we are our airplanes. our children are important. i am prior military in a sense that if teachers were trained like we were come they could save lives. like everybody says, the mental condition of a person. he could be bullied. how young students do not talk to each other. we were very open to each other. nowadays, they stick their nose. take them off all those drugs. take the kids off the drugs. give them more mental health in schools. i am all for guns in the chool. [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] [captions copyright national cable satellite corp. 2018] >> good afternoon. welcome to csis. we're going to have exceptionally timely event, which was largely for few to us.

but we appreciate -- fortuitous. but we appreciate you coming out on a nice friday afternoon. let me introduce our panel. if i was to read their full bios, it would take up the entire session so i'm going to give an abbreviated version. to my right is john carlin, the former assistant attorney general for the national security division, and he currently chairs morrison and foresters global risk and crisis management team. he led the investigation on the sony attack and one thing we all know, which is the indictment of the five p.l.a. members for economic espionage. prior to leading n.s.c., he was the chief of staff and senior counsel to the f.b.i. director, ome guy named mueller. to his left is -- right is rick, who has four decades of intelligence experience in cybersecurity and cyberoperations, including 29 years with the national security

agency. are we served as the deputy director until april of 2017. he also led the threat operations center and was the i.c.'s first national intelligence manager for cyber. so, again, another deeply experienced individual. and finally, jim miller, president of adoptive strategies. he's on the boards of the atlanta council. we let him in anyhow. thank you for coming. and end game. he's meavet defense science board. he co-chared the task force on cyberdeterrence. before that he was the undersecretary of defense for policy and the principal deputy undersecretary of defense for policy. so couldn't have a better panel for talking about this topic. which is not to talk about what the russians have done. i think we all know that pretty well by now. but to talk about what should be done back. and this is a new kind of conflict we're in. it's not the russian tanks

pouring through the gap. it's a different kind of conflict. and we will need different kinds of responses. i've asked each of our panelists to if they could briefly say for five minutes or so, give some opening remarks, then we'll turn to questions and i hope we have time for questions from the audience. john, why don't we start with you. john: sure. i might start with the angle of what do you do about cyber-enabled activity, how do you have a strategy to deter that type of activity in a world where the rules are not yet entirely clear? as to what a nation can get away with in that space. over a period of years, and jim talked through some of the cases, we had started to move towards a policy of showing that when it comes to activity, especially by nation states, along with organized criminal groups and other nonstate

actors, that you can figure out who did it. so doing atry bution and putting the resources -- atry bution and putting the resources in to do the art bution. really for a while in government, i had started on the criminal side of the house, doing computer hacking cases, and for that period, was really kept separate from what was going on in the intelligence side of the house. when i went over to work for director mueller, the door opened and i saw what we had on the intelligence side of the house. and the fact is we've been good at attribution for a while. much better than the public or our adversary nations knew. so we started changing toward a strategy, well, it's great that we know it, but it's causing real harm to real people now and in that sense it's not a traditional intelligence collection issue. starting first in the area of economic espionage with the indictment of the five members of the people's liberation army, but then moving on to calling out publicly north korea's behavior, when they attacked

sony motion pictures because they didn't like the content of a movie. to charges that were brought against iranian revolutionary guard corps affiliated actors, for their attacks on the financial sector, of, one, figure out who did it, and two, make it public. don't keep it on the intelligence side of the house. even though that has real costs in terms of losing sources and methods and perhaps provoking confrontation in the sphere. because once you start making it public, which i think is vitally important not just to send a message to a foreign country or adversary, but also because the victims are often in the private sector, and they can't take the necessary steps to protect themselves unless they know what's occurring. and that requires being more public about what we're seeing and link to that, we need action. we need congressional action. we need new regulations in this space. we need public support for taking retaliatory steps that may cause a temporary churn and

unless they see the urgency of the problem by making public what's actually occurring, i don't think we'll have that collective drive toward action. so one, figure out who did it, two, maic it public, and the third is impose consequences. so i named three of the four major adversaries when it came to seeing provocative behavior in cyberspace. iran, north korea and china. and what we hadn't done prior to the election was take such an action when it came to russian activity. and there were complicated debates at the time but whatever the thoughts were in terms of not taking action prior to the election, it's clear after the fact that the result has been that russia believes it was a success and that without taking additional action they're going to continue provocation when it comes to cyber. since then we've seen continued russian activity not just from the it's -- in the united states but in other countries around the world. it's designed to undermine the integrity of elections.

we've seen the completely -- that ble use of caused hundreds of millions worth of damages to companies around the world, including around 300 million just to one, to name one when it comes to the case of fedex. to more recent activity. plus we have a long history now russia shielding the top 10 essentially cyber criminals who the estimate from -- put last year at $650 billion worth of loss to global commerce. so when you put that together on a global scale, and the things like, as reported in "the washington post," attacking the olympics, what greater symbol of countries working together to show that you're not a member of the world order than attacking the olympics, through cyber-enabled means. so we've moved, and you've seen

a lot of those publicly out, figuring out who did it and make it public, we're not where we need to be when it comes to imposing sufficient costs to change the calculus that gets the behavior to change. this isn't about regime change and it wasn't with any of the other three countries in this space. this is about having costs proportionate enough to whatever to benefit of the adversary, get the behavior to change. if you don't change the then the policy isn't working and you need to keep ratcheting up the cost. i'll close with thoughts on how one can do that or avoid some of the problems that came to the plex. one thing that's difficult -- election. one thing that's difficult leading up to a democratic election, speaking specifically about elections, is ensuring that there's confidence in the aelse isment tooze what occurred. in that sense, very much support a bill proposed by senator rubio that would have a requirement that professional members of the intelligence community report to

congress what their finding is. so it's clear whether or not people believe that someone,ed a -- an adversary is attempting to meddle in the elections. two, in advance outline what the consequences are going to be. the bill does that as well. and in terms of ways one could ratchet up current pressure, i'll throw out a couple of ideas. one would be we have sanctions. i think the actions that we saw this week, building on the mueller indictment and the models using the criminal justice system to make public in great detail what's occurring to force public conversation and action, let -- the sanctions were good but not enough. they're not enough to cause behavior. to ratchet up the cost, one, you could look at tying the oligarchs that are surrounding putin to their assets, and then seizing their assets, particularly in real estate. the legal authority exists to do

that. so then you do the investigative work to make the tie to those assets and seize them. impose additional sanctions on companies that they run, often through shells. number two, similar to the strategy after ukraine would be macroeconomic sanctions, focused on certain sectors, like oil and gas. at would cause real economic pain and in that sense deter this type of behavior. three, to try to do this multilaterally and also to look at, as what -- was done postelection in the united states in december, and then again against the san francisco consulate earlier in the year and as we've seen our british allies do across the pond is to take actions against the intelligence operatives simultaneously with our allies. say 10 or more countries imultaneously taking action to

operating outives of post in countries throughout the world. i think those steps could be proportionate to what the damage has been and send a deterrent message. james: thank you. rick, please. rick: thanks. first off i'd like to start by agreeing with everything john said. that's exactly the right way to look at this. i'd like to concentrate on the benefit versus the cost calculus. because right now the benefit is huge and the cost is basically nil to the russians. and so when you look at that, when you want to change people's behavior to get them to mod late their behavior, you have to lower the benefit, increase the cost. how do you do that? i think one is in terms of the midterm elections, let's secure the infrastructure as much as possible. there's a couple of bills in the senate that i think are applicable, that talk about providing federal funding to the states so they can take action. you don't want to make this a federally managed activity that

infringes on states' rights. but you do want to provide them with access to threat information, clearing state officials in the way d.h.s. has started to do. engaging with them through the mechanisms like the multistate information sharing and advisory council. and taking advantage of the information that the federal government has and making it available to the states. there's been some great work in the private sector on that too. the center for internet security has produced a book for states. the bellford center at harvard has produced a manual for states to use to help do that. continuing down that path and putting some resources and some more attention behind it. so make it harder to do that is thing one. hing two, make it harder for what i call information operations to reach their target. what are the target of information operations? the brains of the decision makers. so in this case, the decision makers are the voters in the country. how do you, without infringing

on free speech, which is the first amendment, which is a hugely important american value, how do you make people aware of the providence of things that they see on social media activities like twitter, or facebook, or things that are promulgated through the news cycles? stories are emphasized or not emphasized in order to make a certain point. the intelligence community assessment that was published last december does a good job of laying some of that out in the unclassified version that was pli published. the use of state media and the use of troll farms. if you google hamilton 68, there's a website run by the alliance for securing democracy, full disclosure, i'm on the advisory council for that, they track the activities day by day of the russian associated troll farms and look at the stories that they're emphasizing and the divisive sorts of things they're looking to highlight in social

media. so, how do we get a better handle on that, make people aware, help people think critically, and look at multiple sources of information? that's a big, huge strategic problem. whether he fix it this year, but it ought to be something we look at long term going forward. third thing is, what are the things that would cause the russian government and specifically president putin to change the guidance that he's giving to his people? he cares about controlling information flow to the population of russia. that's a core part of keeping power, he's making sure that, giving his high approval ratings, making sure that the information flow is manged. he also cares about supportive oligarchs. john mentioned one way to approach that. i think that's a good approach. he also cares about support of the military and the tense services. and so finally he cares about -- intelligence services. and final he will he cares about the, i'll call ita democratic processes that are going on in russia, scombrerble with the upcoming election. so there are things that the

u.s. government could do if it chose to. in each of those dough mains. it and -- domains. and it would require careful thought about which ones do you start with and how do you ratchet up? the sanctions that the trump administration just announced against russia are a step, but they're a step on a long staircase. you want to think about how you go from step to step in that process until you reach that point where the benefit is decreased and the cost is increased to the point where it changes behavior. james: thanks, rick. jim. jim: i'll start by agreeing with both john and rick. [laughter] i'd like to do first is a disclaimer. although i make reference to some of the findings of the defense science board report on cyberdeterrence, which i did, co-chaired with jim gossler, i'm speaking on behalf of myself, not on behalf of the department of development or anybody else. two quick points and then add some additional steps the united states may take and i think it's important to think of it in erms of a campaign plan.

there are escalation risks sork associated with taking actions but there are greater escalation risks with not taking strong action. so, point one is that to have an effective deterrent strategy, you need to think about the mindset and values of the party. in this case an individual president, putin, who you're trying to deter. to put it pretty directly, in president putin's eyes it appears that his view is that the united states is the aggressor in this space. when russian authors have written about hybrid warfare, they're talking about u.s. and western nongovernmental organizations who have come promoting democracy. and they've thrown some of them out of moscow but it continues to be, in their view, a campaign. they see the united states and western europe pursuing nato expansion. we've done that since the end of the cold war and at this point in time georgia still on the table. ukraine potentially is. the united states is pursuing

conventional military superiority. it's part of the national defense strategy. in fact, it was explicit in the last administration as well. as this administration. somewhat surprisingly to me, the russians also believe, and i believe president putin believes, that the united states is pursuing nuclear superiority. when you look at this crazy so-called status fix system. the nuclear power, nuclear orpedo intended to, with a multimegaton warhead, take out the west coast of the united states. it shows a certain degree of paranoia, to say the least. so you can argue that putin is wrong on these issues, as i believe that else. but at the end of the day -- he is. but at the end of the day president putin and the senior leadership believe the united states and the west are pursuing regime change. if you want to understand the stakes here, and what president putin may be trying to pursue, you need to understand at that level. the bottom line goal is to prevent us from having the ability to grow nato, to put pressure on them and ultimately

to impose regime change. pretty high stake stuff. that's point one. point two, we need to push back and as we do so, there will be risks of escalation. as the united states and others push back. but if we do not push back there will be certainty of escalation. and the escalation initially will be one-sided. it will be russia continuing to increase the steps that it takes in terms of its information operations in terms of its potentially effecting elections rather than just having some potential to do so, as it did in the last election. and obviously should it wish to do so, in terms of its turning the dial up on pain on the united states through cyberattacks, on the electrical grid, on water supply, and on other critical infrastructure we just saw reports yesterday about russian capabilities in that area. so we now know as a matter of public record that russia has cybertools imbedded in the u.s. electrical grid and in other areas, to include in our nuclear power plants, which shows an

ability to scale this potentially, to a pretty high level. so taking action will have risk of escalation. if we don't take action, we'll see one-sided escalation and at some point, at some point there's no doubt that either this president or a future president will decide to take more significant action or congress and the american people will press toward that. and if we haven't taken action in the meantime, if we wait until it reaches a catastrophic attack on the united states in the midst of the crisis, then president putin is likely to be surprised by the action we take and the risks of serious military escalation will be far higher. so if we wait to impose greater costs, somewhat paradoxically, perhaps, we run a much greater risk of escalation. i want to just list one sentence each. 10 steps we could take. first of all, to reiterate much stronger sanctions that target

putin and his olajuwon oligarchs or cronies. second, enlist in international support for these sanctions. we've begun to do that. we need to do more. third, be prepared to back off of these sanctions that are focused on cyber and information operations, if putin's behavior changes. so that they're conditional. that's an important part of having successful deterrence and coercion. third we do need to develop real, not just legal, actions and not just sanctions, but real cyber options to go after putin's valued assets through cyberspace so he doesn't think he has escalation dominance. fifth, i completely agree we need to get off the dime on boosting the defenses of our election system. we're behind the power curve for 2018. we need to be in a much better position for 2020. six, we need to push back on information operations and we can talk about how far we want to go there. the state department's global engagement center is effectively doing nothing but seth the problem at this point in time --

seth the problem at this point in time. -- setting the problem at this point in time. we should debate what it should be doing but nothing doesn't seem like the right answer. it's been great to see big companies including facebook, twitter and google begin to step up. their role is going to be fundamental in fighting fake news and so forth. and it does come to first amendment issues pretty directly. but it's something that the private sector will have a central role. seventh, the push on defensive critical infrastructure is critical. we're 10 ways away from being able to protect the electrical grid. we need to expand help to our allies and partners because today and as we improve, they will become more vulnerable. in relative terms. they will be a target as we've seen from russia. ninth, we should not cut off high level contacts with russia. i would have liked to have seen the british government do more in terms of imposing costs. but not to have cut off high level contacts. we need to have those discussions. we need to ensure that president

putin and his senior leadershipens why -- understand why we are doing what we're doing and because there is a significant likelihood of this escalating, whether near term or long term or both, we need to have those channels and people who are able to understand each other. in that context. 10th, and related to that last point, we need to be prepared to strap it on here. the u.s. is under attack. it's a different kind of attack than we've experienced before. it is going to escalate. it will either escalate because we don't do anything for a long period of time, and the other side continues to escalate and then we will respond and that will be very difficult to manage. or it will escalate more systemically and we'll have an opportunity to have a bit of a learning exercise on both sides. but it's virtually serving to escalate. so far this administration has taken very modest steps, far too little, far too late. i hope that they'll take more significant steps literally in the coming days and weeks.

thank you. james: thanks, jim. that last point is one that struck me. one of the reasons we're having this event is in discussions you have with i'd say intelligence military professionals, unclass -- on a classified or unclassified basis, there's a general consensus within the community that we are in a conflict. and that the conflict is getting better, not worse. and that we actually i aren't doing so well. etc. getting worse not better -- it's getting worse not better. that's what i meant. getting better for somebody else, but not for us. that's the wrong way to go. . if i got a general agreement from the speakers it's that we need to do something back. what does that do something back look like? one idea that some people, including me, have floated is we have a fairly effective campaign, we can talk about how you define effective against isis, it was joint task force

aries. should we be taking, and jim you mentioned we need a cyber response, should we be taking and from the j.t.f. book pply them. >> it included technical game plan. the range of tools that should be brought to bear with respect --russia with respect to its and pressure being brought to bear on individuals and parties. jim: we need a much broader portfolio that includes legal action, economic sanctions and so forth. and it includes working with our allies. the campaign plan that encludes

all these elements, to include pushing back on both information operations and cyber does make a ot of sense. rip i think it does. it's got to be knit together as jim says with economic and other activities. can't be just cyber. something ha has to do with the fact that we live in a glass we e, in a tit for tat, lose, because the american people has more to lose than the russian, the american government has more to lose than the russian government. think about the mall wear on critical infrastructure in 2012. it's been known that it was russian. and so the question is, what's that about? is that about having a

capability to use if and when you want to? is that about messaging, deterrent value? i think it's probably both. good military planning, just in case, and a little strategic messaging and deterrence mixed in there. to counter that you can't just go back and do cyber activities, you have to do more than that. you have to engage the legal system, find the enablerses both in russia and outside russia that are enabling that sort of thing to happen and figure out how you exert pressure on them to build a coalition of like-minded countries in order to make statements about these sorts of behaviors are not tolerated. congressman mike rogers and i wrote an op-ed a few weeks ago on four things the government should do. one of them, arguably the most important one, is a u.s. statement that says this behavior sun acceptable and we're not going to tolerate it. we're not going to get it in the time frame we need before the leches so the u.s. should say that unilaterally and use that

as a basis to gather international support for that over time. john: i agree with everything jim and rick said. i walked through a it -- little bit already in my opening remark two areas, you don't need like for like on thousand to respond this activity. you need to devise measures that impose enough pain to change the cost benefit analysis and that's where focus one on two types of sanctions we haven't done to the extent that we could both in terms of what the law allows and our ability to apply it when it comes to both the assets this ecompanies, and real estate, oligarches and also the ma ro economic sanctions. and then secondly the idea that there are moan operatives, our allies operating out of post and

so far it's been tit for tat, each country has something provocative -- as something provogtive occurs will respond. if that was done in coordination with allies i'm all tains youly, it would know there's an increase to the cost of the may havor. the behavior -- the danger is not against the united states. we have talked about the united states, but it's global. and that's the behavior that has to stop. russia becoming a rogue nation don't know, can kind of guess at the strategic calculations causing it to be increasingly rogue around a variety of areas but that decision tree is causing it to do things like attack international stewings like the olympics, to use russian affiliated actors using chemical weapons on the soil of a close

ally. the harboring of cyber criminals committing billions and billions worth of damage to everyone. around the world. and servers are known to be located. rather than take them down, they're signing up, many of these organized criminal groups as intelligence assets while giving a green light to their continued criminal activity to the use of something like mount pecha, the destruct i virus that self-propagates, protends to be ransomware but in ransomware if you paid you'd get your computer system back , in this one you couldn't, it's hitting everything from hospitals to companies. when you look at that behavior, it's against their own interests along oours to allow that to continue to escalate. eventually there's going to be a snapback and both sides can

miscalculate, having much worse than we have now. that's why it's so urgent we act immediately to stop that otherwise one-way escalation that makes it much more likely if there's a conflict it causes wider harm. >> you're going to hear agleement among the three of my speakers and me throughout the thing. that's one of the things i wanted to get out of this you talk to people who either are in the business or war in the business, there's a general sense of consensus. there's a general agreement. so one of the things we'll try to do here is maybe tease out if there's someplace we can, haven't found it yet, but also to help get the public message out there that we're going into a fight, we're in a fight, maybe need to put a little bit on our side. a couple of points came up that might be worth talking about. one of them is, one of the advantages some of our poonet --

opponents have and if we come up with response strategies they could be applied to china or iran who are reactive to the north koreans who are currently on their best behavior, but that could always slip. they know we worry a lot about being consistent with our own laws and international law. particularly with international humanitarian law. how much do we need to worry about proportionality in these responses? do we need to think about proportionality? what is proportionality in these sorts of activities? we want to follow the laws of armed conflict but that makes it a complicated response. i don't know who wants to go first. jim? jim: i would be pleased to go rst but --

a proportional response that sends the message to avoid a war could be a larger response than something that is tit for tat. now the lawyers will tell us why hat was wrong. john: i think it is right. it's wrong to try to divide something proportionate, that is designed to fit the actions that they are responding to and want to discourage. now it so happens in this case that we have pretty good estimates, particularly if you take into account again the those,f damage caused by the continued harboring and flouting of international norms when it comes to cyber criminal activities. we talk often about this big,

amorphous land of organized criminal activity that occurred through cyber enabled means, rightly. so it's not from every country around the world. the cooperation between countries who disagree in a lot of other areas but cooperate when it comes to law enforcement, when it's criminal behavior, actually narrows it down where a lot of behavior right now that's affecting the tire world digital commerce, is emanating from russia. that means when you're talking about proportionate steps to damage -- the damage amount is way up in the billions and billions of dollars. interest regular port actually to follow up if you did an estimate, let's say the last estimate is somewhere between $650 million to $1 trillion worth of damage from criminal cyber behavior. how much can you assign a percentage that's coming not

necessarily from the russians, maybe directly attributed to the russian state but coming from rumb without response to requests for law enforcement cooperation pping? that gives you a sense where the outer boundary might be on proportion. >> we've actually gotten exactly that question from the house finance committee so hopefully we can cook up an answer toyota. i think it's probably going to be more than 50%. that's attributable to russia. that's a guess. we need to refine it. rick, when you think about proportionality how much does that worry you? >> i think, exactly, as john points out, it's a legal basis, we're a nation of laws. follow those laws. of course we have to -- we have to proportional. i also agree with what jim says, proportional doesn't mean exactly equal or exactly in the same domain. rick: if you look at the assault on our democratic institutions,

and our society and the use of inflammatory, you know, sometimes fake news, sometimes emphasis or slant on a particular story that may have a kernel of truth, that's a big teal. that's a strategic attack on the united states. so i think the bar is pretty igh in terms of things that we can and should do to respond to that. i'm not advocating a military response, i don't think that's appropriate, a kinetic military response. but i think there are things short of that that we should onsider. >> you could think of a scale kinetic 'd have cyber, military, overt or covert, what's the blend that would be ost effective? m: can i take --

john: can i take a swing at that? i think the russians have done a asterful job of this, of doing -- rick: of doing these things, taking actions that are illegal under international law but having it be known but not provable that it was the russians. sort of a wink-nod. that's good from a deterrence point of view. it's also good for internal consumption and shows the president as a strong man who stands up to the west and the russian view is that they're not -- is that the west victimized hem in the cold war. jim: if it's rooted to diplomacy, strong words and so forth, it's going to be

inadequate. in addition to categories you put out, and john can speak in more detail with more expertise, of course, is economic sanctions in various ways. whether they're targeted at specific individuals, whether they're targeted at other entities and firms. they can be tailored. they're not a perfect tool but they're a critically important tool in this area. and i do think that we just need to say, if we are getting hit with offensive cyber penetrations then the use of offensive cyber to counteract that should be on the table. john: and the point of diplomacy being part of the package, that's right an it's proportional to what's occur, it's an attack on democracy we're see, whether a systematic -- the reckless use

of tools affects countries throughout the world. the more countries that can be involved this great er likelihood you increase cost in the way that changes behavior before it reaches a state we don't want. related to that, i think public is important. and that includes working on mean, criminal indictments is one, sharing information with private sector and with parties overseas is another. of sharing resources and making attribution public. and continuing to -- continuing that strategy, which i think this administration is pursuing, speed matters, trying to do that quickly and in conjunction with -- i'll throw out one idea i'm not sure i exactly endorse but try to be, another area to take a look at would be, and this is related really to the cyber criminal activity, i don't think it fits as well for the

undermining an election regime. ,ut the cyber immunity doctrine you might be able to do it now but also to see if there are ways to look at statutes that would increase the likelihood that private parties can sue for damages that they've suffered. the damages to certain companies already out and outlined by independent groups so there are victims here suffering damages. you could consider such a mechanism as well for election, i think it's harder to come up with a concrete damages and probably less suited to the civil system. now that approach has been explored before, those who support state sponsored it has drawbacks as well. it's more provocative, i'm not

sure i'm endorsing it but something to think about. >> james: could i add a category? -- jim: could i add a category? and i might have a question for you. we're not going to get there in 10 year bus it will help develop critical infrastructure and the cyber po text associated with it, will make it more difficult for them, make attribution more viable and make it also critically importantly less likely that terrorists or other less seen actors able to hold that kind of risk and catastrophic attack. the same is true on the information side. that the russians are piling on to, when -- they're piling on to fires already lit on the far

right and far left. pouring gasoline on them. they're not creating new arguments. they're amping up arguments that are there and trying to get us to be more polarized. the reality is that phenomenon of fake news is not something they brought here. it's something that has existed other here and they've helped to develop further. so finding ways for -- it's heavily in the private sector but there's a government role as well. finding ways for us to combat fake news in ways that are consistent with the first amendment and so forth, i think are fundamentally important. you can think of that as a type of resilience. i want to put that out as a category. i think it's essential, i don't think it's sufficient, but it's essential and it is even more essential for the lesser actors who have increasing cyber capabilities and who are going to want to get into this game of manipulating u.s. public opinion as well.

>> i think you need to split it into two parts. james: it's -- i think you have to convince potential attackers and we have four that the risk of doing something to the u.s.'s critical infrastructure is outweighed by the cost. that's part of what we're talking about today, how do we identify costs? on the social media side, i , nk there's a question of what does intermediation look like? impose s the ability to new standards on media look like? some people have said facebook needs to go out and hire 3,000 editors. they probably don't need to do that. but how do we encourage people to going identify the false

naffings that's probably something you can do with technology but how do we do it in a way that's respectful of freedom of speech? so it's a very complicated issue. no u.s. government agency has the authority to go and say this is fake news. this is false. so it's something we'll have to either change the laws or find incentives for the company. >> i do think there's a role for the government in terms of helping identify the prove nance of a story and helping to identify -- the first time this sor story appeared was in this place, to our knowledge. rick: that's input to a process the government can't run. i think they could add a paragraph to the 39 paragraph end user license agreement that says we're going to exercise our judgment and flag things that we believe are suspicious or don't look factual and you agree to

et us do that. james: how would you avade a tit for tat cycle. we've experienced things, we agree we should do something back, the other side won't say, ok, we give up. we're going to get into an iterative process here, how do we control that? i don't know if escalation dominance is the way to think about it? but what is it we do to get out of the cycle of just tit for tat. you've seen this in terrorist cases, in the israeli experience. it doesn't do you any good to get into a response, counterresponse cycle. >> i agree with that. it's true within cyberspace because as was noted earlier, we are more vulnerable than russia in cyberspace. that does not necessarily need to be the case forever.

i do think 10 years is probably an optimistic side but not for increasing offensive capability which is not nontrivial even today. one of the challenges we need to have in the foremost of our mind is we think about u.s.-russia tit for tat. high end of the escalation ladder is thermo nuclear war. taking steps to show we have limited aims, keeping open channels of communication, taking note of fire breaks, today there's a fire break certainly between conventional and nuclear. i believe there's a fire break between if you will, nonkinetic and kinetic. at the point which you cross one of those firebreaks you open up a new level of potential conflict and it's -- and it's prnt to understand that. and finally there's also

something to momentum as well as to tit for tat. in other words if the other side doesn't have a chance to absorb your actions along with your explanation of the action and its limited aims as well as its attempt then the possibility of moving into a rapid tit for tat that could spiral is much more dangerous. >> i think this is also a game until it's done, until we get to where we're going to go and that requires united messaging from the president and the congress to say this is something we think is important. and we're going to stay here until it's done. john: part of the -- james: part of the american people, key -- john: part of the american

people, key allies, we so far beyond where it's taken us the next step should be closing, that will give pause and time to assess. the problem now is that it's oming late and small and so in that sense it invites a similarly small retaliation, you're always behind where the initial provocation, where the initial provocation was. this is serious. undermining our elections is serious. and i know i'm a broken record on pecha but it's amazing that that's been publicly attributed and disclosed, this was a good beginning this week we saw sanctions for the first time, has not been proportionate to what occurred. that ledger needs to be balanced with the next set of

actions. james: if you're going to look for a precedent for this kind of action, at least for me the one that occurs first would be the reagan administration. that's how long ago this was. where you saw concerted action against, at that point, soviet espionage by the u.s., the u.k., canada, and some of our other major allies. so what do we need to do now with our allies? ow do we work with our allies? jim: it's two levels, john has spoken to both of them. at one level, coordinated responses, working together so we don't surprise them or cause them to think we gone off the deep end or are going to takest callaer to actions that we loser that support and weaken the alliance which frankly to president putin would be a win. it's that level of communication

and coordinated action and showing to president putin and others whom we wish to deter that we are capable of and will act together. that opportunity mean lowest common denominator. at eend of the day, having a sufficient coalition is very valuable duh doesn't mean that everyone has to agree. secondly, technical cooperation as well. and that is, that's been occurring over recent years. i think that dial could be turned up dramatically. i know that there are in working with some of our allies there are concerns about security of intention and security of technical information and so on. but the reality is to deal with technical challenges and deal with the vulnerabilities we have in the systems, speed is going to be more information than information security in my view. getting the cycle where we work with our allies an partners closely and help facilitate

private sector support even more than government to government is going to be fundamentally important. rick: there's a number of western style democracies that have been subject to this, japan in terms of the olympics is one, germany, france, norway, sweden, italy, all of them have in one way or another been subject to this kind of activity. so there may be some natural allies in that space. john: something you keep emphasizing in your questions, this is not just an issue of russia, it's an issue of at least in the cyberspace, i think of sending a message to those other actors who are wondering what red lines are, what you can get away with, what are the norms when it comes to international behavior, and in that sense too it escalates the stakes of getting this right or you're encouraging

miscalculation by say north korea or an iran or another ctor when times are tense. james: so the u.s. is encouraging response from like-minded nations to things like this. response should be temporary, painful, but reversible. what you get back from some of the smaller nato members is, i'm worried about attribution. i'm worried that i just won't take your word anymore that it was whoever you say it was, north korea, china, russia. what do you do in those cases? and our answer by the way so far has been can't tell you sources and methods. do you change that? do you just give up and act unilaterally? some people said coalition of the willing. what's the right response?

rick: we do exchange information, you don't show everything if there's a -- if it's a particularly sensitive source but you show more than you'd show privately and hopefully the government trusts their own intel people and said we look inside the covers and it's real. john: i think as well you've seen strategy that this occurred with december actions, there were three, you could focus more on the shutting down certain facilities, removing operatives and sanctions but the third was releasing the signatures of the code that was being used by russian actors and similarly it's been an open secret in cyber security community that the energy breaches were linked to russia but stating it publicly allows you then to show

the indicators to allies who are looking at the same trade craft. there's a way in this space to work with robust third party community of independent cyber security experts who once they get the signature make use of t. >> john raises a good point. those same implants exist all over western europe and other western countries not just in the united states. james: if you were going to do one thing right now, i know we talked about the need for a coherent strategy but now you're on the spot. what would you do? what's one thing you would do right now? would you fry the centers in the internet research agency? what would you do? would you release panama papers? tell me what you would do.

jim: first thing is have a campaign plan for this, work out what to do with our partners and allies to we're not working alone. and i think it's time to go after the so-called oligarches and hit them in the pocketbooks in a way president putin notices. that would be done through targeted economic sanctions and that would be, i think it's useful to have a category of these sanctions that are specific to the combination of cyber intrusions and i'm going -- and ongoing information operations. for example, we could say these would come off if we get through the 2016 election cycle and our allies get the their -- through their election cycles as well without interference. and they would go on -- i'm sorry, 2018. and then similar for 220. but we leave room for them to be dialed further up also if

there's more interference. that's not sufficient but i think that's a necessary part and one i would be looking to build consensus on right now. james: so a key part of what you'd do is interact with russians and message them about what we're doing. jim: exactly. i think that's exactly right. rick: the campaign plan is a key part of that. if you don't know where you're going, any road will get you there. we need to foe know where we're going. we need to have -- not a fully formed plan, on page 35, but the first five or 10 pages node to be clear and included is an over-arching state ofment the goal and something to generate unity and enthusiasm inside the country and with allies to build support. and go after the oligarches money in terms of asset seizure. use the pow ore they have u.s.-based financial system and banks to exert influence on

banks that might not, we might not have great relationships with but they all send money through u.s. banks. that gives us a big lever. john: i agree, the other thing, this is less to do with the cyber security, but more to do with what happened in the united kingdom, contemplate the expulsion of those who post intelligence across multiple allies. the other thing is pending legislation would be a dead man's switch. advocated far lot of things, if there's a neutral objective assessment from the intelligence community provided to congress that says, x country is meddling with our elections, the following retaliatory actions

will occur. and there's a version of that, i can't remember which bill, it may also be in the rubio bill that says essentially when it comes to russia, here are five banks and the executive branch can pick two, any two of the five, but if this is the conclusion that there's meddling in 2018 they'll face macroeconomic sangs which cuts them off from the u.s. banking system. that way your redline is clear preelection and hopefully there's no confusion as to what our action would be and it takes it out of the partisanship so it doesn't exacerbate any tension between any internal tensions here, that way we achieve the goal, the dead man's switch is going to happen if the conclusion is reached. >> i would say, i endorse that idea. not just because of the history

of the idea, but the russians reportedly did have at least in the past such a mechanism to boost their forces. but also because i would like a situation in which the administration and congress would work together and have something. that's been difficult lately. jim: because of that, i would support that. i would add it should be the floor, not the ceiling. that should be understood. because otherwise you're allowing your potential adversary to calculate exactly what the costs are and you want to have that uncertainty. you want to be able to add to that cost. ames: you can tell us -- a coupling of -- couple of us are recovering arms people, you have statements of if x happen, y is the consequence, do we get a better result having a better

declaratory policy? do we need one? rick: yes we need one and it should be if we are attacked in cyberspace or real space, we'll respond. jim: we'll respond in a way that's intended to increase the cost of that attack to exceed any benefits the attacker could expect to achieve. and fundamentally we need to act on it. we have multiple statements that amount to declaratory policy for many parts of the administration and many members of congress and what we haven't done to date is take substantial actions that do increase the cost are that have any possibility to be even approaching the level of the benefits that are being achieved y these attacks. james: maybe another conclusion from this conversation is we need to act. rick: i need on -- i agree on the need for declaratory

policies. i think being overly specific is bad. you don't want to give them a road map on ok, this is ok, so i can do this, you want to just say, if we see activities that indicate, as jim said that we're being attacked, that our infrastructure is being attacked, that efforts are under way to undermine our democratic processes, we reserve the right to react with all power that we see fit, lawyerly words to that effect. john: i don't want to underestimate the importance of a declaratory process. we have one, we have declared it, declared it multiple times in context of specific actions and then not acted. that has a -- the inverse effect of encouraging future actions. so i think less time right now on figuring out the exact words of a go forward declaratory

policy and more focus on putting points on the board and executing a response to the actions that have already taken place in violation of numerous state from two administrations that agreed on very little else. james: if i was mean i would say why do you think we haven't act on this, but i'm not going to do that. or i could ask, how do we get out of the trap of making statements and not acting? i'll put that one on the table. but before i do those questions, let me see if there's anyone in the audience who has a question now. we've got one, we've got two, three, four. five, six. we have got a lot of questions. so maybe we'll just go down the row. o ahead. >> hi, steve winters, independent consultant. you mentioned the sol garks several times. months ago i heard paul wolfowitz float the same idea he said look, nothing is working.

the way to get to putin, get to those people he depends on to run the country for him. attack them where they'll feel it in their lifestyle, their money. i'd like a clarification on that. i'm not a fn of russian oligarches but the principal here you're not saying the oligarches are involved in the cyber attack or anything, it's just putin is dependent on them, if we put a squeeze on them they'll say to him, change your mayor because we don't like what's being done to us. if you extended that principal if you don't like what xi ping is doing, take the top hundred billionaires in china and put the squeeze on them. could you clarify what exactly the reasoning here is. jim: i'm not talking about a blanket approach to everyone who made a ruble or billions of rubles in russia or anyone who is affiliated with president putin in any way. those people who are close and

who are part of the decision making process and specifically those people who are involved in a way in which we can credibly demonstrate even if it needs to be through classified channels, we can credibly demonstrate they have a role, excuse me a role in decision making and in support of some of these criminal networks that were mentioned earlier as well. there are substantial number to whom that would be applicable. rick: one thing, china is a more difficult target than russia because of the greater economic strength it has and the complicated commercial relationship with the u.s. james: but why don't we, we have a cup of things we can come back to, but there are a lot of questions. could you hold up your hand again? then we can just maybe slide over that way and then come back to this end.

>> i have two questions. so why do you say we're more vulnerable in cyberspace than the russians? that's number one. and number two, if there's an unwillingness to act on everything you've said what are our options? i mean other than the hand wringing but so far the administration has shown an unwillingness to do much and to even acknowledge that russia is a problem. where do we go from there? >> the reason i said the sust more vulnerable than russia is because we are so much more dependent on computers and networks and nchings systems that underpin our day-to-day lives. rick: everything from groceries showing up in the grocery store to gas showing up in gas stations online, to the net without objection that supports usinging your debit card to pay for those things. all those things are intertwined and all part of a critical

infrastructure. there's a great report by the national insfra structure advisory council of august of 2016, on the d.h.s. website that talks about the intertwined financial telecommunications and electrical power of infrastructure and if any one of those goes down, everything goes down. jim: the good news is, i think we're approaching parity in terms of reliance on the internet. not all of russia but big parts, leningrad, st. petersburg, moscow. james: hold your hands up again, this time, every time i say that, more people hold up their hands. just pass the microphone along as we go, that'll save a little time. we've got the individual there ith the blue shirt next. >> mike connell, center for naval analyses.

in the past russia broached the idea of internet sovereignty as ay of moving forward, sovereign control of information flow within their territory. is there any opportunity for working with them in that area? is it just really there's no room for compromise in that rea? >> the idea has occurred you could make a trade where you acknowledged the desire by russia and several other countries for greater control over the internet in exchange for some level of cooperation, perhaps on cyber crime, perhaps on stability. and it just -- there's two fundamental problems. the first is that very often the deal would involve abandoning core parts of the universal declaration of human rights and western countries aren't willing to do that the second part is there's a concern that you could make the concession and not actually get anything in

response. so it has been talked about in the last few years and doesn't seem to be a useful avenue. even the russian don't raise it anymore. we had another one. go ahead. >> spaul schwartz, also at c.n.a. i think mr. miller mentioned early on that putin perceives himself under attack and the west is aiming for regime change. when it came time to talk about potential options going after thele garks was mention several times. are these two things reconcilable or are we risking unwanted escalation by threatening the very thing that you said that he feels is undamentally at risk here? >> in my view it's important to go after those people who are involved in this type of activity or supporting this act tvity -- activity either

officially or unofficially who are tied to president putin and at the same time to show we have limited aims, to state we have limited aims and by the actions we take not -- not demonstrate we have unlimited or broader aims of regime change or undermining the power structure within the kremlin or within the country. anything that began to hint at that would be at a high level of scalation. john: i think there's a precedent with china, the indictment of people of -- of members of the people's liberation army but it was made clear this was because of a particular type of activity, the targeting of private enterprise here for the commercial benefit of private competitors overseas. and subsequent actions matched that principle. it allowed for a breakthrough

where the president agreed to that principle and since then you've seen a decrease in that type of activity. not all activity. but the type that would -- that was in that principle and then you saw on the u.s. side the warrant, haven't been additional actions outside of that. outside of that principle. so clear messaging and sticking ith your lane i think matters. james: if we have time maybe we can come back to how would you persuade the russians we weren't kidding, we really were serious we weren't going to change the regime. i think that they're deeply paranoid about that we have one more question, we have multiple questions. >> yes, gentlemen, thank you. i think if you took a comprehensive look at our policy on sanctions for russians, it's going after the oligarches is going to be what hurts putin the most, right? we sanctioned oligarches, we've anxioused banks and companies

all over the world. my view on that is that i think that what putin values most is being a puppet master. he likes controlling the intelligence services. he likes controlling ill list activity. whether it be through federal agencies or, you know, his army of hackers or mercenaries in different countries. what approach could we take to attack him if that's what we think hurts him most? being the puppet master, being the k.g.b. officer what that he ormerly was? jim: i'll give a quick first response. this highlights why we need a campaign plan about steps to be taken today and in the future. if you lead off by going directly after the instruments

of state control and the center of president putin's or anyone else's mower, that's a pretty big move. for mar serious than going after some of the assets associated with some oligarches or other sanctions. and i personally would think that yud want to reserve that type of move for higher on an escalation ladder, understanding you could get there but that president there, putin may believe what's good for the goose is good for the grander if you will and there are steps that could be taken the other way around that could lead to, might be potentially serious escalation. i wouldn't take that step off the table but i would say if you believe they're already worried about regime change, which i do believe, to go after the instruments of power would reinforce that view and cause them to believe they had to escalate in order to be successful. the capability to do that may be

something we desire to prevent them from escalating rather than something we lead with in my iew. rick: i would agree with that, but i would also demonstrate the ability, not do it at scale, to get information into russian citizens' information flow. there's dozens of technical ways to to that, everything from broadcasting television over satellite into the country to doing things on the internet. so i would demonstrate that and also cigna that we can do this if we want to. so it's -- we're holding back because we're again trying not o best --est callaer to but -- ot to be escalatory. >> let me set the stage, rick, this question is for you. if we rightly assume that russia

has something that they're is itg over trump's head, possible, and i'm going to ask if your answer could be yes, no, or maybe, is it possible that trump is taking actions, that the actions that trump is taking to destroy our relationships with our allies and other countries with the intention, ith the intention of making us act singularly such that our allies will not support us in the future, is that possible? yes, no, or maybe? >> is it possible or is it likely? >> likely. >> there's a fourth option which is if you've ever seen sesame street the option is me no recall. i think that's highly unlikely. if you look at president trump's

behavior over his career and how he interacts with other entities, there's a consistency there. it's not loik a 180 degree change in behavior. i think this is just the extrapolation of behavior into is new role. james: we have one in the back and then maybe move over to this ide. the u.s. has had a weak response in international cyber, do you believe that this is -- has set the precedent, sorry. do you believe this set a precedent for other nations to engage in this behavior and interfere in other western democracies and if that is the case what countries can we consider as potential threats? >> i'll take a quick cut.

the other panels may have more expertise on that. i think we were slow to respond to chinese theft of intellectual property. they did it at scale. jirm. -- jim: at massive scale. it had economic cost to the united states and economic benefits to them that i think are measured at least in the hundreds of billions if not trillions. that was -- we are late to take action. i'm pleased and proud that president obama did so and that -- and i'm pleased and was frankly surprised how successful it appears to have been. we do see this scale of what the chinese were doing. your question is right is along the correct lines. if you are a lesser developed country and you're looking to boot strap your economy, trying to find niches or even margin areas where you can gain intellectual property and have a second advantage where you didn't invest in the research

and development but you've been exploited would look awfully attractive and a small investment could bring that along. the good news is, putting pressure on those country the united states has a lot of tools including not just legal and diplomatic but economic pressure as well for smaller countries. and it's worthy of considering what a campaign would look like in that regard. i'll turn it over to my colleagues, i was in the aware of any countries, any small countries attempting to do that, attempting to do that at scale or having diplomatic conversations and the threat of reaction would not be sufficient. it's something to consider for the future, certainly. rick: i agree. i misinterpreted your question, i thought you asked would other countries take a key from russia and troy to affect leches in the united states, i think the answer to that is yes.

i think it's not just governments doing it. a colleague of mine was in europe and told about a contact from a company offering information operations in a support of a brand in a not very thinly veiled to speak positively about his brand but also negatively about other brands. so think of it as combat advertising. ones: someone got a briefing political operatives. can we move the microphone to this side. >> i have one question, it's about social media. earlier there was a comment about just giving facebook 3,000 editors to clean up content but that goes against the main point of facebook. facebook considers itself more as a conduit a platform. for articles. so what does this look like when the u.s. government is asking things like twitter and facebook o help combat the fake news?

>> some of you may remember myspace one of the original social media sharing companies and the first wave, at first they did not take seriously the fact that child predators were exploiting that platform to reach kids. , the and that to some platform no longer felt safe drove myspace out of business and where facebook got its rise. we saw then when i was working terrorism issues, they to dropped a new strategy, crowd sourcing terrorism, attempting to use social media, like al qaeda had used western technology in the form of aviation to kill, they were

trying to use social media to turn young or troubled people into human weapons to kill. it took a little while in terms of conversations to convince those social media companies this was a real issue, threat, and when they were convinced,ic there's a combination of private conversations and public attention to the issue, they took serious steps to combat it and put additional resources in. and we're just at the beginning of really focusing on the nation states threat and the use of those platforms to do things like attack fundamental values of undermining democracy. in the interim, the other issue they've been having is bullying, which has decreased people -- decreased people's desire of using the platform, and is a way of preventing free speech if you're so bullied when you articulate an opinion that it leaves the platform. there are deep business reasons consistent with their model why

they want to make it ultimately a safe place, i think it was rick who raised this, where there's some transparency as ell. to have access to views and where it's coming from. that requires sharing as much information as they can about what the threat looks like and the way companies can consider and take appropriate action on their platform. >> it's worth noting too that it's not just the u.s., it's also a number of countries in western europe. james: driven more by islamic terrorism than by russia in many cases. so -- or by political extremism. it may not just be the u.s. that asks these companies to change what they do. can we move to this side? we've got time for, i think we've got two questions here is that right? >> hi, first, thank you very much for coming today, appreciate hearg from each of

you. my name is john, i'm an air force officer, i have a quick question about information operations. so as it pertains to, i know you mention fed geck, the way you portrayed it, it was not very effective in your opinion. what does it need to be effective? and is the state department the right place for it? and writ large, your thoughts on information operations and thousand do them effectively and the authorities, legalities, that are needed and what we can o to make them work. >> great question. in terms of effective operations, there are areas which the u.s. does effectively at tactical levels. jim: you can go through, in certain points of time, many locations during those operations. that's obviously not what we're talking about here. what we're talking about is effectively communicating to external audience, including

international audiences, regarding on the one part of the mission, isil and al qaeda and so forth and the new part about russia. to me what that fundamentally means, what is the center priest of effective information operations, is truth telling. and the reality is that the united states is not going to be the most credible source of information about islam or about russia. so that means to me, it means building coalitions. and emphasizing that the mission is to get the true story out and on ed light, literally, what's really going on. and i think any effort to -- anything that has the slightest

taint of propaganda will be absolutely counterproductive and whether in the counterterrorism or in the combating of that propaganda from russia. it's got to be about truth telling and getting the story out and working with others who will be more credible than our state department in that regard. rick: i agree. across the whole d is from all of government and international partners and they work together to say, here's our -- agree on the goal and agree on the campaign plan and then execute it in that way. i'm -- i would not put d.o.d. in charge because internationally that resonates in a certain negative way but definitely be part of the team. > peter, who had a good idea a year or two ago but didn't know if he published but this was in

the conversation. we should get out of the business because the people aren't going to trust us and we're too old and the whole bit and he said >> don't you create contests on youtube and have a $10,000 prize -- we're talking anti-terrorism -- anti-terrorism video? let some kid do a rap video on -- hip-hop on it and it will be 10 times better. we used to call them useless when i was a child. james: state department entities are responsible for this. i think we have time for one more question. is that right? >> jim, this call it the madison valley coalition that the previous administration put together to get madison avenue and silicon valley to get anti-terrorism messaging. >> and they arrived right where you did and sponsored pakithon developing content in universities and government -- explain the terrorism probably and said we would be the

world's worst messager. >> that's another area of consensus. i think u.s.g. should get out of the business. go ahead. >> ron, u.s.g. [laughter] i think my question doff tails from the last two in building resilience. and maybe this question is to you specifically. what viability do you see in a german-style law or approach that says social media companies should have a reporting mechanism by their users for this kind of information and maybe a reporting mechanism to the u.s.g. on how they handle that? do you see that as something that could work here? would that run afoul of it? >> the first part of social media companies having a mechanism so that users could report content that's in

violation of terms of service essentially and having that mechanism, i think you are seeing it by our social media companies already. john: the question of then whether that will require reporting to government, that will be a much more difficult and maybe not desirable to mandate. there's huge brands incentives, though, depending on the type of activity but if it's criminal or other type of activity to do those reports or do them in scale ultimately. as ben was touching on, we're in a world of multinational corporations where they need to operate and abide by the values of multiple companies and legal systems simultaneously. so the actions of countries in europe are going to affect -- sometimes they can be confined

to the country. in the case of france where certain content, if you have the same law here it will be violated in the first amendment there. you could work out a mechanism where it doesn't hit what looks like a french i.p. address. by and large, i think the solutions need to be one that can sustain a global test of value that it's endorsing has to be one that's consistent with countries that share our values and ones that do not on human rights so that it's a neutral value. and then secondly, the execution is one that they could abide by in multiple countries without being a violator of the law. that's an easier -- if you violate terms of service, then that is an easier one to come up with a reporting mechanism and do this country agnostic. >> anyone else? nope. well, let me try and summarize a little bit. if i miss anything, please

correct me. so what i got from this is we are in a conflict. it's not the kind of conflict we expected but it's the one we're in. we need to act. another declaratory policy or marshmallow will not do any good. we need a government plan that needs to not be a one off type of thing. we need a portfolio of responses that includes legal, economic and potentially militarily. when i say military, it could be the intelligence community. it could be d.o.d., cyber command. but forceful response has to be part of this. this game will be more than one move. it will be multiple moves, and we need to think ahead of how we will deal with those moves. finally, messaging is important both to the american public to the political leaders so they know what we're up to. but also to the rest of the

world and to the russian people. and that includes contact with the russian leadership to let them know we have limited goals. we're interested in stability, regime change is not the target here. did i miss anything? is there anything you want to add? >> one thing i might add is part of that preparatory work is getting everybody on the same sheet of mumbinge so we're not completely unified at least most of the compass arrows are pointing in the same direction. >> thinking how to work with allies making this more than a unilateral approach so that's a good point. >> two quick additional points and they dove tails. we need to -- if we don't respond for a long period of time we will have a rapid later escalation and we are better off having substantial steps. we need to understand that will happen. and your point about -- and

second increasing resilience of the critical infrastructure and including our electoral system, 50-plus electoral systems and the technology behind them and to find ways to reduce the impact in fake news are important not just because of russia but because these dynamics exist within our country and other actors including terror states and small groups like north korea will want to exploit them and their capabilities are coming up so we can't overlook that efensive side as well. john: i'll echo on the defense side. we need to start thinking moon shot and incentivizing the research that says we put certain systems using -- we moved information over a very short period of time. historically 25-year period

from analogue to digital. we connected it through a protocol that was never designed for security. we're on the verge of doing that on an exponential scale while repeating the same mistake of not building security on the front end when it comes to the internet of things. and before we make that societal transformation, which will be now, we need legislation, regulation, collective will to ensure we don't make that move and so that's another area where time to act is now and that really is regardless of who the adversary might be that might exploit it. > i.o.t. and 5-g both. james: well, you've come to see us. on the bright side, the discussion today has sketched out a path forward and maybe a path out of the hole we're in. i'm pretty happy where we came out today and please join me in thanking our panelists. [applause] [captions copyright national cable satellite corp. 2018] [captioning performed by the national captioning institute,

which is responsible for its caption content and accuracy. visit ncicap.org]

>> government funding expires a week from friday on march 23 at midnight eastern. leaders in congress and on the house and senate appropriations committees are negotiating behind closed doors on capitol hill to prevent a government shutdown. both the house and senate must pass legislation next week. when congress comes back into action live house floor will be on c-span and you can watch our -- news that congresswoman louise slaughter passed away. she was 88. the oldest member of the house.

she represented rochester, new york, for 31 years and former chair of the house rules committee. congressman kentucky john yarmuth about her. mr. yarmuth: we knew she hit her head and was having problems. i am sorry she passed. she is a native kentuckian. we shared that. we shared bourbon. we share a love for the commonwealth. and the love for congress and she's been a -- as a matter of fact, my chief of staff was her chief of staff. so that's a tragic loss for the congress. she was a great, great member and great american. >> and you can see our entire interview with congressman yarmuth this weekend here on c-span. he is the ranking member of the budget committee. he talks about efforts to write an omnibus spending bill to keep the government open. he's on "newsmakers" this week 10k a.m. on nd

sunday. >> c-span, where history unfolds daily. in 1979 c-span was created by a public service by america's cable television companies and today we continue to bring you unfiltered coverage of congress. the white house, the supreme court, and public policy events in washington, d.c., and around the country. c-span is brought to you by your cable or satellite provider. >> a look now at today's white house briefing with spokesman sarah sanders. among other things she said there will be no immediate personnel changes expected at this time. she was joined by white house legislative affairs director ark short. sarah: pulling out the big guns for friday. serious business. good afternoon.