passion and determination of everyone involved as john demonstrated. from the vaccinators and social mobilizers in india to nepal to oath i don't know i can't to the sudan -- as this reported program wraps up you can find it all at c-span.org, type center for strategic and international studies in the search bar. we will take you now in washington live, national intelligence and homeland security officials will be talking at a forum, an all-day forum, on protecting consumer data and critical infrastructure from cyber attacks. this is being hosted by the "washington post." -- and it's effects on policy. so this morning you are going to hear from the officials who are charged with protecting government systems and the nation's critical infrastructure from cyber threats, but before we begin i want to briefly thank our presenting sponsor, hewlett-packard enterprise, you will hear from them a little later in the program, and our

supporting sponsor, umbc. so now i want to go ahead and get the program started and welcome to the stage the "washington post" ellen nakashima. she's going to lead our first discussion. thank you. >> good morning, everyone. i'm ellen nakashima, i'm a national security reporter with the "washington post" and it's so great to see such a big crowd out here today. i'm moderating the first discussion about cyber detection -- cyber threat detection and prevention and then we've got several more great panels to really deepen the policy debate around how we protect the united states and our democracy against attacks

through cyberspace from foreign adversaries. i'm really delighted to introduce to you my two guests because though they and their agencies are not generally in the headlines, what they do is so important. to my immediate left is tanya ugerets, she's director of the cyber threat intelligence integration center or ctic at the office of the director of national intelligence. has been around since 2015. and tanya is a career fbi intelligence analyst who is steeped in counterterrorism and cut her teeth in the days after 9/11 and her analyst teeth and so much so that she became in 2003 the first analyst to serve as the fbi director then robert mueller daily intelligence briefer. she was mueller's daily intelligence briefer. so you know she's incredibly smart and her background is so

relevant to her current job because she heads an organization that was modeled after the national counterterrorism center or nctc, which as you know was set up post 9/11 to address criticism that the intelligence community had missed connecting the dots, the intelligence dots, that might have thwarted the al qaeda attacks. so ctic which fuses streams of intelligence from across the government or intelligence dots on cyber threats provides assessments including the all important attribution or who was behind a cyber attack, who done it, to our policymakers. next to tanya is jason methini, he is the director of the intelligence advanced research projects activity, not agency activity, or iarpa.

i think of iarpa as the darpa of the intelligence community. darpa gave us the internet and stealth aircraft. iarpa is working on everything from face recognition to keeping bio weapons out of the hands of bad guys to quantum computing. the agency -- or activity i should say couldn't have found anyone more qualified or overqualified i should say to head it as jason as he has worked at the world bank, oxford university, johns hopkins applied physics laboratory, the center for bio security and brains ton university, and in his spare time he co-founded not one but two biotech companies, and because he clearly couldn't figure out what he wanted to do in life he's got a doctorate in applied economics, a masters in public health, a masters in business administration and masters and a bachelor's from the university of chicago. so, jason is a true renaissance man. >> dilitante. >> before we begin i'd like to let our audience in the room and

watching online no he that they can tweet their questions to our guests at #202live. that's #202live. i will try to get to some of your questions later in our conversation. so what a week this has been in the world of cyber. just last friday, as you know, now special counsel mueller indicted 12 russian military officers for hacking into the democratic national convention in 2016 and releasing the stolen e-mails in an effort to influence the election. that same day director of national intelligence dan coats, tanya and jason's boss, warned that the system is, quote, blinking red, just as it was in the months prior to 9/11. only this time he said it's our digital infrastructure that's under attack. and he also warned that russia was the most aggressive foreign adversary in cyberspace. so spell it out for us, tanya,

as the integrator of threats from across this spectrum what are you seeing russia do? does it pose a cybersecurity threat to the integrity of our midterm elections? are you seeing activity there? >> thank you, ellen and thank you to the "washington post" for the opportunity to speak here today. i think in 2001 when the cia director used the term the system is blinking red it was to get attention. at that time it was to get the attention of our policymakers that there were significant threats we were seeing in the counterterrorism space. director coats in his address to the hudson institute last week used similar terminology, again, to get our attention, but in this case it's not the attention of our policymakers, that's already very highly focused on cyber threats. i think you hear it in the worldwide threat assessment, that the dni has given the past few years in which cyber threats

lead as the number one year over year. you heard it in the remarks of director ray, secretary nielsen, the deputy attorney general this week and so we're very much focused on cyber threats. with regards to russia, i agree with the dni and others' characterization that they are the most aggressive foreign actor that we see in cyberspace. there is for good reason a lot of focus on their activity in 2016 against our election infrastructure and there influence efforts, but i think it's important to widen our view and to also look at the other public announcements that dhs, the fbi and the administration have made just this year about russia's cyber efforts against the u.s. and against our allies. the not petia attack, this was

malware that infiltrated a ukrainian software system and manipulated the way that the company pushed updates to its customers so that instead of getting your normal software update that we all click yes to on our computers it downloaded malware instead. according to the administration's statement that was the single most destructive and costly cyber attack in histo history. we also saw dhs and fbi this year issue a technical alert so that defenders could protect against russian activity in our critical infrastructure systems. this described russian cyber actors' efforts to infiltrate and conduct intrusions into different sectors of our critical infrastructure, including energy and water and manufacturing. so the aggression is widespread, it's against multiple sectors, it's against multiple types of

networks and so i think that call to attention that you heard the dni give, as i said, it wasn't just aimed at the government, it was really aimed at all of us but it really does require not only a whole of government, but whole of country effort to be aware of what we're facing and combat it. >> i want to get back to that but i want to let jason come in here for a second. jason, your agency does over the horizon research, sort of focused more on what's coming than rather what's in the here and now. give us a sort of cyber weather forecast on what you see shaping up to be the most significant threat of the future and what are you doing to counter it? >> so one of the trends in cybersecurity is something that's sort of boring, which is that 70 to 80% of the attacks both from state actors and cyber criminals are social engineering

attacks, they are really attacks that are meant to manipulate the behavior of users. the most common form of social engineering attacks are phishing, so somebody sends you an e-mail, tries to get you to click on a link that then gets malware in your machine. so that's a boring problem, it's not technically, you know, very interesting, but it's enormously costly and represents by far the largest share of the kinds of attacks that we have to deal with. on the technology side looking at the horizon so the next five to ten years, both defenses and the threats themselves in social engineering attacks are becoming more sophisticated thanks to advances in machine learning. so one type of advance is that we can develop better filters for being able to recognize a phishing e-mail. you already see internet providers start to use this. so if you are checking gmail and you will see a little warning message that says this e-mail looks like a scam, that's

because there is a filter that's been trained on a bunch of training examples, examples of real phishing attacks, and they've trained a machine learning system to recognize what those look like. but there is now an arms race because the people developing phishing attacks are also using machine learning in order to figure out ways of making more subtle phishing e-mails that bypass those filters. i think what we are going to see is a much greater degree of sophisticated in the machine learning that's applied to this so that every day you are going to see a significant advance on both the offense and the defense. happening really at machine speeds. so that the cyber actors can in a way create industrial scale phishing attacks such that they automatically generate these phishing e-mails in very large numbers. the internet companies will need to be developing defenses that are just as fast as just as scaleable. that's right now i think what we consider one of the hardest problems in cybersecurity. >> that's scary. do you think the companies can

develop these defenses fast enough and powerful enough to counter the offense? >> i think so. there is a long standing debate in cybersecurity theory about whether there's offense or defense dominance in cyber. that is is it inherently harder to defend a system than it is to attack it? we don't think so, we think that, in fact, the advantage goes to whoever assembles the largest number of training data. so examples of, say, phishing e-mails. if the defenders were willing either due to policy or culture to share more training examples, they could create much more training data than the attackers could. so if google and microsoft and others, apple, pooled their training data sets of phishing attacks, they would have a much larger training data set than any attacker would and they could create, then, more robust

defenses more quickly than attackers can. >> interesting. so that's a challenge to all the tech companies out there to try to start pooling their data and they will also have to do so in a way that i guess doesn't raise privacy concerns or issue. >> right. >> we have to get that with a different panel. tonya, news broke that the justice department has a new policy to disclose the existence of influence operations or information warfare attacks against the political processes of the united states when the intelligence community has high confidence that -- of the foreign actor behind it and is also fairly confident that it won't blow sources and methods. obviously this is an issue that is very much in the forefront today as we are very concerned about whether russia will seek to interfere and meddle in the midterm elections through hacking and disinformation.

what do you think, first of all, of this idea and, second, what role would ctic play in integrating the intelligence that might feed this decision to disclose? >> thank you. so i think that decision to publicly name and disclose when there are malign influence efforts is very much in line with what i was just describing and what the dni was add crating in terms of thinking about the american public, u.s. companies, the private sector as customers of the u.s. government. as an intelligence analyst we are always taught to think, number one, about who our customer is and often that's a senior policymaker, it's usually another agency within the federal government, but increasingly we have to be thinking more broadly. the u.s. government does not have the monopoly on intelligence when it comes to cybersecurity. there is a very robust

cybersecurity industry in the private sector and we need to look at new ways of partnering with them, feeding their information into what we see from classified intelligence sources so that we can create a holistic picture of the threats that we seek. so i think the more that we can create a dialogue and mechanisms for sharing information between government and private sector, back in the other direction, as well as with the american public, notify victims whether they are the victim of a cyber intrusion or a malign influence campaign, i think that will help all of us be better able to play defense against some of these efforts. >> did ctic play any role in infusing the various streams of intelligence about the russian hacking related to the 2016 election? >> yes. so i appreciated your comparison to nctc, it's a very kind one. i will mention ctic is much,

much, much smaller than nctc because we have a bit of a different mission. our personnel number in the dozens and we are a multi-agency workforce, which means that about 80% of that several dozen people who i lead come to us from other agencies, cia, nsa, fbi, department of energy, et cetera. so that is what really positions us to integrate all of the different streams of information and intelligence that we're seeing across the inner agency. so in the 2016 case and even currently our main focus is on creating situational awareness of the current threats that we are seeing. that means weeding through an awful lot of information and answering the question what do our decision-makers most need to pay attention to? and that involves contextualizing it, putting it

in context so that we know where does this fit in with the bigger picture of threats we're tracking. >> how much did you put the russian hacking of, say, the democratic national committee or other parties in 2016 into the forefront of policymakers decision-making? >> so we were certainly featuring that in our situational awareness products as it was unfolding. we are also present -- >> early on would you say? >> uh-huh. yes. in fact, ctic became official in december 2015, that was when we first stood up, and so we were kind of present for the cycle of what occurred in 2016 and we were very much involved in highlighting intelligence that the interagency saw on that matter. we also play a very privileged role of participating weekly in meetings that are led by the national security council in which all the departments and agencies that are involved in

cybersecurity gather around a table and discuss what are the current threats and what are we doing in response to those. i'm privileged each week to lead that meeting with an intelligence briefing that helps form the basis for that discussion. >> forgive me for coming back to this but i'm so interested in this.

out of order in bits and pieces and then part of the job of an integration center like ctic is to pull all ofc-tic is to pull that together and so instead the decision, the unprecedented decision to issue a public taste regarding the activity that we saw, that's ultimately for the policy-makers to make. >> if the policy that the justice department announced last night were in place, had been in place then and, and so maybe the government might have made their attributions earlier, do you think it would have made a difference, jason, tonia, in body politic? >> i try to avoid speaking in hypotheticals, but i'm heartened to see the steps that many agencies have taking to apply the lessons learned.

and what we've learned from an intelligence standpoint about how our adversaries are using cyber means to achieve their strategic objectives, because that's really what it's all about. it's not just about malign influence, it's about the whole tool set that our adversaries are using to achieve their objectives. >> now ctic doesn't focus on information warfare attacks op social media things like russian bots or automated software that generate tweets that might stoke social divisions, but is iarpa doing any research or conducting any progress in this area that might relative to thwarting such assaults? >> one is we have had a research program, a piece of which to understand, can you detect bots that are, that are in social

media accounts. can you detect sock puppets, which are manipulated accounts that are being used to express certain opinions or judgments? can you detect those automatically, since it's, this is, there's so many such accounts it's impractical to do it using human analysts. we've done work in looking at manipulation of shared databases like wikipedia. can you detect when somebody is manipulating wikipedia pages through malicious edits, that are intended to be part of a disinformation campaign. >> can you? >> you can. it depends on the individual page and the topic. how long a malicious edit is going to stick around. wikipedia is pretty rigorous in the wayings that it establishes protections to prevent high-frequency malicious edits, it's something that i think will require continual defense.

that's another whole domain in which cybersecurity and information security more broadly is really important. a third area is trying to understand more about russian disinformation. and domestically, within russia, the primary means of disinformation is lens censorship and more overloading the media and social media accounts with engineered data. so much broader use of sock puppets than censorship. which is in contrast to china for example, in which the censorship is highly engineered. also heavily automated through sets of censored keywords that trigger a chensorship event. and in russia we see much more emphasis instead on simply creating a huge volume of controlled information. much of it disinformation. in order to drown out the

genuine data. so that's another area where we need to continually develop tools to detect that kind of disinformation. >> is information warfare something the united states should contemplate using against its own adversaries to achieve its own strategic goals in any way? or is it just too much of an ethical and moral you know, minefield there? >> i can't take the policy perspective on this, but from the technological sperk i have been, i think that focusing on defense makes a lot of sense. because if we can build up the body of data, a variety of disinformation campaigns that he have woo seen historically. particularly in new social media domains, then we have a perch from which to develop robust defenses. part of this is a hard social science problem, which is in

general, as citizens we need to be more skeptical about information that we see on social media. so the same advice that you're probably giving to your kids, about just treating any information that they see on their social media accounts with some degree of cynicism, we as a general citizenry also need to have that same level of skepticism. that's a really hard social science problem. and we face the same thing in cybersecurity. how do you get individual users to be more skeptical about the emails and links that they're receiving? how do we get people to be more skeptical about the information streams that they have seen on social media? there's that social science problem. there's the technological problem, which is to what extent can we detect when a disinformation campaign is happening? that's sort of breaking from the normal conduct of discourse and debate within these forums. we've done work on this, darpa has done work on this. we're seeing many of the social

media companies doing their own research on this it's a really hard problem, but i think it's tractable. >> i don't want to let the panel go, without tonya, you telling us about your center's greatest success story, which is attribution of wannacry, you mentioned that wanna cry was another huge cyberevent that affected 00,000 computers in 150 countries. it jammed up the national health service in britain. tell us about what your role was, your agency or center's role in gaining attribution? why was it such a success? >> so as you described, wanna cry truly was a massive global rans ransomware attack in may of last year. in which north korean cyberactors used malware to

brick computers worldwide, hold them for ransom. and used basically took advantage of a known vulnerability in order to do that. i mentioned c-tic size and the difference in our role between nctcs, we're very much in a support role. our aim in addition to integrating information is kind of bridging the seams across the federal cybercommunity, the intelligence community, network defenders, incident responders, law enforcement and helping information move across those various parts of our cybercommunity. and that's very much what we did here. i mentioned we're multiagency through our work with dhs, in those first days when wanna cry was hitting over a weekend. like most attacks seem to do. we were aware of information that dhs had gleaned through their great partnerships with the private sector.

so as the network service providers were working on mitigating the attack, trying to shut it down, they were also learning information about how it had first formed. think about a medical type of infection, where it's very important to know how it got started. so you know how to stop it. as private sector companies were learning how wanna cry had spread, they were able to gather data that showed that those early infection points. dhs had that by virtue of their private-sector relationships. and we asked, could we share that with the intelligence community. because we think it could be valuable. dhs went back to the private sector partner, got their permission, we shared it with the intel community and it helped give us a sense early on about how the infection had spread. and the intelligence community was able to come to a fairly quick assessment, but was low to moderate confidence that was

north korean cyberactors behind the attack. but then collectively we kind of weren't satisfied with that. private-sector cybersecurity researchers felt really confident it was north korea. and it's important to establish high confidence in these types of attributions, so that we potentially position our policy makers to consider response options. so we and other colleagues in the office of the director of national intelligence gathered analysts from around the community and said -- let's relook at everything we have. and let's see if we can't make additional progress on this attribution. and we relooked at that data that came from the private sector and i think realized what we had. some of our partners in the interagency were able to take that, do additional work and ultimately acquired the last bit of information that helped us say with high confidence, that it was noik noik behind that

attack. -- north korea. so i point to that as a success story, not because c-tic did the attribution or we you know, you'll ever see a piece of paper with our seal on it that tied it all together. the importance was, having the relationships, and the trust to be able to go to different partners and say -- this part of the community needs this piece of information that another part has, and also, to be that kind of nudge to the community. it's, there's so much happening as you saw just this week. and it's so easy, to move on to the next thing. we try to be the small, neutral voice in the middle that helps bring folks back to and move forward and make progress on issues like that. >> fantastic. so that note, unfortunately, i think that's all the time we have. but this in just a short time we've covered so much ground.

and you've told i think the public here some things that both of you, that we never knew and that hopefully can help us find better ways to counter, in the whole-country approach, better way to counter cyberattacks from foreign adversaries. so let's give dr. tonya uberetz and dr. jason methany, a big round of applause. >> i would like to introduce two industry thought leaders in i.t. and cybersecurity from hewlett-packard enterprise. one of the few commercial organizations that's adopted government best practices into their cybersecurity strategy.

antonio neary, president and ceo of hewlett-packard enterprise, and liz joyce, the chief information security officer of hewlett-packard enterprise, will be joining us to talk about the tools hp uses to combat cyberthreats. and how security is central to their mission of supporting their customers globally. i'd now like to welcome to the stage, antonio and liz. thank you. >> hi. >> thanks, chris. really happy to be here today. talk about something that's very important to us at hewlett-packard enterprise, cybersecurity. so chris may have mentioned i am actually going to talk a little bit the sort of evolving threat landscape. and how that's changed and what we do at hpe, in order to deal

with that and address it. and then i'm going to hand over to antonio. so i've been working in cybersecurity for the ish years and really the threats landscape has changed significantly. when i started out, cyberevents happened maybe once a year. at least something that was headline-worthy. the scale of them, we were horrified when it was maybe 10,000 or 100,000 records that were involved in the data breach. and it usually the attackers, the people responsible were what we referred to as script kitties, but that's completely changed. and you've heard part of that in the earlier panel today. so now we're talking about a scale and a sophistication and a speed of cyberthreat that is, is completely shifted how we have to think and what we have to do. so instead of things happening on a yearly basis, we're dealing

with threats that really are occurring on a daily basis. big headlines. we're talking about millions and millions of records in a single data breach. so as we look at that, we also look at the profile of the adversary that we're dealing with. and it's not script kitties any more, as i mentioned earlier. we have now nation state, as well as hactivists, doing things for ideological reasons. in additionally, cyberd crime is a $1 trillion business globally. a lot of motivation and a lot of resource that we have to respond to. basically on top of we could take our critical assets, drop them in data center, stick up a firewall and feel good about things. whereas today we're in a highly connected mobile hybrid environment and your data is sitting in a data center, in a

cloud, on devices on the edge. and for those devices we've hit a tipping point this year. where the number of devices now significantly outnumbers the number of human beings on this planet. it's about 11 billion to about 7 billion. and all of those things have data, and how are we going to protect that data. so as we look at it, as a company, we really think about things holistically, and very pragmatically. and when we do that, we think about the simple things of people, process and technology. but with a very new lens of the threat landscape we're dealing with. so when it comes to technology, for instance, we adamantly believe that security has to be built into the very core of what we do. it is about securing your applications with your development life cycle. it is about building into your firmware and your hardware, what we call the silicon root of

trust. and it's also about how you protect all your data. everything from how you deliver your service. how you interact with your customers and organizations. you have to think about security from that point. we also look at the speed at which a threat occurs. weaponization used to take months, now we're talking in terms of weeks and days and sometimes hours. from point of vulnerability to when something is weaponized. so as we look at that technology piece, we have to also apply artificial intelligence, machine learning to be able to quickly detect so that intelligence is incredibly important in order to be able to respond. and speed of automation and how you respond really deals with allows us to react quickly. then on process, as chris already mentioned, we've adopted best practices from all over. we've taken from the government the notion of the fusion center.

where that really shifts our operation from being something that is reactive, after an event has occurred or while an event is occurs, to something that is truly intelligence-driven and proactive. and then the final piece of what we look at is obviously people. cybersecurity skills are really hard to find these days. the latest reports are stating that we are going to have over three million vacancies in cybersecurity by 2020. so if you cath find the resources as an organization, you have to invest in developing and supporting those resources. but to add to that, it isn't really just a subset of your organization that looks after cybersecurity. everybody is touching the digital world. and so we take it seriously and look at the fact that everyone in our organization, no matter what your job is, no matter what your role is, is trained on cyber. so with all of those different

components moving, what do we worry about going forward? well it's manipulation of data. i don't know if you heard about, there's a project that was run out of m.i.t. and a.i. was built and his name is norman. and he was affectionately named norman, after norman bates in the alfred hitchcock move soy, "psycho." and he's the first psychopathic ai. while the premise is that we often worry about the algorithm. what is the effect of the dataa. norman was image recognition. instead of being trained on the standard set of images, they trained him on very graphic depictions of death that were taken from the internet. as a result when norman was presented with an ink blot graphic, where other ais saw a

black and white baseball glove, norman saw possibly a man with a machine gun committing murder in broad daylight. that's a very different outcome. so as we think about the world that we live in where we have ai, machine learning, and it's part of our financial institutions, industry, our defense systems, we have to look at protecting our algorithm. but we also have to look at the integrity of the data that we train that on. so it's a lot to think about and a lot of things that we talk about and why we take it so seriously. so antonio, maybe you can give your perspective. >> well good morning. first of all i want to thank the "washington post" to give us the opportunity to speak to you today. you know we have limited time. again i'm the president and ceo of hewlett-packard enterprise. to liz's point. think about even our own company. we're a company of 66,000 employees that operate in 170 countries. that generate an enormous amount of data and most importantly an

enormous amount of intellectual property so how we protect that intellectual property. i was just here upstairs hosting a cio roundtable with many of the government agencies and i can tell you 80% of the time in that conversation, was dominated by cybersecurity. and so we think about cybersecurity, we think about cybersecurity in the context how we build cyber controls and practices. in our technology and in our processes. and one way to do it, obviously is by liz and my team working together, my engineering team, thinking about talking about the customers i have dinner with. the reality is that the data is exploding and 75% of the data is not created in the cloud or in the data center. it's created here in fact many of you are holding the phones and digitizing this conversation. you're doing something. everything compute in our life. but fundamentally is how we

protect that interaction between the user and the data in a way that protects our intellectual property. because data is the new currency. we think about protection in three forms, right? so one is obviously protection built in the core. second is the detection and third is recovery. fact of the matter is something is going to happen. the question is how you recover as fast as possible. in the context of our innovation agenda, thinking about these age-to-cloud architecture, where age is an extension of the cloud and the correlative is the data fabric, how we build cyber controls and practices at the core of the data fabric. an example of that is what we have done with our infrastructural level. how we build security at the core of that infrastructure, so every server platform we sell today, actually has a cynical root to trust. think about a fingerprint. every human has one fingerprint that's unique. and in that case, we put those

cybercapabilities inside that platform. think about the fact that now we have encryption in everything we do our storage platform has encryption built in our hard drives, in our flash solutions. when you go to the detection side of this. think about the edge where you're connected wirelessly. we can monitor the behavior of the users on the net or understand what they're doing. and ultimately score the user in a way that we have not been able to do before. not just at the infrastructural level, but the information level. the last is how we recover. the in end when you see someone under cyberattack. it takes weeks and months, a few months ago we had a cyberattack in one of the enterprise customers that had to rebuild the entire server virtualization farm and it took them weeks to recover. so we think about this as a continuum. but the one thing we do because we have a very large

infrastructure ourselves, is how we work together between liz's organization and my team in the engineering side. to figure out how we actually productize the solution so we can sell it to you and you can deploy it faster. but ultimately, our core mission, our core purpose as a company is how we advance the way we live and work. and at the core of that is not only protecting ourselves, but making our contribution. so we can provide sustainable technologies and ultimately. a moral code. particularly as we think about embedded technologies like ai that are utilized the right way and this a very important aspect that all of this is becoming a big debate. you get the case of norman here. but the reality, we need to think about this in the context of the society and the way we live. but ultimately, also, protect the business and then make that contribution to the society. in a way that honestly has to be accelerated. so unfortunately we don't have a lot of time. but i'm really proud of the work

we are doing, we are here to help you in any way, shape or form. we have solutions available to the market. please engage us with your toughest problem. we would love to help you. so with that, i would like now to pass it back to the "washington post," because our time is up. all right? thank you very much. [ applause ]

>> i'm pleased to be here with mike rodgers and chris painter. this week, president trump, lawmakers and the national security community have been discussing russia's meddling in the 2016 election and i'm delighted to welcome these leaders in their field to talk about it. i also want to say in a free-wheeling way i don't think we could have timed this event better based on the monday through friday that we've just experienced. mike rodgers was the chair of the house intelligence committee until 2015 and earlier in his career was an fbi agent. he's now a national security commentator on cnn and the host of a popular show "declassified" which explores the stories of american spies. chris painter also with us was the former coordinator for cyberissues at the state department where he was the nation's top cyber diplomat,

serving under president trump and president obama. before joining the state department, chris served in the obama white house as the senior director for cyber policy. and the acting cybercoordinator of the national security council. thank you both for being here. i'd like to remind our audience in the room that online you can tweet your questions to you, i'll try to ask some of them at the end. please use the hashtag #202live. i can't imagine a better week to have both of you here talking at the "washington post" about our cybersecurity as a nation. and our position in the, on the world stage. i want to start by asking you guys a big open question. what did you think about the president's comments standing next to vladimir putin on monday? mike, let's start with you.

>> boy, look at the time. obviously to me it was very, very concerning for a couple of reasons. set-up to helsinki candidly was a disaster. you had the president of the united states really crossing europe, insulting many of our allies and you know, a little bit rude. my mother used to say, rude is a very poor imitation of strength. and when you do that, you are setting the table for what exactly vladimir putin has been telling and doing information operations into europe, right. that the democracies are bad, that the nato is causing friction. nato might not want to be the, stop pushing nato into the border areas and certainly the former republics of russia. all of those are messages that the putin regime has been promoting. that fell into that trap. and when you get to helsinki, there's two things that bother me, one is, i don't want any leaks, i'm going to do this on

my own. i guarantee you that vladimir putin was prepared for that meeting. and understood exactly what he was going to get out of it. i don't think the president was exactly prepared for the meeting and didn't know what he wanted to get out of it. you know advantage again, vladimir putin. pitting, going against the very services that are trying to ask russians who are in the intelligence services of defense and science, we need you to work with us to make russia a better place, would you cooperate, provide information, that's what spies do. and to have that message at that time, where the president of the united states is questioning our intelligence services, and vladimir putin is definitely questioning u.s. intelligence services, i thought it was a recipe for disaster. and the last piece of this -- it plays right into the information operations that he's had been conducted and continued. the very next day or two days, he had a, an open press conference, he, being putin, with his russian ambassadors, talking about how successful the helsinki summit was. and that there are intelligence

services and other actors in america working against the president. and relations with russia. at the same time he also showed a new advanced military order and technology. this is all part of a scripted information operation campaign. and then now, because he was the only one in the room, gets to leak out what he wants happened in that meeting. and what he leaked out just today, was that they wanted a referendum in the ukraine. you know, advantage again, putin. there's no one in the room to say no, that didn't get discussed or it was raised, but not finished. all of that, advantage putin. that's what i worry about. i worry that the president himself does not take the seriously the ability and capability of russian intelligence services to mount very successful information operations, one of which was targeting u.s. campaign. >> maybe that's the title of our session "advantage putin." chris, i know how concerned you are about that. >> i agree with everything mike said. i would go in the cyberlane i

would say that there are a couple of things that the summit unfortunately showed. one was undercutting our position. in terms of both the russian hacks on our election and in providing any kind of cost on returns to russia on behavior and two, a lack of preparation. let me hit both of those quickly. one, no one has done a good job of so far is imposing costs on bad state actors for their activities. when i say costs, credible and timely costs that will punish them from what they're doing and dissuade them from doing it in the future. that's part of classic deterrence. there are a lot of grooet great people trying to protect our systems, that's a part of deterrence. but in imposing the costs means the actors will think twice about it. we haven't done something with putin that hits him in a way that makes him change his mind. and interestingly, in this administration, we have had some good things that have happened. we've had for instance the, the national security council call out russia specifically

attribute russia for the not petty, a big worm attack that caused a lot of damage around the world. we've had some other sanctions levied on russia. but all of those things are substantially undercut. if you don't have consistent high-level and strong messaging from the top. from the president. what we saw during that summit, was the exactly the opposite. calling into question the intelligence community, calling into question whether putin did it. if i'm putin, put yourself, any of you who want to, put yourself in putin's shoes looking at this. is that going to dissuade you from doing it in the future? is that going to impose any kind of cost of any kind on you? or is that encouragement to do it again? i would argue it's the latter. lack of preparation is another issue i want to raise. you remember one of the things that struck me at the summit was not just the, would not comment, one of the best explanations is, darth vader saying, i meant to say i'm not your father. so it wasn't only, it wasn't only that. it was also the president

saying -- president putin has made an incredible offer. he's made an incredible offer to use our, what is called mutual legal assistance system to allow the fbi to go interview the 12 folks, 12 people who were indicted. russian intelligence officers and as a quid pro quo, we get to go and talk to bill browder, who has been a long-term putin foe and my former colleague, ambassador mcfaul, which would be unprecedented for a lot of reasons. anyone who is prepared for that, who talked to their justice department or national security council, would know to reject that out of hand. i was a prosecutor for many years, mike was an fbi agent, the number of joint cases i did with defendants was -- none. you don't do that. it doesn't make sense to do that. when it's a case where you're prosecuting russian intelligence, the only thing that's going to happen is you'll have stage show even if something meaningful has happened. on one side when they're being interviewed, which would never really happen and it's a way for russians to get more information

on sources and methods and investigations to figure out how mueller is able to put together this very detailed indictment. so that, but then you couple it with throwing an ambassador under the bus and doing other things that no one would think of and it took three days to walk that back. that could have been handled if he would have had some preparation. >> i'm going to ask you guys, those are great reactions, i wonder about two things. this going to sound simplistic. but when we go to bed tonight are, we less safe as a country because of what the president said and the message he telegraphed to putin? because of what you just described, chris, there is very little deterrent when the top guy is not communicating the same message. are we less safe? >> i would say yes. you've had dan coats say consistently, and not just dan coats, but every dni, has said russia is the most sophisticated and one of the biggest cyb cyber actors, not just against our elections, but across the board if you're taking away one

of the tools to deter them by undercutting any message, i think that makes us less safe. >> i don't think it's the end of the world, i don't think it's we should run around with our hair on fire. but it's very concerning to me the direction that the president is taking on this. when you really look at the cyber arena, very concerning. we know that the russians have continued to use cyberinfluence operations around the world. including the united states. there's a great website of which i help with, it's called hamilton '68. where they track these bot operations from russia, trying to influence whatever topic of the day. and the volume hasn't gotten smaller, it's gotten bigger. when you add ai, artificial intelligence on top of these bot operations and networks, it means they can get information to the place faster than you can find and disrupt it. and so they're getting better at it and they're being more aggressive about it.

this is the part that i worry about. i think, the president conflates the fact that the russians are trying to use these influence operations and candidly they were trying to bruise up hillary clinton in the beginning as well. and why? their polling wasn't any better than americans' polling. they thought hillary clinton was going to be president of the united states. so they went after her with a vigor. and they were causing, and their theory was, let's bruise the american president, whoever that is, comes out of the american presidency. so it gives us leverage. it gives us an opportunity to message around the world. that's where they were going. we all should be concerned about that. the fact that the president conflates his legitimacy of his presidency, i think, mike rogers thinks, with anything related to this topic is causing problems in unleashing the entirety of the u.s. government to help us push back on this problem. that's the part where i get concerned. the other piece, the national security institutions are not, i

don't believe, we'll let the president go too far in some of this. i wish he would be better prepared. i don't think he should do a helsinki summit, another summit here. you don't want to roll out the carpet for a guy that's murdering dissidents, murdering reporters, as we speak. occupies 20% of our ally of the country of georgia. annexed crimea. i mean the list is huge and long. you don't give him a reward by parading him with a state dinner in washington, d.c. that sends the wrong message. >> and mike and chris, you've both talked about the community and the systems and how those could be damaged. but ultimately those are made up of people. what is the message that the president is sending to you know, what many americans consider are patriots, intelligence agents, fbi agents, operatives, even double agents for russia that are working for us? what's the message to them? last night three fbi agents resigned. are more resignations and i guess abdications coming? >> look, i hope not.

i think it does send a disspiriting message to them. these are people who are professionals, who work day in and day out. both of us have worked closely with fbi agents, with intelligence community folks with, prosecutors. you know i'm glad that a lot of people in my former office in the state department and throughout the government are still there. and still in their posts, think that's really important. but it's hard to do that when your value is constantly questioned. i think that does send the wrong message. now the other thing i worry about, is structurally. getting rid of for instance the cyber coordinator at the white house, i think that's a problem. think one of the issues we have in this space is to mainstream this issue so that senior policy makers don't think of it as this boutique cyber issue, bau real national security issue. without that person there that could herd the cats throughout the interagency and make sure there are good initiatives across the board to deal with election interference, that's a problem and the last thing i would say, we still haven't heard, and this is remarkable to

me, we still don't even have a declaratory policy in this area. the president hasn't come out and said, if this happens again there will be consequences. that's a base, that's a foundation, that's not enough, certainly, but that's a foundation for a lot of other things. i think a lot of people in government are waiting for that leadership. and if they don't see it i think it has an impact on them. i hope they stay, i think a lot of them are doing great work. a lot of people in this administration are doing great work. >> not to get too personal, isn't that why you left the trump administration? >> well i mean it was time to leave. i had been in government for 27 years in various capacities, as a prosecutor and others and i decided at some point, to leave anyway. part of the reason was my office in the state department essentially disappeared, which was a problem. and that made little sense given all the threats we're facing. i know they're reconsidering that now, which is great and i think they should, there's been some congressional action on that, too. but i think there was a feeling it wasn't made a priority it needs to be and that has to come from the top. it's great that everyone who does this makes it a priority.

but if you don't have that leadership in the white house, that coordinator, the president saying, he doesn't have to say it every day, or the secretary of state doesn't have to say it every day, or the secretary of defense. but they have to say consistently, this is a priority. >> that it matters? >> yeah. >> i'm going to ask you about the fbi agents, your peers, but i also want to ask you about your peers in the house and their effort to try to impeach rod rosenstein. the mueller investigation started off by looking at the crime of the interference. it's looking a little bit more at was the president trying to thwart that probe? and was anybody trying to hide something else about the fruits of the crime that they may have benefitted from. tell me a little bit about your fbi agent friends, what they're saying. but also your house republican friends. >> i do think, here's the good news about the fbi. when you sign up for the fbi and take the oath of office and get those credentials, it's a proud moment in anyone's life to have that ability and responsibility charged to you on behalf of the

american public. most people see that first. i will tell you that. and so it's disspiriting when you're doing your work and you might be doing an organized crime case or a child pornography case or a white collar case or working counterterrorism or counterintelligence cases, it's disspiriting when the general conversation is, boy, the people in that organization are corrupt. they're politically biased, they're -- fill in the blank. that is, i mean every agent has a political opinion or most do. and they understand the importance of checking that at the door. because you're talking about taking away somebody's freedom, you know, put them in jail. very, very, it's, it has huge consequences. so yes, they are i have talked to many of them. i've talked to small groups of them who are just looking for hey, we're going to do what we have to do. but really? so i worley about that. and i worry about this notion that they can't separate the two, could there have been an individual problem? absolutely. does that mean the fbi culture

is now corrupt? i would passionately argue that is not the case and they should start to be careful. you need these agents out on the street with credibility. when they open up those credentials that it means the full force of effect of the support of american people and their elected leaders to do their job. they need to get that straightened out in a hurry. i don't can care how bad they are, they need to understand this is bigger than the next election, the next quarter tomorrow, the next news cycle. it will have long-lasting eff t effects they have to appreciate. we've had this problem in the fbi that people walk through their careers, they get to a certain point. they get to leadership jobs in cyber. and somebody knocks on their door and says you know what we'll triple your salary if you come work for us. and if you have been slogging away as a public servant for your career and you're married and you have kids and they're getting in college and somebody

walks in and says hey, thanks for your service in the bureau, come on over, i can't say, i don't think that the resignations that you saw didn't all happen in sequence, in a short period of time. there's been about a month over a period of time. all of of them are going to well-paying cybersecurity jobs in the private sector. why? they can't get enough people. they're dying to have that extra expertise and the pressure on these people is immense. by the way we had the same problem for a while when i was chairman, i used to have to go to new york, it seemed like about once every month to say stop stealing our people in the agency. the c.i.a. please stop it it's hard. you want them to make their own choices, the government spends a lot of money training them. they are highly skilled, highly sought-after people in the private sector. it's hard. that part is hard. i don't believe that the fbi piece was related to anything trump related. i think it was all personal economics that led them to make

these decisions. >> i agree. but i would say people don't go to work for the government for money. they go because of sense of mission, because they want to do something that's going to help everyone. >> for the first 20 years. >> for the first 20 years. >> but still even within that. i think people take pride in their work and if there's a money option out there. >> back to rod rosenstein, everybody is wondering what's going to happen with the mueller investigation. and it's moving rather rapidly with including the recent indictment of the central crime, the 12 gru intelligence officers accused with some pretty intense behind-the-scenes details about how they hacked into democratic servers. some house republicans have been talking about impeaching rosenstein and being pretty clear that they don't trust him to oversee the mueller investigation. and pretty clear that their goal is to end the mueller investigation.

what do you hear from them, mike? and both of you, what do you think about that? do you agree with this effort? >> i passionately disagree with the effort. i don't think it's going to happen. i think cooler heads will prevail along the way. let's take a step back. if you look at the body that's being presented of information, you had agents who said they were going to do something about it and in their personal texts and things. the optics of this are bad. and the fbi needs to work to correct this, as rapidly as they can. that should not be allowed to permeate anywhere around an investigation. and i give mueller credit. once he saw those, by the way, that wasn't the purpose that these folks were referred to, to an investigation. they were conducting themselves in a way that wasn't consistent with fbi rules and regulation. that's why they got referred. they looked at the texts and said, whoa, that's a problem. and he did something. he removed them from the investigation. pretty hard for me as an old fbi

guy who say that wasn't the right series of events. for all of it to happen. now the problem is all that information is now being said that that influenced the entirety of the investigation. i just don't think they've made their case yet. if they believe that and there's more there, bring it on. i mean i'm certainly willing to listen. i don't think they've made their case in that. i think again, with the, these are the same group of members who wanted to stop this from the very beginning. they want to stop it today. they passionately believe it's political. i don't think there's malintent that they're only doing this for political reasons. i think they passionately believe there was some ill intent by the bureau and by the both the attorneys and the fbi agents, to do something against the president of the united states. and by the way, this is why i caution it -- one of the statements to putin by the way, to his russian ambassadors, following the helsinki summit was that there are forces within the government of the united states trying to work against

the white house. that is a dream come true. if you are a russian intelligence officer trying to recruit somebody around the world. or stopping a russian intelligence officer from actually cooperating with the c.i.a. or fbi somewhere. that's why they need to be really careful about how they move forward on this. >> you guys, you talked a little bit about how the president in your view can't separate the interference of the russian intelligence officers, with his legitimacy as a president. everybody agrees russia interfered. everybody in the intelligence agency believes and now putin admitted yesterday, that he wanted hillary clinton to win. the last piece is, did it affect the election. do you guys think it affected the election? >> i think it's impossible to tell. did it affect the election? absolutely. >> the result. >> it affected it in some ways, did it have a dispositive effect? i don't think we know. you don't spend money on advertising campaigns if you're not trying to affect an outcome. people spend in campaigns, lots of money to try to affect an

outcome. did it have a suppression to the voting component? did it change other people? we don't know. soy think it's unfair to say it had no effect. we know it had no effect. we don't know. but we don't have to even come to that question to say this is impermissible. the attempt to do that is impermissible. and the last question, i think it would be ridiculous to go after rod rosenstein. i think the other thing is i worked for and i worked with bob mueller over the years and he is everything that people say he is he is the epitome of impartiality of thoroughness. i think he's demonstrated that. we should let this investigation run its course, it should run its course and i think it will help us get through all this. i think that's an important part. >> and stop acting guilty. it feeds into the narrative. that's what drives me crazy. >> and i think this confusion -- >> stop acting guilty. an advantage. >> and the legitimacy versus,

very sus anything. if you mention cyberto trump. he'll code it as russia and not want to hear about it it affects cybersecurity writ large. >> i don't think it will influence the election, i think the numbers were baked in on people who believed hillary was crooked. that was baked into the election before they got there. i do think it had an impact. and the one impact we should be very concerned about is they very aggressively tried to pit groups of americans against other groups of americans. they pitted activist groups against white supremacist groups and tried to get them to show up at the same place. this gets my blood boiling. they tried to pit christian groups against muslim groups. and they tried to do this across the country and they tried to do it in small and subtle ways. and what they were looking for is the added influence operation effect of being able to take that image or those conversations, and then broadcast them louder and to a

more broad audience. and it wasn't just to the united states, it was around the world. they want the world to believe that the united states doesn't like each other so much they're stopping to function as a democracy. that's their message. that's what they want. >> and you know what that leads into? i was speaking in australia at sydney university and a chinese experiment stood up and said, isn't this experiment you've had with democracy, aren't you ready to move on to a more stable system like we have? obviously i said no. but that is being used by some of our adversaries on very different systems, to go around the world, to countries on the fence and say, why do you want that? don't you want what we have? that's really damaging. >> what's your biggest fear right now, guys? is it about what's next? is it putin meeting with the president again? in september? is it a new attack from the gru or another division of the federation? what's your biggest fear about what could happen next? many people saw this week as a very dramatic inflection point for this presidency.

attacking our own country on foreign soil what do you worry about next? >> i have said this often and i think it's even worse now. america is in a cyberwar. most americans don't know it and i am not convinced we're winning. and if we don't have a whole -- even the obama administration had some difficulties putting their arms around it the whole snowden affair slowed everything down. they did a very successful job. he's living -- in moscow, that's right. they did a great job of slowing down any progress of getting the whole of government to come together. and i mean all of it. to try to push back on what is a growing threat in the, they did a report that koim out. d.o.d., that the russians are in our electric grid. they're not there to see how it works, they're there to figure out if they need to or want to, could shut off our lights. they have become much more aggressive. you have information operations, which is different from

cyber destructive attacks and theft of intellectual property. china is on the increase, russia is on the increase, we're debating amongst ourselves on some very small things in a very big threat picture. that's what worries me most. >> this interference, the cyber community. we didn't see this coming. it's a cyberspn enabled operation, we need do do a better job of getting different communities together to fight about this but the things on the radar, we're worried about. the infrastructure attacks, the dhs, fbi, bolton went on about prepositioning malware on the electrical grid. that's a huge potential issue. exposure because of the internet things are 5 g, there's so many different things where we know dedicated nation-states and other organized groups are trying to target us. and if we're not sending the message, if we're not actually trying to deter them, that's a huge issue and they will come back and do it stronger and they might not do it during peace

time. but if we have a conflict, they're going to take our systems down. and one thing that worries me more than all of that, is the integrity of information, it's one thing if there's a denial of service attack and i can't get to my website for a couple of hours. it's another thing if as my friend the former president of estonia said, if someone breaks into my hospital, changes my blood type and the next time i get a transfusion, i die. or they affect the financial data and the stock market so you can't close. or you affect military systems. so there's a range of different threats. i don't like using these terms that people use of cyber 9/11 and things like that when you don't see that, people just lose interest again. i think we need to look at the threats and take them for what they are. and i think we need to be very strong about going after them. and that requires leadership and it requires organization. >> and if the leader as you both have summarized, is not signaling any interest or devotion to the topic, are we

prepared for all of the scary things you just described, chris and mike, are lights being shut off without our knowledge, our water being infected. our blood types being changed, our stock market being crashed. are we, are there people in the trenches, stopping this -- >> there are people in the trenches, you're talking to chris krebs later that that's someone and dhs has been doing a lot of work, including with election systems. there are people in the intelligence community doing good work. people at the justice and the state department doing good work. but it has to be unified, this all of government approach and a priority. and it has to be a global effort. we made a lot of effort in reaching out to other countries and building alliances on this. that has to continue. it can't just be the u.s. versus the world. we're responding to the threats, we need our close allies, we need to include other allies. >> we're not prepared, we're barely cleaning up. you talk to secos in big financial institutions, they

shake a lot and they sweat and they don't sleep much. because they are overwhelmed at the sheer level. so you used to have criminals only trying to get in. now you have nation-states trying to get in. which makes their job incredibly difficult. we're all going to pay a price for that. without a concerted effort, this issing only going to get worse. we know who the four bad actors are in cyberspace are. north korea, iran, russia and china. and we need to have a whole of government approach to this i talk to a lot of people across the u.s. government today, we're not prepared in the way we should be prepared, in the way we have capabilities to be prepared. but without this group effort and understanding what the threats are, i argue -- >> and actions speak louder than words. there's good language in the national security strategy about timely and effective consequences for bad actors. unless we do that, it doesn't matter what's written on the the pages. >> and even the doj announcement -- >> announcing that they're going

to tell people that they're under attack. clean-up on aisle, right? you're getting ravaged, i want to show up and tell you, you're getting ravaged. enjoy your day. there's not a lot that we can do, i mean that is the wrong time to be there. that's why this is so important to get ahead of this problem. >> a lot of clean-ups on aisle 8, the 9 and 17, i can't thank you both enough, chris and mike, thank you. really scary and super helpful and educational. thank you. i hope you all enjoyed it.

i'm the author of the "cybersecurity 202 newsletter." i'm pleased to introduce my guest, christopher krebs. the undersecretary for the programs director at the u.s. department of homeland security. he's a trump appointee, he was confirmed in that role in june after having previously serveds assistant secretary for infrastructure protection. before joining dhs he was director for cybersecurity policy on microsoft's u.s. government affairs team where he led the company's work on cybersecurity and technology issues. his agency has the immense responsibility of protecting the nation's critical infrastructure. from cyberthreats. whether that's power plants, health care, wastewater

treatment plants and of course he's leading some very important work to help make our elections safe. so thank you for being here, undersecretary. i'm wondering, after trump's meeting in helsinki with putin this week, the president said he's protecting elections and standing up to russia's malign influence, do you agree with that? >> i absolutely do. he's pretty clear on tuesday. the intelligence community assessment. puts the blame for 2016 election meddling squarely on russia. and the preds is fully behind that. and i have in my organization, the responsibility for supporting state and local election officials and protecting their sls. fully empowered, i have all the resources i need to do that. we're working very closely with state and local officials. at this point through their election infrastructure, we're working with all 50 states. we're providing a range of technical services, from vulnerability assessments to

remote scanning capabilities. to a number of states. we provide information intelligence. but we also provide training. through a number of the training platforms the dhs has. and also we're doing exercises in incident response planning. >> how much of that direction is coming from the white house? is trump telling you to do this? >> well i think we need to be clear that i don't talk to president trump. i'm an undersecretary, right. but secretary nielson engages the president and the national security adviser, and her peers across the interagency on a regular basis on election security issues, yeah. >> is there an overarching strategy from the white house on that coordinate some of the different agencies' responsibilities, how we respond to election security threats? >> we have clear direction. but at the operational technical agency level, i work very closely with the fbi, with the intelligence community, with the state department, on a range of

election security and countering foreign information operations activities. could we do a better job of coordination? absolutely. but the last panel -- >> what do you need to do bet centre. >> last panel put it out very -- very well, that this is, in a sense, kind of a new front in the online battle space. information operations is frankly not something we've had to deal with over the last eight years. and the department of homeland securi security, when you think about when we were established in 2003 after the 9/11 attacks, we were counterterrorism and anti-terrorism organization. look at the way the risk landscape has evolved since 2001 to today. we have very clear nation state adversaries we're going toe to toe with, hand-to-hand combat with on a day-to-day basis. and the organization from a legal structure perspective, it's more of a lagging indicator.

we've talked about this and you've written about it. i have a piece of legislation up on the hill working with chairman mccall and chairman johnson just to change my name as an organization from nppd, which i'll give five bucks to anybody in the audience to knows what that means to the cyber security and infrastructure security agency. >> that has been languishing for a while. who's against it? >> i don't know anybody that's against it. i just think -- >> what's the hangup, then? >> i don't know. i don't know. i think maybe what we need to do a better job of from the department but also industry is communicate why this is so important, why we need to do this. it's going to help me recruit, cement my position across the federal family, but also it's going to make things easier for me when i go out to the field and provide technical assistance and instant response service, across the private sector and across the state and local market, of who it is -- who i am and what i do.

that's honestly part of the reason that we had initial challenges -- one of the reasons we had initial challenges engaging the election community last time around. it's some random nppd, sounds like a soviet intelligence agency. it doesn't tell anybody what we do. >> what other challenges are you facing when you go out and talk to states about election security when you advise them on how to improve their election systems? >> so, this is a really interesting area because what i've seen over the last year, and i've been involved in the department of homeland security's critical infrastructure activities since their inception back in the 2000s. i have never seen a level of engagement so rapidly and so deeply across any infrastructure sector like i have with elections. so, in the last -- less than a year, we've established a number of coordinating mechanisms in

isac, which is information sharing and analysis center, which i'll try to keep this an acronym-free zone, an information sharing association that has close to 5,000 members in five months. that's unheard of. when we talk about challenges, there's still concerns about federal government intervention with elections. they are by the constitution and by statute administered and the responsibility of state and local governments. that is still the challenge that we're facing. now, it is a matter of trust. so, we have got to build strong partnerships and we have to establish trust with those folks. trust takes time. it takes constant engagement. it takes personal outreach. i've been over the last six months on a -- frankly, kind of a road show across the country for primary day. i showed up, talk to secretary of states, talked to election directors. asking them, what do you need? how can i help you better? >> what are you hearing? what do they need most?

>> i think what they need, well, money. everybody needs money. i need money. these systems are expensive to replace. state budgets are generally not constructed for widespread i.t. capital investments on a snap basis. now, these aren't snap, necessarily, but if you're telling me you need to replace $80 million worth of equipment right now, that's a hard sell at the state level. >> congress sent money to do just this. $300 million last march. all states requested that money. most are spending against that. you talk to secretaries of state and they almost universally say this is just a start. this isn't enough. we need money on an ongoing basis. yesterday congress voted down what would have been another $380 million to do that, to replace this voting machine to

patch these vulnerabilities, to hire i.t. staff. how is that affecting the preparedness, not just in 2018-2020? >> there's a couple things in there. first, is the $380 million that went out to the states that was directed patiented on registered -- or census-based registered voters. in some states you have $13 million, other states may get $3 million. that's a lot, to be clear. it's not enough if you talk about a state that has to replace all of their dres -- >> new jersey, georgia. >> in some cases we're talking about $80 million. >> dres are the touchscreen vote issing machines. >> they have certain vulnerabilities. they can be compensating controls, but, yeah, you want to -- we're digressing here but

you want a paper-based voter are verifiable paper trail for any voting system and do post election audits. those are the things we recommend. both of those, if you don't have them, cost money. where is it coming from? here's my sense of what's going on right now. states need money. yes, they need money to replace these systems. these need money to institute post election audits. where is that money going to come from? it's the responsibility of the states to administer elections. it's the responsibility of the department of homeland security and federal government to provide for the national security and national defense of this country. there is a discussion that needs to happen between those two things. what i think we need to do in the very near future is rather than say, we need money, give us money, we need "x" amount of money to -- >> states have to be much more precise? >> i think so. if states need money they need

to say what necessity need it for and how much they need. that'sing if to help inform and drive the conversation on the hill. otherwise just a general statement of i need $1 billion. well, for what? we work closely wit\ states to help\/\/\/\ them/\/\/\/\/\/\/ them\/\/\/\/\/\/\/\/\/\/\/\/\/ understand. they were dealing on election day with this is just another significant risk profile for them. >> there's another risk i want to talk about. this is something i hear from secretaries of state, from election officials. i've also heard it from your colleagues at dhs. this is the idea that voter confidence is a risk that's really hard to mitigate.

i've heard this described as the biggest election security challenge that we face. when the president contradicts himself on the russia threat, how does that affect voter confidence. >> well, look, i think the bigger issue is voter -- the intelligence community assessment's very clear. the president has supported the ica and endorses the results -- or the findings. >> back and forth on that. >> but, look, he is -- look, i am not -- i take the president at his word. there's a headline -- >> is that what you tell the people you're advising out in the states when the president says these things? what do you tell them? >> here's what i tell the states. we know we have a risk. we know there's a threat. let's work together to close out the risk. i live in the operational space. that's where i have to get my job done. not in the headlines, in the

operational space. when i go out and meet with secretaries of state, i ask, what do you need? what are you concerned about? yeah, there are a lot of situations where folks are -- there's public confidence. that is in part driven by the fact we continue to have in the headline space the russians are hacking the election. we've also really got to be clear on what the russians had access to from a technical cyber security perspective in the '16 elections. there's the administration of elections, which is voter registration, in all the kind of front-end stuff. it's not at all connected to the other half of the equation, which is -- >> what do you mean front end? >> it's voter registration. >> voter registration systems? >> ballots -- yeah, but it's not the tabulation counting of votes and reporting of votes. it's separate. generally speaking, best practice in voter tabulation and counting space, they're not connected to the internet or

otherwise significant compensating controls around those systems. >> there's something i wanted to ask about these state voter registration systems being a target. special counsel mueller's most recent indictments spelled out some new details about how carefully crafted these attacks were where we knew, for example, hackers breached a state rotor registration database. we didn't know until last week they stole information on 500,000 voters. did that scare you to read that? >> let me kind of unpack that a little. >> sure. >> we knew they exfiltrated, stolen information out of that state voter registration system. we did not necessarily know, i didn't necessarily know it was 500,000. a year ago or so when the intelligence community report was reported. that 500,000 number is due to

additional investigation as a part of the mueller investigation which is firewalled from the rest of doj, the rest of fbi, cia and the intelligence community. i found it interesting, sure. is there additional undermining of voter confidence possible there? yeah, maybe. going back to -- >> well, how do you counter that? >> education and awareness. here's the thing, we are out there on a daily basis working with state and local folks. in part we provide risk and vulnerability assessments. we get in their systems, we try to look for vulnerabilities throughout and we're generally findi finding three common trends sa cross those systems. first, they run outdated operating systems. they're not on the most modern systems. the most modern systems are by their default nature generally the most secure. second is they have patch

management and vulnerability management problems. when they push a patch it takes longer or in some cases they don't actually patch those -- that software. and the third thing is just misconfiguration. so, the state that was -- the voter registration database that was accessed by the russians in '16, there was some misconfiguration errors. we share that information want just with the folks we've done vulnerability assessments for but more broadly across the country. back to the voter registration and awareness piece. just like chris painter said about integrity of data but the availability of data. if they had gotten in there and deleted files, corrupted files, doing something like that, the way the system by law, not just the technical system, but the broader election system is constructed is if you, anyone in this room or watching online show up to vote and something's

wrong with your registration, either you're not in the system or, sorry, you know, you're clearly want a woman and yet this says you are you have the right by law to request a provisional ballot. even though you're not in the system, you can request a provisional ballot. each state is different, but nonetheless, you have the constitutional right and the ability to vote. takes a little bit of time. it can cause a little bit of concern, but this happens already without russians getting involved. l.a. county a couple weeks ago -- >> maryland a couple weeks ago. >> same thing. it's critically important that state officials communicate with the voting public to let them know their rights. worst case scenario, they delete those files. you cast a provisional ballot your vote gets counted. that's a sign of resilience in

the system. it can take a hit, experience some difficulties but you still get to the end result. i make this terrible joke based on a community of mitch hedburg, who passed away. it's the equivalent of an escalat escalator. when an escalator breaks, you have the stairs. it takes a little more effort but the system works. that's what we're trying to reinforce with elections. >> you recently said we haven't seen any activity along the lines of what we did in 2016. >> yep. >> what do you mean by that and what do you do if you start seeing an uptick in that type of activity? >> so, here's -- the broader challenge is, particularly in this town, we have a threat intelligence problem. what i mean by that is that i see intelligence, i see reporting on stuff every day that would look absent context concerning. what we're saying, we haven't seen a campaign on the scale of

2016 of concerted attacks against election infrastructure. concerted attacks against campaigns. yes, microsoft made an announcement yesterday about three campaigns being targeted. that is concerning. so, we're going to work with them. we'll get that information. the fbi has worked with them to share information to shore up defenses. that's what we're doing. is i am -- >> has that changed? did learning that change your approach or cause you to rethink anything you're doing? >> here's why. i don't need to see evidence. i don't need to see threat intelligence they're launching another attack on the lines of 2016. because we know they have the capability and they have demonstrated the intent. that's all i need to knock on the door of a secretary of state and say, we have a problem here. we have a risk in the system. we need to work together. that's the biggest issue, as i see it. for too long, chairman rogers just mentioned this, the challenges he sees that are

getting beat up every day, no company out there, no state out there is going to be able to overcome this challenge by themselves. we have to work together. we're pushing a collective security model, a collective defense model where we work together to manage risk. to counter the threat over there. that's the intelligence community, the department of defense, and we buy down, we address risks here domestically. that's where my organization is at. >> speaking of working together, the justice department announced a new policy that's going to start alerting the public about foreign influence campaigns. as part of its efforts to combat these attempted disrupt u.s. democracy. where does your agency fit into that? >> there are number of efforts across the u.s. government to operate in the -- to counter the influence operation space. now, this is a little technical and there's a bit of texonomy we

built out. foreign influence, that's why we have a department of state. that's why other governments have ministries of foreign affairs. foreign influence is diplomacy. the problem is when foreign influence -- >> it's also law enforcement. >> yeah. but when foreign influence crosses the line of sovereignty national interests or values, that's when we get into a foreign interference space. >> does dhs have a formal role in this? >> the department -- >> in what the department of justice is doing? >> we work alongside the department of justice, secretary nielsen established a countering foreign interference task group months back. what the fbi is very focused on, law enforcement action against specific actors. what my team is doing is working alongside the fbi, working alongside the community to understand broader trends, understand broader techniques and tactics that adversaries use. let's also be clear that foreign interference is bigger than

trying to undermine an election. they've been doing this for years. they try to undermine our confidence that our system works. our government system, our society works. our open access in freedom of speech. they're attempting to undermine that to point out that america's failing. and it's not. so, what we are doing, again, is identifying trends, building case studies, sharing across the inner agencies, sharing with private sector and trying to figure out how to get more information out into the general public about, hey, here's how you spot an influence operation under way. here's the information you're being presented. here are ways to think critically about the information you're looking at. >> are you sharing information about specific threats with social media companies, for example? i know last month you met with facebook and others in silicon valley. >> was that last month? feels like a year ago.

>> are you sharing information with them? are you telling them what they need to brace for? >> so the government works with the social media teams -- >> that's your team. >> my team has history quael relationships with social media, with technology companies, with telecommunication providers, historically relationships based on cyber security indicator threat sharing. >> they say -- you talk to them and they say, we need this information. >> yeah. >> and are they getting it? >> the government is working with those folks, providing them -- what i'm looking for is trends on activities, whether it's from intelligence holdings, looking at classified activities and bringing them down to an unclassified space to figure out algorithms, to figure out what they're doing to counter threats on their platform. >> you know, the previous panel talked about the need for this sort of whole of government

response. how important is that and do you think the trump administration is really moving in that direction? right now i see a lot of agencies doing a lot of things on their own. nsa and cyber command teaming up. i see what you're doing with dhs. i see what the justice department announced just last night. is the whole of government response? if so, where are the instructions for that coming from? >> there is a whole of government afoot. >> is there someone heading that up in the white house? >> yeah, look, it comes from the national security adviser that cyber security is top priority for this administration. there was an executive order that reinforces, re-emphasizes our approach to cyber security. >> is there a whole government response specifically, though, to election security? >> yeah. again, i work every day, my team at the operational level works every day with the fbi, with the intelligence community, with state and local officials. there is a whole of government

effort. to the broader point of coordination, i have -- this is my second time in government -- i've never seen the level of cooperation and coordination across the federal family. i got to -- frankly, i have to attribute it to the nation state space. we have a clear adversary. it's remarkable how acute the risk space is and how everybody has clarity of mission and purpose of what we're doing on a day-to-day basis. and it -- frankly, it helps me from a recruiting basis i can get out there and communicate and say, hey, look, we're hunting for russians and chinese on u.s. government networks, on private sector networks, on critical infrastructure networks every day. what more could you want in a job? >> are there other that's what we're disregarding because with

we're so focused on russia right now? >> i think in the headline space there are threats that are not -- they're not given their due. i'm telling you right now, china is the long-term strategic threat for this country. it's not just from a direct technical cyber security aspect, but look at the way they do strategic investment. rules have to change because they are pivoting around our approaches. so, there are -- you know, chairman rogers mentioned the big four between russia, china, north korea and iran. these are the nation state adversaries we see active every day in the space. our challenge is understanding what they are trying to do, what their capabilities are and what their intent is. that's the intelligence community space. my job is saying, so what? what does this piece of intelligence mean? what is the context? what are the potential consequences? and asking a second question of, what are we going to do about

it. to your coordination, it's not just about government working together. it's about entry and government working together. we have to have integrative, cross-sector collaboration. that's where we're going. we'll focus on those activities, working with the department of energy, the department of secretary, working with the sector-specific agencies that have exquisite and unique understanding of sector-specific technical aspects and bringing them into a coordination capability that supports cyber security expertise and industrial expertise. >> unfortunately, that's all the time we have for today. i want to thank you under-secretary, for being with us. i'd like to let you know that you can see highlights from today's program and learn more about upcoming events by visiting washingtonpostlive.com.

thanks to everyone in the room and everyone online who joined us. secretary of state mike pompeo is on capitol hill next week to talk about russia, north korea, and the meeting with vladimir putin. live from the senate foreign relations committee wednesday at 2:00 p.m. eastern here on c-span3, also online at c-span.org and on the free c-span radio app. mexican ambassador gutierrez fernandez talks about current relation w