shaped america. c-span partnered with a library of congress which explores pieces of literature that it had a profound impact our country. tonight we will feature the journals of lewis and clark, detailing the expedition to explore the west all the way to the pacific ocean from 1804-1806. the author of several books on lewis and clark will be with us. what c-span's encore presentation of books that shaped america weeknights at nine eastern on c-span or go to c-span.org/books that shaped america to view the series and learn more about each book featured. >> c-span is your unfiltered view of government. we are funded by these television company send more including comcast. >> you think this is just a community center? it's way more than that. >> conch is partnering with 1000 committee centers to create wi-fi enabled centers so students from low income

families get the tools they need to be ready for anything. >> comcast support c-span as a public service along with these other television providers, giving you a front row seat to democracy. " continues. host: at our table this morning, joe mcreynolds, a chinese security studies fellow with the jamestown foundation, here to talk about security attacks on critical u.s. infrastructure, let's begin with what is the jamestown foundation? guest: it is a national security think tank here in d.c. that deals with a lot of the largest challenges facing the united states of america, whether that is china's rising power or russia's power projection around the world, terrorism, counterterrorism, so at the jamestown foundation, it is a national secured a think tank. host: describe the threat, the

cyber threat for our u.s. infrastructure. guest: so the threat -- the best way to describe the threat is these days, unitary power, national security power or civilian critical infrastructure are deeply linked in ways that they might not have been going back half a century. as a result, if you are a nationstate imposed in the u.s. and the potential military conflict, and you are trying to prevent us from prevailing in that conflict, you are targeting are critical input structure, including critical of the structure used primarily partly by civilians and that is just the modern reality of national power..

the threat in event of a conflict, are critical infrastructure is targeted, and it is not just a contest of military. even in peacetime, you have them tried to collect information that will lead to conflict or other acts of espionage, and you have ransomware attacks, that has been a driving critical infrastructure the past years, and for those who may not have heard the term ransomware, basically, they break into your systems and they say that until you pay a certain amount of money with cryptocurrency and things like that, then you are not getting access to your data and that is something that protecting against it is a little different than protecting against previous forms of

infrastructure intrusion and is now often used by clinical networks around the world as a way to target hospitals or schools or things like that that even have no real relevance to the military and national security, but if you can get them to pay up, that is a serious payday and bitcoin goes a lot farther than it does in america. host: what types of infrastructure are you talking about? guest: the u.s. government has a defamation of critical infrastructure that is very broad, everything from schools to hospitals, logistics, facilities and all of the facilities that under our daily life, we may not necessarily

think about how critical they are, to our lifestyle until it was disrupted, there is actually a hospital earlier this year, i believe in texas because of a ransomware attack, they had to divert ambulances from their emergency rooms these are outlining every aspect. these attacks can potentially disrupt daily life for civilians and not just for military or other national security. host: we are talking with joe mcreynolds. he will take your questions or comments about cyber threats to critical u.s. infrastructure. you can join the conversation. republicans, (202)-748-8001. (202)-748-8000.

independents, (202)-748-8002. text us with your question or comment, include first name, city and state, at (202)-748-8003. or on facebook.com/c-span and on x at @cspanwj. joe mcreynolds, i would like to show our viewers recently at the national press club, the national security director had to say, head of cyber command, had to say about protecting the u.s. infrastructure. [video clip] >> how would industries that would not necessarily have the same level of cybersecurity's are not connected to defense, but as periphery, there might be a backdoor there somehow, what did they need to do to defend themselves, their own companies, to be able to not create vulnerability? >> i think the sector that we are responsible for, broadly,

outside of the other 13 sectors, when there are companies like this, being able to work with the department of homeland security to get their advice is really important. i think this is an important piece, cybersecurity collaboration, nsa, 2020, 3 years ago, one of the things we said was we want to be able to work with the defense industrial base, but we found out that initially, the way we have to work is to working there medium, there medium is not classified, so being able to talk with them on a series of channels and in classified matters is what we are doing. why don't we provide a series of products that ensure a higher degree of cybersecurity? so being able to provide scanning to the defense industrial base to see what vulnerabilities they have are some of the ways we are looking at this equation of it differently. [end video clip]

host: what did you hear that? guest: that is actually a critical piece, when you are working with the defense industrial base, if you are the u.s. government, cyber threat information, often times that may be -- that sort of information may be sensitive or restrictive, and there has been a push the past several years to take the categories of information and be more easily able to push out industry. industry can react rapidly if they are given information rapidly, but this is something that the government accountability office has actually been appreciating -- pushing the government on for a matter of years now, and the biden administration has been responsive on this, the idea that government was not moving fast enough to get cyber threat information to industry and that government ossification roles, which are, of course, very

important for protecting our nation secrets, are not necessarily -- were not designed with this kind of cyber threat information sharing in mind, so organizations like the nsa, he also mentioned cyber security infrastructure, and these organizations are working hard now to create more optimized information sharing mechanisms with industry, and especially it is an issue also when you are dealing with regional critical infrastructure around america, where realistically, these small infrastructure management agencies or utility companies, things like that, they will never be as invested in their

own cybersecurity at their local level as a nationstate that sees them as critical for some national security objective penetrating them, and nation will also have more resources and more focus to bring to bear then some local utility company, so that is where it is really important to bring the resources of the federal government to their, and back in the early 2000's, going back to the bush administration, he saw an emphasis on well, that is the private sector's fault, and we are going to talk a big game about the private sector in their infinite dynamism will be taken care of this, but the incentives are just unaligned to make this something we say, oh, the private sectors can handle and they can take care of everything, we don't have to

worry about it. no, we have to have ongoing partnership on this, and that is something that you see resected heavily in the biden administration's national cybersecurity strategy from earlier this year. host: we will get to calls, brand and arizona, -- in arizona, independent. question or comment? caller: yes, if i have my own power generator and solar generator and there is a cyberattack along the internet, is the government going to have a backup communication system that i can connect you to get information? on what is going on? guest: that is a great question that i do not know the answer to. the national emergency preparedness is not my forte, but that is an excellent question, and i would assume that if you go on fema's

website, they would probably have some kind of information, like it used to be back in the day going up watching tv, that there would be the test of the emergency broadcast system. i assume people who have devoted their entire careers to this have been looking at what a system like that for the modern digital age looks like, but that is just not my field. thank you for calling. appreciate it. host: tom, baltimore, democrat. caller: good morning. my name is tom, i am looking at an article from 2015 that says that some clown decided to shoot at a substation with a gun, he knocked the substation out, and consequently, and in addition,

power was lost. after that, the emergency generator shut off and after 11 seconds, they got it back on, but the pumps did not start, and my question is, sir, if you can knock out a substation, can cyberattack to the same thing? guest: if there is one thing that i hope everybody, everyone watching today takes away from the segment, please, do not shoot at your local power substation. everyone would prefer you did not. i would say the potential for cyber attacks to shut down or interfere with power stations is a huge potential correct factor

-- threats factor as power stations become network and industrial control systems become network, but thankfully, there are an entire subfield of information security professionals and informationals working to prevent, but the reality of critical infrastructure resilience and then on the other hand attack from nationstate actors, from criminal groups looking to get a payday through ransomware, things like that, is that this will forever be an ongoing push and there will always be groups looking to find vectors into our critical infrastructure, and there will always be professionals looking to find new ways of making our critical infrastructure resilience,

whether that is through network resilience -- resiliency through segmentation of access controls and things like that, making it harder to penetrate, and now in the new era of generative ai, both attackers and defenders have new tools for testing network intrusion and network defense factors, so that is something that we are going to continue to see in the future with i think not just an easy resolution of, oh, that was vulnerability and we don't have to worry about it anymore. host: in florida, independent. caller: good morning. thank you for allowing c-span to allow regular citizens to comment. as an expert on china, if there is a new book called the end of the world is just the beginning,

peter zeihan, profoundly predicting the future of china, especially their one shop policy for 30 years means their population is going to diminish by half in the near future, so is our guest aware of this book? and even in the economist magazine they say that the chinese army is not able to recruit enough people now because of the decline in the population of that one child policy. is the guest aware of this book, and what does he think about the coming decline of the population by half in china and how that will affect china's relations with the rest of the world? guest: that is a great question. i just had a guy talk my ear off about that book at a holiday party. i am hearing a lot about the book from folks out in the

world. i have not read it myself. i will say that my overall sense is there are some things they have been saying for two decades now, which is that japan and south korea got rich before they got old, and that china is going to get old before it gets rich because of the different demographic milestones getting hit in the measures of wealth china is hitting at each demographic milestone. when it comes to china posthumous military strength, one of the biggest things to consider is not just demographics and how many people there are hypothetically, but as militaries become more specialized and more reliant on

highly trained labor rather than just that era of the draft where they draft you, train you, it really becomes a question, especially in china of what are you offering to specialist talent, especially in the realm of cybersecurity information warfare? that is something i have looked at in some of my conference papers, academic conference papers, things like that, the things that china is doing to recruit more specialist talent in areas like cyber warfare into the people's liberation army. they actually overhauled their whole system for talent recruitment because if you have serious information security skill set in china, you have relatively solid opportunities in the private sector, at least compared to a lot of other

relatively high-paying, range of opportunities and for china, the labor market right now, in china for young people, is actually quite posh, and that is something that is kind of surprising to me, if i was coming from a demographic angle and saying, oh, if you are young -- fewer young people, there will be intense competition for talent to fill jobs, but right now, there are so many young people out of work, that it is a sociological trend in china of how young people who have been very focused on test taking and educational success in setting themselves up for a professional workforce and now finding there's really not a lot of great jobs out there, how they are kind of reorienting their

expectations from work and life, sank i will say that demography is certainly partially there, i would say, but there are a lot of other factors to consider, so i would say, yeah, i never actually read anything by peter zeihan, but more generally, it is important for a country as complex as china to take a range of voices in and ideally be looking for voices who not spending all their time marking themselves with i am the china expert. i have been working on china at 15 years at this point, and i would break out in a cold sweat if i had to describe myself as a china expert because it is just such a fascinating and complex and multifaceted country, so, again, i don't know him

particularly well, but i would say seeking out niche subject matter experts, if you have the time and include nation, can often be more rewarding than seeking out one guy who proclaims i and the expert, my book will tell you exactly what china is going to be 20 years from now. host: "the washington post" headline, china cyber army is admitting critical u.s. services, and it goes on to say that utility in hawaii, and a pipeline are among the victims in the past year read what is happening? cash year. what is happening? -- year. what is happening? guest: that is an advanced threat, essentially a cyber threat actor that has advanced capabilities and nationstate capabilities, and has patience and persistence in trying to get

into even hard targets, so the advanced persistent threat actor known as both typhoon is the codename, that the u.s. government has publicly assessed earlier this year, along with the intelligence agencies of many of our allies and partners, they really state public press release saying that it is connected to china and that it seems pretty obvious looking at it that it is targeting critical infrastructures, it has a national, a national, potential national security relevance, especially in the event of conflict in the asia pacific, for example, hawaii, obviously, so, yeah, what is happening here is one data point in an ongoing stream of data points over

decades in the past and presumably in the future, where a country that has a competitive and challenging relationship with the u.s., like china, that sees as as a potential threat, and, of course, we see them in plenty of ways as a potential threat, will continue to try and build accessories into our critical -- access into our critical infrastructure so if something happens between the u.s. and china, if they were a conflict that they could be able to disrupt our critical infrastructure, perhaps disrupt our ability to respond militarily or even influence the political negotiation around

resolution of a crisis. it is easy to imagine from the chinese perspective that that is an area where american blood has not been spilled yet, and if they were able to successfully penetrate large swallows of american critical infrastructure and -- swallow this of american global infrastructure and impact the lives of daily americans, it is easy to see from a chinese government strategist perspective how that could potentially be useful in creating political pressure in america or in our partner nations for a non-military resolution as a conflict in a way that was on china's terms, for example, whether it is over the sovereignty to taiwan, the south china sea something else. it is important to understand that they are going to be trying

to break into our network. by that, i mean chinese military intelligence services. this has nothing to do with average or ordinary chinese citizens are people, but chinese military intelligence services will be trying to break into our critical infrastructure for likely as long as i will be working on these topics, and we will be doing our best to kick them out, as time goes on. we have made critical progress on moving away from, example, while way -- huwei in critical networks that surely over time help us defend it. host: scott in massachusetts, republican. caller: hi. i have got a couple of things. i will give you background. i owned the computer business for a while, went into the private sector, became mis for a bank and then vice president of

the credit union after that. during that time, i found that the chinese, not just the chinese, but we had the russians, just about everybody trying to hack into our service all the time, and when i was -- my company, ransomware, it was huge, even just regular businesses, and there were multiple businesses that we had a ransomware, we had to go in try to resolve so would they do not have to pay the money. all the people don't realize, a lot of times, comes in email, looking like you are some of the organization you would deal with, and you think it is. you go out locked in, and they have a backdoor into your system, they are knocking you down, you cannot get out of it, but, they are huge, and china is one of the