, he didnt mention it was a fake though, thats the point. And he retweeted it, so when you come here as the us top official on Information Technology and so on and so forth and you say that this kind of interference weve had from russia is unacceptable and yet you have the president re tweeting a video like that, it does kind of undermine your position somewhat . Well, i would say its a very important distinction to remember here is that that was done in an open transparent way. Transparency is key. You knew in that case who was re tweeting. In many cases of the russian involvement, in almost all cases, they did not disclose it with someone from russia seeking to influence people in the us. But when facebook itself says we dont have a policy that stipulates that the information you post on facebook must be true, is that acceptable . Because thats where the video was put up. Theres an ongoing debate with our platforms and within our government about how we should approach Platform Companies and their duties and responsibilities and were talking to a number of our partners in europe as well about this issue about what is responsible behaviour for these platforms. Theres been a number of efforts, of course, to take down extremist content, to take down truly illegal content, which would include child pornography and other sources but when we get to this other category of Incorrect Information thats in those platforms, there needs to be a longer discussion because of course at the end of the day, we dont want the government being the arbiter of our speech. But it seems like the era of self regulation may be over, as nancy pelosi herself said . There are a lot of bills in our us congress and a lot of discussion about this topic. I am not able to give you more at the moment. So well see. Were going back to where we started, ambassador strayer, with huawei. One key aspec