somehow, somebody will still pay the bill. i think but we have got to do is to -- i think that what we have got to do is make clear that those who are involved -- they're great companies and good people. a lot of them do a good job. they he a responsibility to be able to work with us to develop better competition, to do some of the things that senator graham mentioned. the work that they are doing is not just money in their pocket. what they are working on it is important to the national security of this country. i think we have to work with them, work with contractors, work with others to try to develop approaches that can shave the costs that are involved and the delays that are involved. i know that this is tough some of this military technology isxtremely intricate and

involves a lot of complicated work. i'm absolutely convinced there is thought to be a better way to achieve greater cost savings. i hope to work withou and others to do that. >> i am encouraged from our conversations and this testimony today that you are prioritizing that. if we do not fix it, we will be robbing from some of the fundamental responsibilities you would have as secretary of defense to protect our country. looking at some of these projections over e next decade or two decades, if we do not figure out how to deal with these overruns on the acquisition programs, it will take the entire current department of defense budget. we need to make sure our men and women in uniform are getting what they need. and the healthcare issue that you addressed today is the other one. if you look at the he cost increases, it has to be handled in a way that ensures the focus is on our national security concerns.

quickly, on trade agreements, as you are aware, we are reviewing export agreements with the republic of korea, panama, and colombia. this has been increasingly clear that all elements must be used to provide for our security and build effective allies. these three countries are great allies, as you know. in response to prepared questions, you know that the republic of korea remains one of the strategies in the pacific. you plan to stay in close contact with your counterparts there and build on relationships built by secretary gates. it also noted the importance of government efforts to support department of defense activities providing training and equipment to panama, given the importae of the canal, and also with regard to colombia.

in testimony earlier this year, the commander described the trade agreement as open put a positive, beneficial -- as " positive and beneficial." how the uss the value from a security -- how do you assess the value from a security standpoint? you believe this is one way to combat the threats? >> senator, i think that when it comes to protecting our security, there are a number of areas that have to be addressed. one of those, obviously, is not just the military responsibility, but there is an economic side of this that plays an important role in rms of providing better security. the ability of these other

countries to develop trade with us, to develop their economies, create greater stability within those countries. i think that is a fact. to the extent that we can help promote that kind of trade, that we can promote that kind of economic development, i think it assists these nations in their ability to achieve stability. a good example is colombia. they have done a great job going after narco-track being -- narco-trafficking. that could become another added factor in providing british security in the region. the same thing is also true for korea. >> you think it will be positive for our national security interest? >> yes. >> thank you, mr. chairman. >> senator webb. >> thank you, mr. chairman. i appreciate you coming by my office to have detailed

conversations on a number of areas. having had the honor and privilege of meeting with weinberger when he was sretary of defense for four years, i'm well aware of the challenges of your job. i honestly believe that other than the presidency itself, this is probably the most difficult and complicated job in our federal government. i wish you the best. i also appreciate -- was gratified to hear your respoe to senator collins with respect to the need to rebuild our navy and get the navy's numbers up. the situation in afghanistan and iraq, as it allows us more leeway on how we shape the department of defense budget, we ally need to do that.

the size of the na right now is about 282 ships. the ground floor goal of 313 and all of the vital national interests that we have with respect to the stability of east and southeast asia will be very important for us to look at. in that regard, i wld like to raise two points with respect to the situation in east asia and i would also like to ask you about the situation in libya. first, when we are looking at the tempo in east asia, we see clearly that the chinese military activities have dramaticly increased in the past 15 or 16 months. the most glaring examples of that were t situation with japan about one year ago and most recently, the chinese naval vessels cutting the table of a

vietnamesehip that was exploring the possibilities of oil in the south china sea. these are basically related to sovereignty issues. they are not only national security issues, they also have downstream economic consequences. to me, they clearly talk to the commitments that we have for stability in this region. we have made these commitments. i think we are the key to the strategic balance in that region. i am wondering if you are of the same mind as secretary clinton was and gates was last year when they pretty strongly stated that we are not going to bdeterred from protecting the interests of

countries in internatial waters in that part of the world. >> very much. that's an and screaming important region. we have to have a presence there -- that is an extremely important region to have to protect our presence there. we have to have respect for international w. there has to be freedom of the seas, so that we can do our job. i think it is important to have a relationship with china, but they also have to understand that by trying to advance in the china sea, they can interfere with our abity to navigate and that part of the world. >> or to unilaterally address sovereignty issues with respect to other countries? >> that is correct. >> thank you. that also gets to the very important question in this part of the world. the chairman address this and i heard your response to that. i think the timing of addressing these issues, particularly with

respect to japanese, is vital. we have been kicking the can down the road. we are not going to have stability in aa if we do not have it in northeast asia of. the only place in the world where the direct interest of russia, china, japan, the united states intersect. it was right in the middle of all of that. i hope we can work with you on the suggestionshairman levin, senator mccain, and i brought forward. >> i appreciate the conveation we had in your office. i know this is not an easy issue. that is why the can has been kicked down the road all these years, because of the cost, the politics, and thdiplomatic problems with each of these

decisions. absolutely has to be addressed. we have to establish a stable situation. we cannot have a situation where we are playing this year to year. we need a long-term solution. i want to work withou, the chairman, and others. >> thank you. i do believe this is fixable. i've spent many years thinking about this. what we were able to come up with is at least the right approach and it could be done in a timely way, if we could get people to work with us on. doing. -- on doing that. with respect to the situation in libya, i take your point during your exchange with senator mccain that is the president's responsibility to ensure national security. at the same time, we have the situation where when the president unilaterally decides to begin military opetion and then continues it, where, clearly, as a former member of congress, i think you would agree that the congress needs to be involved in shaping and

downstream when something like that occurs. let me say this in another way. no one would disagree with the president's authority to unilaterally order military -- under eminent threats or invoking the right of self- defense, which i think is what we're doing in places like yemen -- we are coming to the aid of an allied based on treaty commitments. we are defending americans, protecting americans. we have a situation in this case for the justication is a humanitarian. you can see t potential for a very broad definition of what a humanitarian crisis is.

once that decision is made unilaterally by the preside, it needs to be subject to the review and direction of the congress in my view. >> senator, it has been my experience as a member of congress and a member of administrations that while, obviously, the constitutional power rests with the president, once those decisions are made, in order for those decisions to be sustained, it's important to work with the congress to seek best advice and counsel of the congress and hopefully to get the congress to support those actions. >> i did hear you agree with senator mccain -- his, that nobody is thinking about putting american ground forces in libya. i assume that also means after the fall of the gaddafi regime. >> as far as i know, no one is discussing any boots on the ground at any time.

>> as you know, the house passed a provision to that effect with 416 votes and i have introduced a provision. i just think we have our hands full and it is not something we should be doing in the future in that part of the world. thank you, mr. chairman. >> thank you. >> thank you, mr. chairman. we are almost done. i was listening to senator nelson's litany of the challenges ahead of you and i certainly think you will get confirmed and i will vote for that. i thought, why does he want to do that? like everyone on this committee, i'm very grateful that you are willing to do that and appreciate your patriotism and commitment to the country. thank you very much for that. i also very much appreciated the opportunity to sit down with you and your willingness to listen to some of our particular concerns in new hampshire.

i was very pleased to hear you are familiar with the men and women at the portsmouth naval shipyard. i was pleased to hear your comments to senator collins about your commitment to address the backlog that both the shipyard and other shipyards around the country are facing. i was also very pleased that you were willing to listen to the good work that has been done by new hampshire's national guard deployed support program. listening to your commitment today to better serve men and women after they get out of the military -- i hope you will look at programs like new hampshire is and some of the other states that have been so successful. not only are our national guard and reserves going to continue to play a greater role in

defense, there is some very good data that shows how successful these programs have been. i think they serve as a good model for the rest of the military services to look at. i hope you will do that. >> thank you, senator. >> one of the reasons that we have bn so successful in developing the technology for our national security and have given us our superiority in terms of our military might around the world is because of our national defense technology sector. new england and new hampshire have been a knowledge center for that defense technology sector. i wonder if you could speak to how d.o.d. or what d.o. is currently doing to ensure there is a sustained commitment to

that defense technology sector so they will continue to be there as we need them in the future. >> senator, i have not been fuy briefed on all of the efforts to try to deal with preserving that kind of technology. if i am confirmed, i just want you to know that i am a very strong believer that if we are going to have a strong defense in this country, that we have to have industries here that our american. we have got to have technology capabilities that are american. we have got to be able to have a base of support in this country in order to maintain our defense systems. it does not mean we do not deal with our allies. it does not mean we do not try to negotiate agreements with them in certain aas. if we are going to protect our

national defense, we have got to protect our industrial base, our technology base, and we have to be ablto protect the capabilities that we need here in order to make that happen. >> thank you very much for that commitment. as you know, a piece of that is the research and development needs and, obviously, the d.o.d. has been a very important part of ensuring that r &d gets done. given the budget constraints we are facing, are you -- how do you see that affecting our ability to continue to ensure that the r &d that we need is done? >> again, i do not think we can do this job without investing in research and development. as part of the process of making sure -- we're at the cutting edge for the future.

i recogniz that as part of the effort to look at the entire budget in order to achieve savings -- all those areas will be looked at. my view is that if we want to protect the weapons systems, if we want to protect our capabilities for the future, we have to have good research and development at the same time. >> thank you. in talking to some of those new hampshire and new england companies that are part of our national defense manufacturing base, one of the concerns that i often hear from them, because there often doing commercial work as well as work for the military, is their frustration with our export control system. as i know you know, the rerictions are onerous. in many cases, they are out of date. they were really designed for a cold war system that no longer exist. i know that secretary gates has been a real proponent of addressing that system.

i hope that you will be as committed. i would ask how you see moving forward an agenda that update our export control system in a way that both protect our national security, but also recognizes that we need to be competitive globally? >> i want you to know, senator, that i share secretary gates' attitude. i think whave got to be able to develop 21st century approaches to this kindf change in order for us to be able to make sure that the technologies we have are in fact technologies that we're working with others to have. >> thank you. i know you were asked earlier about iraq and whether we would

continue to stay i iraq, if we are asked. like others, i have been concerned about increasing, violence increasing, -- about increasing violence and recent casualties. we just lost somebody from new hampshire inhe attack over the weekend. i wonder if you can talk to what we need to do to keep our focus on the efforts in iraq, assuming at we are not asked to stay, how we will deal with drawing down the remaining troops that are there? >> at the present time, we are on track to withdrawing our forces by t end of 2011. i think that it is clear to me that iraq is considering the

possibility making a request for some kind of presence to remain there. it really is dependent on the prime minister and on the government of iraq to present to us what is it that they need and over what period of time in order to make sure that the gains we have made in iraq are sustained. i have every confidence that a request like that is something that i think will be forthcoming at some point. >> my time is expired. i would like to explore that more later. >> thank you. >> thank you, mr. chairman. welcome, mr. director. i was going to say good morning. i realize it is afternoon. i also want to end knowledge your tremendous leadership, your

personal friendship, and your willingness to take on another assignment -- perhaps one of the biggest and most important in the federal government. i think we share a concern about the country's fiscal trajectory. secretary gates has pointed out this is a key threat to our national security, as has admiral mullen. i know we will not support any cuts that will harm our troops. a broke country is a weak cotry. you have had to deal with this at the agency. that is, how do you balance the needand the resources? also, everything has to be on the table. i'm curious what your thoughts are about what the right size is of our military and howo we

determine what our mission will be? i have two easy questions for you. what role do you believe the american military should play in the world? as a senior military adviser to the president when you are confirmed, what would a set of guidelines that you would use to recommend to the president where the military action is justified? >> obviously, i think the united states exercises a unique role in the world by virtue of our leadership in the diplomatic arena, but also because of our military power we are able to back that up. i think it is extremely important in today's world where there are so many challenges and threats we are confronting that we maintain a strong military in order to deal with those kinds of threats.

this is, you know, not only the fact that we are involved in facingut we're clearly increasing turmoil, terrorism, and other challenges. in my view, the united states plays a very unique role in the world as far as providing the kind of leadership that tries to advance universal rights, a peaceful approach to dealing with the world, that tries to advance. good economic and political. that is a unique role for the united states. i think we need to continue to send that messagend to continue to exert that leadership. for that reason, i think having a strong military is essential to the longer -- to the larger role the united states plays in today's world.

we work with our allies. we work with nato to work with other nations. there's no question in my mind that the united states is the fundamental leader right now in the world in a number of ways. having the military strength to back up that kind of strength is important. with regards to how we approach the use of force, i think there are several important guidelines. one, what is the threat to our national interests? what is our capability to be able to respond -- our military capability to be able to respond to that kind of a threat? have we exhausted all other options to the use of force? lastly, what are the prospects to the support of not only the congress but the american people in that effort. i think all of those things are important considerations. >> thank you for those thoughts, director panetta. i think this will be a topic of

ongoing conversations, obviously, as we work to consider how, if we need to reconfigure the department of defense in a world of insurgencies and cyber security needs, satellite systems that are very important to all of us -- there's a real change under way. i also hope that we will continue to strengthen our relationship with china as it becomes more of an economic power. hopefully, it will shoulder some of the responsibility, because of its own self-interest, quite frankly. let me turn to energy. i think this has been an area of your interest, as well. it is one of the concern, but i also think great opportunity for us. admiral mullen has said saving energy saves lives. he recently pointed out that before we buy another airplane or ship, we ought to look at what we can do to save the lives

of our soldiers, marines, airmen, and sailors through our dependence on oil and other energy technologies. what are your thoughts on what the d.o.d. can do to reduce our dependence on foreign oil? >> senator,>> this is an area io learn a lot mor about in terms of the area of how the defense department is approaching this. the defense department really is a leader in trying to develop better energy efficiency, and we need to be, because we use an awful lot of fuel. my hope is to continue those efforts and to work with you and others to try to determine what additional steps we can take both in developing weapons -- the development of weapons, the development of technologies, how

we can better use cle energy, how we can better use some of the new forms of energy in order to reduce fuel costs at the pentagon, but more importantly, to contribute to hopefully a cleaner environment. >> i just introduced a bill along with congresswoman difference -- giffords that would provide more direction to the department of defense. that has widespread support from particularly retired officers and others. i look forward to working with you. the chairman has been moved to authorize defense department activities for 2012. it is about $13 billion a year, and the d.o.t. uses more energy than most countries -- dod uses

more energy than most countries. my time has expired, but for the record, maybe i could ask on question and you could give a brief response. i know 2014 is our date for afghanistan, the full handoff. you know all too well about the safe havens in the sanctuary they provide for the taliban. if we cannot reduce the safe havens or at best eliminate them, what are your thoughts about what that means for hopes for a resolution of the situation in afghanistan? >> we can only win in afghanistan if we can win in pakistan by reducing those safe havens. the two go hand in hand. the ability to achieve stability in afghanistan is dependent on whether or not we can limit and hopefully stop the transfer of

terrorism across the border. >> thank you, mr. director. you and the chairman are both my heroes because you have been sitting here f some four hours. with great patience and particulate answers. thank you. articulate answers. >> before we break for lunch, let me try to clarify a couple of things. first, would you agree that security transition to afgha security forces is to be completed by 2014, but that the process of transferring provinces and districts to an afghan security force league begins in july? >> that is correct. >> president karzai in march tontified diffthe first areas

begin transition, and that has already been presented and approved by nato? >> that is correct. >> next, my staff tells me that they have not been able to find any statement of secrary gates in which he specifies the number of u.s. troops that he believes should be withdrawn from afghanistan starting in july. are you aware of any statement by secretary gates identifying such a number, whether it is 3000-5000, or any other number? >> i have discussed this with staff at dod. anthey're not aware of any statement that has iicated a number that would be involved at this point. >> at this point? >> at thipoint. >> thank you. it looks like about one a 5:00 p.m., is that right? --

testifying ona capitol hill to replace robert gates. his nomination will go to the full senate for the vote. a watch this on line at c- span.org. >> up next, the center for strategic and international studies conference on global security threats. the first panels examine cyber security threats, and a look at

u.s.-pakistan relations. later, a discussion on the u.s. manufacturing sector. on tomorrow's "washington journal," @ debate on jobs and the economy. we're joined by bob greenstein and kevin from the national enterprise institute. workplace issues affecting women and families. later, [unintelligible] "washington journal peer " live on c-span. later, job creation and the economy. we will hear from the economic advisers. coverage gets under way at noon eastern. >> on this nomination, the ayes are 72, the nays are 60.

>> donald verilli -- verrilli replaces elena kagan. it is washington, your way. >> next, former officials talk about the growing number of global cyber attacks. this conference is hosted by the center for jiechi dick and international studies. this panel is 90 minutes. >> now they can hear us.

>> good morning, we are here today to talk about cyber incidents. i am going to turn it over to jim. >> you should have introduced yourself. what we are going to do here today is bring out the cyber incidents. a lot of our foreign friends would do something, so we have had advice. what we are going to do here today, we have goals that are a little bit different from the normal discussions of cyber security. the secretary will keep some of them up for us. the u.s. has the national doctrine.

it was previewed it in the may 29 speech. it finally emerges in the next year or two. it did not work. >> what is that declaratory policy? we will use all means to defend it. we have the very experienced at a distinguished panel that will tell us, when does something justify a military response? what is appropriate? how do we signal that malicious acts in cyberspace are discomfort. what are the measures we can use? we can use the means to defend it, and what are those means?

they have not been asked publicly before. adrienne will bring up an incident. what are the constraints, what are the legal requirements? >> nobody was ever this concise. >> the network has been hacked and intellectual property. the company [unintelligible] google had recently crashed with the chinese government over censorship. the state department filed with the chinese government and received no response. >> this was a particular

incident in some ways. how should the u.s. respond? what should we do? we will go through a set of incidents. some get closer, some are directed at high volume at military targets. we break into defense contractors. what should the u.s. have done in retrospect? you have some allegations, some evidence. you might want to talk about what a good response would have been to google. i could talk for ever.

>> sorry for the delay. it mechanical. irresponsibility. i think going to the evidence, if you were having a real discussion, you would know a lot more than what has been very briefly said. i am not saying that you would have all the answers, you but you would have much more available. if you would have an opportunity to query a range of people and the government about what they actually knew. there is a little bit of an apparent lack of rigor in discussing this. the reason i am pushing that

point is that i think that happens a lot. we operate at a level of generality and it makes it really hard to have that kind of detailed discussion in a particular thought. we should be more transparent in talking about the kinds of attacks we are up against. you can talk with more candor and the fact than simply saying that you could have a discussion about it. one of the reasons that i push that point a little bit is that the economy never gets beyond distraction. the u.s. government is in the process of trying to do that. you would like to have an international framework.

it wouldn't be particularly applicable. there is a possibility, you could say, if the government cannot control their own people, and there may be discussion that goes beyond it about their responsibility. and about what the government can do to position itself to take steps that don't look totally ineffectual. >> i think the nature of cyber is ambiguity.

you have to face forces with far more ambiguity then you have in the past. there was egregious espionage, a nation state secrets, we pretty much knew if it was a kgb or gru operation. they were going after us for competitive as well as national security. the university servers are notoriously vulnerable. it could have been through a u.s. competitor watching that from the united states, looking for a competitor elsewhere or a chinese commercial competitor as well as a chinese government.

i note with interest, though. our fault after the google hack, it was the chinese government going gmai ruel -- through gmail to try to get [unintelligible] there were assumptions that ultimately, we could never do. there is a chinese advance through search algorithms. we need to be very careful immediately catching this as a nation state problem. the larger strategic issue was the trillions of dollars of intellectual property stolen on a commercial basis. , whatof the industry's they are doing or response during also have commercial interests.

you start accommodating for that very ambiguous intent of the actor as well as the actual itself. >> one of the things that the policy maker will have to confront at the very beginning of all of this is what kind of constraints do we want applied to what they may be doing? in the world of title 10 and title 15, policymakers need to be very careful about setting standards that apply to everyone else except us. however good we are, we are not that good. there is an overarching element for this entire discussion. secondly, i think duty was bought on when she talked about

discussions on rolls of the road. hot -- rules of the road. we are going to have to evolve over time to try to protect commercial i.p. overis in china's interest time. we were able to sit down with an implacable enemy. we could discuss first strategic arms and then limited. there is a way forward here that requires government involvement. the second part of the rules of the road it doesn't apply to this case but applies to other cases. they were pretty much rules of

the road in espionage. the things that we did, that the kgb did it that we did not do. it does not apply here, but i think the concept of the rules of the road, and an official and public way, also an official and private way is something that brings the great actors together. as judy said, there is the problem of patriotic criminal efforts that are either in it for their own commercial benefit or they are doing it because they think is the right thing to do. clearly, the united states government as the ability -- it does not have the ability to take care of all of the hackers.

the problem fits into the rules of the road and the criminal conduct. >> one point on the rules of the road for the u.s., i think deputy city -- secretary made evidence to the point that the united states is more the pendant oni.p -- dependant on i.p. than anyone else. it is more imports to protect the stuff that we are dependent on them to protect the ability to have some natural defensive capability that we would not want to see used against us. >> if i could make a general point that applies to these scenarios, i will only mention this once. before i do, i would just like to say that i am expressing my own views, not of the u.s. government or any agency. i have no inside information on

any of these events. i just want to clear up that. to me, i am not sure if the problem starts here, but it is certainly worsened by the fact that we don't have a regime, a legal regime to address these issues. what we have our various laws designed against hackers, or int he -- in the case of the nsa, laws dealing with foreign intelligence collection. what we don't have is a regime dealing with the protection of i.t. if you listen to news broadcasts about hacker attacks, almost always, it is something that says it comes from these attacks.

imagine if we were attacked with a rocket and they were not sure where the attack came from. people would be outraged. l cozegal re of thegime -- because of the legal regime, we're not sure where the attacks come from. there is not a legal way of a ha doingcking -- of doing hacking back in a way that is likely to be successful. what protectors' like to be able to do, and start tracing the jobs backward. under current law, it is not possible. in the country, it is a fortress regime. a fortress pentagon, fort meade. fortress america. i am not attacking those kinds

of defensive measures, but i don't think it is likely to be successful in any way in the kinetic sense. what is true about all of these scenarios, we need a new legal regime to address hacks. people often say, wait a minute, isn't it likely to have people, nsa folks, for example, running back through university servers? the answer is probably yes, but it would be hard to make a legal regime in a way that is possible to satisfy privacy advocates. there is a difference between going into a house to search it and breaking into a house to put out a fire. even a dog knows the difference

between being stumbled over and being kicked. this context matters. >> to clarify, what you mean, an opponent would complicate any u.s. response? >> it is my understanding that it is routinely done. you make some jobs in the foreign country and go through some university servers, my server at home and so forth. that is what makes it so difficult. >> it is also the divide between military and law enforcement. absolutely, clearly, it may have

the authority here and there, but they were doing it in the '90s. it is not that we have a legal regime that you can't make work, but we are patching it together because we are trying to make statutes that were designed in a different world and trying to make them kind of work. you can take a step back and be exciting. you have to change some of this. you have to agree with one other thing, from the get go, if you have credibility about what we are doing, you can do that. you don't have to give it up. there is something that we can do for legislative change for at

least a building block. >> there is one element that complicates things. you have the title agencies that may be reluctant to reveal the fact that you can trace it back. you can be perfectly -- it complicates our ability to go to this kind of regime although i support it very much a notion that we can get to a world where there is a rule of law. >> dragging it back to your point, there is a way that we can signal the other side when we were not happy that they crossed the line. what would that look like in cyberspace? is there a willingness to reveal

who complicates that? >> sure. >> the signaling is undeclared. you're not going to handle this -- it is less like theater on the international space. we got that out of our system and we are happy now. you have to show that by demonstrating, the behavior has some equivalents. you continually penetrate the networks, or any nation state for that matter, there are ways that you can go about penetrating that. we used to fly up and down coastlines. in a sometimes provocative demonstration that says, i am going to be as aggressive as you are.

have also havetiere ad - - a tiered approach. i am going to be very noisy. and put some sort of limits on this, operationally, so we can have an adult dialogue. when you start telling actors that there is equivalence, a reciprocal action at a point that finally gets them to pay attention and adjust their behavior that way, we're probably going to use this one slide to bring this entire discussion. >> one of the interesting elements in signalling or responding is to understand that you don't have to do so in the same medium.

that particularly applies to countries that are not as reliant as we are on cyber. if you want to inflict pain, or if you want to signal that you have the capability to inflict pain, you need to find the point of pain. it may not be on this side of the world, it may be elsewhere. that is why i think this entire discussion is a really rich vein. you have to figure out what the vulnerability of other theside, -- of the other side. you have to say, ok. i know you are doing something that is a very bad thing to do. it would not be a good thing for you. but it requires us to think through this a lot more carefully rather than going into whether we have been attacked.

we will use genetic, non- genetic, or cyber - - kinetic, non-kinetic, or cyber. >> we have established kabuki thetaer w -- theater with our opponent. if you talk to the potential opponents today other than the russians, you don't have to understand that. how do you have this capability. we were talking to someone a couple weeks ago, and they were complaining about our intelligence coming into it easy. some people use shifts, other people use other stuff. how do we build, through the formal rules of the road that

you brought up, that there is a formal understanding of this? >> let me jump in because a is ahobby of my -- it is one of my hobby horses. it applies to governments whether foreign or neutral. one of the lessons of the past several decades is that we cannot rely on being too subtle. we have communicated a message in the other side hasn't got a clue. there are numerous -- and what ever it is we do in terms of signaling, it has to be a pretty clear message in private to someone at the source that understands what we have done. or we can say that you may not have noticed, but we have done something. because we are not happy with what you did. it is a combination of really

blunt the policy -- diplomacy. >> this was a little clearer. we have some strong dod says the attacks were perpetrated by that government. >> in this case, i do not know. do you treat this just as when for their side and now we run around on the defense? what would a response like?

this clearly does not rise to the lovell of being considered international law or an active use of force. >> unless you really knew the left behind things that could blow up the whole system and then endanger all parties. you could have something that is more dramatic. but there's nothing in these facts that -- to even close to the >> i am not sure that that would even be a threshold. the behind can have dual purposes. you can control data. you can disrupt the integrity of that data. or you just pull data off of that. but the fact that -- in this case, it is well known metalwarmalware. the means to extricate data is

there. whether it was done are not, we do not know. it did air presented that, there is no leave behind with intent to do damage to that network for the data on that network. >> but going back to the point that frank was making earlier about how you do not have to be confined to the cyber wrong to think about how to respond in a variety of ways, one of the things that i have noticed that we tend to do is look at the actual attack itself instead of saying that we have other intel sources and other ways a figure in out what is going on. it is not just assigned to the cyber tracing road. you can, in theory, hypothesize that you have other sources and realize that they do have some intent that goes well beyond what our particular facts are and that would create a

different discussion, i think. but that is not a discussion of this meeting. >> we got out wooded -- we got outwitted. we would not start a war on this. eight strikes me that morals will be drawn from it -- it strikes me that morals will be drawn on this. but i cannot imagine doing anything else. >> we have to desensitize target audience, our audiences, and say that this has happened for the last few thousand years. in conflict and in peacetime. finding an intelligence capability inside of our network will honestly happened as a as aard -- honestly happene standard. i think the military is finally grapple with the fact that our

networks will be penetrating -- is finally grappling with the fact that our networks will be penetrated. as intelligent and as forensics start to roll and, you have to make sure that you catch that very carefully, as far as intense, and more importantly, what did we do not have as far as the actors are concerned and the intentions. i think that is very important. we tend to over-type these things, not only policymaking, but the media where it becomes a massive check chamber that vastly outstrips what really happened on the ground. >> i think that is right. were we have in this discussion, they throttled the real people in the room, but someone in the room would stand up and say, well, we need to

talk about preparation, which opens this giant door. i am not going to open that door. but i think you're absolutely right. i think we have to get used to the notion that people will be operating inside our networks and we need to figure out which networks will be here get -- will be eargapped and absolutely sacrosanct. i do not know. it is the discussion of both of those aspects, our own preparation of the battlefields, whatever they may be, what we're prepared to accept and what we're not prepared to accept, that forms the basis for this discussion. >> there is a more fundamental point to dod.

if you can come in -- if you assume that the internet is open, which has not been any operating assumption for dod, or that it can be easily penetrated even when there is no leave behind, then that would resolve some questions about the reliability of our defense capability in a big way. if they begin to worry that they will be spoofed or that they actually cannot use kinetic force because of the internet connections that they rely on, that is a big deal. when will they -- franks comment -- one of the things that i think we ought to have more on the table that we have had so far is a real discussion about architecture. i am not a technical person. when i say this, i have to look to the people that actually know, who are computer engineers and action now how the system

works. but i think we ought to at least start thinking about what the first principles are that we put forward when the internet was first started and the ones that we have been building on ever since, which is sort of speed, speed, speed instead of security along with speed and functionality. we need to take a step back -- it may require an international step back -- about whether there things that will not shut down their neck and build in some of the things that we're facing. not just the department of defense, but our company. if you look at the sony playstation example that has been in the news lately, i think "the wall street journal" or somebody reported that they had classified their locks to date, something $170 million. i had discussions with co's before about proper practice and

what have you -- with ceo's before about proper practice and what have you. the sony playstation example, in a totally different realm than national security, i think it quantified in a way that could get anybody attention. even for a very successful company, that is real money. it goes straight to the bottom line. i think that might open a different way of discussing whether it is worth spending a little bit more money and research to think of a different way for this architecture to operate so we do not have a given that every system has to be penetrated. fundamentally, that is where we are. a person believed that, if we continue with the architecture that we have -- and that is not a winning game for us. >> two things -- one, in terms of signaling overtly and

clearly, we do have to say that there are certain things that are absolutely off-limits. we have to say to the countries, for example, do not mess with our warning networks. if you mess with our warning networks, we might do something that you will really regret. if you do something with our warning networks, that should merit a very strong response. the second thing is duty is absolutely right. defense will always lag offense. but we also learned from this incident and others, that we can, through training, get our people to be just a little bit smarter. there is a certain embassy in town here that will go unnamed that, for christmas a couple of years ago, got thumbed rides with lovely pictures of the capital city in winter. -- from an drives -- thumb

drives with lovely pictures of the capital city in winter. >> under any set of the rules of the road we have been talking about, i think we will need some rules of the road. under any set, will some more forceful response be justified or will the send of being any other intelligence x point. they got one. we did not. move on. in this case, it was significant. it was against the military. and it was a foreign government. is it the same as everything else? >> there is one other element of this particular case in that it actually disrupted combat operations.

you run into analogies -- what if a third party actually interrupted combat operations in vietnam? what would we do to that third party? the idea of chinese involvement in north vietnam and russian involvement, we still have rules of the road as far as what we would do to them that i think remains sacrosanct, even in a cyber arena. i think you will have those rules with any nation, with any evolves nation state, in saying that what you just did was a foul. why? and we do not expect that kind of behavior again. what remains is ambiguity. he did not know to talk to. there is sufficient gap between the responsible officials that you can talk to and the potential actor. in this case, the attrition still remains foggy.

the responsible officials could say, "i have no idea what you're talking about." this is a new era of statecraft. we have to figure out how to bridge that gap between responsibility and the action. >> but that is why i suggested briefly that you could look at the response. if you at least have it in a country, right? you can look at the responsibility as not a failed state, but the opposite of that. it is the country's responsibility to provide rules of the road. and they cannot just say, "oh, i do not know what happened." >> that will have to be the rules of the road. the implications, though, 17% of

the computers that attacked were in the united states. with that scenario, if the estonians did not have the right to attack us, conversely, what was the government of the united states responsibility and what could we have done under the rule of law to alleviate that pain from the estonian government? >> in implicit in what they're saying -- but i think it is worth making explicit -- is that you really have to cheek. in the old days, you do not build muscles in your backyard. but these days, a sophisticated hacker can do enormous harm. the attack may look to rational players as if it came from a government. but it could just as well come from underemployed youth. and that makes these problems

much more complicated. >> we have two things on this. first, what is the drawback of going back to somebody and saying stop, even if it turns out it was not them. i guess there is some embarrassment. i do not think that that has never stopped us from doing things in the past. [laughter] so what is the drawback that ambiguity creates? the second thing is how much does aggregation influence ambiguity? you have 30% certainty that it was a country, that it was russia, and then you have 20 percent the next time and they have 30 percent after that. at what point do you say i am good to talk to those people and say that i discern a pattern. what will you do? is ambiguity that big a threshold for going to someone?

at what point does other factors, other than specific evidence on a specific incident reduce that ambiguity? >> i think ambiguity is a factor in a couple of ways. one, if you go and accuse somebody and they are the wrong person, you risk having that information get back to the real perpetrator, thereby reinforcing the perpetrator. that is one issue. when you go forward, you want to have a pretty good case. and your lawyers will make sure that you do and rightly so. aggregated series, i think, starts to undercut the notion of ambiguity.

do not ask me to talk about compound and probabilities. but i think a third thing is you do need to choose your target. you do need to choose a person to whom your speaking with great care. because you could go into the foreign ministry. you're absolutely wrong. i know nothing about it. that could be true. they might have to be the head of the intelligence service or the head of state. >> think about the stealthier -- think about the stealth aircraft and the secretary. >> that is true. we wanted to reflect the

realities in washington. we have two policy guides, two operators, and two lawyers. [laughter] >> yet another slander, duty. [laughter] >> we are lawyers. >> but it was a subtle thing. you have to read it, somewhat ambiguous. >> this one is different. it crosses the line. >> in september 2010, malware wiped out a fifth of iran's centrifuge. in the u.s., 36% of industry executives from critical to

electric industry -- a study has found start net on their systems. >> there's one area where you can say that it is not ambiguous and there was physical destruction. it will be interesting to note, if you agree, that this could qualify as a cyber equivalent to the use of force. there was actual damage. there was actual destruction. this would, for me, qualify as an active force. >> which does not in the discussion. even if there is a use of force from the other side against you, for example, you still have to go through an analysis of whether or not to respond with force or something else. that affected -- that is affected a great deal by how much damage really occurred and what is really necessary to use force or another or different

realm to respond. you could up the ante and say, hypothetically, and the united states, they are control machines. that is a big deal for an electrical grid. that would be a really, kind of coming interesting problem. the first problem is can we get this out of here before it makes everything crash because that would be a disaster. if the disaster occurred, for sure, that is a use of force against their country that we would then want to think about and quickly. >> i would offer a controlled system attack, the most damaging attacks traditionally being from insiders.

those who not only knew the system, but the processes that it would tend to disrupt. attack on critical infrastructure is a big deal. if we were all in a room getting this intelligence briefing, i would try to throw it back at the briefer. who knows that it was an iranian insider that caused this. prove to me that somebody did this as opposed to an insider. proved to me that it actually happened. a lot of this is anecdotal. and prove to me what aspects of this attack were nation state versus economic. were the iranians being exported? i will take out your nuclear reprocessing territory if you deny give me two million dollars. as you start tearing apart stuffnet, you see destruction of

the nation state. make sure you limit the attack, a proportionate amount to what your objectives were. i am speculating now. one infers that this was a mature nation state. these are your limits. it was one that you were -- one that there were actually concerned about national law when there were cracking it. because it ultimately proliferated, there is either an element of desperation or somebody goofed. i think everybody can say that it was a nation state attack. no one has been able to attribute it. again, the ambiguity of the cyber arena. but the point is that stuffnet has lowered the threshold for

conflict in the cyber world because somebody got away with it. somebody actually damaged a strategic asset in another country and i think we now have to say that that inherent threshold of deterrence or inhibition for cyber operations has been lowered inextricably for the first time in history. it is an interesting concept to explore because they have to start saying who is living in the glass house? and are we prepared or i the israelis prepared or, for that matter, are the chinese prepared for the next round that will inevitably occur? some has the architecture for some advanced payload and some advanced control system attacks. i think we have not heard the end of it. >> 3 points.

the first is i do not know that you can set as a threshold the fact that something was destroyed. >> is very serious. but, then again, can someone say that there has never been an intelligence operation, our store symbiosis, in the cold war -- hours or somebody else's -- ours or somebody else's. the question is is the physical destruction of something the red line? or is it physical destruction that turns grave losses? we will come to that later. that is sort of, i think, physical destruction, yes/no -- impact of that destruction. bob's point is really worth hitting. having taken this kind of an

action, you would expect that the other side might mount some retaliatory action. is there in the world something we do not know about, we did this, but do not even think of coming back because -- and i do not know that either. you're absolutely right. with advance payloads, people have to think about what the third and the fourth and the fifth step is down the line. i do not think anybody has come in with a really good idea, through an nsc tory principles committee, someone who have thought through a chain of events and having built a plausible case to get through all of that. >> i would just add to duties point. the issue's not only the immediate destruction, but what else was put there. it seems to me that -- and the supply to the next scenario.

it is one thing to damage something. it is another thing to put in trojan horses or whatever, logic bombs, that can cause enormous damage down one road when certain events have been. it seems to me you would want to look at those very carefully as well and decide what kind of response is needed. >> i used the electric grid in the united states as an example as a premise for saying that that would be something that you would want to think very seriously about responding to a properly. if you took down instead a tiny bank -- i am not trying to pick on any state -- but some small bank in any state that did not have an impact on our economy at all, that would be direct and analysis. if it specifically destroyed the network for that little internet, you would not think that we're starting world war

iii. >> so we will have to grope our way toward -- >> but we do it all the time in the kinetic world. that is one of the things. it is not rocket science to apply the standards that we have and that we have used. we have done so reasonably successfully for decades in neck-and-neck world. we're just not used to doing it in part because, going back to my opening point, we're not transparent enough been talking about what capabilities we have got. we have not gotten practiced enough. through practices and simulations, we could be more so and think through these issues. like frank says, a few are walking into a principals' meeting or a deputies meeting to talk about some of these issues, the people around the table are not all like deer is in the head

like and we do not know what you're talking about. instead, they can go through it the way they have gone through a whole host of other things that they have been through that is endemic to national security. >> and a discussion about what is in the future that could cause damage. >> we have treated cyber warfare or cyber attacks as this unique thing. the more we can push it into the realm of traditional experience, knowing that there will be areas of ambiguity, but the more we can say that the laws apply, the easier it will be to think of responses. >> i think, universally, all four of us have lived through that and the more you deal with cyber, the more you realize it is the same rules of the role --

is the same -- the same rules of the reply. the same rules of international norms. he beat the head -- he beat me over the head over time. >> only when you deserve it. [laughter] >> this goes back to when earlier part of our discussion, about rules the road. picking a bond judy's point, a small bank in some state may not be a big deal -- picking up on duties point, a small bank in some state may not be a big deal. but in terms of the commerce and e banking, it may not be impossible to develop a rule of the road for nation states. unless it is world war iii, you do not touch the financial sector because everybody is implicated in the end. you do not touch electrical

grids. we will come to that. but there may be areas where you can actually get people to cooperate. >> a share the view of my colleagues that we do have models for the kinetic world that are applicable so this is not all new. but what does make it somewhat different and that we need to understand is, again, some really bad, district of stuff can be done by despicable people. and that is different. i could easily imagine a scenario in which we demolish some government and they could say we do not know anything about it and mean it. some of this man up being more police-style action as opposed to -- this may end up being more police-style action as opposed

to some other model. >> i think the whole debate after 9/11, how we handle terrorism, terrorists can do massively discussed -- destructive things and there's no nations the behind them. >> good point. >> if you went to another government and said what happened? and they said, we have no idea. maybe the next question should be ok, cooperate with us. and if they sayif they say no, d tip. maybe the next step here is, okay, it was not you. i accept that. >> that is part of the responsibility that -- of the nation state that i was trying to suggest earlier. you cannot just say, "it happened." there is more to it.

i do think that there are lots of examples in the connected world that we are using that absolutely apply here. the fact that people do not get it right away requires us to have a more explicit international conversation about the roles and how they do work in this world. it should not be a rocket scientist to figure it out. >> it is a self interested question. >> exactly. i remember seeing -- there were some efforts, as i recall, pushed in part by russia in the '90s that had some sort of complexity behind the motivation.

i am not saying it is easy to do, but i think that as countries over time -- and i do not know how quickly a country like china will rise allies -- will realize they have as much at risk -- countries are going to bit -- are going to get more sophisticated. if they can hit all of these things, maybe there's something there we should be talking about. we sort of do know -- we have treaties for lots of stuff. we need a process that will lead us to a treaty, but there are various convening mechanisms we have done in the past. we should go for it. >> someone said to me a little while ago that in cyberspace, america has a big plate glass

window. china realizes this. he was sort of making the mutual vulnerabilities. >> there are eight symmetries in the plate glass window. as you talk to the pla, their concern is internet freedom and the ability to control voice and potential internal unrest. the middle east is the same way. if you come here, you'll have a conversation about catastrophic process control system attacks. air-traffic control systems or the electrical power grid. internationally, you have to be able to stop that. if you take my ip, i may consider we looking at -- we looking at our internet freedom policies. if you go to the european

union, the conversation will be so infused with pride the -- privacy issues, it will be a different conversation. we need to deal with those issues on a multilateral basis. >> there is a linkage between what happens in this world and the other policies that we pursue. without passing judgment on the somenistration's, governments view that as an unfriendly act. there has always been a debate within the administration to the degree in which human rights and our national security goals.

the world is connected. that is something that would have to enter into all of this. there may be areas where we say we are going to throttle back a bit on that policy because we understand we are costing you internal political problems which are serious and it would lead to possible loss of political control. it becomes more complicated because it is a very divisive issue at home, but it cannot be applied off as part of this broader international discussion. >> before we go marching off, it strikes me that it would be useful to focus on some u.s. policy. you can hook up any old piece of equipment to the internet. i find it astonishing. that nisei that i am either it burdened or blessed with the technology involved.

[laughter] when you take the cheapest piece of electrical equipment, there's a nest -- a nice tag on it -- u.l. so far as i can tell, there is nothing equivalent to that in the computer world. all kinds of devices can be hooked up to the internet that are extraordinarily vulnerable. it seems to be that under the interstate commerce clause, congress did easily say, "there are so many vulnerabilities here, we are going to tighten up the loss on what is allowed on the after net as far as devices and so on." even dodge city eventually realized that some walls were useful. ip we've come to that point in the internet world. >> one of might rules is to

never talk about reliability problems. let me get to the internet freedom one. chinese officials tell me that information is a weapon and the u.s. uses it against them. they said twitter was an american plot to undermine government. it is a legitimate observation. you have to factor that in. there are also those who assume we have a greater degree of control than we actually do. they do not believe it. what do you do in a situation like that? it is to hearken back to the accord were you have a certain degree of freedom in exchange for something you wanted.

is that model reasonable for this approach? what would it look like? we do not know. >> we have to acknowledge the internet is becoming increasingly national. iran tried to cut off the internet. iraq tried to nationalize the internet for keeping the population at bay. we sell the infrastructure we rolled into baghdad. i think we have to recognize that the enter net as we know it is changing rapidly. it is becoming an estimate of state power just like every other thing we have faced in the history of mankind. i think that will derive a multiplicity of policies and complexities that we will have to start dealing with better

than we traditionally have. >> in an authoritarian state, freedom of information is a threat. to the degree that we insist that we are going to freedom for europe. this is more serious. it can reach hundreds of millions of people. it is the kind of discussion i am not prepared to come up with an approach, but i think the idea you came up with that talks about various national security requirements is not a bad place to start. >> why do we not do to the next segment.

this takes us away from the end of our conversation and brings us back to the middle of our conversation. >> the free flow of information is a radical different thing to the different countries that use it. as of spring 2011, u.s. electrical company networks have improved several times a week. several companies networks had been infiltrated at least monthly. 74% believe there will be a major cyber and senate within the next two years. senior intelligence officials say some of these intrusions represent potential opponents. >> let me get on my soap box here. show me the data? surely the intent that is it --

that it is recalling assets as opposed to a chinese company. we see the collection of data between nation-states for commerce purposes, yet somehow we automatically tag something in the cyber arena as a national security threat. i think we have to resist that tautly. -- constantly. show me the data. bad things happen when we make leaps in the national security arena. in the cyber arena, i would suggest we say this is not a national security problem, do google, this is your problem.

you knew china was a hostile environment. you should have been better prepared. electric power utilities, you have itt need to protect. you have a methodology that your competitors would like to have. they can go fishing on the internet. shame on you. from a policy perspective, we constantly see ill intent at the nation's state level. i do not think that is good for, not only the public-private dialect -- dialogue, but public policy. it is certainly not good for international relations. >> i agree with bob, which makes me question myself. [laughter] ball and i are old colleagues. nobody takes this seriously. i agree with him. i suspect it is very tempting for executives of any private

company to want to shift costs to a governmental agency. implicit in that is the military and police force has to stop those attacks. i do not think that is an accurate assumption. bob is right in the sense of if your system is so vulnerable you are being attacked monthly, maybe you ought to tighten up your system and when it that. >> it is interesting because there is some regulatory authority, but it is very small. they reviewed the standards put forward by the kind of industry groups that come up with them. nothing really happens. this is a discussion we had in the '90s. we're having right now.

nothing has really changed other than perhaps the ability of attackers, whether they are nation states were just kids. there is legislation pending on the hill. it is also part of the president's initiative. there are different approaches. my on bias is on what the russians did, if we have definitive evidence some light is doing something malicious right now, there is clearly a vulnerability. we have to find a way to address it. you have to mandate some standards. that is my personal opinion. then you probably have to find a way to finance it. the utility companies for better or worse or rate based. they do not want to do anything be it is perfectly rational from their perspective. if you do not have a basis for doing it, they will not spend

the money. you have to have an integrated approach. i think we ought to kick off the grid as an example and get it done. >> i agree with judy. i take it in two directions. based on an experience i had a couple of years ago -- i consulted with one of the largest cyber defense companies in tel. the electrical companies are just not interested. they are not going to spend the money to protect the grid. i think they should be made to do so. there may be some federal assistance, but i think it has to be done. but i think, also, this is the kind of message that needs to be put out by the united states government publicly that enter parents with the grid constitutes an extremely serious act which could lead to

potential loss of life in the united states and which would be subject to very serious retaliation, whenever that may be. we, here, suffer elegists after a thunderstorm and things are bad. i was recently in tuscaloosa. after the tornado, they lost power for about eight days. they lost power and they lost water. you can cascade this. if you lose the ability to generate or distribute power to entire region of this country, we are going to be in very serious trouble as a nation. there will be loss of life. there will be a huge economic impact. it is not impossible to take over portions of the networks

and destroy generated capacity, which we do not have the capability to manufacture in this country anymore. it has been two years. these are serious actions. these are the types of things where we need to push industry with legislation, but we also need to put down barry clear -- a very clear markets. >> beyond electrical distribution, pipelines, a whole industry out there. >> i think there is an interesting argument about the compliance regime. witness what i would call the debacle. over the period of four or five years, it costs $3 billion. one can argue that the domain is a more secure at the end of that

$3 billion. you have to have compliance and a regulatory regime as well as an assistance regime -- a true partnership between the u.s. government and critical s infrastructure. it is not where the government comes in and beat some port utility over the head, but actually comes in and helps. there are encouraging chance -- trends. they are moving away from compliance into an assistant regime. i think that is the actual key for infrastructure providers. i will tell you they are operating on thin margins, as judy alluded to. you have to bring your networks up to nation state standards. you have to come up with a

better solution than that. >> it brings us back to domestic measures, but there are also international measures you need to involve. you have to cast someone to tell other countries this is a particularly sensitive area. you cannot do one by itself. we have never done this before. one by itself is not adequate. we have never actually done this approach. >> somebody will immediately jumped up and say, "everything all the other side of the line is up for grabs." i understand that point, but that does not justify inaction. >> this would seem to be a sort

of activity -- if it was a government and they were doing reconnaissance, it is a little bit different. they are into the u.s. space in a way that other reconnaissance activities are not. >> they are photographed think down. >> troupe. >> i do not know that i agree with that. it is one thing to do military targeting. god knows we used to have lots of discussion about what targets were legitimate and what targets are not legitimate. that is in the kinetic world.

it seems to me that this demonstrates to the degree that we can identify the source. bob is right. it needs to be made very clear that they could be activated to disable or destroy the network. if one fell those kinds of things, i would think that extremely seriously. we were at war with iraq. we took out the electrical distribution system and, in some cases, the generation system. i was not privy to those discussions. but if i were a government official, i would take this extremely seriously. >> when you talk about elected

to the generation as part of the control structure and a hostile forces if we are actually in a war -- you have to decide if that is an appropriate target. what does that do for collateral damage. there is a whole set of issues you can't go through in the kinetic world. you have to do the same in this world. if your conclusion is that this preparatory activity could take down an entire electrical grid for six months as opposed to 20 seconds, that would be a big deal. the fact actually matters here as well as everywhere else. >> in the kinetic world you have

lowered the temperature. we have to get used to living in a world where networks are indefensible. do we just grin and bear it? >> i think you do two things. one, you lighten your defenses. there is also a word that has crept into the liechtenstein -- lexicon. that word is "resilience." we need to look at ways to be able to suffer some damage and still be able to recover. that is, again, a government policy in cooperation with industry. one prepares for a worst case

situation and decide what qian as is necessary and may certain one has the combat -- what triage is unnecessary and make certain one has the capability of managing that triage. >> we optimize around principles that make sense at the time, but they need to be rebalance. that might make it possible to have less abject ability to defend the network. i do not know whether that is possible. i do not think it is -- is an easy task exactly. no one will pay for it. it has not been a priority. again, looking at some of the real damage that has been inflicted on a regular people like sony, this might be a

moment where you could ask the smart people to reconnect on whether there are some things that makes sense. that does not mean the end of the internet as we know it. this could make it easier to build security along with privacy and freedom. >> some people have suggested a parallel internet -- one or you pay a monthly fee for security and that type thing. whether there is a dismal -- business model for that, i have no idea. the internet was never designed for the levels of describes -- subscribers and vall. >> i think you start with the critical infrastructure. >> the cold war analogy is the u.s. pays to pardon some aspect of critical ever structure during the '50s and '60s. the sustained that. it was run by private industry, but it was steadily funded. i take the same can be said

about critical effort structure now in the cyberworld. -- critical infrastructure now in the cyberworld. it is resilience and complexity as opposed to a strategic target that is extremely brittle that is guaranteed to attract hackers. let's see how big a bank i can achieve. if we build this infrastructure that is continually updated dynamically against new threats, all of a sudden you'll find them going after softer targets. it is like putting a thing on your steering wheel so that somebody steals the car next to you. the same phenomenon happens in the cyberworld. you still get through it, but he wanted to go after frank's car. >> if you do all of that stuff and do not finally change

operations, you make it harder for the kids and those not super sophisticated. you weed out some of the real jerks. you have some strong people out there who really spend some money on it, you still will be vulnerable. >> one of my assumptions is that that is on the path we are on. you compare the u.s. capabilities. we are eventually going to squeeze it out and be left with nations. by the we are moving towards the high end. that is where the opposition may come up. we will have your opponents and fewer opportunities, but we will have a better time stopping this. >> law enforcement has to get

involved. i cleaned the original cnci talked about technology. later strategies in coming out of the u.s. government are more important. against a nation state threat, know about of network hardening is going to stop a dedicated attack forever. you have to have diplomacy. year after that international regimes that provide you with that. >> and you have to have a deterrent. >> u.s. to figure out what makes the other side art and you got to make clear that certain things happen. it will not be much fun at home. >> let's use that as a transition point. we have changed the names to protect the innocent. you can probably figure out to

this was. >> not too subtle. >> speak for yourself. [laughter] >> this month, phishing activities were used. they're put to use in an attempt to penetrate defense contractor networks. based of forensic evidence, the companies involved were acting on behalf of a foreign intelligence service. >> ok. so, this one -- you are all smiling. this is interesting for a couple of reasons. somebody made some assumptions. you can push back on that, but somebody did something that was a preparatory action that was

used later in of what would appear to be a more classic attempt. some of the variables might be elephant do we see this? is this the same actor? -- might be how often do we see this? is this the same actor? what do you do in a case like this? this is the kind of thing i think we are going to see consistently in the future, where sophisticated setups to an attack. >> in what you have not told me this was anything lost. we are describing an act of espionage, whether it is an individual or nation state. you're not told me whether there is any damage. you have described the methodology that is a little bit more sophisticated.

instead of one key to break into the dungeon, i had to steal two to get both in the same lock. it is fundamentally the same act, the tactics living up to that -- the tactics living up to it being a little more complex. it is a little tougher on the defensive side. you can do a lot more work, but they did that work very well. it is an attack. we have not seen the rest of that story. again, i would recommend -- the media went crazy on this again when they did not have any of the data that says they didn't attack and did it nicely from a technology perspective, but it was ultimately no story in that nothing was lost. from a policy perspective, we need to hear the rest of that

story before we start building the options we could present to the white house. >> can we expect that from industry, necessarily? wood industry give us that information? >> in that case, with the defense industrial base, there is a great dialogue. you do not bite the hand that feeds you. exactly. i know cases where that has not happened. particularly the further away you get from government contractors in the purely private sector. my recommendation to my former colleagues is do not say, "i know everything that happened." say, "how can i help you?" >> let me speak from my

reputation. it is interesting that with the explosion of huge growth in the public posture of the internet that espionage activities like this get a lot of press play. the task is you could borrow in and find something or get something. people got intelligence material and nobody was the wiser. now it has shifted into this realm. this honestly does not excite me very much, because it implies -- i have no knowledge. it implies we are not doing the same thing to other countries. if the or the case, i would think the percentage of my tax dollars is being badly spent. this is going to happen. shame on us or our companies

that allow release sensitive data -- allowing release sensitive data to be stored in places where people can get at it. this is what intelligence organizations do. so now it is on the internet. this has been going on since time immemorial. this does not bother me that much. >> it can bother you only in the sense, i think, of authentication technology that people thought was a strong protector. maybe one of the reasons the media has been excited about this is there were some of our most sophisticated companies thinking they could use this particular type of technology as a fire wall, a protective device, and that behind it you do not have to worry.

it is something you can rely on. and you cannot. what it really does is deliver the message again, which we have been saying throughout the discussion, that there is not any sure way of protecting yourself right now. that is something i think we ought to grapple with. you are absolutely right that this has always gone on. but it is still in our competitive interest, economically -- >> just because this can happen does not mean we should allow it to happen in terms of allowing data to be unprotected. but as far as carrying to the state, that is a different story. shame on us for having data stolen several years ago. all the data that was stolen was unclassified, but when aggravated -- aggregated it became classified.

we are the people doing industrial security. that is harmful. >> i admire, when this went out, because they identified a crucial target. i hope they get a medal. >> we are at the end of our time. i am going to quickly say what i got out of this. you guys did better than i expected. >> low expectations. >> i have high expectations and exceeded them. i'll say quickly a couple of things i got out of this and then ask if you have final words. this emphasis on ambiguity was interesting, the notion that we are in a permeable environment that may not be fixable without large a strategic-level changes. the ability to extend the rules

of how we think about policy making, the need to extend kinetic used to cyber -- that is probably the best thing. the whole government approach as a way to think about these problems, especially the rules of the road internationally for common understandings. finally, the whole discussion of critical infrastructure drag in something that does not get dragged in very much. for these guys, it is a business. how do we get into investment, and the example of a hardening the telecom structure during the cold war? got a lot of good stuff out of this. any final words? >> if i can make a comment about the economics of it, when

we constructed the internet, there were tremendous savings available to companies. companies kind of thought these were free goods. the point a number of us have made is they are not free goods. there is a tremendous potential cost. the question is who is going to bear that cost. that is the foundation of our tort system, who pays for it injury. i think a serious conversation needs to be had on that basis. is this a government responsibility to protect me, or do i have obligation to put good locks on my door? >> i think the other thing this discussion demonstrates is we are in the interim phase of the policy, strategic and architectural. it is odd that we have not been able to advance this discussion more in the last 20 years, while working on it all the time.

>> that is a compliment. >> i would like to see a little bit more urgency around this problem. there are just too many examples, whether it is sony or the electric grid. there is a real problem to work on. if we thought about it, we might be able to fix it. >> i agree. the only thing i would add to your list is pushing the government to identify what are truly red lines, thinking through the steps to make clear is that there are things we will not tolerate. the other question that did come out and there's some thinking and some discussion is how do we balance -- bob started us on

this question. how do we balance our policies about internet freedom with our concerns about our own vulnerabilities to what they do to us? >> i think one of the more fascinating areas of understanding cyber security network intrusions is the psychology of it. people forget this is not just technology. there are people involved. there is a gap between policymaker and legislator. there is a gap between how cultures perceive operations and activities on the internet that you have to accommodate four. there is a gap between technology developer and the operator that has to use that. and the psychology of understanding why you keep clicking at url in an e-mail that comes from friends in

nigeria. i think the biggest problems i have seen in my career have been the people and the psychology of trying to convey a very technical problem, and a very emotive problem, because of the sense of violation people get when the computer has been attacked, to a more rational understanding. what is the real problem? what is the threat? >> please join me in thanking our panelists. [applause] [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011] >> more from the center for strategic and international studies. coming up, a former cia analyst and former pentagon intelligence assessment director give their assessment of u.s./pakistan

relations. this is about 90 minutes. >> good afternoon. we are here to talk about pakistan and the u.s./pakistan relationship. just to my right is correct -- is is the author of a recent book called "deadly embrace." he has a distinguished career in government and famously lead president obama's policy in 2009. this is probably csis's most

well-known scholar. he has a long and distinguished career in government. he also performed the international assessment on afghanistan. tony is going to speak first, probably for 10 or 15 minutes. bruce is going to follow. we will have a conversation between us, and then open to questions from the audience. the floor is yours. >> i apologize. i am going to use power point occasionally. these sheets are on the web. i will tie this to what i have learned in pakistan. i will also give you references to a report that brings you up-

to-date on the situation there. let me begin by saying i think the operative aspect of this session is the phrase "perilous course." to be perfectly honest, in the real world i think bilateral invasions' are as good as they are likely to get, as bad as they happen to be. there is always the possibility that pakistan could find itself thrust by its own internal pressures into an open confrontation with the afghan television -- taliban, implying the remnants of al qaeda. as much as i would like to see that happen from an american viewpoint, i do not believe that is likely. i think it is more likely pakistan will continue to pursue a strategy that is different from ours, with different priorities, and to focus on its own internal

security dynamics. as for the phrase "regional solutions," after 50 years of hearing about them might instinctive reaction is to leave the room at the moment anybody mentioned the phrase. frankly, i think a regional solution is about as likely as an early arab-israeli peace settlement, or a congress that can raise revenues and cut entitlement expenditures. the real issue for us that dominates relations is the role of pakistan in the afghan conflict. at a point where we are headed toward an undefined but almost certain transition in 2014, i think that not only is going to shape our near-term relations, but really confront both countries with the question of

what is the enduring u.s. role in central and south asia, and how does pakistan fit into that process. let me begin with the issue of how pakistan fits into the afghan war. let me know this particular slide is drawn from the time i have spent working with general mcchrystal and the team that was developing the strategy that was recommended to bruce and others in washington. pakistan fits into a set of problems that are once we will not solve in the course of the afghan war. one is whether we can defeat the insurgents tactically. i think we are making progress.

the other is whether we can limit their control and influence over the population, which is more problematic. the idea of creating an effective nato approach is moot. it is not going to happen. they are not being reduced. we are seeking to build up an effective afghan national security force. those of you who have seen the papers over the last few days probably realize there is a major gaps between 2014 as a date and the fact that that particular build up cannot occur before 2016-2018. we have the problem of finding a way of creating an effective, legitimate afghan government. it is perhaps a warning to all of us that karzai is supposed

to leave office in 2014, the transition year. we have the search for an integrated civil-military effort, which we had optimism about in 2009, and would not have optimism about today, as those of you who have seen the washington post might realize. it is something we cannot achieve at this time. finally, we come down to the reality that winning in afghanistan, unless it means some kind of more stable pakistan, and far better relations with pakistan, will almost certainly not achieve a stable strategic transition or outcome. we may win the war, but we cannot control the future of the region. it is important to note that

was recognized in the new strategy. i will not redo the slide. but it is sometimes forgotten that all of these warnings were given very clearly to the white house and the congress, particularly the warning about the challenge of pakistan. i mentioned different strategic goals. i think this is something we cannot alter through dialogue, ade, or good -- good intentions. pakistan can see that we are going to lead. -- going to leave. the question is when and in what way. in the most optimistic conditions, 2014 is not far enough in the future to pakistan to say our influence is unlimited. its goal is to expand its

influence in the region, to block india from having any ability "to encircle pakistan" through influence in afghanistan. to weaken some areas and strength and others. this geography explains in many ways why pakistan is not going to willingly confront al qaeda or the afghan taliban, either in the five top area -- fatah area or elsewhere. we can succeed with limited pressure. the way we are given aid is normally spelled bribe a. -- bribe. it may risked some degree of limited support and compliance, as long as it is sustained. india will continue to play the game as a third player.

in fairness, in pakistan, india's role might be more moderate because its needs are more moderate. but it is a player in this equation. when we look at the challenge of relations -- these slides are not mine. they come from experts in the area. we are basically dealing with a pakistan which is pursuing its goals, as well as the search for stability on a much broader level, and as well as a much higher priority confrontation with india. nothing we do is going to change that equation in the near term. it drives what happens within the pakistani military, within the pakistani intelligence structure. this is the group that dominates the pakistan the government have behavior. -- pakistani government past

behavior. we have contributed to the problems. for any of you who wonder about what i am saying, many people never saw the report the president sent to congress several months ago. it is a very good idea to read. in it is a very clear warning that what i just outlined to you is not a personal view, but a deal and a set of concerns which represent u.s. policy as presented. it is not a casual judgment. it came hard. this document was debated with a great deal of interest and concern. what does that lead us to? it leads us where we are. last week, we heard u.s. experts in pakistan describe

u.s. and pakistani relations as being at their worst since 2001. i think that is a fair judgment. pakistan cannot easily separate itself from us, given the aid and the value of our presence. we cannot separate ourselves from pakistan. public opinion, tensions with the intelligence community, tensions with the military have grown steadily for the last six months. it is very unlikely they will diminish, particularly if we announce that we are making major troop cuts and put ourselves on a vector where pakistan we can -- can say we are leaving quickly. whether that would be any different if we were leaving slowly is somewhat uncertain.

if you look at this, the supply line is critical. you can talk about pakistan as being of great strategic interest, but it is not. pakistan is of technical interest during this war because we need the supply lines. it is a tactical interest because we need it support in the fatah area to the extent we can get it. aside from that, on a global basis, this is not a critical, or in many ways important, american strategic interest. as for operations, pakistan has acted to some extent in areas under pressure that help us. but these are primarily the areas which also affect its own security. not the afghan taliban. not the have cony -- hakkani

network. not the actions of mullah omar. the direct interests of pakistan. in the areas where al qaeda has been most active, there have been pakistani forces. this is something people like to ignore. but pakistan has troops and capability in the area. they have a lot of capabilities. they have casualties. unfortunately, in the way they have thought, they have also in many areas, pounded the alienation of people by displacement. that has not been true everywhere. there has been some corrective action. but in general, one of the great problems pakistan faces is even

when the military acts the government cannot. the civil side remains in that, whether it is in a flood or dealing with displaced people in combat. public opinion -- you obviously cannot see the details here. but it is very mixed for operations in the fatah area that is different from the areas that are close to the immediate interest of pakistan. when it comes down to the attitudes in popular terms that they have for the united states, we are by far the most unpopular a single factor aside from india in pakistani public opinion. that survey was true when taken six months ago.

the situation has deteriorated steadily since that time. a lot of the reason for this is obvious. pakistan has not developed those areas. it has not put resources into them. it has exploited them. it has relied on oppression, not on reform. when it has talked about reform, it has not executed it. the data you find it is clear. development fires fall short of the average level of development in pakistan, which is the darker blue. we have the fact that this is only one of a series of areas of violence.

we focus on this because it reflects our strategic interest. the majority are not in this area. one of the keys is the broadly permeating nature of violence and the wide variety of groups that exist throughout the country. this is a country, like much of the region, which is failing to come to grips with a massive population. the population is four times what it was in 1950. under current demographics, it will be eight times what it was in 1950 by 2050. in general, they government has failed in every civil area to come to grips with the impact of these demographics and population group.

reading budgets is not one of the favorite activities of people in the policy community. when you see where the money should have gone, you get an idea of how endemic the problems are, and how much they are driven by failures in everything from education to infrastructure. again, the anger at us, the lack of support for this war of hours, the extent to which people see us as a group you can have no confidence in, the confidence in president obama before the relations began to deteriorate -- let me just close. we have a strange quid pro quo. all of you know we have strikes in pakistan.

when you look at the allocation by target, about 40% have nothing to do with our goals in terms of of qaeda or the threat to us. they are a way of directly supporting the pakistani government because that is the target base. it is outside the area of our strategic interests and concerns. our assistance has been massive. let me go back to the word bribe. when you cannot figure rock where the money goes, when there is no public accountability, when you are not managing in your funding streams, this is not in the conventional sense aid. the military side, at least you can see a lot of the hardware, a lot of the equipment, and have some idea where some of the training and other funds went. in the case of u.s. civilian aid, we have zero

accountability. you look through the publications from the state department and aid, and you have a broad area of where the money went by category in the u.s. budget, but you have absolutely no idea of what we are buying, where it is going, and how it is being accounted for. if any of you have seen the washington post today, you have probably realized this is not one of our current strikes. this is a grim picture. it was a grim picture when we developed it. it has grown and firmer with time. unless something radical happens to change behavior between now and 2014, relations will probably be at best as trained as they are now as pakistan

tries to position itself to win this. thank you. >> thank you, tony. bruce? >> thank you very much. thank you for your introduction. thank all of you for coming today. it is always a bit of a daunting task to follow tony on a podium. he covers the issues so well and we are in such agreement i find myself in the position of what to talk about. should i just sit down and let the questions begin? what i would like to focus on, to follow up -- what i would like to focus on with a little bit more detail is the bilateral relationship, where that is

going, and offer may be a few thoughts on how to recalibrate their relationship. let me begin by saying i am in complete agreement. pakistan is a country that has so many problems facing it. one wonders why anyone would want to be prime minister of pakistan, or president of this country. it's daunting challenges, from the terrorist significant -- syndicate that has the nation under siege to its growing population demands, and the fact it is literally running out of water. i know that does not sound right. last year the had the worst floods in their history. the was a one off. pakistan may follow yemen as the second country in the world where the major cities literally do not have enough water to go on. u.s.-pakistan relations have a

very cyclical quantity -- quality to them. for 60 years, the relationship has been like a roller coaster. we have gone through periods of great love affairs with each other followed by bitter and ugly divorces. during the great love affairs, the united states throws money at pakistan like it was a drunken sailor and asks for no accountability whatsoever. we turned a blind eye to everything they do that we might not like. during the divorce, we are angry with each other, frustrated. we call each other names. we sanction them enormously. we achieved absolutely nothing by doing so. the consequence of this roller- coaster is the pakistanis have come to the conclusion the united states is not a reliable ally.

nobody in their right mind would come to any other conclusion than that based on the last 60 years, with regard to pakistani relations. the highs have all been based around secret projects. in the 1950's and '60's, it was the base in peshawar. it was the opening to china. then the war against the soviet union. then it was the war on al qaeda. the pakistanis do have nostalgia for the war against the soviet union. for them, that was the perfect relationship, what they call reagan rules. we give them money, literally a check, and make no attempt to supervise what they do with the money. they could hand it out to

whatever group they wanted. they could buy whatever they wanted with it. they could divert as much as they wanted and the united states said nothing. in addition, the united states had almost no footprint in the country. but we are not going back there. the latest high it in relations, which began shortly after september 11, was already beginning to erode by the end of the bush administration. by the end of 2007 and early 2008, the high had been lost and we were in decline. three reasons for this. first, the collapse of the government. our and fell apart. we tried to stand by him to the bitter end. that alienated the pakistanis more. further, growing doubts about whether they were on our side

were personified in 2008 with one man, then director general of the isi. his previous appointment was commandant to the top military act -- top military academy. a curious coincidence we can talk about more in questions and answers. but during his short tenure as director general, the united states found him doing two things. one, blowing up the u.n. embassy in kabul, and telling every target of our drone strikes that the americans were coming, you had better get out of the way. talk about duplicity being caught. he was promoted to be a corps commander for the pakistan military. a third event led to the

downturn in relations, the mumbai terrorist operation. i think the obama administration deserves credit for coming in with its eyes open. i think it deserves credit for trying to reset the u.s.- pakistan relations. but i think the path from the beginning was daunting, for the reason tony laid out. fundamental differences in national security outlook, fundamental differences in growth outlook, fundamental doubts about each other, and fundamentally different issues in many ways. those things are not easily changed, even by large aid budgets and impressive dialogues, like the dialogue we had with pakistan for the last two years. we are now at a new turning point, the culmination of a

number of events this year. one has put us at a new turning point. secretary clinton said that very clearly during her six our visit last month. either we see some dramatic change in pakistani behavior, manifested in the demise of a certain unknown number of terrorist officials harbored in pakistan today, or we are going to see this decline continue. i told tony before the event that i am an eternal optimist about pakistan, because pessimism does nothing for you. but even i am pretty skeptical that we are going to see them take care of the hit list that mrs. clinton gave to the pakistanis last month.

much more likely will be a continued deterioration in their relationship. it could be gradual. it could be, as we have seen this year, punctuated by events like the raymond davis event. or it could be much quicker. there are at least four scenarios which are highly plausible which could lead to a further dramatic and start production in u.s.-pakistan bilateral relations. there is every reason to believe that in that mountain of data we took out of that villa we will find other information, other telephone numbers, but will lead us to other targets. second it is another mumbai. india and pakistan are engaged in the world's most dangerous game of russian roulette. it is mostly played by the

pakistanis. we are lucky we have not had a mass casualty attack in a number of years. it is almost entirely due to look. third is another 9/11, and mass casualty attack in the united states, postmarked pakistan. we narrowly averted when only a few weeks ago in new york city. had fis social side been better at building a bomb, had he listened to the instructions he had been given by al qaeda about how to build a bomb, he would have created a fireball in the middle of new york city, manhattan, that would have reached five blocks in each direction. it might not have killed as many people as september 11, but it certainly would have led to a crisis in u.s.-pakistani

relations. the fact that his father was a vice marshal in the pakistani air service would not happen out -- overlooked. pakistan is overdue for its next military dictator to arrive. it is a depressing cycle of politics, but nothing in the history of the government would lead anyone to believe the civilian government in pakistan has turned the corner and we should expect we will not return to a military government at some point. how do we reverse this? what do we do now to try to prevent these things from happening? i think the first state -- first place to start is with humility. pakistan is a very difficult not to crack. people say afghanistan is hard.

to me, it looks surprisingly easy compared to pakistan. humility is in order. pakistan will determine the future of pakistan, not americans. i think there are a couple of course corrections that might help. one is what i call accountability. for the last decade, almost for the last two decades, we have been telling pakistan to stop playing both sides of the game in the world war against al qaeda and related terrorist groups. we have yelled at them. we have reason with them. we have argued with them. we have cajoled them. we have tried to bribe them. we have tried to isolate them. it has not worked. reluctantly, i come to the conclusion we have to make it personal. we have to tell pakistan that if we identify the officer who

worked to set up the attack on mumbai, we are coming after him. we are coming after him either by grabbing his assets, arresting him when he travels, or will come after him with extreme measures. this will not be easy. this will not be pretty. i am glad i do not have to be the cia chief of station who delivers this message. that is one hell of a liaison relationship to manage. but i do not see any other way to get their attention. in any case, we are already doing it. this is moving through the court structure. the major general and his successor, who are soon to come to court in the city of new york, in a civil court case which i think is a virtual

certitude they will lose -- at that point, we will take assets to pay the victims of mumbai, and those men will be arrested. i would rather get that business out of the court system used effectively by the executive branch. finally, i agree completely on the process. i think kerry-lugar was a smart idea whose time has already passed. i do not see how in the administration can convince this congress to continue to provide $1.50 billion of economic assistance to pakistan. i would not want to be the administration witness who goes up there and explains to this congress, with its views about cutting spending, why we are getting our money's worth out of

pakistan from that aid. that is not a negative comment about the people involved in running this aid program. i think they are trying to do a tremendous job. it is not workable. we need to switch to trade. we need to decide to allow imports into this country to face the same tariffs as indian or chinese imports. right now, there tariff is at a much higher rate. consequently, you will not find pakistani products in the united states of america. every pakistan a leader has asked us to do this. half the visiting congressional delegation yesterday were asked to do this. trade not aid. but every economic -- every economist says this is the best way to build the economy without

american bureaucracy. trade not aid is the route we should take. third is to focus on what drives the india-pakistan dynamic. what we do not need is an american mediator. that will not work. that is a guaranteed recipe for failure. we need to be doing something more subtle and sophisticated. we need to use our indian relationship to send a message to pakistan that we are going out with the other date and if you do not like that and do not want to catch on, we are prepared to go with that other date. we have to play hard ball like that with pakistan. but in addition, we should also encourage the process through which prime ministers -- through which the prime ministers

decided to start this year. the one little bit of good news in this part of the world within the last year was that cricket match in which they decided to resume talks. don't get me wrong. i do not have a lot of illusions that the stocks are going to go very far, and neither do india or pakistan. but i do understand that are important. they are critical. any bright ideas that we can give them to help the system in moving them along, we should do so. at the end of the day, some kind of change in the india-pakistan relationship and the dynamics of that bilateral relationship is the only thing that is fundamentally going to change pakistan's national security calculations and its strategic movement, which gets to my final approach, which is it is time to bury afpac. i hate that phrase.

it is time to put afghanistan, pakistan, india, bangladesh, sri lanka, and nepal back into the south asia bureau. break them out of pacific command and deal with this part of the world as integrated. only when you start thinking about it as integrated are you likely to develop policies that will work. thank you very much. >> thank you for that rosy assessment. i want to start with you. is there any way that hindi and islamabad could not have known? >> that is in my view the $64 million question of this year parian there are only two -- of

this year. there are only 2 we will possibilities. the bill on mr. been london was living in since probably -- the house mr. boehner on -- the house mr. osama bin laden was living in since probably 2006 is down the road from a military academy. the chief of staff gave a speech at the academy in which he said the back of the militancy has been broken. i have this vision in my head of osama bin laden standing on the roof, listening as he was saying that. they are that close. in that environment, there are only two possibilities. they were either clueless or complicit. clueless means they really are clueless about the frankenstein inside their country. that raises all kinds of disturbing questions about the future of the militancy and the

security of pakistan technical years security, its weapons, its arsenal. it raises questions about the safety of americans living in this country. i think it raises even more profound questions with complicity. but let me be careful about what i mean. i do not mean that general pasha visited the bill once a month to have tea and plot terror. it means he might have thought this gave him some kind of influence over al qaeda, on the assumption that the americans would never figure out what was going on.

we have no evidence of that today. but we continue to have the question of clueless or complicit. that question, i suspect, will haunt u.s.-pakistan relations until we find out what the answer was. >> tony, do you think pakistan will change its course fundamentally as a result of the osama bin laden killing? >> the simple answer is why. their interest has never been in osama bin laden. or in the afghan taliban. those are levers that to some extent they have always been able to use. are we in a position to put enough pressure on them to actually have them change the

hit list? who knows. it is possible. it seems much more likely that we will see a few scapegoats, and maybe more tolerance of unmanned combat aerial vehicle strikes. at the same time, probably a reduction in special forces presents in pakistan. -- presence in pakistan. there will be more maneuvering. if we have a july announcement of u.s. troop cuts, that means we are going to be largely leaving in 2014, at least as an -- as a major military presence. at that point, they have every reason to try to intervene in whatever negotiations take place between the karzai government, the taliban, and try to manipulate the situation to

their advantage. this was an important event and a symbol for us. it was an intense embarrassment for them, as bruce has explained. they should have changed their behavior. i think we already have problems in persuading the congress to provide any more, let alone what we are already giving them. it is hard to know what the stakes are, especially when we have set this deadline of 2014. >> tunney said our interests in pakistan were limited to our operations in afghanistan. do you agree? do you think we have core interests in pakistan? >> i guess i would differentiate a little bit between interests, whether they are tactical or strategic, and the intrinsic importance of pakistan.

pakistan is on the far side of this planet. we spent the first 200 years as a republic largely ignoring what happened over there and seemed to have gone by ok. i do not see this as a strategic interest in the course of western europe or japan, or something like that. at the same time, we should not ignore pakistan pep wait in and of itself. this is the sixth largest country in terms of population in the world. it will rapidly be the fifth largest in the world. it is the second largest muslim country in the world and will be the largest. it has the fastest growing nuclear arsenal in the world. as we have laid out, it has probably got more terrorism per square kilometer than any other country in the world. many of them are focused on the united states. i do not know whether i would

define that a strategic interest. i would say this is an important country and we ignore it at our peril. does that mean we have overlapping strategic interests? i do not think we have many overlapping strategic interests. >> tony, this is as good as it gets in the relationship between the u.s. and pakistan. our expectations too high? >> the problem, i think, is not that our expectations are too high if you mean the united states government. or people who are in pakistan, or people who developed the strategy in afghanistan. bruce made a good point about interests. we would like to have friendly and solid relations with every country, particularly those

which still have some elements of democracy. but i think the fact is that we are headed down a path where, unless we can somehow implement all of the suggestions bruce made, and do so successfully, and it would be unfair to ask him to assign a quantitative probability to that, we are going to certainly not see a major shift between now and transition in afghanistan. the faster that transition takes place, the steeper is and the more it basically arbitrarily rapidly cut its support to afghanistan and pakistan, probably the more the problem will increase. but even if we carry out the other scenarios, the situation has no reason to get immediately better. what would change it?

if you actually had a pakistan government that addressed the underlying causes of why this rise in extremism and terrorism is taking place. if you had a military with more vision that saw in dealing with the causes, rather than repression or military actions, as a solution. if you had political parties which were less family-oriented, less corrupt, which acted on reform rather than simply talk about it, you might at some point have a partner. do i expect that to happen? i cannot name the person who would make the change in pakistan. maybe bruce has some ideas. >> what scenario worries to the most? do you have confidence in the orientation of the military in pakistan? you have talked about a possible

coup. how you assess that situation? >> i will answer that. i will also answer his question. the only thing i would say is that there are pakistanis who recognize every problem we have laid out. you can get on their e-mail distribution list and be bombarded with moving statements about what needs to be done in pakistan. thanks to president obama, i am on all those e-mail list. i am also on a lot of e-mail lists from other people in pakistan which are not quite -- not quite so pleasant to read. the problem is those people are literally being murdered in front of our eyes. they are being murdered. and the government in pakistan is doing nothing about it. if you want a pakistani