if we look to countries such as the netherlands and sweden, cohabitation is getting greater. >> is that because of gay marriage? >> i think so. >> it's because straight people don't want to get married. >> i think we've made it into a quaint social custom. i think our policy would be better served strengthening marriage. >> how does gay marriage weaken marriage? >> by redefining marriage you associate it with decades of discrimination. often you marginalize those people who hold marriage to a strong standard. >> you are saying because gay

people can get married marriages trivialized and not as legitimate, and i am going to the marginalized and abstain from marriage? i am going to boycott marriage because gays are getting married? >> i think it changes what marriage is. >> give it a couple years. we are going to have statistics in a couple years. there are 17 states. if all of a sudden you see a bunch of straight people are divorcing because of gay marriage, and it is on the form, reason for marriages going to be because i am protesting because of gay marriage, then i will agree with you. until then, i am sticking to my fear he.

theory. >> would it not dilute areas if we relegate it to a social contract? >> it is a social contract. if you are an atheist, what the hell is it? it's not a contract? >> i think it should be more than a contract. >> have you heard pope francis on this stuff lately? surely if the catholic church can shift a little -- >> it's not shifting. he's just using a different tone. >> i think the catholic church has shifted tremendously, not just on gay marriage but in general. i think it shows you what one person can do when they choose to lead, when they choose to stop being judgmental, and when they lead by example and they lead with love, not with judgment.

>> we have got two more. >> thank you for coming. you are involved in strategies and stuff, right? >> losing ones. i really want to be in the winning campaign, you know. one where they drink. no more nondrinking candidates? >> i think last election there was a lot of focus on issues. i think one of the major reasons why obama won was because there -- because they were constantly saying, they are gay haters. they are anti-women because they think abortion is wrong.

they were just constantly pushing that. i don't think any of that is true. how do we move away from that? i am cuban, and communism is a bad idea. you going down a bad road. how do you get other hispanics to see that? how do you get them to actually look at the issues instead of being taken away -- taken in by we are going to take care of you? had you get them to see those issues and not so much focus on what democrats are telling them?

>> man, you mr. romney postelection comments. i don't think it's a fair assessment. i don't think it's a fair i hear what you are saying. assessment to think the hispanics didn't vote for romney and voted for obama because they thought they were going to get something. if you think about the money invested, the micro-targeting that the obama campaign did, mitt romney admitted he thinks one of his biggest problems is not investing enough in hispanic oneeach and hispanic media. add

of his biggest problem was not investing in hispanic outrage. there was nothing for him there. there was a point in the 2012 ,lection where hispanic voters latino voters were very angry with obama. specific promise on immigration. latino voters were very disillusioned. for latinos, our word is our bond. word of honor. he broke it. you cannot gloss over it. voters who were ready to run away from obama, we did not give them anywhere to run to. where were they going to run to? the guy who was espousing self deportation? the guy who was hanging out with an offer -- author of an anti- latino vote?

if you look at the romney campaign, and i have stopped wanting to talk about it because after a lot of shock therapy, i've tried to forget it. [laughter] it almost seemed to me like they made a calculation that they could get a very low, 29% of the hispanic vote, and still win. if they got enough of the white vote out. they just ignored the hispanic vote. rule number 12 winning votes is asking people to go. it is making the case. it is persuading people to be on your side. it is showing people that you can relate. timeromney had a hard relating to white people. imagine relating to us.

think -- i don't think -- i don't agree with your assessment that hispanics voted for obama because they would be given things. personal,at is underestimating hispanics. and their thought process. it is not recognizing that frankly they did a better job campaign lies on micro- targeting. -- campaign wise on micro- targeting. and he did a better job on seeking the vote. that is not how we win hispanic votes. by -- itspanic votes is not possible to do. ago, george w. bush won 44% of the hispanic vote. any president who could win 44%

the hispanic vote today would win. it is not possible to do. it requires a candidate -- chris christie just did it. he won 51% of the hispanic vote in new jersey. a blue state. he put money into it. he spent time on it. alas events of the campaign was in new york city. it was in a heavily hispanic area. bakeryat every hispanic in the state of new jersey. he made it a priority. it was a priority from day one. when he brings to the table is the fact that he can get, that he can increase the base. that he can get crossover voters. he needed to prove that he did. he made it a priority. the romney did not. do not blame hispanics. question, final question,

would be that tonight you've talked a lot about what the republican party needs. you are saying that white men are not with they used to be. you touched on chris christie and what he did to appeal to the republican party and the hispanic vote. think, in your opinion, could be the candidate to aing everyone back republican party in the white house. >> i'm jaded and biased. he is my friend. i know him. i love him. he speaks beautiful spanish. i think the best candidate in the field is jeb bush. i think -- a sickly this election cycle, i am like a plus size men's store. i'd either go in big or tall. if the tall guy does not take me to the prom, i am going with the big guy.

jed is bicultural. he is not just bilingual, he is by cultural -- bicultural. we would consider him hate hispanic. give the game changer when it comes to the has anecdote. -- hispanic vote. been added his entire life. he is not pandering. this is what he has been working on his entire time. voiceld bring a temporary to the debate. he is thoughtful. temperate voice to the debate. he is thoughtful. he has a broad international portfolio than what i think chris christie does. i do not know what his is. if hillary clinton were a candidate, that is going to matter. is goinghink hillary to be the candidate, but i seem to be in the minority. i think jeb bush would be be

best candidate to change it. the question is, looking at that picture of george w. bush, people say they do not want another bush. their summary people who told me that. they think it is terrifically piers morgan asked no clinton, who would make a better president? your wife or your daughter? ok, so. -- the the bush name bush brand is rehabilitating, has rehabilitated, and will continue to rehabilitate. if george w doesn't get involved in politics, he will not be dragged into any political controversial issue. anytime you hear or see the guy he is helping out a child with malaria in africa. bush's health

becomes more frail, people will remember what a good guy he was. he was the youngest navy pilot of his generation. he was a member of the greatest generation. there are going to be issues with it. there will certainly be issues. people ask, should we have three of the same family in the white house? think that the apparent contrast between jeb and his brother and his father to a lesser extent was actually benefited jeb bush. a lot of people do not know jeb bush. when you hear jeb bush, his level of thoughtfulness, the intellect, substance. people tend to be quite impressed. i was with him last night at the y. i think he won over the elderly, jewish, it republican vote of

the upper east side of manhattan. i think there is a path. i see a path for a jeb or a chris christie. a governor is a much better candidate than a senator or somebody else. i am a pulp). -- i am a paul ryan fan. but the stench of dysfunction that emanates from washington right now, it is hard to disguise and shake off. chris christie's record and jeb's record would stand up for scrutiny from republican conservatives. i may not agree follow that, but it is hard to argue that jeb bush did not govern as a

conservative in his eight years in florida. he did not raise taxes once. i think he would be a terrific candidate. i think he seriously is thinking about it. he is intrigued by it. he is a very disciplined guy. i do not think he is going to seriously think about it and make a decision until next year. next summer. maybe a little bit later than that. around that summer. boys --love to see his voice and the baby part of it. i think you bring so much to the table. he will not be afraid to say what he feels he needs to say. jeb bush has been out of power , what?ce -- i try to forget the

following years and the rick scott years. jeb has been out of power for six years, and no, seven years. and he is still relevant. in the political debate. i would like to see him give it a shot. i'm going bigger tall. -- big or tall. [laughter] thank you very much. [applause] [applause]

s" correspondent david sanger. it was hosted by the asia society in the month of september. [applause] >> thank you. thank you so much, tom for the wonderful introduction.

[applause] we are privileged to be here with you today. [inaudible] [inaudible] >> we are having this conversation for 40 or 45 minutes, something like that, and then we will leave it up to all of you and all who are watching this on the internet and have a way of sending in their questions to the moderator. those are supposed to magically appear on the ipad. if they do not, the questions have all been eliminated out there right off the bat. so i was on a panel recently with the head of the nsa chief

alexander and before we sat down he said that i really don't like questioning this. [laughter] >> so let's start with tom rid. mr. thomas rid, you have come to a definition of what cyberwar is and is not. and i think that we all agree on this panel that we have seen gradation of cyberactivity and intellectual property and corporate secrets, state secrets, espionage that is cyberenabled and we see occasional cyberattacks on infrastructure, which is what happened in operation of the

games and against iran's nuclear program. we see denial of service attacks in an effort to bring down banking systems or freezing of the entire "new york times" website, as was managed to do over the summer months. so for a good number of hours. and then, there is the overall cyberwar, which you described in these terms, and for those that i hear that did not have to suffer through this, which is near a thousand pages long. so it's very good in new york for killing rats, but you use a very classic definition of cyberwar.

so which of these will not occur? espionage is happening, some infrastructure attacks are happening. clearly denial of service attacks are happening. and what is it that you are saying what happened. >> first of all, i would like to specify that i'm actually not talking about the future in the spirit of the book is the opposite, looking at the records and the technical possibilities. and then i think we need to put this cyberwar debate into context. many people use this and we are talking about the war on drugs and cancer and poverty and we are talking about the real thing at the same time. so i'm trying to do is to help distinguish, which can still be very serious, and the real thing. executed with the help of a

computer code and i need to meet three criteria. one is a could be violent or potentially violent. and it needs to be instrumental in terms of somebody trying to change someone else strategically, and it needs to be political in the sense that somebody takes credit and if you run those three criteria for all this cyberattacks that you have seen, they don't usually meet those criteria. so first of all, what is it? you mentioned this already, grouping those injured three different sections. cybertalks, withdrawing a system from a system and only external

computer attacks on the industrial control system and other attacks with critical infrastructure insiders and we are talking about very small numbers, as you mentioned. and the second is espionage or in children's operations and commercial or political in nature and third we are talking about subversion activism, which in a separate problem is part of cybercrimes. i think each of those requires a separate discussion with sometimes an intensive duration. so i'm with you on all that except the part where you say that you're not trying to be predictive. because the title of the book is "cyberwar will not take place". which sounds a little bit like the future. [laughter] >> go right ahead.

>> theoretically in french it's about the trojan war and used in that example to encounter this. >> okay. so chad, let me take this to you. you have heard tom rid, the doctor's discussion of this. >> just. >> but you don't get paid by your clients to worry about the past, you get paid to help them for the future. so if you sent them all copies of the book by doctor tom rid, they would stop paying you. [laughter] >> so you are concerned in the range of crime and subversion in espionage and sabotage and can you tell us at the far end of

this, whether you see these types of attacks on infrastructure to be a one up for a were a wave of the future, and whether you think that it could fit with the definition of war, violent or potentially violent political war. >> thank you. i would like to thank the asia society for having me and colombia here in new york and i went to the college and i live just down the street and got my international relations degree and i appreciate the work that the asia society does. and i think that it's great that we are having this discussion coming on the heels of tom donovan's important address regarding our relationship, not only with asia but with china and the topics of cyber.

i respect tremendously tom's intellectual work and i have a lot of appreciation for the in depth analysis that he has been given an i would respectfully disagree, however, that the fundamental definition, that it's intended to change behavior. by that definition, for example, if you think about the cia, when we used to do code in a number of things that we had to do to protect the united states that did not rise to the level of overt violence, nor did it -- we didn't claim credit for it than there were a lot of things that happen behind the scenes that would have constituted this in the art of war. and if you go to this as david

alluded to earlier, war is politics by another means. so i would have a slight definitional difference. but the second thing that i've asked to think about by the many terrorist attacks are taking place in some of them are claimed and some of them are not and we just saw today what may be viewed as a violent terrorist event, we don't know what the multiple individuals involved and tom izzo got ahead of that investigation. that certainly in the boston bombing initially, it was not the initial claim of responsibility, but clearly a terrorist attack and in my view, we can define this as war is politics by another means and

then certainly terrorist attacks are the poor man's way of conflicting with their desired outcome on another power. and if we go to the issue that david has pointed out, i would tell you that that is an exact example, if you define violence or credit and it would not have qualified as an act of war, because nobody had claimed credit for that. and depending on how you define this, you can define it as killing people or worse in that respect, and violence can simply mean destruction of property or systems as well according to this definition. on the question of whether or not this would become a tool of the future, at the beginning tom

said that this is where cyberwar is coming, that was very much a quote like paul revere. my position will be not only is it wrong, but it's happening every day around the world and we will go through many more examples tonight to discuss it. and i think that cyberwar is happening or cyberconflict is happening. then we can talk about this, so much of it is directed at china and i want to be very clear of this. and this is the single most important act of the nation and

the national will to serve and what happened with this attack, it essentially happened, what happened was the society was attacked and the iranians believed that they were collaborating with other powers to stop their nuclear program, which david wrote about at that time. and essentially extracted the retribution or the physical disruption of over 30,000 computers, which now it literally destroys the system and blinded the values of the millions of records that are all reserved and it would be the equivalent of just your core source of national strength and it was an act of war and it was done by the iranians and i think it's a great example of this.

>> before i go on, let me just please circle back to doctor tom rid and say, okay. and to examples that we subscribe to, in the olympic games and the centrifuges are made to blow up, you have probably seen the photographs of these giant floor-to-ceiling devices with supersonic speeds. when they blow up, it's like setting a bomb off and you don't want to be standing next to him and to this day, we don't know if anyone was killed or not. and then you heard about chad describing the attack on saudi arabia. neither one of those bigger definition. and i think we need to be more honest about this and we have real problems with this. and what i'm saying is that we

need a concept and real solutions for the problems and when we are talking war all the time and violence all the time, we are getting close to what needs to be done. and we want to discuss the possibility of the specific acts and we need to get a little bit more technical about it. >> yes, we can come back to that. >> okay, so you are in the foreign service and about seven years. okay. and we are not, tonight, we are not going to ask you to explain chinese foreign policy. >> that's certainly what it's like in america. [laughter] to all the better reason. okay. but we are going to ask you to

explain why it is that the u.s. government gets so worried about technology built by companies not just huawei technologies. and your concern is the following that if you bring a piece of equipment and they basically make the skeletons backbone of the internet in a way, and you bring an it in from a country from which you believe is searching at least on the espionage level of intellectual property theft, we won't go yet to the other definitions. then you are inviting into the united states hardware that a foreign country can exploit whether they are with the permissions or not.

so they can use that to help infiltrate the data that they want or understand the structure of networks in the country, and that is why we have such a trouble in recent times in the u.s. market and you had one of your executives say that they were not that interested in the u.s. market with these restrictions. so the first question is the hardware a back door and for a government like china? and secondly, whether it is or isn't, how do you change the perception of the u.s. government then on that issue? >> that's a great deal of questions and not opening. and so to answer this. because we are a leader in this industry, why make a 35 billion-dollar country.

we have 150 different markets and we count customers with over 500 operations in the world, including nationwide operators in every country that they want. and we are a leader in this technology. >> at the can't deny that. and we do have this, not with any of the major nationwide operators. that we are a resource in terms of understanding the challenges that we face in today's cyberage and we also incidentally have challenges that are raised by globalization and interdependence and the trans- nationality of the industry. there are benefits to the globalization as well, companies like this that bring to the market to which they do business

with affordable broadband. and he made an interesting point on the concern about hardware coming from a certain market. and whether you are huawei -- hi technologies or ericsson or cisco, is a global company you are conducting research on development and coded software and building product than relying on common supply chains on a global basis, all but china, and you are all subject to common and global vulnerabilities and what the industry is challenged with now and what huawei technologies is globally promoting is how do we acknowledge that there are benefits that we want to continue driving for the

economic benefits and the drast which are threats to the supply chain. unless you raise the bar for everyone, with appropriate standards and disciplines that are certifiable, you accomplish nothing in terms of better securing. back to why the u.s. government has such concern it has been blocked from various acquisitions. communications companies will put the equipment in, even though you have other countries that work.

and they are doing that because they have a specific concern that the chinese government is acting nods -- not with the global market in mind, but with their own narrow interest in mind. are you telling us that that is a completely false way to think about what huawei does and what is the relationship to the government? >> absolutely. a great deal of the challenge that huawei faces in the united states is all geopolitical and that as well and beyond this company. again, we are 150,000 people strong and we are remarkably diverse now. 70% of our business is outside of china. and we are a multinational company and we are not china. the suggestion that we can better secure their networks or the integrity of data by picking

one player or any one player or major vendor out of this equation is wrong. and actually it is distracting to hold up the other players that are equally vulnerable to compromise. and so until a few months ago, we would have said that they were the perfect example of a company that the u.s. government will not purchase from because of geopolitics outweighs the global market description. the geopolitical description. and in the aftermath of this investigation, you could argue that google and horizon and at&t and anybody who has received a warrant from the pfizer court and turned over the data, can essentially be charged with

exactly what the u.s. government is charging huawei has done and what they would say, this is the mirror into which the government of the u.s. has been looking and projecting or assuming and they have never been asked by any government anywhere to compromise its goods or services or others to facilitate in this activities and hasn't happened and what didn't. and it would be -- we had a witness testify in congress last year and the expression he used was it would be commercial suicide to do so. and as you pointed out, in the wake of the edwards noted revelations, what we read now on a daily basis that these companies that work on trent were compromised unwillingly in many cases, that they are

experiencing a rather devastating impact on their current business. and it's a rather remarkable demonstration of why you shouldn't do this. it does reflect the potential for corporate suicide and exactly the thing that huawei would not let happen to itself. you can even say that the edwards noted in revelations, in light of this being a potentially devastating impact on companies that have been exposed as being compromised, but the revelations may have marked the beginning of the end of knowing corporate complicity, whether willingly or not in government espionage and there is an opportunity now at this time, for industry to move forward and establish pragmatic and true standards to better

secure the networks and to undo this crisis of confidence in the industry globally. >> okay, so you were the chief of staff at the department of homeland security during the period of time when we now know, that the definitions of what the u.s. government wanted to get out of the internet providers took place, all the companies that we were talking about here. and when the court was issuing these orders, basically to turn over the data, including as we now know, the telephone laws, not the conversations, but the laws of the phone calls made, the haystack in which you could pull the needles. please tell us how that clamping

in to this giant data pipeline differs, if at all, from what the u.s. government tries to do with like what it huawei does and nothing has been classified. >> you can still keep going. >> okay. [laughter] >> with respect, it is a fair question. ..

to read the constitution in article iv, the government does have a ability to search, but when we say in our country they can't have a right to an unreasonable search without probably cause. what that means is in order to have a search you have to have something to search. and the accumulation of the data of the haste act, the meta data itself is an example why the government isn't sitting in the system today. it has to ask for the voluntary agreement of the companies to hand over -- they're getting a subpoena. this is voluntary if you go to

jail. >> i say it's a fair point. >> well, when i say what, i mean, the government cannot forcibly -- is not technically inside the hardware, which is the concern with the chinese are inside the hardware. which is different from -- you asked me to distinguish between the meta data program and what the rather concerns are -- >> what your telling us, chad, is that the u.s. government isn't in the hardware because it doesn't need to be because it issues these orders to turn over the material that runs through the hardware. >> correct. that's what i'm saying. >> great. supposing with chinese government went to central -- >> use shake shanghai bell as an example. >> that would be great. [laughter] supposing they went to waw lay and say you have a lot of data

flowing through your servers. some of outside china. we can't touch those. we would like you to put this in a repository in shank -- shanghai if we need to go in and see what ibm or boeing is planning for their next defense system they're building we have a way of getting at it. would you see a distinction between what chad described which is the u.s. government out of the own legal structure pulling in the data and the chinese government seeking the same kind of thing? >> there are a lot of different levels to that. first off, what chad described and with a you are talking about is a distinct between a company that builds the plumbing and a service provider that run the

water company. what has been happening or what we've been reading happening here is rather than drill random holes to cite certain information that lead do you a crash register in malaysia. they dropped a siphon to the reservoir. >> correct. >> and sucked it out. >> for clarification, while you build hardwares there are some countries which there's never been any substantiate yaitionz of any current or past penetration or comprise of hugh

way equipment. the concern we hear is profrequentive. what may happen someday in the future -- i'll resist the temptation to go back and talk about shanghai bill and cicso operations in china. all of which are equally vol emotional comprise as they are here or might be in vietnam or elsewhere. huawei made a conscious decision it's in our best business interest to maintain the integrity of customers, networks, and their subscribers data, period. we are not going commit commercialed is by violating that integrity. >> if you receive a legal wander you have go the same thing that verizon, at&t. it's an important point there's

not a country in the world that doesn't have lawful intercept. meaning they have their own jurisdiction and in our country under president clinton we passed -- a communications assistance to law enforcement act. and we collectively as taxpayers gave a sub sky -- sub sky to the companies to pay for the hardware and software that allows phone taps to take place. you cannot have unreasonable searches but you have reasonable searches. just like if you watch the sopranos we, do, in fact, tap the phone of suspected mafia dons inside our own country. so we can't be hypocritical.

intil right. we can't be hypocritical of the chinese for enforcing their own. i think the key question that is being put on the table the question is in fact certain what are proported to be private enterprises are in fact tools of the foreign government for the purpose of espionage. i'm not here to suggest whether in fact huawei is or is not. they're doing us a favor in one respect. you remember, i remember back when we were worried about the threat from the japanese against the -- when they bought rockefeller center down the street and everyone thought the world was coming to an end. one of the great things i remember from one of my professors at columbia was, you know, if we didn't have the japanese we should have invented them. they made us better. they made us more competitive. and the wide reaction of the

japanese wasn't protectionism, it was learning to be have a more competitive auto industry. learning to be -- >> i think may actually to talk about situations that are hypothetical than the case -- i think it's not very productive. perhaps the a-- let consider china for a moment. we have an interesting case that flips on the questions that you are questioning. that is microsoft in china. we know that microsoft is cooperating with the chinese government. they have provided various forms of help to the chinese security establishment in order to, for instance, listen and to skype conversations. it's well known that the chinese government is good at intercepting special key words on social media. it was american products. the government that is able to

get help from an american company highly different context. the only pressure point is not the legal. not a legal one. purely commercial. it raises fundamental ethical questions that i'm sure. ethical questions that are the flip side of what you are mentioning. if it has real consequences potentially for the individual. these are concrete questions that really can mean interrogated. people have suffered a personal consequences. this is not very theoretical. we're screaming here. it's an example of what i mean. and we have a hypothetical discussion about how somebody could use. >> pursue with you. because -- didn't have to deal with big data. okay. so if he was alive today, and he

came back and he looked at modern warfare, i suspect having suffered through the thousand pages he would be fascinated by the concept of information war. which is to say you have conflict between states that is an extension of politics by other means without blowing things up. without sending 100,000 troops in. and you can do it by manipulate as one of the categories you had. or that you could begin to affect infrastructure. you wanted a concrete case. a fascinating chinese-based concrete case is the canadian offshoot a company that controls all of the -- not all of. about 60% of the gas pipeline that works in the united states

and down from mexico. so they come in to work one day about a year ago, and they discovered that all of their source code has been taken. they conclude that the taken by a chinese origin thief government or nongovernmental. one way to look at it is that all that was stolen was the software to know how to turn on and off the valve of the gas pipeline. the other way to look at it if you were in a cron -- conflict with the united states, it night be useful to have the coding to turn off the gas to 60% of the country. where does is fit to the spectrum? >> so in your -- the word cyber weapons is often used in the context. developing code to inexat at a time critical infrastructure. you also use the ebbs presentation in your book. let quickly think about what it means.

what are cyber weapons. what the potential of such weaponized code and limitations. let imagine for a moment. the only real big example we have and can discuss in detail. nanl as a -- you would not have noised. because stock net of pro sizely developed for those industrial control systems that messaged. a company. and these are highly specific systems. for many reason. they offer old so called legacy

systems. some gear in rick components. it only affected machines incon qecial. it was one shot. that means and one of the arguments that i'm testing in the book and i interviewed many control engineers on that question is by maximizing the destructive impact of such a tactical you automatically -- minimizing the target. that's a tough question to answer. in other words, can you exchange the of it by using some of the generic components and applying it. t a controversial question among the engineers. it's unclear. >> it takes us up with of the questions by e-mail which is along these lines.

ann in brooklyn, i feel like, you know, i feel like we're doing an advice column here. it if the u wanted to conduct a cyberattack against the shanghai military site where the chinese are allegedly carrying out their cyberattacks. she's -- we wrote about it earlier this year. could we do so? could we do it technically and politically? >> now which is a chinese military unit believed responsible for a number of the attack open u.s. computer systems. but mostly for the theft of intellectual property, some state secrets, airplane design, thing like that. chad, this is right down your ally from dhs days. could we do it technically and do it politically?

>> we're off the record; right? >> right. that's why the cameras are running. go ahead. >> so i guess -- >> i can't say whether the united states government has capability. but one might surmise you can take down nuclear center fiewjs as as mentioned in a specific location in iran, you probably could, in fact, target a specific building in shanghai and specific actors. >> to achieve -- >> and thing this case -- >> the objective point. it's a good question. >> to do what? >> to any -- any military doctrine you have what is called a atry biewtion and retribution. if we think back in the cold war. it was at the heart of mutual destruction. it kept us relatively safe over

one of the most threatening periods in global history. the world could have been annihilated overnight with an exchange of soviet union and united states weapons. cyber is in fact, the definition used about the last requirement for a war is claiming responsibility. part of the appeal of this particular weapon is its lack of ability to attribute who did. it atry biewtion in this threat vector is unbelievely complicated. to actually penetrate the multiple layers. i'm speaking now personally because of, you know, --

david didn't get the story. "the washington post beat him to the scoop. but it happens. we were one of the 140 plus companies there were jut lined in kevin's report under what is called -- we were we successfully detected it and stopped it. we never got penetrated. but the point is that this is a very real threat. it's happening if we attempted to extract retribution this is something we need to talk about you're right it would have been aprilly extremely difficult. it it the united did if we would have to attribute that directly to the chinese. what we're seeing right now the tremendous skepticism that is being ask by the american people and barack obama about weapons

of mass destruction in syria. there's suspicious about is the evidence strong enough to warrant the limited strike on syria. i would argue you would find it to be even more difficult. more difficult for president obama to put forth before the people of this country a similar proposition he just put forward on chemical weapons which are frankly more visible. there's more ability to actually produce victims and symptoms and signatures you can -- this is why a modern doctrine for the threat is so needed. i think he has done a good service by putting forward and tom don lane who came here. we need a new version of mutual

assured destruction for the cyber age. so they can operate more momly -- anonymously. focus on china as much as this conversation has. so let me first interject that cyber conflict, cyber mischief, cyber what have you is borderless there are states and demonstrates. and whether the u.s. is hacking china or china hacking the u.s. or russia hacking both or israel hacking everyone. this is all taking place.

we cannot look at the threats to networking security and data integrity and the context of one country in another country and those countries versus each oh. so what can be done is there such a thing as a perfectly secure networking? no. there never will be. we can make them more secured. and there are grossly speaking there are three different domains. there's what i do on the equipment side and the coding of the equipment side. and everything we build that any huawei or cicso or other is built to global standards. our customers, operators, want to be able to have a competitive environment. they can -- i'll take a this from him and rationalize the market prices. they keep us honest. that means what we intild intend

-- build is intended essentially interoperateble. when you drop the equipment to the networking, if you have not raised the security bar for in term for -- you accomplish nothing. how can we find and develop in a public-private partnership standards to raise the bar of the equipment that company like ours deliver? the second in the realm of service providers and data management. it's apparent over the last couple of months what we need in the space is more transparent regulation and environment better geared to protecting the integrity of data. and the sthird the one that chad was speaking about. that's government. i would like to believe, i would like to believe that using l --

when two adversary came together in the '60s and recognized they could blow each other up umm teen decides an -- i'm almost done. who are we vulnerable to? so you nuclear nonproliferation treaty and the lowest common dmonl nateer. it didn't stop it but it slowed it. if they can agree on acceptable behavior, it won't stop espionage but may restrict disruption or potential disruption. that can be multilaterallize. >> i think it would be useful to keep this a little more grounded. first that should be obvious i think is not. computer code can only effect computer code. in other words, as i'm sitting here on the podium.

it applies to the rest of you. we are invulnerable to computer -- i do not have a pace make are with an ip address. [laughter] it's very important. could the united states attack that particular headquarter building in shanghai? the answer is it could certainly breach the information system. that is not probably not too difficult to do if it has an internet connection, et. cetera. you can weaponize and turn in to something. in syria and others quite difficult. let think about that when we admire the trorngs on our new car. let's go to thed audience for

the first question. here, sir. one moment. there's a mic coming your way. tell us who you are. and please ask a question. >> hello? yep, you're working. a fellow at georgetown. what are the options attribution or nonattribution. as a commercial entity what -- more importantly receiving remediation for the physical attack of a country or another what are your -- well, okay. the question is one about escalation so there's an attack. you perceive an attack on the company in the united states. who attacks back? tell me if i'm right here. the company that is attacked? do they have a right to attack back? should a government attack back on their behalf?

can we only play defense? tom? >> that's a big debate. whether hacking back is works. so i think there are two questions when we talk about hacking back. one is that it allows legal -- is it legal? the other is it deliver results? let ignore that for a moment. i had the conversation with a couple of companieslet not name them here. i have yet to see the -- the evidence it delivers results? only example we have in the public domain is somebody hacking back is quite a funny one. it happened in georgia. three years ago where somebody apparently from russia hacked

the georgia ministry and try to exfiltrate the document. and the computer emergency response team in georgia found out something was fishy and they actually put a pdf fire rigged had malware embedded and something fancy like nato agreement. so the russian hacker apparently stepped to the trap and hacked him and took a video of the guy and picture with his web cam. it's a guy sitting there and his wife in -- >> if anybody hasn't seen the photograph. go home tonight and dig it up. it's exactly what you think it would be. [laughter] but it's an interesting point. it didn't solve the attribution problem. they didn't know who it was. they had no idea who of it. >> okay. chad, back in your days in dhs let's say company x got

attacked. they call you up and say, i know my government. they are not going attack back on my behalf. because they don't want to escalate to a general cyber war. do you have any problem if we think we know who attacked us if we blow up their servers? >> well, it's a fair question and we -- when we got asked that. now that i'm out i'm being asked. the analogy i would use, if we think about a bank; right. if somebody walks in to a bank with a weapon, tries to take the money, and going out the door there's well established precedent that a private security and armed private security forward legally can in fact order the individual to stop and if they refuse to cease and desist. they can, in fact, use lethal force.

for whatever reason in the digital world we don't allow that. what you're seeing across the commercial environment from my clients is what dave describe is an unbelievable feeling of being left hanging out to dry by your own government. what is happening is as we sit here in the society we're starting to see historically the business community like the chamber of commerce. ..

>> not only is the active defense allow for a change of behavior, the reason why we think about it logically is because so many targets were people don't respond that we have someone that just does the low-level acts of defense, they move onto the next soft target. >> let me cut you off because we don't want to speak too long. this is uncharted territory. we need the legal framework because in the absence of that, people are getting frustrated. >> so now we can all feel your pain. one of those themes where your company has been attacked, you

think it's whether it's chinese government or chinese teenagers ordered chinese criminal groups or whatever. and i just installed the latest and greatest huawei servers. and i will be asking the question. is the attack from abroad? or perhaps unknown to us, i sort of help to the seat come into my system? >> i have thought the same that you have about the increasing attacks on the u.s. networks. and we have less than 1% of the u.s. network market. the attacks are not taking place in this way. for what it is worth. >> okay. that is a good answer. >> the microphone is coming to your.

>> thank you. >> we have been hearing for a long time now the danger of cyberattacks on national security, and we have been talking about the corporate grounds for the most part. where do you see this going? and is this realistic? when will it happen and what can we do about it? >> okay, you said academics don't look in the future. so look into the future. [laughter] >> the biggest problem is espionage and disrupting systems and where is this going in the future? well, that is a great question. do let me go to the edwards noted revelation for a moment and that they part of the

picture. the u.s. government, the nsa is beyond capable than they intercept more data and more information than many people previously assumed. i think one of the big questions of the future what does that mean? what does it mean for intelligence? what does it mean for the balance between western intelligence agencies in other countries. and i understand that we are very concerned about what is going on at the moment and some of these revelations have a point to intercept. because we have an informed debate about what is going on and we should be able to do it. but right now what i am seeing

is a difference and in fact, we are not having a conversation about what is okay to do and what is not okay to do. it's a very moral and ethical case to be made for an open democracy and after our we are an open democracy, which has to be part of this because many people think that that is not the case. and we are not part of the case to be made should be a part of the democracy. we want this process because after all, this is a very important global concept and

there is justification for this and we need to have that. >> and i know that i have a request to be less crowded, so i will be in just a moment. but we are also seeing as a result of this crisis, we read in the media the brazil is looking to launch a geo-satellite and the indian government is contemplating the elimination of gmail and yahoo for government employees in germany is looking to localize crowds and they have launched an e-mail in germany that is safe from the nsa. we are seeing this fracturing of the internet environment which is not good for anyone and in the short term, there will be business opportunities. but in the long-term, the internet activities, we are

reacting and vulcanize them. and that is not solving the problem and what that is is creating a challenge to steal and interoperability challenges and the spread of open information than what we need is to balance out that in all of the economic benefits associated with that with the need for real pragmatic approaches to better secure our networks. so it takes us is right to question that we have gotten by e-mail from an anonymous individual. not the group, but someone who doesn't want attribution to the question. and as by e-mail, do you think that there is a need for a cyberweapons convention, much like the ncp, which is the nuclear nonproliferation treatment. and who should govern it and is there an interest. every time i asked someone, someone in the u.s. government,

they flee in the other direction. but then again, for the fifth on transfers 15 years after the atomic bomb was developed, we didn't want to see an atomic bomb unit. so i don't want to get off topic. please tell us what works here in the analogy and what doesn't. is it even possible to have a treaty with a weapon that is not in the hands of the state, teenagers acting like terrorists, terrorists, whatever. and i believe this to chat. but what i said earlier is the industry needs to do its best, which means that those of us that do this need to, all of us, be held to the same standards. and that means that we need to establish the best practices and disciplines that will then be certifiable to all of us, that

service providers and data managers as well, the best disciplined environment as well is legal and regulatory regimes and the concepts of this entity for cyberis in the third realm and that is where government needs to work out their issues and those issues may be as simple as i won't crash your markets if you don't crash my planes. but they need to do that in the context of allowing industry to move forward commercially and competitively to continue to innovate. but the reasoning in the nuclear realm is first the weapons were all in the hands of state and secondly, when one of them got walloped, it was this neat little screening that was down in some mountain in colorado that you would see in all the

movies and he would see that you would have 30 minutes before you were annihilated. this screams for cyberweapons, you don't know whether or not an attack is coming, whether it's from this state or an individual or where it is coming from. so how do you make this work? >> it is exactly this challenge, which is the suspect is fundamentally decentralized and dynamics and 30 minutes is an eternity. you have 30 minutes to respond in a long time, believe it or not. this is happening at the speed of light. thousands of attacks per second and what it means is that the old paradigm from the nuclear age of essentially having a

command and control sector where there are two people in the united states to have the launch code, and the commander of norad that have the launch code, that have this syndication and a very exercise method of responding, that hierarchy is antithetical to this threat. this threat is decentralized. and we have a situation where thousands of attacks are happening per second and there's no way the president of the united states can sit there and say, it's like me coming up and saying, do we have this, what he wanted to do in this and that. and what we have to do is actually look at the threats and realize that human talent is not dominated by the united states and the weapons are not dominated by any particular government and the command-and-control is not

dominated and there's no thing that comes up with this clear ability to decentralized the dynamic response of government, decentralizing this in regards to the first few words. >> okay, so the nuclear analogy drive you up the wall. >> yes the attack code, if you want to call it that. without hundreds of thousands of attacks per day. and it is a specific targets scam. there has only been one that we can take seriously in that way and i think no one would be able to do that. but almost all of these breaches this microphone or camera, they

are not having any difference in this. so i think that's a very important qualification and it's not happening at the speed of light is out in the wild with these versions in 2007 and then what would become is discovered and this is the most sophisticated that we have. so we need to take some of this letter happening at the speed of light. >> and it took like a year and a half to figure it out. >> exactly. and that is an important point. the surgical stride by a state-sponsored actor is a section of sophistication and i agree that they will happen less