-- representative. he talks about the chance of another shutdown and other issues including daca and done policy. you can watch the interview sunday at an :00 a.m. and six a clock p.m. eastern here on c-span. >> next, former security officials discuss the response to russian cyber activity and other options for deterrence. from the center for strategic and international studies, this is an hour and a half. >> welcome, we are going to have exceptionally timely events which was fortuitous but we appreciate you coming out on a nice friday afternoon. let me introduce our panel. if i were to read their bios it would take up the session. i will give an abbreviated version. to my right is john carlin, the former assistant attorney general for the national security division.

he chairs the global risk and crisis management team. he did lead the investigation on sony attack and one thing we all know which is the indictment of the five members for economic espionage. prior to the -- that he was [inaudible] to his right is rick ledgett. he has for decades of intelligence experience in cyber security and cyber operations, including 29 years with the national security agency where he served as the deputy director until april 2017. he was the first national intelligence manager for cyber.

again, another deeply experienced individual. and finally jim miller, he is on the boards of the atlantic council. we let him in anyhow. thank you for coming. he is a member of the defense science board and many of you may know he cochaired the task force on cyber deterrence. before that he was the undersecretary of defense for policy and the principled deputy undersecretary. we could not have a better panel for talking about this topic , which is not to talk about what the russians have done, i think we all know that pretty well by now. but to talk about what should be done back. and this is a new kind of conflict we are in, it is not the russian tanks it is a , different kind of conflict. we will need different kinds of responses. i have asked each of our panel ists if they could stay for five minutes or so, give some opening remarks, then we will turn to questions and i hope we have time for questions from the audience.

john, why don't we start with you? >> i might start with the angle of what do you do about cyber-enabled activity, how do you have a strategy to deter that type of activity in a world where the rules are not entirely clear as to what a nation can get away with in that space. of years, we have started to move toward a policy of showing that when it comes to cyber activity including by nationstates along with organized criminal groups and other nonstate actors you can , figure out who did it. so doing the attribution of putting the resources into do the attribution. and really for a while and government i had started on the criminal side of the house doing the computer hacking cases and that was kept separate from what was going on on the intelligence side. when i went over to work for

director mueller, the door opened and i saw what we had on the intelligence side of the house. it was much better than the public or our adversary nations knew. we started changing toward the strategy it is great that we know it but it is causing real harm to real people now and it is not a traditional intelligence collection issue. starting first in espionage with the indictment of the five people of the liberation army and moving on to calling out publicly north korea's behavior when they attacked sony motion pictures because they did not like the content of a movie to charges that were brought against iranians and affiliated actors for their attack on the financial sector. one, figure out who did it, and two, make it public. don't keep it on the intelligence side of the house. even though that has real costs in terms of losing sources and

methods and perhaps provoking confrontation in the sphere. because once you start making it public, which i think is vitally important not just to send a message to a foreign country or adversary, but also because the victims are often in the private sector, and they can't take the necessary steps to protect themselves unless they know what is occurring. and that requires being more public about what we're seeing and link to that, we need action. we need congressional action. we need new regulations in this space, we need public support for taking retaliatory steps that may cause temporary churn and unless they see the urgency of the problem by making public what is occurring, i do not think we will have that collective drive toward action. one is to make it public and then impose consequences. i named three of the four major adversaries when it came to seeing provocative behavior in cyberspace.

iran, north korea, and china. what we had not done prior to the election was take such an action when it came to russian activity. whatever the thoughts were in terms of not taking action prior to the election, it is clear after the fact that the result has been that russia believes it was a success and that without taking additional action, they will continue provocation when it comes to cyber. since then, we have seen continued russian activity not just in the u.s. but other countries around the world that is designed to undermine the integrity of elections. we have seen the completely irresponsible use of -- that caused hundreds of millions worth of damages to companies around the world, including around 300 million just to one, to name one when it comes to the case of fedex.

to more recent activity. plus, we have a long history now of russia shielding the top 10 essentially cyber criminals who the estimate from -- put last year at $650 billion worth of loss to global commerce. so, when you put that together on a global scale, and the things like, as reported in "the washington post," attacking the olympics, what greater symbol of countries working together to show that you're not a member of the world order than attacking the olympics, through cyber-enabled means. so, we've moved, and you've seen a lot of those publicly out, figuring out who did it and make it public, we're not where we need to be when it comes to imposing sufficient costs to change the calculus that gets the behavior to change. this isn't about regime change and it wasn't with any of the other three countries in this space. this is about having costs proportionate enough to whatever

the benefit of the adversary, to get the behavior to change. if you don't change the then the -- if you don't change the behavior, then the policy isn't working and you need to keep ratcheting up the cost. i'll close with thoughts on how one can do that or avoid some of the problems that came to the election. one thing that's difficult leading up to a democratic election, speaking specifically about elections, is ensuring that there's confidence in the assessment as to what occurred. in that sense, very much support a bill proposed by senator rubio that would have a requirement that professional members of the intelligence community report to congress what their finding is. so it's clear whether or not people believe that someone, an adversary is attempting to meddle in the elections. two, in advance outline what the consequences are going to be. the bill does that as well. and in terms of ways one could ratchet up current pressure, i'll throw out a couple of ideas.

one would be, we have sanctions. i think the actions that we saw this week, building on the mueller indictment and the models using the criminal justice system to make public in great detail what's occurring to force public conversation and to sanctions, the sanctions were good but not enough. they're not enough to cause behavior. to ratchet up the cost, one, you could look at tying the oligarchs that are surrounding putin to their assets, and then seizing their assets, particularly in real estate. the legal authority exists to do that. so then you do the investigative work to make the tie to those assets and seize them. impose additional sanctions on companies that they run, often through shells. number two, similar to the strategy after ukraine would be macroeconomic sanctions, focused

on certain sectors, like oil and gas. that would cause real economic pain, and in that sense deter this type of behavior. three, to try to do this multilaterally and also to look what was done postelection in the united states in december, and then again against the san francisco consulate earlier in the year, and as we've seen our british allies do across the pond is to take actions against the intelligence operatives simultaneously with our allies. say 10 or more countries simultaneously taking action to persona non grata operatives operating out of post in countries throughout the world. i think those steps could be proportionate to what the damage has been and send a deterrent message. james: thank you. rick, please. rick: thanks.

first off i'd like to start by agreeing with everything john said. that's exactly the right way to look at this. i'd like to concentrate on the benefit versus the cost calculus. because right now the benefit is huge and the cost is basically nil to the russians. and so when you look at that, when you want to change people's behavior to get them to modulate their behavior, you have to lower the benefit, increase the cost. how do you do that? i think one is in terms of the midterm elections, let's secure the election infrastructure as much as possible. there's a couple of bills in the senate that i think are applicable, that talk about providing federal funding to the states so they can take action. you don't want to make this a federally managed activity that infringes on states' rights. but you do want to provide them with access to threat information, clearing state officials in the way d.h.s. has started to do. engaging with them through the mechanisms like the multistate information sharing and advisory council. and taking advantage of the

information that the federal government has and making it available to the states. there's been some great work in the private sector on that too. the center for internet security has produced a book for states. the bellford center at harvard has produced a manual for states to use to help do that. continuing down that path and putting some resources and some more attention behind it. so, make it harder to do that is thing one. thing two, make it harder for what i call information operations to reach their target. what are the target of information operations? the brains of the decision makers. so in this case, the decision makers are the voters in the country. how do you, without infringing on free speech, which is the first amendment, which is a hugely important american value, how do you make people aware of the providence of things that they see on social media activities like twitter, or facebook, or things that are promulgated through the news cycles?

stories are emphasized or not emphasized in order to make a certain point. the intelligence community assessment that was published last december does a good job of laying some of that out in the unclassified version that was published. the use of state media and the use of troll farms. if you google hamilton 68, there's a website run by the alliance for securing democracy, full disclosure, i'm on the advisory council for that, they track the activities day by day of the russian associated troll farms and look at the stories that they're emphasizing and the divisive sorts of things they're looking to highlight in social media. so, how do we get a better handle on that, make people aware, help people think critically, and look at multiple sources of information? that's a big, huge strategic problem. whether we will fix it this year, but it ought to be something we look at long term going forward. third thing is, what are the things that would cause the russian government and specifically president putin to

change the guidance that he's giving to his people? he cares about controlling information flow to the population of russia. that's a core part of keeping power, he's making sure that, giving his high approval ratings, making sure that the information flow is managed. he also cares about supportive oligarchs. john mentioned one way to approach that. i think that's a good approach. he also cares about support of the military and the tense -- the intelligence services. finally, he cares about the, i'll call it a democratic processes that are going on in russia, especially with the upcoming election. so, there are things that the u.s. government could do if it chose to. in each of those domains. and it would require careful thought about which ones do you start with and how do you ratchet up? the sanctions that the trump administration just announced against russia are a step, but they're a step on a long staircase. you want to think about how you go from step to step in that

process until you reach that point where the benefit is decreased and the cost is increased to the point where it changes behavior. james: thanks, rick. jim. jim: i'll start by agreeing with both john and rick. [laughter] i'd like to do first is a disclaimer. although i make reference to some of the findings of the defense science board report on cyberdeterrence, which i did, co-chaired with jim gossler, i'm speaking on behalf of myself, not on behalf of the department of defense or anybody else. two quick points and then add some additional steps the united states may take and i think it's important to think of it in terms of a campaign plan. there are escalation risks associated with taking actions but there are greater escalation risks with not taking strong action. so, point one is that to have an effective deterrent strategy, you need to think about the mindset and values of the party. in this case an individual

president, putin, who you're trying to deter. to put it pretty directly, in president putin's eyes it appears that his view is that the united states is the aggressor in this space. when russian authors have written about hybrid warfare, they're talking about u.s. and western nongovernmental organizations who have come promoting democracy. and they've thrown some of them out of moscow but it continues to be, in their view, a campaign. they see the united states and western europe pursuing nato expansion. we've done that since the end of the cold war and at this point in time georgia still on the table. ukraine potentially is. the united states is pursuing conventional military superiority. it's part of the national defense strategy. in fact, it was explicit in the last administration as well. somewhat surprisingly to me, the russians also believe, and i believe president putin believes, that the united states is pursuing nuclear superiority. when you look at this crazy

so-called status fix system. the nuclear power, nuclear torpedo intended to, with a multimegaton warhead, take out the west coast of the united states. it shows a certain degree of paranoia, to say the least. so you can argue that putin is wrong on these issues, as i believe that he is. but at the end of the day president putin and the senior leadership believe the united states and the west are pursuing regime change. if you want to understand the stakes here, and what president putin may be trying to pursue, you need to understand at that level. the bottom line goal is to prevent us from having the ability to grow nato, to put pressure on them and ultimately to impose regime change. pretty high stake stuff. that's point one. point two, we need to push back and as we do so, there will be risks of escalation. as the united states and others push back. but if we do not push back there will be certainty of escalation. and the escalation initially will be one-sided. it will be russia continuing to

increase the steps that it takes in terms of its information operations in terms of its potentially effecting elections rather than just having some potential to do so, as it did in the last election. and obviously should it wish to do so, in terms of its turning the dial up on pain on the united states through cyberattacks, on the electrical grid, on water supply, and on other critical infrastructure we just saw reports yesterday about russian capabilities in that area. so, we now know as a matter of public record that russia has cybertools imbedded in the u.s. electrical grid and in other areas, to include in our nuclear power plants, which shows an ability to scale this potentially, to a pretty high level. so, taking action will have risk of escalation. if we don't take action, we'll see one-sided escalation and at some point, at some point there's no doubt that either this president or a future president will decide to take more significant action or

congress and the american people will press toward that. and if we haven't taken action in the meantime, if we wait until it reaches a catastrophic attack on the united states in the midst of the crisis, then president putin is likely to be surprised by the action we take and the risks of serious military escalation will be far higher. so, if we wait to impose greater costs, somewhat paradoxically, perhaps, we run a much greater risk of escalation. i want to just list one sentence each. 10 steps we could take. first of all, to reiterate much stronger sanctions that target putin and his oligarchs or cronies. second, enlist in international support for these sanctions. we've begun to do that. we need to do more. third, be prepared to back off of these sanctions that are focused on cyber and information operations, if putin's behavior changes. so that they're conditional. that's an important part of

having successful deterrence and coercion. third, we do need to develop real, not just legal, actions and not just sanctions, but real cyber options to go after putin's valued assets through cyberspace so he doesn't think he has escalation dominance. fifth, i completely agree we need to get off the dime on boosting the defenses of our election system. we're behind the power curve for 2018. we need to be in a much better position for 2020. six, we need to push back on information operations and we can talk about how far we want to go there. the state department's global engagement center is effectively doing nothing but setting the problem at this point in time. we should debate what it should be doing but nothing doesn't seem like the right answer. it's been great to see big companies including facebook, twitter and google begin to step up. their role is going to be fundamental in fighting fake news and so forth. and it does come to first amendment issues pretty directly. but it's something that the

private sector will have a central role. seventh, the push on defensive critical infrastructure is fundamental. it is a long-term campaign. we're 10 ways away from being able to protect the electrical grid. that will not be a near-term solution. eighth, we need to expand help to our allies and partners because today and as we improve, they will become more vulnerable. in relative terms. they will be a target as we've seen from russia. ninth, we should not cut off high level contacts with russia. i would have liked to have seen theresa may and the british government do more in terms of imposing costs. but not to have cut off high level contacts. we need to have those discussions. we need to ensure that president putin and his senior leadership understand why we are doing what we're doing and because there is a significant likelihood of this escalating, whether near term or long term or both, we need to have those channels and people who are able to understand each other. in that context. 10th, and related to that last point, we need to be prepared to

strap it on here. the u.s. is under attack. it's a different kind of attack than we've experienced before. it is going to escalate. it will either escalate because we don't do anything for a long period of time, and the other side continues to escalate and then we will respond and that will be very difficult to manage. or it will escalate more systemically and we'll have an opportunity to have a bit of a learning exercise on both sides. but it's virtually serving to escalate. so far, this administration has taken very modest steps, far too little, far too late. i hope that they'll take more significant steps literally in the coming days and weeks. thank you. james: thanks, jim. that last point is one that struck me. one of the reasons we're having this event is in discussions you have with i'd say intelligence or military professionals, on a classified or unclassified basis, there's a general consensus within the community that we are in a conflict. and that the conflict is getting

better, not worse. and that we actually i aren't doing so well. it's getting worse not better. that's what i meant. getting better for somebody else, but not for us. that's the wrong way to go. we are in a new kind of conflict. i got a general agreement from the speakers it's that we need to do something back. maybe we can start our own discussion here, what does that do something back look like? one idea that some people, including me, have floated is we have a fairly effective campaign, we can talk about how you define effective against isis, it was joint task force aries. should we be taking, and jim you mentioned we need a cyber response, should we be taking pages from the j.t.f. book and apply them. to our opponents in cyberspace? russia, china, iran, maybe north korea.

forcehink the joint task is a good model. it included technical game plan. the range of tools that should be brought to bear with respect to russia with respect to its -- information operations and cyber pressureic politics , being brought to bear on individuals and parties. jim: we need a much broader portfolio that includes legal action, economic sanctions and so forth. and it includes working with our allies. the campaign plan that encludes -- includes all these elements, to include pushing back on both information operations and cyber does make a lot of sense. >> i think it does. saysnk it has to be as jim , knit together with economic

and other activities. can't be just cyber. some of that has to do with we live in a glass house. a tit for tat battle, we lose because the american people has more to lose than the russian, the american government has more to lose than the russian government. think about the mall wear on ware on critical infrastructure in 2012. it's been known that it was russian. and so the question is, what's that about? is that about having a capability to use if and when you want to? is that about messaging, deterrent value? i think it's probably both. good military planning, just in case, and a little strategic messaging and deterrence mixed in there. to counter that, you can't just go back and do cyber activities, you have to do more than that. you have to engage the legal

system, find the enablerses both in russia and outside russia that are enabling that sort of thing to happen and figure out how you exert pressure on them to build a coalition of like-minded countries in order to make statements about these sorts of behaviors are not tolerated. congressman mike rogers and i wrote an op-ed a few weeks ago on four things the government should do. one of them, arguably the most important one, is a u.s. statement that says this behavior is unacceptable and we're not going to tolerate it. we're not going to get it in the time frame we need before the elections so the u.s. should say that unilaterally and use that as a basis to gather international support for that over time. john: i agree with everything jim and rick said. i walked through it a little bit already in my opening remark two , areas, you don't need like for

respond to this activity. you need to devise measures that impose enough pain to change the cost benefit analysis and that's where focus one on two types of sanctions we haven't done to the extent that we could both in terms of what the law allows and our ability to apply it when it comes to both the assets this companies, and real estate, oligarchs and also the macroeconomic sanctions. and then secondly the idea that there are moan operatives, our allies operating out of post and so far it's been tit for tat, each country has something provocative occurs will respond. if that was done in coordination with allies i'm all tains youly, -- with allies simultaneously, there is an increased to the

cost of the behavior. the danger is not against the united states. we have talked about the united states, but it's global. and that's the behavior that has to stop. russia becoming a rogue nation and don't know, can kind of guess at the strategic calculations causing it to be increasingly rogue around a variety of areas but that decision tree is causing it to do things like attack international stewings like the -- international institutions like the olympics, to use russian affiliated actors using chemical weapons on the soil of a close ally. the harboring of cyber criminals committing billions and billions worth of damage to everyone. around the world. and servers are known to be located. rather than take them down, they're signing up, many of these organized criminal groups as intelligence assets while

giving a green light to their continued criminal activity to the use of something like mount pecha, the destructive virus that self-propagates, protends to be ransomware but in ransomware if you paid you'd get your computer system back , in this one you couldn't, it's hitting everything from hospitals to companies. when you look at that behavior, it's against their own interests along with ours to allow that to continue to escalate. eventually there's going to be a snapback and both sides can miscalculating and having much worse than we have now. that's why it's so urgent we act immediately to stop that , otherwise one-way escalation that makes it much more likely if there's a conflict it causes wider harm. >> you're going to hear agreement among the three of my

speakers and me throughout the thing. that's one of the things i wanted to get out of this you talk to people who either are in the business or were in the business there's a general sense , of consensus. there's a general agreement. so one of the things we'll try to do here is maybe tease out if there's someplace we can, haven't found it yet, but also to help get the public message out there that we're going into a fight, we're in a fight, maybe need to put a little bit on our side. a couple of points came up that might be worth talking about. one of them is, one of the advantages some of our opponents have and if we come up with response strategies they could be applied to china or iran who are reactive to the north koreans who are currently on their best behavior, but that could always slip. they know we worry a lot about being consistent with our own laws and international law. particularly with international humanitarian law.

how much do we need to worry about proportionality in these responses? do we need to think about proportionality? what is proportionality in these sorts of activities? we want to follow the laws of armed conflict, but that makes it a complicated response. i don't know who wants to go first. jim? jim: i would be pleased to go but -- from my perspective, proportionality does not mean either that the response is symmetric. nor does it mean that it is at the same scale. a proportional response that is intended to send a message to avoid a war could be a larger response than something that is tit for tat. that is from policy perspective. now the lawyers will tell us

why that was wrong. john: i think it is right. forget the law here, it is the right policy to try to divide something proportionate, that is designed to fit the actions that they are responding to and want to discourage. now, it so happens in this case that we have pretty good estimates, particularly if you take into account again the scale of damage caused by those, the continued harboring and flouting of international norms when it comes to cyber criminal activities. we talk often about this big, amorphous land of organized criminal activity that occurred through cyber enabled means, rightly. it is not occurring from every country around the world. the cooperation between countries who disagree in a lot of other areas but cooperate when it comes to law enforcement, when it's criminal

behavior, actually narrows it down where a lot of behavior right now that's affecting the entire world digital commerce, is emanating from russia.

be more than 50%. that's attributable to russia. that's a guess. we need to refine it. rick, when you think about proportionality how much does that worry you? >> i think, exactly, as john points out, it's a legal basis, we're a nation of laws. follow those laws. of course we have to -- we have to proportional. i also agree with what jim says, proportional doesn't mean exactly equal or exactly in the same domain. rick: if you look at the assault on our democratic institutions, and our society and the use of inflammatory, you know, sometimes fake news, sometimes emphasis or slant on a particular story that may have a kernel of truth, that's a big deal. that's a strategic attack on the united states. so i think the bar is pretty high in terms of things that we can and should do to respond to

that. i'm not advocating a military response, i don't think that's appropriate, a kinetic military response. but i think there are things short of that that we should consider. >> you could think of a scale where you'd have cyber, kinetic military, overt or covert, what's the blend that would be most effective? john: can i take a swing at that? i think the russians have done a masterful job of this, of doing -- rick: of doing these things,

taking actions that are illegal under international law but having it be known but not provable that it was the russians. sort of a wink-nod. that's good from a deterrence point of view. it's also good for internal consumption and shows the president as a strong man who stands up to the west and the russian view is that they're not -- is that the west victimized them in the cold war. jim: if it's rooted to diplomacy, strong words and so forth, it's going to be inadequate. in addition to categories you put out, and john can speak in more detail with more expertise, of course, is economic sanctions in various ways. whether they're targeted at specific individuals, whether they're targeted at other entities and firms. they can be tailored. they're not a perfect tool but they're a critically important tool in this area. and i do think that we just need

to say, if we are getting hit with offensive cyber penetrations then the use of offensive cyber to counteract that should be on the table. john: and the point of diplomacy being part of the package, that's right an it's proportional to what's occur, it's an attack on democracy we're see, whether a systematic attempt to -- the reckless use of tools affects countries throughout the world. the more countries that can be involved this great er likelihood you increase cost in the way that changes behavior before it reaches a state we don't want. related to that, i think public is important. and that includes working on mean, criminal indictments is

one, sharing information with private sector and with parties overseas is another. of sharing resources and making attribution public. and continuing to -- continuing that strategy, which i think this administration is pursuing, speed matters, trying to do that quickly and in conjunction with -- i'll throw out one idea i'm not sure i exactly endorse but try to be, another area to take a look at would be, and this is related really to the cyber criminal activity, i don't think it fits as well for the undermining an election regime. but the cyber immunity doctrine, you might be able to do it now but also to see if there are ways to look at statutes that would increase the likelihood that private parties can sue for damages that they've suffered.

the damages to certain companies already out and outlined by independent groups so there are victims here suffering damages. you could consider such a mechanism as well for election, i think it's harder to come up with a concrete damages and probably less suited to the civil system. now that approach has been explored before, those who support state sponsored terrorism and it has drawbacks as well. it's more provocative, i'm not sure i'm endorsing it but something to think about. james: could i add a category? and i might have a question for you. we're not going to get there in

10 year bus it will help develop critical infrastructure and the cyber po text associated with it, will make it more difficult for them, make attribution more viable and make it also critically importantly less likely that terrorists or other less seen actors able to hold that kind of risk and catastrophic attack. the same is true on the information side. that the russians are piling on to, when -- they're piling on to fires already lit on the far right and far left. pouring gasoline on them. they're not creating new arguments. they're amping up arguments that

are there and trying to get us to be more polarized. the reality is that phenomenon of fake news is not something they brought here. it's something that has existed other here and they've helped to develop further. so finding ways for -- it's heavily in the private sector but there's a government role as well. finding ways for us to combat fake news in ways that are consistent with the first amendment and so forth, i think are fundamentally important. you can think of that as a type of resilience. i want to put that out as a category. i think it's essential, i don't think it's sufficient, but it's essential and it is even more essential for the lesser actors who have increasing cyber capabilities and who are going to want to get into this game of manipulating u.s. public opinion as well. >> i think you need to split it into two parts. james: it's -- i think you have to convince potential attackers and we have four that the risk of doing something to the u.s.'s

critical infrastructure is outweighed by the cost. that's part of what we're talking about today, how do we identify costs? on the social media side, i think there's a question of, what does intermediation look like? what does the ability to impose new standards on media look like? some people have said facebook needs to go out and hire 3,000 editors. they probably don't need to do that. but how do we encourage people to going identify the false naffings that's probably something you can do with technology but how do we do it in a way that's respectful of freedom of speech? so it's a very complicated issue. no u.s. government agency has the authority to go and say this is fake news.

this is false. so it's something we'll have to either change the laws or find incentives for the company. >> i do think there's a role for the government in terms of helping identify the prove nance of a story and helping to identify -- the first time this story appeared was in this place, to our knowledge. rick: that's input to a process the government can't run. i think they could add a paragraph to the 39 paragraph end user license agreement that says we're going to exercise our judgment and flag things that we believe are suspicious or don't look factual and you agree to let us do that. james: how would you avoid a tit for tat cycle. we've experienced things, we agree we should do something back, the other side won't say, ok, we give up. we're going to get into an iterative process here, how do

we control that? i don't know if escalation dominance is the way to think about it? but what is it we do to get out of the cycle of just tit for tat. you've seen this in terrorist cases, in the israeli experience. it doesn't do you any good to get into a response, counterresponse cycle. it doesn't do you any good to >> i agree with that. it's true within cyberspace because as was noted earlier, we are more vulnerable than russia in cyberspace. that does not necessarily need to be the case forever. i do think 10 years is probably an optimistic side but not for

increasing offensive capability which is not nontrivial even today. one of the challenges we need to have in the foremost of our mind is we think about u.s.russia tit for tat. high end of the escalation ladder is thermo nuclear war. taking steps to show we have limited aims, keeping open channels of communication, taking note of fire breaks, today there's a fire break certainly between conventional and nuclear. i believe there's a fire break between if you will, nonkinetic and kinetic. at the point which you cross one of those firebreaks you open up a new level of potential conflict and it's -- and it's prnt to understand that. and finally there's also something to momentum as well as to tit for tat. in other words if the other side doesn't have a chance to absorb your actions along with your explanation of the action and its limited aims as well as its attempt then the possibility of moving into a rapid tit for tat that could spiral is much more dangerous.

>> i think this is also a game until it's done, until we get to where we're going to go and that requires united messaging from the president and the congress to say this is something we think is important. and we're going to stay here until it's done. james: part of the american people, key allies, we so far beyond where it's taken us the next step should be closing, that will give pause and time to assess. the problem now is that it's coming late and small and so in that sense it invites a similarly small retaliation, you're always behind where the initial provocation, where the initial provocation was. this is serious. undermining our elections is serious. and i know i'm a broken record but it's amazing that that's been publicly attributed and disclosed, this was a good beginning this week we saw sanctions for the first time, has not been proportionate to what occurred. so that ledger needs to be balanced with the next set of actions. james: if you're going to look for a precedent for this kind of action, at least for me the one that occurs first would be the reagan administration. that's how long ago this was. where you saw concerted action against, at that point, soviet espionage by the u.s., the u.k., canada, and some of our other

major allies. so what do we need to do now with our allies? how do we work with our allies? jim: it's two levels, john has spoken to both of them. at one level, coordinated responses, working together so we don't surprise them or cause them to think we gone off the deep end or are going to takest callaer to actions that we loser that support and weaken the alliance which frankly to president putin would be a win. it's that level of communication and coordinated action and showing to president putin and others whom we wish to deter that we are capable of and will act together. that opportunity mean lowest common denominator. at eend of the day, having a sufficient coalition is very valuable duh doesn't mean that

everyone has to agree. secondly, technical cooperation as well. and that is, that's been occurring over recent years. i think that dial could be turned up dramatically. i know that there are in working with some of our allies there are concerns about security of intention and security of technical information and so on. but the reality is to deal with technical challenges and deal with the vulnerabilities we have in the systems, speed is going to be more information than information security in my view. getting the cycle where we work with our allies an partners closely and help facilitate private sector support even more than government to government is going to be fundamentally important. rick: there's a number of western style democracies that have been subject to this, japan

in terms of the olympics is one, germany, france, norway, sweden, italy, all of them have in one way or another been subject to this kind of activity. so there may be some natural allies in that space. john: something you keep emphasizing in your questions, this is not just an issue of russia, it's an issue of at least in the cyberspace, i think of sending a message to those other actors who are wondering what red lines are, what you can get away with, what are the norms when it comes to international behavior, and in that sense too it escalates the stakes of getting this right or you're encouraging miscalculation by say north korea or an iran or another actor when times are tense. james: so the u.s. is encouraging response from like-minded nations to things like this. response should be temporary, painful, but reversible. what you get back from some of

the smaller nato members is, i'm worried about attribution. i'm worried that i just won't take your word anymore that it was whoever you say it was, north korea, china, russia. what do you do in those cases? and our answer by the way so far has been can't tell you sources and methods. do you change that? do you just give up and act unilaterally? some people said coalition of the willing. what's the right response? rick: we do exchange information, you don't show everything if there's a -- if it's a particularly sensitive source but you show more than you'd show privately and hopefully the government trusts their own intel people and said

we look inside the covers and it's real. john: i think as well you've seen strategy that this occurred with december actions, there were three, you could focus more on the shutting down certain facilities, removing operatives and sanctions but the third was releasing the signatures of the code that was being used by russian actors and similarly it's been an open secret in cyber security community that the energy breaches were linked to russia but stating it publicly allows you then to show the indicators to allies who are looking at the same trade craft. there's a way in this space to work with robust third party community of independent cyber security experts who once they get the signature make use of it. >> john raises a good point. those same implants exist all over western europe and other western countries not just in the united states. james: if you were going to do

one thing right now, i know we talked about the need for a coherent strategy but now you're on the spot. what would you do? what's one thing you would do right now? would you fry the centers in the internet research agency? what would you do? would you release panama papers? tell me what you would do. jim: first thing is have a campaign plan for this, work out what to do with our partners and allies to we're not working alone. and i think it's time to go after the so-called oligarches and hit them in the pocketbooks in a way president putin notices.

that would be done through targeted economic sanctions and that would be, i think it's useful to have a category of these sanctions that are specific to the combination of cyber intrusions and i'm going -- and ongoing information operations. for example, we could say these would come off if we get through the 2016 election cycle and our allies get the their -- through their election cycles as well without interference. and they would go on -- i'm sorry, 2018. and then similar for 220. but we leave room for them to be dialed further up also if there's more interference. that's not sufficient but i think that's a necessary part and one i would be looking to build consensus on right now.

one thing right now, i know we talked about the need for a coherent strategy but now you're on the spot. what would you do? what's one thing you would do right now? would you fry the servers in the internet research agency? what would you do? would you release panama papers? tell me what you would do. jim: i am going to do a cheat, first thing is have a campaign plan for this, work out what to do with our partners and allies to we're not working alone. and i think it's time to go directly after the so-called oligarches and hit them in the pocketbooks in a way president

putin notices. that would be done through targeted economic sanctions and that would be, i think it's useful to have a category of these sanctions that are specific to the combination of cyber intrusions and ongoing information operations. the other thing is pending legislation would be a dead man's switch. advocated far lot of things, if there's a neutral objective assessment from the intelligence community provided to congress that says, x country is meddling with our elections, the following retaliatory actions will occur. and there's a version of that, i can't remember which bill, it may also be in the rubio bill that says essentially when it comes to russia, here are five banks and the executive branch can pick two, any two of the five, but if this is the conclusion that there's meddling in 2018 they'll face macroeconomic sanctions which cuts them off from the u.s. banking system.

that way your redline is clear preelection and hopefully there's no confusion as to what our action would be and it takes it out of the partisanship so it doesn't exacerbate any tension between any internal tensions here, that way we achieve the goal, the dead man's switch is going to happen if the conclusion is reached. >> i would say, i endorse that idea. not just because of the history of the idea, but the russians reportedly did have at least in the past such a mechanism to boost their forces. but also because i would like a situation in which the administration and congress would work together and have something.

that's been difficult lately. because of that, i would support that. i would add it should be the floor, not the ceiling. that should be understood. because otherwise you're allowing your potential adversary to calculate exactly what the costs are and you want to have that uncertainty. you want to be able to add to that cost. james: you can tell us -- a coupling of -- couple of us are recovering arms people, you have statements of if x happen, y is the consequence, do we get a better result having a better declaratory policy? do we need one? rick: yes we need one and it

should be if we are attacked in cyberspace or real space, we'll respond. we'll respond in a way that's intended to increase the cost of that attack to exceed any benefits the attacker could expect to achieve. and fundamentally we need to act on it. we have multiple statements that amount to declaratory policy for many parts of the administration and many members of congress and what we haven't done to date is take substantial actions that do increase the cost are that have any possibility to be even approaching the level of the benefits that are being achieved by these attacks. james: maybe another conclusion from this conversation is we need to act. rick: i agree on the need for declaratory policies. i think being overly specific is bad. you don't want to give them a road map on ok, this is ok, so i can do this, you want to just say, if we see activities that

indicate, as jim said, that we're being attacked, that our infrastructure is being attacked, that efforts are under way to undermine our democratic processes, we reserve the right to react with all power that we see fit, lawyerly words to that effect. john: i don't want to underestimate the importance of a declaratory process. we have one, we have declared it, declared it multiple times in context of specific actions and then not acted. that has a -- the inverse effect of encouraging future actions. so i think less time right now on figuring out the exact words of a go forward declaratory policy and more focus on putting points on the board and executing a response to the actions that have already taken place in violation of numerous statements from two administrations that agreed on very little else. james: if i was mean i would say why do you think we haven't act on this, but i'm not going to do

that. or i could ask, how do we get out of the trap of making statements and not acting? i'll put that one on the table. but before i do those questions, let me see if there's anyone in the audience who has a question now. we've got one, we've got two, three, four. five, six. we have got a lot of questions. so maybe we'll just go down the row. go ahead. >> hi, steve winters, independent consultant. months ago i heard paul wolfowitz float the same idea he said look, nothing is working. the way to get to putin, get to those people he depends on to run the country for him. attack them where they'll feel it in their lifestyle, their money. i'd like a clarification on that. i'm not a fan of russian oligarches but the principal here you're not saying the

oligarches are involved in the cyber attack or anything, it's just putin is dependent on them, if we put a squeeze on them they'll say to him, change your behavior because we don't like what's being done to us. if you extended that principal if you don't like what xi ping is doing, take the top hundred billionaires in china and put the squeeze on them. could you clarify what exactly the reasoning here is. jim: i'm not talking about a blanket approach to everyone who made a ruble or billions of rubles in russia or anyone who is affiliated with president putin in any way. those people who are close and who are part of the decision making process and specifically those people who are involved in a way in which we can credibly demonstrate even if it needs to

be through classified channels, we can credibly demonstrate they have a role, excuse me a role in decision making and in support of some of these criminal networks that were mentioned earlier as well. there are substantial number to whom that would be applicable. rick: one thing, china is a more difficult target than russia because of the greater economic strength it has and the complicated commercial relationship with the u.s. james: but why don't we, we have a cup of things we can come back to, but there are a lot of questions. could you hold up your hand again? then we can just maybe slide over that way and then come back to this end. >> thank you. i have two questions. so why do you say we're more vulnerable in cyberspace than the russians? that's number one. and number two, if there's an unwillingness to act on everything you've said what are our options?

i mean other than the hand wringing but so far the administration has shown an unwillingness to do much and to even acknowledge that russia is a problem. where do we go from there? >> the reason i said the sust more vulnerable than russia is because we are so much more dependent on computers and systems that underpin our day-to-day lives. everything from groceries showing up in the grocery store to gas showing up in gas stations online, to the net without objection that supports usinging your debit card to pay for those things. all those things are intertwined and all part of a critical infrastructure. there's a great report by the national insfra structure advisory council of august of 2016, on the d.h.s. website that talks about the intertwined financial telecommunications and electrical power of infrastructure and if any one of those goes down, everything goes down. jim: the good news is, i think we're approaching parity in terms of reliance on the internet. not all of russia but big parts,

leningrad, st. petersburg, moscow. james: hold your hands up again, this time, every time i say that, more people hold up their hands. just pass the microphone along as we go, that'll save a little time. we've got the individual there with the blue shirt next. >> mike connell, center for naval analyses. in the past russia broached the idea of internet sovereignty as a way of moving forward, sovereign control of information flow within their territory. is there any opportunity for working with them in that area? is it just really there's no room for compromise in that area?

>> the idea has occurred, you could make a trade where you acknowledged the desire by russia and several other countries for greater control over the internet in exchange for some level of cooperation, perhaps on cyber crime, perhaps on stability. and it just -- there's two fundamental problems. the first is that very often the deal would involve abandoning core parts of the universal declaration of human rights and western countries aren't willing to do that the second part is there's a concern that you could make the concession and not actually get anything in response. so it has been talked about in the last few years and doesn't seem to be a useful avenue. even the russian don't raise it

anymore. we had another one. go ahead. >> spaul schwartz, also at c.n.a. i think mr. miller mentioned early on that putin perceives himself under attack and the west is aiming for regime change. when it came time to talk about potential options going after -- are these two things reconcilable or are we risking unwanted escalation by threatening the very thing that you said that he feels is fundamentally at risk here? >> in my view it's important to go after those people who are involved in this type of activity or supporting this activity either officially or unofficially who are tied to president putin and at the same time to show we have limited aims, to state we have limited aims and by the actions we take not -- not demonstrate we have unlimited or broader aims of regime change or undermining the power structure within the kremlin or within the country. anything that began to hint at that would be at a high level of escalation. john: i think there's a precedent with china, the

indictment of people of -- of members of the people's liberation army but it was made clear this was because of a particular type of activity, the targeting of private enterprise here for the commercial benefit of private competitors overseas. and subsequent actions matched that principle. it allowed for a breakthrough where the president agreed to that principle and since then you've seen a decrease in that type of activity. not all activity. but the type that would -- that was in that principle and then you saw on the u.s. side the warrant, haven't been additional actions outside of that. outside of that principle. so clear messaging and sticking with your lane i think matters. james: if we have time maybe we can come back to how would you persuade the russians we weren't kidding, we really were serious

we weren't going to change the regime. i think that they're deeply paranoid about that. we have one more question, we have multiple questions. >> yes, gentlemen, thank you. i think if you took a comprehensive look at our policy on sanctions for russians, it's going after the oligarches is going to be what hurts putin the most, right? we sanctioned oligarches, we've sanctioned banks and companies all over the world. my view on that is that i think that what putin values most is being a puppet master.

he likes controlling the intelligence services. he likes controlling ilicit activity. whether it be through federal agencies or, you know, his army of hackers or mercenaries in different countries. what approach could we take to attack him if that's what we think hurts him most? being the puppet master, being the k.g.b. officer that that he formerly was? jim: i'll give a quick first response. this highlights why we need a campaign plan about steps to be taken today and in the future. my own judgement is, if you lead off by going directly after the instruments of state control and the center of president putin's or anyone else's mower, that's a pretty big move. for mar serious than going after some of the assets associated with some oligarches or other

sanctions. and i personally would think that you'd want to reserve that type of move for higher on an escalation ladder, understanding you could get there but that when we get there, president putin may believe what's good for the goose is good for the grander if you will and there are steps that could be taken the other way around that could lead to, might be potentially serious escalation. i wouldn't take that step off the table but i would say if you believe they're already worried about regime change, which i do believe, to go after the instruments of power would reinforce that view and cause them to believe they had to escalate in order to be successful. the capability to do that may be something we desire to prevent them from escalating rather than something we lead with in my view. rick: i would agree with that, but i would also demonstrate the

ability, not do it at scale, to get information into russian citizens' information flow. there's dozens of technical ways to to that, everything from broadcasting television over satellite into the country to doing things on the internet. so i would demonstrate that and also signal that we can do this if we want to. so it's -- we're holding back because we're again trying not be escalatory. >> let me set the stage, rick, this question is for you. if we rightly assume that russia has something that they're holding over trump's head, is it possible, and i'm going to ask if your answer could be yes, no, or maybe, is it possible that

trump is taking actions, that the actions that trump is taking to destroy our relationships with our allies and other countries with the intention, with the intention of making us act singularly such that our allies will not support us in the future, is that possible? yes, no, or maybe? >> is it possible or is it likely? >> likely. >> there's a fourth option which is if you've ever seen sesame street the option is me no recall. i think that's highly unlikely. if you look at president trump's behavior over his career and how he interacts with other entities, there's a consistency there. it's not loik a 180 degree change in behavior. i think this is just the extrapolation of behavior into his new role. james: we have one in the back and then maybe move over to this side. >> [inaudible]

the u.s. has had a weak response in international cyber, do you believe that this is -- has set the precedent, sorry. do you believe this set a precedent for other nations to engage in this behavior and interfere in other western democracies and if that is the case what countries can we consider as potential threats? >> i'll take a quick cut. i think each of the other panels may have more expertise on that. i think we were slow to respond to chinese theft of intellectual property. they did it at scale. at massive scale.

it had economic cost to the united states and economic benefits to them that i think are measured at least in the hundreds of billions if not trillions. that was -- we are late to take action. i'm pleased and proud that president obama did so and that -- and i'm pleased and was frankly surprised how successful it appears to have been. we do see this scale of what the chinese were doing. your question is right, is along the correct lines. if you are a lesser developed country and you're looking to boot strap your economy, trying to find niches or even margin areas where you can gain intellectual property and have a

second advantage where you didn't invest in the research and development but you've been exploited would look awfully attractive and a small investment could bring that along. the good news is, putting pressure on those country the united states has a lot of tools including not just legal and diplomatic but economic pressure as well for smaller countries. and it's worthy of considering what a campaign would look like in that regard. i'll turn it over to my colleagues, i was not aware of any countries, any small countries attempting to do that, attempting to do that at scale or having diplomatic conversations and the threat of economic reaction would not be sufficient. it's something to consider for the future, certainly. rick: i agree. i misinterpreted your question, i thought you asked would other countries take a key from russia and try to affect leches in the united states, i think the answer to that is yes. i think it's not just governments doing it. a colleague of mine was in europe and told about a contact from a company offering information operations in a support of a brand in a not very thinly veiled to speak positively about his brand but also negatively about other

brands. so think of it as combat advertising. james: someone got a briefing on effective social media presence by political operatives. can we move the microphone to this side? >> i have one question, it's about social media. earlier there was a comment about just giving facebook 3,000 editors to clean up content but that goes against the main point of facebook. facebook considers itself more as a conduit, a platform for articles. so what does this look like when the u.s. government is asking things like twitter and facebook to help combat the fake news?

>> some of you may remember myspace, one of the original social media sharing companies and the first wave, at first they did not take seriously the fact that child predators were exploiting that platform to reach kids. and that to some, the platform no longer felt safe drove myspace out of business and where facebook got its rise. we saw then when i was working on terrorism issues, they to dropped a new strategy, crowd sourcing terrorism, attempting to use social media, like al qaeda had used western technology in the form of aviation to kill, they were trying to use social media to turn young or troubled people into human weapons to kill. it took a little while in terms of conversations to convince those social media companies this was a real issue, threat, and when they were convinced, there's a combination of private conversations and public attention to the issue, they took serious steps to combat it

and put additional resources in. and we're just at the beginning of really focusing on the nation states threat and the use of those platforms to do things like attack fundamental values of undermining democracy. in the interim, the other issue they've been having is bullying, which has decreased people -- decreased people's desire of using the platform, and is a way of preventing free speech if you're so bullied when you articulate an opinion that it leaves the platform. there are deep business reasons consistent with their model why they want to make it ultimately a safe place, i think it was rick who raised this, where there's some transparency as well. you are not deprived of access to views and where it's coming from. that requires sharing as much information as they can about what the threat looks like and the way companies can consider

and take appropriate action on their platform. >> it's worth noting too that it's not just the u.s., it's also a number of countries in western europe. driven more by islamic terrorism than by russia in many cases. so -- or by political extremism. it may not just be the u.s. that asks these companies to change what they do. can we move to this side? we've got time for, i think we've got two questions here is that right? >> hi, first, thank you very much for coming today, appreciate hearing from each of you. my name is john, i'm an air force officer, i have a quick question about information operations. so as it pertains to, i know you mention fed geck, the way you portrayed it, it was not very effective in your opinion. what does it need to be effective? and is the state department the right place for it? and writ large, your thoughts on

information operations and how to do them effectively and the authorities, legalities, that are needed and what we can do to make them work. >> great question. in terms of effective operations, there are areas which the u.s. does effectively at tactical levels. you can go through, in certain points of time, many locations during those operations. that's obviously not what we're talking about here. what we're talking about is effectively communicating to external audience, including international audiences, regarding on the one part of the mission, isil and al qaeda and so forth and the new part about russia. to me what that fundamentally means, what is the center piece of effective information operations, is truth telling. and the reality is that the united states is not going to be the most credible source of information about islam or about russia. so that means to me, it means building coalitions.

and emphasizing that the mission is to get the true story out and to shed light, literally, on what's really going on. and i think any effort to -- anything that has the slightest taint of propaganda will be absolutely counterproductive and

whether in the counterterrorism or in the combating of that propaganda from russia. it's got to be about truth telling and getting the story out and working with others who will be more credible than our state department in that regard. rick: i agree. the model in my mind is like a combined joint task force where you've got from all across the whole of government and international partners who work together under some kind of control construct to say here's our -- we agree on the goal and the campaign plan. i would not put d.o.d. in charge because internationally that resonates in a certain negative way but definitely be part of the team. >> peter, who had a good idea a year or two ago but didn't know if he published but this was in the conversation. we should get out of the business because the people aren't going to trust us and we're too old and the whole bit and he said why don't you create contests on youtube and have a $10,000 prize -- we're talking anti-terrorism -- anti-terrorism video? let some kid do a rap video on

-- hip-hop on it and it will be 10 times better. we used to call them useless when i was a child. state department entities are responsible for this. i think we have time for one more question. is that right? >> jim, this call it the madison valley coalition that the previous administration put together to get madison avenue and silicon valley to get anti-terrorism messaging. >> and they arrived right where you did and sponsored pakithon developing content in universities and government -- explain the terrorism probably and said we would be the world's worst messenger. >> that's another area of consensus. i think everyone up to her thinks it usg should get out of the business of government. sean, ust. -- usg.

question is to you specifically, what viability do you see in a german style law or approach that says -- social media companies should have reporting mechanisms by their users for this kind of information and maybe a maybe ag reporting mechanism to the usg on how they handle that. do you see that as something that would work here? of socialst part media companies having a mechanism so that users could report content that is in --lation of terms of service i think you're seeing movie -- ourment toward that from social media companies. -- that will be

more difficult and not as desirable. huge incentive depending on the type of activity to do those reports or do them in scale, ultimately. and we are in a world of multinational corporations where you need to operate or abide by the values of multiple countries and legal systems simultaneously. countries inf europe are going to affect -- sometimes they can be confined to the country, in the case of france where certain content, if you had the same law, it would be a violation of the first amendment. you could work out a mechanism so that it looks like a french ip address.

the solution needs to be able to sustain global tests of the values it is endorsing. so that it is at neutral value. is secondly, the execution one that they could abide by in multiple countries without being in violation of law. if you violate terms of service, that is an use year one to come up with a reporting mechanism that would be country agnostic. summarize ay to little bit and if i miss something, please correct me. what i got from this is where is the conflict? it is not what we expected. and we need to act. another declaratory policy or demarche will not do us any good.

it has to be a whole government eight campaign plan. -- government campaign plan. we need to risk -- report responses. including military. it could be the intelligence community. dod. cyber command. but forceful response has to be part of this. there is going to be more than one move and we need to think with of how we will deal those moves. and messaging is important, both to the american public and the political leaders so they know what we are up to. but also to the rest of the world and the russian people including contact with the russian leadership to let them inw that we are interested stability. regime change is not the target. did i miss anything? is there anything you want to

add? >> i would add that as part of that preparatory work we will shapeeryone on the same of music. -- on the same sheet of music. >> thinking about how to work with allies. making this more than a unilateral approach. >> two quick additional points. -- expectt we do as escalation. and if we do not respond, we will have a rapid escalation. we need to understand that will happen. eliminatingnt about to find ways to reduce the

impact of fake news. and that is important not because of russia but because these dynamics exist in our country as well as other actors like terrorist groups and countries like north korea. >> on the defensive side, i think we need to think about incentivizing the research that says we have put certain systems digital, itog to was never designed for security. we are on the verge of doing that on and exponential scale while repeating the same mistake of not building security in on the front end. and before we make that

transformation, we need legislation, regulation, and a collective will to make sure that we do not make that move. the time to act is now regardless of who the actor is. to cff to get good news and on the bright side, we have sketched out a path forward. and maybe it is a path out of the hole we are in. where wey happy with have come out today. please join me in thanking our panelists. [applause]

>> coming up on c-span, washington journal is next. live with your phone calls and a look at today's headlines. followed by a discussion on schoola directive on discipline issued during the obama administration. and then betsy devos talking about school safety initiatives in light of the parkland florida school shooting. and anotherd durban senator talks about how congress can address gun violence. >> coming up on today's washington journal, gary schmidt talks about changes to president trump's national security team. and then, dan hawkins with the national association of

community health centers joins us to discuss their role in the health care system. and then, new republic staff writer matt ford, who makes the case were dismantling the -- department. ♪ good morning, it is saturday, march 17, 2018, and just hours ago deputy fbi director andrew mccabe, who has been the frequent target of president donald trump sire, -- trump's ire, was fired by general jeff sessions days before his retirement was to go into effect. the firing came at the end of the week in which secretary of state rex tillerson also lost his job. meanwhile, speculations swirl around the base of other white house and administration officials, including national security adviser h.r. mcmaster, chief of staff john kelly, and cabinet members david