host: a conversation on russia's cyber keep abilities now with michael daniel, the former white house cybersecurity for nader in the obama administration, current president of cb -- of

the cyber threat alliance. explain about the cyber threat alliance. guest: the cyber threat alliance is a group of cybersecurity companies that have come together to share threat intelligence with each other to do so in an automated fashion and human fashion. we have 34 members from 11 different countries around the world. we are a membership association. that is how we work. host: explain what you and your members are seeing on the cyber battlefield during the lead up and now invasion of ukraine. the attacks on the cyber front fall into certain types of categories? guest: you have seen the reporting of our members of a new kind of malware that is referred to as a wiper.

it is designed to destroy computers ability to operate. that has been deployed across a number of different systems inside ukraine. we are mostly seeing the same kind of malicious activity that you see almost every day. phishing campaigns, ransomware attack's, that sort of thing. host: what we know how about russia's capabilities on this front besides what you just said, anything surprising? esko -- guest: so far not that we've seen that is been surprising. russians have shown themselves to be quite creative, very ingenious in what they do. before the concept is done i'm expecting a few surprises from them. host: lighthouse yesterday -- the white house yesterday quick to knock down report the president biden was being provided options for a cyberattack against russia

offensive capability's. why do you think that was sunday the white house jumped out to knock down? esko -- guest: it is easy to get breathless reporting over these options. there are defensive cyber options in the mix for possible policy responses down the road. this white house is trying very carefully to control the escalation path to make sure things do not spiral further out of control. you can see that in how measured they are being in the other activities they are taking. they're trying to manage this tightly. that is why they stepped out there to knock down the speculation. host: staying on cyber offensive capability is, how to u.s. cyber cape ability stack up against russia?

what kinds of attacks are we best at compared to what you are describing with what russia has been doing in ukraine? guest: when you think about the major cyber powers, the nations with the greatest cyber capabilities around the planet, the u.s. is among them. russia, china, others like that. we have a broad array of capabilities that we can deploy against russian networks. some you have seen in previous encounters like the denial of service attacks against some the internet research agencies, things that happened a few years ago. we could carry out equally destructive attacks if we chose.

we have tended to be more discriminant and stealthy. the kind of capability's we have built. both russia and the u.s. possess extensive cyber cape ability spit hood host: explain what a denial of service attack is and what does. guest: a denial of service attack is when you flood a computer or server with so much traffic that you overwhelm it and it cannot carry out any of its other activity. host: is misinformation a form of cyberattack or does that fall into a different category? guest: you hit on something that is a massive debate inside the community. from the russian point of view they are all about peace. the russians do not talk about cybersecurity unless they're interacting with the west. they talk about information security. they talk about information operation.

from the russian perspective, they're all woven together, using misinformation and disinformation to boost direct to woody to enhance misinformation or disinformation campaign. on our side we make a big distinction between those two. people like me do not have as much experience working in the information -- disinformation space. it will be part of what the russians are doing. host: cyber threat alliance.org. if you want to ask him a question will be with us until 8:45 eastern. start calling in. phone lines republicans (202) 748-8001. democrats (202) 748-8000. independents (202) 748-8002.

as folks are calling in, this headline from the usa today this morning administration shields up to protect the united states. let's talk about defensive capabilities. the concerns, one abilities -- the vulnerabilities. guest: when you look at our digital landscape we have become very visually dependent as a country -- digitally depended as a country. almost everything connected to the internet can be vulnerable and some form. that is a lot of stuff now. people who have been in this business for a while we used to talk about wired desktops as the primary thing we are worried about. now is everything from your refrigerator to your car to your industrial systems to smartphones and laptops.

what the administration was trying to do was to reinforce with the cybersecurity -- with the cyber community has been saying for a long time which is that good basic cybersecurity practices you need to be into many to reduce your risk of having a malicious cyber incident whether in a current crisis or from cyber criminals or anything in the future. host: pipeline hack is been traced back to russian hackers. sling what were -- explain what went wrong there. guest: the attack on colonial pipeline was a ransomware incident. some malicious actors put software onto colonial pipeline's business system that encrypted those systems. and made them inaccessible to the rightful operators.

those actors demanded that colonial pipeline pay a ransom in order to get the key to unlock their data. what happened was because of the concerns about the extent of how the ransomware mayor propagated through their system they decided to shut down their pipeline and their technology systems to prevent the ransomware from spreading there. the ransomware to not actually hit the systems that run the pipeline. one you'll pipeline took the decision to do that -- colonial pipeline took the decision to that themselves. that led to the fuel disruptions and other things we saw here along the east coast. some of which ash there was not

as much of a shortage as there could've been. because everybody was worried about that it created a shortage. that was a interesting case. host: i could you defend against a denial of service or ransomware attack? guest: the one thing about a denial of service attack is that it is a reversible and stoppable. once the perpetrator stop sending the package the problem goes away. it is not permanently destructive. there is a lot of capabilities out there, many companies that will help you defend against id dos service. internet service providers like at&t or verizon, amazon, all sorts of services you can use for that.

for ransomware, when you're infected with ransomware it is difficult to prevent a ransomware from spreading at least two some of the machines in your network. ransomware is a big problem. it is primarily driven by the criminal underground. it is becoming a big business. host: you were in the position of white house security coordinator in the obama administration. what was the worst cyberattack that the u.s. experience during that time that you dealt with? guest: that is an interesting question. some of them were not singular incidents. the ongoing chinese campaign to steal intellectual property and

business and trade secrets from u.s. company's. the russian interference in the 2016 election which was as much about misinformation as it was about cyber activity. north korean attack, the iranian attacks on our financial institutions. it was quite a long list. got to where we had to develop much better incident response procedures and policies. many of which are still in place today. you can see the white house building on that. host: plenty of calls for you. allen in new york democrat. caller: you cute into my topic about the election. we had to deal with the problem

of redefining treason going back to the 2001 attack on the world trade center dealing with nonstate actors. what does it mean to be a traitor to your own country if you are not aligned with a foreign nation but with foreign national terrace? we have the problem of dealing with how to be redefined treason in an age where we are not nest early facing weapons used by a power but the soft invisible threat posed by cyberattack? i'm wondering in which respect -- in retrospect given the fact that we now have a kinetic war in ukraine but with someone whom our last president was very cozy intolerant of his operation in the cyber realm, does this redefine some of the conduct of our last president as being more

clearly treasonous? i think muller was pointing in that direction with his report. bardi feigned that report -- bar defined that before. host: michael daniel, any thoughts? guest: it is fair to say that in the area of my expertise unfortunately while the previous administration had a number of people who were very dedicated to working on cybersecurity issues and actually made some really strong advancements, unfortunately they did not put as much emphasis in continuing to develop cybersecurity policies made the things we need

to do to build our cyber defenses. this administration is going much better job of that across the board. whether you're talking about not just this crisis but the executive orders they've issued, the way they're working with the private sectors, setting up a public-private collaboration for contingency planning kitty ready for possible incidents and responding to incidents as they emerge. what you can see is that in this space there are nonstate actors and state actors. distinguishing between them is often challenging. there are fuzzy and unclear linkages between those actors.

that is what makes dealing with cyber threats are challenging. host: is there such thing as a pentagon for u.s. cybersecurity? you mentioned an agency. in the department of homeland scaredy. your former office at the white house. i am assuming the pentagon has its own cybersecurity group. are all these pieces talking to each other and correlating? are there any issues? disco -- guest: the pentagon has the u.s. cyber command. that is a combatant command national security agency there. that's what's in -- that is with the national scaredy staffer

doing, they are making sure the departments and agencies ranging from the u.s. intelligence community to the state department to homeland security but also including law enforcement, so the justice department and the fbi, secret service. many other departments and agencies across the government that have a role in cybersecurity. that is the job of the national security council to help bring those together deal with these geopolitical crises. there is now also the office of national cyber directors, chris is the first national cyber director. it -- it is his job to bring together the group of agencies i was mentioning for the development of cyber policies and how the government is organized, trained and equipped and ready to deal with cybersecurity issues. that is a very important role that was recently traded by

congress and has been newly filled. host: dave in florida republican. caller: i have been a republican since voting for reagan in 1980. main concern with a nuclear war, now it is even more dangerous because of our dependence on digital technology. i have to wonder what ronald reagan would think if he could have foreseen that the republican party would eventually become a cult that supports a russian dictator while smearing and maligning our own president. who could have imagined the political environment in this country could become so toxic that it creates a cult of reptiles? host: on the history of cyber develop me, the color is talking

about what would reagan do. when do we actually start dealing with this threat? guest: he history of this goes back a long way. some of the initial viruses being distributed via disk back in 1987. this is not a new problem depending on your perspective. it has been around for 20 or 30 years. in the grand scheme of policy development, cyberspace and in cybersecurity are relatively new to the policy world. many of the ways we think about the world do not work very well in cyberspace because things move at light speed. it is not a continuous landscape like the rural world. we are still struggling to come

to terms with and figure out how to deal with the problems we now face in cyberspace. at the same time they have roots that are actually go back a long way -- that go back a long way. you cannot separate what is happening from cyberspace from what is happening in the real world. when nation states, russia, china, ran carry out activities in cyberspace is all connected to their goals in the world. they're not separate. host: south carolina harvey democrat. caller: high --hi. in the real world, you mention what happens in the cyber world a cure -- occurs simultaneously in the real world.

byes who are working against us in clear sight, some of them have called in on these type of shows may be. people working on the other against his country. i do not want to say the former president coddled to the soviet union or vladimir putin but overtly he made in roads and relationships, made him to be a genius. he continues at this time to spout good things about persons that we recognize from the world war ii area -- sheriff as being enemies of the u.s.. it happens in cyberspace as well. what do be do to protect ourselves and calms of behaviors on behalf of the foreign states and the people that may live among us? guest: is about a question of

doing with misinformation, wrong information -- dealing with misinformation, wrong information in cyberspace. a lot of it is partially becoming skeptical of what you read. if what you read seems a little too sensationalist, a little too good to be true, just like your mom thought you if it is too good to be true it probably is. learning to be critical of what appears, thinking logically and critically about what you're seeing, reading in cyberspace. we are in the first stages of doing with this problem. for a long time, or challenge --

your challenge in school was finding information. you were taught how to use a card catalog, how to do research finding information. now finding information is much easier. finding good information is still hard though. learning the new skills of how to sort through the flood of information that all of us are presented with to discern what is reliable, useful, good information, that is where we have to develop a new skill as citizens. that is what we need to be teaching our kids about how to operate in the space. that will be a big project over the next two decades as we learn to develop those skills. host: we started with russian cyber attacks against ukraine. have there been attacks or targets outside of ukraine in recent weeks? have other countries been hit

and have they been traced back to russia? guest: not that you can attribute directly to the invasion activity or the ongoing military activity. there are a few new pieces of malware that were uncovered this past week, that have shown up in some of the baltic countries but not in a great extent. it is not clear that it was deliberate. it may have just been an artifact or test or accident. we have not seen too much that has been directly tied to the invasion activity. there is all sorts of malicious activity going on a lot of which emanates from russian criminal groups. a lot of that is being

occurring. how much of that has been tied to what the russians would like to see happening, that is more difficult to discern. host: cyber for in this -- cyber forensics, explain why it is so hard to trace a specific attack back to a specific state actor. guest: there is several reasons. one of which is usually the state actors are working very hard to erase their steps so that you cannot trace it back to them. in the physical world, think about what criminals do to make it more difficult for forensics experts, digital equivalent of putting on latex gloves and wiping down services and not leaving trace behind. a lot of the tools you can use

our tools everybody else uses. there is commodity malware. this is malware you can go and easily attain -- obtained from the dark web and other places that criminal groups sell. nationstates use that as well. if you see an actor using a particular type of malware it is honestly tell you who that actor is -- it does not necessarily tell you that actor's. you have used other clues to try to figure out as you have to use other clues to try to figure out who the actor is. and what they were doing, how they did it. that takes time. u.s. intelligence community and the u.s. law enforcement committee has become adept at defining lots of different kinds of intelligence and sources, information to do the attribution.

when the u.s. government make statements about attribution they always have a very high degree of confidence in their statements. even though it is a challenge it can be done and with a high degree of confidence. host: arizona this is mac good morning. caller: good morning mr. daniel. do your point on cyber defense -- to your point on cyber defense come from state or nonstate actors, similarly on the defensive side our state has its posture. what role do you believe that the state has in helping nonstate actors be a part of that defense? is it a program where people need to be educated?

guest: is a good question. working out the roles and responsibilities between individuals, organizations and governments is one of the big challenges that we have. on the one hand, it is ridiculous to think that the u.s. government is going to be sponsor for the -- responsible for the siebel security of every single business in the u.s. and you probably would not want that. you do not want the government being that intrusive. on the other hand, it is ridiculous to think that individual businesses and organizations are going to take on the cyber capabilities of the russians, chinese by themselves. as we work out those relationships so that -- how do we work out those relationships?

what is the right level of responsibility? what parts of cybersecurity are individuals and responsible -- and businesses responsible for? and what parts of the government responsible for? does that change whether a business is small or large? does it change on the base of the actor? does it change over time? all of those are questions we are still working out. it is going to have to be a joint effort. simply assigning the role of cybersecurity to one entity in the ecosystem like we try to do with order security where that is -- border security where that is assigned to the federal government alone that is not going to work with cyber space. his two interconnected, -- it is two interconnected, to woven into other things. it is an ongoing project for

every country trying to work out those relationships. this is the meat of some of the policy issues i worked on when i was in government and are continuing to work on at the cyber threat alliance. trying to work out those relationships make that work in the real world. host: are there some sectors where there are mandates of minimum cybersecurity requirements? if you run a damp or nuclear power plant you have to meet some sanders? -- do you have to meet some standards? guest: the more readily did the sector is like medical devices there are certain minimums that some regulars have put in place. it has been difficult for us to figure out exactly how to specify those minimums. it has only been in the last two years that we are starting to get a good handle on the minimum

requirements the you may want to put on organizations out there. and then working out if we are going to impose responsibilities on those what to they get in return? you regulated utilities get to recover some of those cybersecurity investments? how are they going to finance those sows that question -- that is where that debate is really occurring right now. host: los angeles, david independent. caller: we are up early. good morning to you. i would like to caution that we

take a step back. i would like to offer to especially black listeners which are democrats to study history. talk about the fall of war, it brings a whole new dimension to the so-called cold war phenomenon. during the cold war i would like to suggest to your black listeners -- host: why are you speaking specific lead black listeners? caller: scope with your cold war topic that you bring up, michael daniel on these concerns during the cold war and the earliest technologies, concerns about decoupling computer systems from soviet abilities to hack in and

possibly cause a launch of a nuclear system, can you take us back to the earlier days of this? guest: the way i think about this is that we have, there is always this tension between convenience, wanting to connect devices, systems, processes to a broader network. the whole point of that is it makes things easier. you don't have to go all the way out that remote location. you can say we are -- you can stay where you are and connect sensors to it and get data from it. at the same time. it is been recognized that doing that, if you can soak in the back us. how do you protect fortin

systems? it was thought that for very important systems you could air depth them, meaning create a gap of air where they were not as she physically connected. while that may still be a viable defense for certain kinds of off-line data, it is not workable for the broad systems and things like that in today's environment. tell me about your air cap system and i will find out the 60 ways it is back connect to the net. somebody has hooked it up somewhere. it is not a good defense to try to rely on air tapping alone. to be thinking about your defense in depth. how you employ basic cybersecurity hygiene using

multifactor authentication, using good passwords and password managers, patching your systems, keeping them up-to-date. host: a few minutes left with michael daniel this money. elliott in new york city line for democrats. caller: i wanted to say the people of faith in your audience, i hope they all pray for the good people of ukraine. do cyber questions, -- two cyber questions, talk about the expertise of the biden team. i'm curious how you would assess the cybersecurity expertise in the previous white house. the other question is, there were previous segments -- like any -- callers are talking about

whether people should buy price from russia. do you have any feelings in the past, russia has overseen acts of computer systems which has resulted in release of documents. people seem to have use those documents. they did not say it is coming from russia we should probably stay away from it. i am curious to know how russia plays out in commerce of the free world. host: tough questions for either. as for you there. guest: when you look at the cyber cape abilities, the lever of -- the level of expertise in the u.s. government one of the things that is clear is there is an enormous array of talent that the u.s. government has drawn and continues growing. you have an enormously wide set

of people who are very talented many of whom are career civil servants or have served in decades. those are the people i work with a lot as i worked with a lot during my time in government, i was a career civil servant for a long time. the u.s. government has a broad array of expertise. there is a talent shortage but that is true across both the private sector and government. when it comes to russia and the connections into the broader cybersecurity world in the tech world that is an area where russia has struggled with. compared to china. they have some top-notch cybersecurity firms in the form of companies.

those companies have become tackled to this autocratic government and has really hurt their ability to operate globally. there is not as much technology interaction between russia and the west as there is between china and the u.s. and the west. host: rebecca in ohio public and. caller: i was surprised, you answer my question already. why are we worried about russia when it is china's cyber that we need to worry about? quite frankly our own government that does a lot of spying on us. why have we not cut off russia's oil supply? why are they still buying oil from them?

guest: think the director for cybersecurity for nsa had a good analogy that i have stolen. rob joyce said russia is like a hurricane in china is like climate change. to deal with both. -- you need to deal with both. we don't have the luxury of being able to ignore one of them and focus only on the other. it is true that while right now we are focused on russia we also cannot lose sight of what china is doing. the fact that china is a long-term competitor also does not mean that we don't have to focus on the cyber cape abilities that russia can deploy .

we have to address both at the same time. that is a challenge of being at the senior level of government in situations like this, you cannot take your eye off other situations around the world even though there is a crisis occurring in one part. host: about tim and his love with you mr. daniel. final question from twitter, this is lee who asks a question. when it comes to cybersecurity, our voting machines -- our voting machines connected to the net? guest: most voting machines are not connected to the internet most of the time. one of the things you learn when you get into election security is if you have met one state or county in the u.s. you have met one state or county, almost every jurisdiction runs or operations little differently. it is very rare for voting

machines to be connected to the internet innocently done periodically to run updates things like that. it is one the reasons why most cybersecurity experts myself included think that trying to vote over the internet is a terrible idea. we are not able to provide the security for that type of activity. host: michael daniel is a president and ceo of the cyber threat alliance. it is at cyber alliance on twitter. you can find them online at cyber threat alliance.org.