from the stevens institute of technology in hoboken new jersey, this is an hour. [applause] >> thank you. i want to thank the deans of stevens to helping to host this and to john in particular for both organizing it and the kind introduction. so i am old enough that i remember the very first time i ever saw and then used a computer. my dad took me to a science center in north carolina at the age of seven where he learned how to program this amazing

device to design a smiley face out of a series of letter m's and then i printed out on one of those old-school principles with the perforated paper on the side that was my first experience with computers. since then the centrality of computers to my life but all our lives is it's almost impossible without them. for example we live in a world where every year over 40 trillion e-mails are sent. the first webpage was made in 1991. there is now more than 30 trillion individual webpages out there. moreover, the internet is no longer about compiling and sharing information. it's also emerging to have an impact on the world beyond the on line through the so-called internet of things.

for example cisco estimates that over the next five years there will be more than 40 billion internet-enabled devices coming on line, everything from refrigerators to cars to thermostats. google just paid a couple million dollars to the smart thermostat is not too smart power grids all living together. what that means is that domains ranged from communication, commerce to critical infrastructure to conflicts. 98% of the u.s. mattel incorporated military to medications run over the civilian owned and operated internet. all of these domains are increasingly cyberdependent if we live in the digital age. with this relatively short history of computers in the network's that they are linked into i think we have reached a turning point or at least a defining point. just as our dependence on this as growing the risk side is to man. you can see this in a lot of different ways.

one would be the astounding numbers. for example every single second nine new pieces of malware, software designed to cause computer problems are discovered every second. nine every second. 97% of fortune 500 companies know that they have been hacked and the other 3% are willing to admit it to themselves. on the military side over 100 different nations have created some kind of cybermilitary command, a unit designed to fight wars in the space and beyond. indeed the very first pew poll of 2014 took a survey of americans about what they have feared most and it found that they feared cyberattacks more than iranian nuclear weapons, north korea and nuclear weapons, the rise of china, russia or climate change. what this means is the spheres of coalesced into a booming

industry. one of the fastest growing bureaucracies where they were talking about the national level, the state level or the local level is constantly seen growth in the cybersecurity bureaucracies. they also mean for all the hope and promise of the digital age we also have to admit we are living through an air of what i would call cyber insecurity. it's at this point of the talk i try to do something conference today that maybe it will help us make that point. the challenge kindly introduced before of how do you write on the seemingly technical topic and make it accessible and interesting? you also do the same when you're giving a speech. what kinds of visuals can you do when you're talking about the space of zeros and ones of software so what i have done is put together what i believe is a fundamental collection that helps make the point. it's my choices for the best and worst examples of cyberwar art.

so it's going to play for you and the point -- i'm not going to speak directly. is going to play behind me. one is to visually tried home that story of cyber insecurity that's out there. another is the fact that there have been studies that have found people are 60% more likely to retain what you are saying in a speech if they are looking at something at the same time. it acts he doesn't have to link to what the person is saying. it's one of those weird ways that are human brain works. we need to recognize the human side of this and all the strange foibles that we bring to this so hopefully the technology will work for us and we haven't been hacked in the interim. here we go. to move on why a book about cybersecurity and cyberwar and why now? for me, it's best encapsulated

by two quotes. the first is from president obama. he declared that cybersecurity risks posed quote a most serious economic and national security challenges of the 21st century the second quote is from a former cia director who said quote rarely has something been so important and so talked about with less and less clarity and less apparent understanding. so that cross between something that is in front of me and important but less and less understanding again you can see it in all sorts of different ways and all sorts of different fields. for example 70% of business executives, and not 70% of cto circe s. oz but executives in general have made some kind of cybersecurity decision for their company despite the fact that no major business management program teaches it as part of the normal responsibilities. that same gap happens at the

schools we teach our journalists, are lawyers, our diplomats and even folks in the military. the book is also filled with all sorts of strange funny but in a certain way kind of sad anecdotes that carry this home particularly in the senior leadership. for example the former secretary of homeland security, the civilian agency and the u.s. in charge of cybersecurity. she talked to us about how she hadn't used e-mail and in fact had and used media for over a decade not because she didn't think it was secure but because she just didn't think it was useful. for this supreme court justice who talked about how they hadn't gotten around to e-mail. that was a quote. they will will eventually but now again in the upcoming year they will decide cases that will lead to everything from net neutrality to the constitutionality of some of the

nsa activities but in their own world they just haven't got around to it. this is an just an american problem. we saw the same thing in meetings with officials with china great written france uae. for example the lead civilian official of the cybersecurity czar in australia had never even heard of a critical technology in the space. the point is you have this gap among people with great responsibility. the result is that cybersecurity is an issue that is as crucial at a personal level to areas that you care about from your bank account to your personal privacy to its shaping the future of world politics itself and in turn issues in world politics are connecting back to the personal level when you look at questions of privacy like the

snowden affair. but it's been treated as a domain only for what i generally called it crowd, the i.t. folks. the problem, the challenge is that the technical community understands the workings of the hardware and the software but it doesn't deal well with the human side, all the ways that it ripples out dionne. often these issues are looked after a specific lens and fail to appreciate some of the ripple effects of the other worlds. so the dangers of this stovepipe in this disconnect are diverse. each of us in whatever role we play in life again whether in our professional role our business or organization our role as citizens in what we think about political topics to how to protect ourselves and our family on line, we all make decisions, cybersecurity decisions that shaped the future

of the on line world but also the real world. but we often do so without proper tools. basic terms and essential concepts that define both what is possible but even more so what is probable, what is right and wrong that are being missed or even worse, distorted. the past myth and future hi bob and weave together obscure and what actually happened with where we are right now in reality with where we are headed to next. so you have some threats that are overblown that we have over overreacted to and other real threats that are ignored. for example i'm someone who loves history and it absolutely pains me when i hear, and this has been done by everything from senators to white house officials to generals to news columnist saying things like cyber weapons are just like the wmd and this is just like a cold war.

this is a cybercold war. you see the terminology all the time. if you know both your history and your cyber side you quickly realize that the parallel is not the one they think they are making. there is any parallel to the cold war period it's early days when we did well understand the technology itself but even more so the political dynamics that it was driving in that period of history woman took the real world versions of.or strangelove seriously. that is parallel to today. what are some of the manifestations that have come out of this? one is that we too often lumped together unlike things simply because they involve zeros and ones, because they involve the internet. for example the u.s. general who is in command of the military cybercommand and simultaneously wearing the hat as director of the nsa which we would not see

happen in other fields but we think it's okay here, he testified to congress quote every day america's armed forces face millions of cyberattacks and quote. but to get those numbers he was combining everything from unmotivated probes and scans that never tried to internet works to tip attempts to carry out pranks and attempts to carry out clinical protest to attempts to carry out economic espionage ,-com,-com ma diplomatic espionage, national security espionage altogether but none of those millions of attacks for were what his audience in that congressional briefing room in the wider bullard -- body politic thought when he said attempts at a digital pearl harbor or cyber 9/11. for example digital pearl harbor and cyber 9/11 have not been

used in a series of government speeches that have been reported in the media over a half million times. essentially what happens when people are talking about cyberattacks as they are bundling together these various things simply because they involve the internet. and its related technology. the parallel with a lot like say a group of teenagers with firecrackers political protesters in the street with the smoke bomb, a terrorist with a roadside tom, james bond and his pistol and a russian cruise missile -- missile. these are all one in the same because they involve the technology and the chemistry of gunpowder, right quest of course not, we would never do that but somehow it's accessible in this space. or take the organizations for example i had a senior u.s. military official argue with me that -- and al qaeda were the

same thing. wherever you stand on anonymous and i have a good outfit i am more pathetic towards them than anyone in the d.c.'s security establishment but the bottom line is wherever you stand on than they differ from al qaeda in everything from their organization, their personnel, their profile, there means, their ends, pretty much the only thing they share is they are doctors that begin with the letter a. these gaps in understanding the disconnect of policy reality intact knowledge he mean that we are not only seeing growing tension. it's one of the things that is feeding into the u.s. china relationship but it also means we are being taken advantage of. we are taken advantage of at the individual level by the e-mail you receive from your mom saying i'm stuck in iceland.

can you send me your bank account information? oh goodness i didn't know mom was in iceland that i had better help her. we smile and laugh about that but this hits even the most senior people. a group of diplomats at the ge 20 conference most important international conference of the year, received what is known as a spear fishing e-mail. it gave them an exciting offering and said if you this link you will be able to see photos of the former french first lady. a great offer. many of them clicked the link and downloaded spyware from and espionage agency into their computers. or being taken advantage of at the organizational level, the business level for the university level of like. alternative -- alternatively not being doing enough to protect ourselves or hiring hucksters who promise 100% security through some kind

of silver bullet solution. frankly we are being taken advantage of at the national political level which i think is behind a number of the issues that played out with the snowden nsa revelations. reportedly obama expressed his quote frustration that the complexity of the technology was overwhelming policymakers. now our inability to have a proper discussion about all of this not only can create a distortion of threats but even more so a misapplication of resources. maybe the best illustration is another number. 31,300. that's the number of academic journal and magazine in press articles that are focused on the phenomena of cyberterrorism. zero. that's the number of people who have been hurt or killed by a real incident of cyberterrorism.

i joke that cyberterrorism is a lot like discovery channel's shark week where we obsess about the danger of sharks even though you were 15,000 times more likely to be heard on your toilet. while jobs was fictional people have been hurt by sharks. maybe 100% clear here. i'm not saying that terrorists don't use the internet. there are several chapters in the book about house they use the internet which is much the way the rest of us use the internet. i'm also not saying that there is not a possibility and even more so the likelihood of cyberterrorism in the future with real-world impact as for example stuxnet the first cyberweapon revealed. but that very same story shows how it's not the way it's too often depicted where you know whether it's the dye hard

scenario of which is have to break it is plan and all the power of the u.s. will go down or it's the way for example of former u.s. military official talked about how a couple and this was his description, a couple of teenagers sitting in their parents basement wearing flip-flops sipping red hole could carry out it wmd style attack. as stuxnet reveals one, there is danger here but it also requires to carry out something at that high operational level a wide, deep set of expertise so stuxnet involves not just the top cyberexpertise in the world that everything from intelligence analysis and collection to expertise in fields that range from engineering to knit your physics. it's not something that a couple of teens sipping red bull -- my point here is to put it a different way.

to sum it up al qaeda would like to but it can't. china could but it doesn't want to. for both of them, yet. now what i'm trying to say is that a larger level strategy whether it's national political strategy, business strategy or your individual strategy it's always about choices, priorities. so we need to weigh the centrality of oakley talk about and what we obsess about and what we focus on versus what is real and are there greater threats out there? for example while squirrels have taken down power grids zero times than hackers has doesn't mean it's going to happen. the fictionalized scenario versus the real largest theft in

all of human history that is happening right now. the massive campaign of intellectual property theft that involves an economic security impact by one measure over a trillion dollars of value lost to a national security winnakee jewels of the defense technology are lost maybe decades worth of advantage loss on a potential battlefield. what i'm getting at is these may not be as as a cyber9/11 cyberpearl harbor discourse, we are talking about how the military uses it. the military definitely plays in this realm and let's focus on computer network operations versus the hollywood scenarios. we have learned from regular terrorism it's not really about the direct impact of something but it's about the ripple effects even more so urahn actions in response can determine the true story of how it plays out.

what deeply worries me is how this critical value to the internet itself trusts is being damaged, being hollowed out. it's being damaged by the massive campaigns of cybercrime that is out there but it's also being damaged by other actions in response to threats so for example a fear over traditional terrorism led to a metadata collection program that has been not only to america's national standing in relation with their allies but also to american technology companies. by one report they estimated over $180 million worth of revenue will be lost because of this or to be -- the impact on the growing attempts by authoritarian governments around the world most particularly russia and china to push for more

state-controlled internet governance model and what does this mean for the future? what i'm getting at here is that this value of trust that has allowed the internet to the, to run successfully but to become i would argue the greatest force for political social economic change not just in my lifetime but maybe all of history, it's been threatened. the internet that i'd need to grow and love than the one that we grew up with may not be the one that my sons inherit and that scares me. these disconnects also mean sometimes we act on bad assumptions or don't make connections across domains in ways that truly matter so take for example the discourse over offense and defense and international security circles versus cybersecurity circles. a notion has taken hold that cyberoffense is inherently privileged against the defense

and in fact u.s. military rep board said it's not just add an advantage but it will be so quote for the foreseeable future as long as we can look out into the future cyber offense will dominate cyberdefense. the center has led the u.s. military to spend depending on the measure 2.5 to four times as much on cyberoffense research and development that cyber defense research and development. there are three problems with this. the first is this a reference before cyber offense is not as easy as it is too often depicted you need more than that can of red bull particularly to do an actual campaign not just one attack. the defense in turn is not lying there helpless. there's a series of things you can do and it also carries out the status. it's not so simple as is often portrayed in upper state or

sessions. the code of military history pretty much every time the military assumes the offense would dominate because of some of the technology they would get a wake-up call. the 100 year anniversary of one of the biggest abuses in all of history if you look back at the european armies in 1914 every single one of them thought because of the new technologtechnolog ies of the day that offense was dominant and in fact based ducts on the defense so much that they urge their governments if there's any point of crisis we have to be the first to go because we don't want to be stuck on the defense. that was one of the forces that help spark world war i and they turned out to be wrong. actually the offense wasn't so dominant. the third issue is you think about in terms of metaphor and it illustrates the difference between applying some kind of cold war binary political framework to a more complex

cyberworld. if you are standing in a glass house and you are worried about more than 100 different, everything from gangs of teenagers to military attack or the like the best way to secure yourself is not to say you know what i really need to why? is the own sharpening kit. that will solve my problems. so what can we do? the last third of the book is although what can we do kind of questions everything like what we do from the global level the national level to the business organization to what can we do to an individual level to secure ourselves to help secure the internet? i'm not going to try to summarize 100 pages. what i would try to do is identified what i think are key things they carry through all of this. the first is knowledge matters. it's absolutely vital that to

demystify this from a few per want to get anything done effectively in securing it we have to move past the situation which we are in right now where for example now where for example the president of the united states received a briefing on cyberissues and then ask for it repeated back quote this time in english. that same thing would happen to pretty much every major corporation, every university and most households. we have to move past thinking that this is solely for the gifts or as one white house official put it to me the domain for the nerds. no, it's for all of us because we are ours on line. the second is people matter. cybersecurity is what they called one private -- privacy areas not because of the technical side but because of

the people side. the people side makes a useful from a wider perspective because you can tell cool stories, everything from the role of corn in the history of internet and cybersecurity to the episode where pakistan accidentally kidnapped all the world's cute cat videos for a day. great stories but what it also means is if you're trying to set up responses at a global or business level etc. you have to recognize that the people behind the machines are inherently part of every threat, and every response. this leads to the third incentives matter. if you want to understand why something is or isn't happening and cybersecurity look to the motivations, look to the relative costs, book to the tensions that play on the issues. there is a reason why finance companies are doing better not

only with their own cybersecurity but also sharing information with others about it like for example power companies. they are incentivized to understand both the cost and the consequences in a very different way. this also points to the role that government can and should be playing in this space. some situations such as trusted information provider, researcher or researched and other situations like it's done in a wide variety of marketplaces that has to help change some of the incentive structures out there. the fourth . history matters. there is a history to how we got here with the internet and understanding that is key especially when you hear silly ideas that have been expressed in some serious places like well we need a new more secure internet. let's just build that instead. my joke in the book is the idea

of rebooting the internet makes as much sense as rebooting beverly hills 90210. it's a bad idea and it never should have happened and we will act like it didn't happen. the point is not just needing to know or internet history and how it shapes the on line world but also that we can learn from other histories beyond. so for example if we are wrestling with how do we deal with individual criminal groups i state linked groups in their domain of commerce communication and conflict we can actually look back for information from the age of sail and how they dealt with a different kind of tired and privateers back then. for example if we are thinking about what government action is needed let's look at the instances of the most successful government agencies out there. we look at the case of the center for disease control which

starts with literally members of it taking a 10-dollar collection, $10 total in collections in that agency goes on to do everything from eradicate malaria inside of the united states at the global level the smallpox campaign to serve as a crucial channel to the soviets during the cold war. this leads to the fifth and final point. ben franklin had his saying that quote an ounce of prevention is worth a pound of cure. the cdc did studies that found that franklin's idea actually does hold true and he tested out public health. prevention is really the best place to put your resources into and it goes a long way. it's the same thing in cybersecurity. despite all of the attempts to complex of five this space, to turn the fear factor up, spinal

tap volume style, to frame it as something we need a man on cyberfor spec to come and save you whether it's a man in uniform or a man and a cybersecurity company. the reality is that very basic steps of cyber hygiene would go an incredibly long way. for example one study found the simple measures that top 20 controls would stop up to 94% of all cyberattacks. people respond to that and sometimes they say i'm really special. i'm in the 6%. statistically we can't all be in the 6% in the second is to talk to your i.t. department. if they didn't have to spend so much time running down the low-level stuff they could focus in on the high-end stuff. finally the reality is many of the toughest challenges, but most dangerous threats use basic

steps to get in to be stopped by cyber hygiene. for example the most important outside foreign spy agency penetration classified u.s. military networks happened when a u.s. soldier found a memory stick on the ground in a parking lot and thought it was a good idea to pick up the memory stice base and plug it into his computer to see what was on it. that is not just cyber hygiene. that's basic hygiene. that's the 52nd rule. this idea of hygiene go is important not just because of the lessons in the idea of prevention going a long way but also the ethic that we need to build about our collective responsibility. again at the global level, the national level, organizational level down to the individual level. we teach our kids the basics of hygiene things like cover your mouth when you cough.

we teach them not just to protect themselves but also to give them an ethic of their responsible for protecting everyone else that come into contact with during the day. that is the same kind of ethic we need to be building in cyberspace and that's the only way we will get to a greater sense of actual cybersecurity. so to bring this story full circle, at the beginning of the talk i explained how i was first introduced to computers as a young kid. now if you had said to my 7-year-old self one day this machine will allow bad guys to steal money from people, steal their identity, may be be a weapon of mass disruption i would have told my dad not to turn on that big power button, don't do it. today we wouldn't have it any other way because this same

machine that the world has created has given all of us what back then we would have thought of as superpowers, the idea that you could run down the answer to any question that you might have the idea that you could communicate and talk and see someone a world away, that you could even become friends with someone you literally have never met before. those would have been viewed as superpowers back then and today we take them for granted. might point is the same as it was back then and the way it is now and where i think it should be in the future. we have to accept and manage the risks of the on line world and the real world because of all that can be achieved in it. and to steal a line from the title of the book, that is really what everyone needs to know.

dank u.. [applause] i think we have got some time for questions or comments. i believe the protocol is to ask folks to come over here to the mic. no? raise your hand and stand up and introduce yourself. any questions or comments at all? right there. >> my question is what about what is called the internet of things which means i have to watch out for somebody hijacking my refrigerator thermostat or something like that? how does that tie into your idea of hygiene? >> eight couple of things here. one, a it's one of those key

trends much like mobile or changing internet users that is truly going to reshape the internet itself and how it is used. it offers incredible possibilities in ways that will benefit the world. i will illustrate it with a classic example. right now if you bought a new car it automatically will communicate with the manufacturer when some part needs to be replaced and some will make the apartment -- appointment with the dealership. when you take this kind of network and connected across so your car communicates to your thermostat and you are 10 minutes away and your thermostat who has been on the most efficient setting because it's connected to the smart power grid will shift to where you like it. the problem is we are already

seeing risks woven into this. we have parties seen car hacking where your car is literally filled with hundreds of computers and we have seen people causing computers to do things other than what the driver wants it to. it truly if we are looking at this from the cyberwar side this is where we move from thinking about this and there's a lot of stuff that has been called cyberwar that is not disruptions. it's a combination of what i mentioned before in weapons like stuxnet but also new targets like the internet of things that give it a much greater impact so now he were able to design a weapon that is intense not just to steal information but actually to co-opt the system and cause it to do something physically different so stuxnet for example cause the iranian

nuclear research centrifuges not to damage what they were working on but also to spin out of control and damage themselves etc.. now we are talking about the world of the civilian side. to link to the prior book that john mentioned that i'd did, this is where drums and robotics comes back to cyber. when you don't have the human inside the weapons system where they are either remotely operating or it's autonomous or semi-autonomous or whatnot you move from battles being about destruction, destroying any tank to what i call battles of persuasion co-ops the tank if you can get access which the cyberattack is about getting access. you can cause that tank or that drone what not to do something other than what its owner wants to do. this is something we have never seen before in war. we have never been able to take

the arrow in mid-flight to make a go at different traction or the bullet tooth fly back at the fire. you can't get into tom cruise's brain in top gun and say maverick decode american f-14s and vice versa. the point though is what can we do about it and this hits that idea of we. there are some things that we can do in terms of individual consumers and the settings and with those devices are allowed to access but it also connects back to the responsibility of the manufactures and the responsibility of government. one of the things we have to do and we have a roomful of a lot of engineers here is make security much more intuitive,

much more user human friendly and also understand from examples like there's a big difference and we used the example of states and driver's licenses and organ donor. is it an opt in or opt out and the setting reinforces good behavior or not. we need the same when it comes to the security woven into the products and in turn government is going to have to start to require that first is where we are stuck right now. government is doing a great job of trying to create optional standards but that's different than enforcement. to use the example of the titanic saying everyone should have this number of life votes versus saying if you don't this is the fine you will pay.

we are going to need that next step. >> i'm the director of the program that john mentioned in science and technology studies and i'm a historian as well so the history matters and we need to think about these problems as individual institutions and technologies and that resonates with me. i want to ask you a question about considering the internet, the life of the internet as a historical phenomenon. 20 years ago or so john barlow said that this is a space completely different and now it seems conventional wisdom has come full circle on these talk shows. my question is do you think the internet is a tryon for something that has liberated us or is it a tragedy? is something we have great hopes for that turns out to be -- [inaudible]

>> great question. we could write several books just on that. it's sort of a two level issue. the first is this idea, so marlowe famously wrote the declaration of independence for the internet that essentially said you thinks of the old world governments you have no role in this space. he was both right and wrong and on one hand this is a space that is incredibly challenging governments because it seemingly has no orders. it's a space that is empowered by a wide range of year's. collectives of people that want to share cute cat videos and people for wanting gauge and cyberattacks to punish those that violate internet freedom and they want to do it

anonymously. we have seen it empowering small states and giving them ways -- the recent iranian linked attacks. it is empowering the empowering is the way the traditional sovereign would be uncomfortable with except when they say government has no role or interest here and no power here. the first is governments definitely have an interest one because governments are responsible to the needs of their citizens and we are in such a cyberdependent world that they have to care about what's going on and how it impacts them. oh by the way the government's own operations depend on it so you could say you got no role here except that away u.s. military you depend on it for 90% of your communication and second is the notion that governments have no power here.

it shows ways they are able to do things never thought possible but also that government can go after them. wikileaks is a good illustration of this were on one hand it's bringing transparency to various episodes that clearly governments did to have happened. on the other hand the founders stuck in an embassy right now because it believes he will be prosecuted so there is a back and forth to this. the argument is the same if we talk about the threats. yes nazi actors can carry out forms of cyberattacks but the states are still the big dogs. that is the first part of it. the second was your question about ultimately is this a triumph or a tragedy? i just think it's a revolutionary technology and the reality throughout history is that and ice a revolutionary the

game-changer eight disruption and the world was fundamentally different before and after so much so that the people before would have have a hard time imagining the world after. every time there has been a technology it has been used good and bad. the first tool some human at some point picked up a stone and did they use it to build or to bash someone in the head? or probably the best parallel for the internet would be the printing press. the printing press on one hand led to mass literacy, new models of citizenship, democracy. sports illustrated some should model edition. at the same time it led to reformation. if you are protestant you think it's a great thing. if it's the pope not so much. if you're looking at casualty flows approximately one third of

europe is killed in the wars that followed. so the internet has been again to me it's been one of the most if not the most important tool for political economic and social change in the world but that change you know has enabled a lot of good and a lot of bad things. i don't know if we are going to be able to put a tragedy or try and model but i'm more of a tryon 30 think it's creating more positive things but i acknowledge there are some bad things that have happened as with every other single game-changing technology and the reason is the humans behind it. we are filled with both good and bad intent and we organize it in bad ways etc.. right over there. >> on in the director of this cybersecurity museum. i am the director of the museum

of social security -- cybersecurity. following up on the viewer suggestion a few years ago there were books about the internet exactly about the tragedy and the triumph. things are going to be ever better because of the things and things are going to be easier and again the never with the tragedy like with books and forget about the internet. like you were saying this as i spin the case. new technology seems disruptive and we get used to that. i was wondering. [inaudible] >> it's so unfair that i have to be in whatever look at that you just created.

that is an interesting way to categorize it. again like we are all trying to divide adequacy's and adequacy is i would probably put myself i guess in the third category except not in terms of seeing these patterns before but also the key of revolutionary technology is there are ways that are different. maybe better expressed by mark twain who reportedly said history doesn't repeat itself but it does rhyme. i feel that here. the challenge and maybe what motivates me is that what will determine the first two categories is is it going to be much better or no, it's going to be much worse. the first category seem like optimist or pessimist. for me, it's you are less like

the to get the best out of it to develop the best responses if you are stuck in this strange brew that we have right now a fear and ignorance makes together. that is not the best way to govern. it's not the best way to develop and run our business. it's not the best way to handle your own personal life and there is no issue that has become more important in recent years that is less understood than cybersecurity and cyberwar so that is for me -- or is this aching need for a primer that tried to hit that sweet spot a between and look there has been a lot written but it's either been highly technical or at the other side it has had this feeling of spinal tap turn the

volume to above and get scared and oh by the way trust me to get the solution for you. instead we have to turn this issue into something where we understand that as long as we use the internet there will be cybersecurity and cyberwar threats. it's all about how do we manage them and become more recently and in our technical approach but i would argue even more so in our psychological approach to it. >> is sort of a follow-up to that. i'm just curious as a journalist i have been daunted by this topic is i feel there is so much hype and technical issues are difficult for me to understand. i worry that a lot of the experts that you hear have some incentive for projecting a particular point of view so how did you find sources you trusted

and did they tend to fall into certain categories i mean let's say professors of computer science at the university like this may be useful to you? how did you inform yourself about this issue? >> a great question. you can come at it in a couple of ways. one is the challenge for journalists and it's actually in two ways. one is the challenge of how do i report on seemingly, heidler report on cybersecurity except there is an assumption that is like this field that could be put into one little area and yet you have everything from the wall street beat to the china beat. cybersecurity is inherently woven into it. you can't tell the story of how targets are going to be doing in the next quarter to the u.s.

china relations without understanding this part of his so that's what gets back to the idea that we all need to develop a certain level of knowledge and comfort and demystify it. the second is oh by the way journalists are increasingly targeted. they are being targeted because of what they report on and the kind of information that they have. famously in the book for example the case with this "new york times" was hacked and it went out to a chinese military unit that was running a massage parlor and a wine store but the point is they went after the new york times not because they wanted -- there wasn't a traditional intellectual property theft. it was they wanted to find out who was talking to "times"

reporters that were doing a story about corruption and the senior levels of the chinese government but again now we also have to think it's part of my toolkit. i have to have this and yet no journalistic program teaches that. so the bigger question in the methodology this is not specific to cybermap treated applies to any academic endeavor. the methodology has to involve a diversification of sources and so you will notice for example i referenced different nationalities, reference different agencies. you want to be reaching out to experts and academic journals in very different fields. also again, you will notice i will reference numbers and leaving -- weeping and anecdotes together

anecdotes because they are powerful and they illustrate something and it comes where you have an issue where there is not firm data. .. that's a great grabbing headlines. what was really a play there been, the case involving the fbi and the reid to journalists

today are also, i think, more rewarding for the eyeball grabbing headlines than substance. and so that means you will often see these things reported no as fact that if you pull back you go, wow, that's not the case. that would be everything from famously a -- there was some one -- 60 minutes reported a story about a cyber attack that took down brazilian power grids. it just did not happen. more recently to a couple of do stuck they used rifle to shoot at power transformers in california. did not take down the great, but it did become a major news story in the "wall street journal". now, and got a series of phone calls from journalists calling for my opinion on this cyber

attack. it's a double layer thing. one at the same time the you had at the very same time in over 600 dozen people in pennsylvania without power "wall street journal" has a news story about an attack by rivals that did not leave anyone without power. but then you also have a bunch of people interpreting the cyber attack. somehow i keep hearing all these cyber powerhouse. that is a problem. >> maybe another professor. >> i would like to ask you about previously.

many, many great actors. so there's no -- [inaudible question] so in this case so we should adjourn. [inaudible question] [inaudible question] >> that's a great question. so what can we do?

one is to better understand. a lot of different ways. particularly because it's iconic use of masks and the like. and this in the group. also under sam the motivation for what can we do. z when is consistently the groups that it has targeted have been groups that have been some way share perform threatening the freedom. that chapter begins by saying, you know, as of august or is it begins with tom cruise. it's one of the first major implements, when he had an embarrassing video online and in

scientology tried to a rip that off and put them on the rear screen. then you have the essentially anonymous versus scientology. it has gone on to go against troops are reaping from authoritarian regimes, trying to cut off the internet to then and turned particularly linked to a wikileaks episode so one is don't get on their target list. a good way is to not threaten the internet freedom. then you go to the -- i don't care. i have to deal with the response side. i would say that there is nothing specifically unique about anonymous. many of the things you're talking about is not sharing information, not having records. and then you know the spirit is not just about ruggers know what happened but to establish a baseline so that you can then

see when anomalies are happening building up so you can do with them beforehand. everything i just said applies to an extra hour attack by some group to be it a state report the it an actor, would also applies to insider threat situations. wherever you come down on manning or snowdon call we can agree that the organizations that they were and were not following basics of good severs security. in no, manning famously down lows this massive amount of information on tow the cd market lady diana. it is not because of his taste relating gotta, but what i'm getting at is in both cases you had an individual with wide-ranging access in many ways they should not read. you have individuals given in

some cases passwords by others and the like. and then you had an anomalous amount of information being gathered. and in snowdons case, for example, he was using the web crawler to do it for him. these a the kind of things that should pop up as something to look off for, not just in a military organization, but if you're running a bakery giving an individual wide-ranging access and then in the course of a job of a person and this role they typically access these kinds of files on this kind of information. why is this person suddenly having 100 times that amount of activity? maybe it's because they have been given new assignments are may be something else is going on. let's go down and ask them. does this sort of thing that should be happening. my brother point is that the basics of cyber security would apply in a lot of different situations and go a very long

way to aiding things. again, whenever the threat the you're talking about. and, oh, by the way, you are never going to get 100 percent security, just like in life. so anyone who is telling you that if you do this just one thing or you buy this one product or you give me and my organization this much more power or budget we will solve this problem for you, to go back to the earlier question they're taking advantage of you and the ignorance. so thank you all for joining us today. [applause] [inaudible conversations] in mo,

california earlier this month. >> thank you. well, it is really exciting to be back that the computer

history museums with my good friend and colleague and my friend jerry. ..

>> he has been a voice that is super important to our industry and our technology and so i am excited to be here with both of you. let's start from the beginning. i mean, jobs and so what would possess you to sit down and write this? >> my friend wanted to talk about this and he was fighting in iraq are. and i thought that writing out the troops of these sort of interesting so we would show up in baghdad and we got lost with the marines on the other side

megabit america denotative you? >> now. and we took videos and i play the videos and all i heard was the talk and i talked. >> they put this on and they are ready for him to go. what does he do? for he will leave the airport, he insists on asking the security detail to give him an in-depth history because he is a geeky scientist.

>> what is your answer to that? [laughter] [laughter] >> we have a lot of experiences. >> eric wanted stability. >> is only one place that i couldn't convince them was to come with me to somalia. >> there were no hotels at all or government or banks or

institution. >> yes, that is true. >> i was actually the one place where don't think that i want to go back. >> shocking. >> if we go to south sudan and it is the world's newest country. so we get there and 98% of south sudan's revenue comes from oil and the government has basically cut off the pipeline. so they basically have no money for roads or police force or nothing. and what do they choose to do? spend their entire time and we enjoyed devices and asking if we could debug maps for them. priorities. [laughter] >> one of the things that the rebel president. >> it's unclear if he still involved in government.

>> asked about what i wanted to do. and i said i wanted to write about or it it turns out that the foreign-policy people who understand technology and they don't understand foreign the foreign-policy. and i certainly don't understand foreign policy you would be shocked at how miserable most people's lives are like. >> be right about how the internet is one of the few things that the humans have developed humans don't understand. i know i don't understand it, that, but i felt certain that you did. and to be honest, if you don't understand the internet, i'm pretty sure that really no one

does. and it's a little bit concerning. so what do you mean that we don't understand? >> my career has been for the last 35 years within a half-mile of this right now. and i'm constantly surprised. i think i kind of understand. they're not utilitarian and follow rules and so forth and i think for the last 10 or 20 years we are going to see more surprises and we're good surprises and more bad surprises. and all of us here in this room we live with this.

but oh, my gosh, what is that worth. >> just as an example. it is not relevant to today's discussion. >> been a presence in the book is actually amazing. >> of you think of the international relations, it was going in the early 20th century around the idea in the world is not honorable in the sense that there's no sensible leadership and then if you fast-forward every attempt at the world has made to try to create a global leadership body is basically rendered ineffective which is

one of the challenges of international institutions. many will do the internet with 2.4 billion people online today. another 5 billion people coming online. if you think of a troubled of the states are having in dealing with this mass migration to the online world or the menu out another 5 billion people. the prospects of one replicating the world seem very difficult and then controlling the entire thing. >> we have to deal with globalization with issues of censorship and free speech and there are limits to what the internet can do. >> we describe the internet and

the book is the largest ungoverned space and military and economic power and etc. and it basically establish the international system of sovereign states. it's based on an idea that you can have different legal jurisdictions that are guarded by this. and states will have their physical power which is based on traditional instruments that we discussed before. if you look at this, these are two countries.

>> i sort of concluded that foreign policy has not changed in the long-term. it has sort of been a part of this and we have relist and progressives in all of this. and what is in fact new is the empowerment that smart phones and the internet are providing the citizens and that is a new thing. and the other thing is data permanence. we are in a static world like foreign policy your book focuses a lot on what happened in too

many people in the audience are focused on it. but thinking about limitations is interesting and not something that elkin valley often does. what are the limitations is always a shock to technology but there are limits to our omnipotence. >> if only we could automate all the customers. and that was a joke. i get in trouble, show gets in trouble. we will be just like friends here. and so where are the boundaries. when does the internet stopped and bad stuff happen? i think the answer is when you have a civil war like in syria.

we can have access to entertainment. women are treated poorly. and we have been having this debate. so how would you fix it? chemical weapons are used, three different occasions that we know of. yet there's no shortage of videos coming out of syria. each one of those videos is more for effect than the one that can afford and the government is setting up checkpoints to look at people's phones and see what exists on the various profiles. >> jury was just in syria. another place and i'm not going. >> you actually shouldn't go to syria for a variety of reasons. >> thank you.

>> i saw friends of mine that i haven't seen in years. to provide context to get dizzy and they collapse. fortunately someone came in from the other room to close the window. and they go on to tell me a story about how they have homes in some of the big cities and the government has that of checkpoints where they ask you where you're phone and then they go and hold a gun to your head and if they don't like what they seek him in a signal to someone atop a building and ordered them to shoot and that's exactly what happened to my friend's brother he was shot in the head because of something that they found. and what you're left with is a realization that what syria needs is a physical humanitarian effort and intervention.

and it also is something what we need a cyberintervention of sorts. but the everyday syrian who now has a phone and spend all day online, they are just caught in the crossfire and the technologist really need to try to address, which is how we make sure that the average citizen is secure online even if they are not physically secure. >> some say that the government is better now. but imagine no government at all for a while. and everyone has smart phones.

and it becomes how you know where your friends are and we have those that watch where the nato bombing was in think about the importance of smart phones. and you're taken into this and now you have your contact list and they can impersonate you and these are very weighty issues. >> when you think back to the atrocities, there was a sense that people didn't know. >> amazingly a google she set up

the philanthropic and the social consciousness that other student of company basically the problems of the world and it seems to be since he started that, things have gotten better because they have gotten connected. >> that is the striking thing. to your point that the internet can't fix everything. so let's talk about the military. this is a day to honor but the general is here with us today and she's she's the first woman whoever became a four-star general in the u.s. military and it is an honor to have her. [applause] >> and the dear friend of mine and let's talk about this. so you show up in baghdad. they gave you a jacket but it wasn't sufficient and we come upon other day and explain. explaining why these jackets are

the way they are. but how does this affect the military? >> my immediate reaction was we are fighting this old way rather than a new way. as we basically seem to deal with the citizens. and what is the best thing you can do and build them in a protective fiber optic network and empower them so and develop whatever kind of society that we can develop with the economy and so forth and we are in a

religious school the natural strength of the society can come out and people had not allowed to use cell phones at all. and they had had their first cell phones. and after we were there they lowered the price from $5000 to $5. >> if i didn't chime in on the military side of it, we would interview a group that had been on the process of researching this