Skip to main content

tv   Fred Kaplan Dark Territory  CSPAN  October 10, 2017 7:58pm-9:31pm EDT

7:58 pm
books and authors every weekend. book tv, television for serious readers. tonight on the special tuesday night edition of the book tv, a look at computer security and hacking as a military tactic. next, fred kaplan on his book territory: the secret history of cyber war. then "after words" with washington times columnist bill gertz, author of i war. from the atlantic council a discussion of alexander kleinberg's book the darkening web, the war for cyberspace. and john you and jeremy reckons talk about the military and their book striking power. >> in his book dark territory, fred kaplan writes about the history of cyber warfare, including how the us military and intelligence agencies have
7:59 pm
used the tactic in past conflict. he spoke at the think tank new america in washington dc. this is one hour and a half. >> now let me introduce fred. perhaps his most important distinction i would say is that he worked previously as an american fellow but he has done one or two other things in his illustrious career. he is the national security columnist and author of four books the most recent book which i think is here to tell us and has at least gone over with this new book that some one might not necessarily imagine. fred is a pulitzer prize journalist back in his days at the boston globe and i am very pleased to be able to host him here today. on the format, shortly we will allow fred to give him a minute to describe the book and tell us
8:00 pm
about it what is in it and then i will take the opportunity to have a conversation, dig into a little more and explore some of the themes and what we might conclude that. then i will open it up to the floor to give you the opportunity to ask fred some questions. then we will wrap up at 1:45 and that should give us plenty of time for an interesting conversation. without further a do, fred. [applause] >> so i will speak for a few minutes here. the subtitle of this book is the secret history of cyber war and i was working on it and i have a subtitle already worked out as i did know the title would be but how long is the history is this. as people think did it start with the discovery of the
8:01 pm
building in shanghai but no, in fact he goes back all the way to the dawn of the internet itself. in 1967 when the ark and that was about to go up, precursor to the internet, that was a network where all the contractors in the defense department would toss out with one another in their computer programs and there was a man name will philip where and head of the computer department and he was on the scientific advisory board and he broke of paper that has been declassified since then and he said here is the thing and here's the problem was to create a computer network, once you have access from multiple unsecured locations you are going to
8:02 pm
create inherent vulnerabilities. you will not be able to keep a secret anymore. when i was doing my research i talked with this man named steve was the deputy director of our cut and i asked him if he read the paper and i said what did you think of it and he said i took it to the guys on the team and i got the story confirmed about and they read it and they said jesus, and don't settle us with the security requirement but look at how hard it was to do this. it's like asking the right brothers and their first plane had to fly 20 miles carried 50 passengers. let us do this one step at a time and besides the russians will be able to do this for decades. well, decades, two or three decades but by that time whole systems and networks had gone up with no provision for security whatsoever. i see this as the big apple in the digital garden of eden. the situation created and warned
8:03 pm
about and created from the very beginning. now, all of this was unnoticed until june of 1983 when ronald reagan watched the movie [inaudible] at camp david. one of the guys who wrote it, not the one who is coming here tomorrow but the other his parents were in hollywood and producers and the new ronald reagan so he got in the film and he watched it in the following wednesday he's back in the white house and there was a big meeting to discuss the missile launch that you might remember and at one point everyone there is national security advisors, some people on the hill and he puts down his index cards and says anybody seen this movie called [inaudible] and no one had seen it but he launches into this very lengthy plot description and people are looking around like where is is going and he turns to general john, and chairman of the chief
8:04 pm
of staff and he said could something like this happen and could someone break into one of our most secure computers and he said i'll look into that mr. president. he comes back a week later and said mr. president, the problem is much worse than you think. one year later there was a national security assistant director and i saw the president about telecommunications in computers and was the first document of its source but it took a strange direction. it was written by the nsa and the way they wrote it the nsa was controlled the standards for all computers in the united states. there are some people on capitol hill who didn't go along with that and so they rewrote it so it's basically the nsa would have security over classified
8:05 pm
stuff in the commerce department would have everything else. while the commerce department didn't know anything in the have no ability to do this so the nsa had no interest in securing these channels and they were interested at the time purely in exploiting security gaps, not in filling them. for about a decade nothing was done about this problem and i won't go any further. i'm just giving you an introduction but the point is these two incidences, [inaudible] and the dawn of the internet and the extremely unlikely coincidence of ronald reagan watching war games and asking the question that had everyone in the room rolling their eyes like where is the old man going now led to the systems, programs and more than that, the issues of policies and the controversies and the tensions that persist to this very day. one more little thing about the
8:06 pm
wargames before i go back and sit down and have a conversation, this is something i discovered almost by accident. it turns out that the two writers of wargames, you probably have all and i'm assuming you remember or have seen wargames but he gets into the computer by he has something called human dialing, this is for the age of the internet and he hooked up a system and it automatically dials the phone number in the area code and when the modem is reached a record that number is and he goes back. he thanks that he is just last on to some new online game and he almost starts world war iii but the screenwriters puzzled because they wondered if this was possible and could somebody and there's got to be a closed
8:07 pm
system, right? could someone from the outside get it and they lived in santa monica and they called the rand corporation and they wanted to talk to willis where they went in and talk to him and he was a very nice guy and they laid out the problem and he said you know, i designed the computer and i designed the software. computer and you are right, it is a closed system there is always some officer who wants to work from home on weekends so he leaves the port open so he can get it. you know, the thing is the only secure computer is a computer that nobody can use. that is the lesson that we've all learned since then and now i will sit and have a conversation. >> thank you very much for that. he went on to write another movie called [inaudible] [inaudible conversations] we will be talking to him on
8:08 pm
wednesday about what his next movie will be about so we can see what direction this goes in. before we get there, you have written a history of cyber war and traditionally when people write books about war they write about battlefields in people tend to study those battles so that they can get a greater sense of how to fight battles in the future and create brittle and strategy. what do you think having done the research of the events between 1983 and now that the cyber war should look back on and instead of looking at the battlefield to have taken a lesson to study for the future. >> there are no battlefields to study unfortunately but i guess
8:09 pm
a typical moment came in 1997. there was the director, new director of the nsa at the time, he had been commander of something called the air force information warfare and they were doing a lot of things about what we would now call cyber security and cyber war and he couldn't get any of the other officers interested at all. back then, fighting wars was dropping bombs on people. no one even knew how to use computers. so he decided that to get anybody interested he knew about the vulnerabilities so he got permission to do a wargame where the five team members of the nsa would hack in to the networks of the defense department they had to go through a lot of lawyers and one of the conditions had to
8:10 pm
use commercially available equipment and they couldn't use their top-secret stuff to domestic networks. they did this and they prepared for it for a few months, scoping out the networks and scoping out they would do and those who have been victimized not to know about and the only ones who knew about it for the people who actually were doing it in the lawyers. they laid two weeks aside to do this and it turned out within four days they had hacked into all of the defense department networks including how the president communicate and sends orders and all of it mercilessly happened and sometimes there's a marker and sometimes they would send messages back false messages, mess up orders, people's heads were being
8:11 pm
screwed with and they didn't know what went on and there was only one guy, a marine out in the pacific who knew that something was going on and even if you knew what was going on there were no protocol in what you do about this. you could unplug the computer from the internet which was the smart thing to do. everyone else when the debate happened and they would go through here's what we found and here is what passwords he dug out of a dumpster here and here is the tape recorder when they called up the secretary and said i was an it guy and need to change the password for everybody and they told them and everything like that and everyone was appalled and that was when deputy secretary of defense said okay, who is in charge. who is in charge and nobody was in charge. then they started to set up warnings for the for seven watches which is a good thing because within a few months the wedding had to start attacking
8:12 pm
the us military and it had been going on longer than that but the thing there was solar sunrise where some serious hacking turned out to be to citizens of california and someone said these are just two kids in california but two kids in california to do this what about the nationstates and a few months later they called us and then moonlight maze happened which was someone really [inaudible] they were looking for particular things and we trace that back to a, it was the russians they were using servers from the russian academy and those were the two and then the chinese started doing it and then operations by the way, one thing is interesting. wargame was called [inaudible] fever and they noticed some
8:13 pm
franchise strolling around and this is already really happening and in 1997. so, then there were other things and there was some sort of [inaudible] do you remember when clinton was planning to of take over haiti because of the warlords and they were looking up work plans and one part of it was how do we get into and how do we get into haiti had a rudimentary air defense system and didn't want anyone to get shut down so how do we get into their air defense and this guy in hand wanted one of his tech guys said i found out that the haitian air defense is wired into the commercial telephone and i know how to make all the phones in haiti [inaudible] that's how they were going to
8:14 pm
deflect and defeat the air defense system. in yugoslavia later clinton war against [inaudible] and remember the bombing went on for weeks, months and months there was a cyber element to it. computers were run by phone stated some of the same thing. they got into this serbian phone system, cia guy went in and put in a plant and then they were able to hone in on this plant and they were able the air defense system was wired to the phone system and they were able to go in there and missed their radars. on the screen it would look like there were planes in the northwest but they were coming from the west so they were aimed at the wrong spot. they would send messages to [inaudible]'s cronies saying we know you owe this plant and we will turn out the lights and get rid of [inaudible] and they
8:15 pm
said, you know, forget about it and they would turn off the lights and then say if you keep this up will pop you tomorrow. that is how he lost his -- they were threatened by information warfare. this is the first information warfare campaign. [inaudible] after that we know about some of the things,. >> net and there were some things and i'll give one more than we should get into a different topic -- when the israelis bombed the nation's reactor in syria which was really a [inaudible] a lot of people even the syrians didn't acknowledge this because those
8:16 pm
at the scene had to go about 15n territory without [inaudible] they would rather not acknowledge that it happened but what happened was they use the program that was developed by the air force and implemented by the israeli nsa and the intercepted not the radar and not the radar screens but a beta link between the radar in the screens. the people looking at the screens sought nothing and the radar wasn't detecting planes and affect the people in the airplanes were hearing thing and so it took a little nerve to continue but they also had people and they were able to intercept the signal off the monitor that the radar operators were looking at to make sure that this worked, to make sure they really were seeing nothing. then they were seeing nothing so
8:17 pm
the planes got in, dropped the bombs, destroyed the factory and they were mystified. there screens show nothing. actually, should do one more and that is the iraq war. i wrote a book called the insurgents and i accepted the idea that this is the only thing that i will qualify or retract a little bit but there was a big turnaround in 2007 and basically the surge and turn of strategy. one other thing was the nsa and the nsa sent over a three-year period to iraq in 22 of them were killed on missions to capture insurgents but they basically captured the computers and got into the passwords and into the e-mails and dated things like sent messages throughout their insurgents saying let's meet at such and
8:18 pm
such a place tomorrow at 4:00 o'clock and there would be special operation forces waiting there to kill them or they detected from drones someone planning a roadside bomb and it used to be you could follow them that you had to send the data back to washington and then it would go back and would take 16 hours. within one minute they could target these guys. in 2007 through these tech leaps they killed 4000 insurgents which is one reason why the israeli turnaround did i remember the first person that asked about this and he looked alarmed that i knew anything about it and said well, yeah, when the histories get written about this this will be the equivalent of breaking the german submarine codes in world war ii which wasn't revealed for decades after the fact. cyber has been a part of these operations, these plans and thinking for quite a long time. >> it is just taking you back to
8:19 pm
one of the antidotes you tell of the delegation that got sent to moscow to welcome the -- >> yeah, they realized that this was russia and of course this was post-cold war so they decided we should send a delegation to moscow. maybe they don't know this is going on and maybe it's not the government. we weren't presented as national security and will president this as a little investigation for which we are seeking assistance from the russian federation. there was a controversy whether -- they sent a delegation and on the first day caviar, champagne, welcome our friends and there was this one general in the military who is helping out and they brought over and he brings out his own
8:20 pm
and is shocked and says this is terrible and these pastors in intelligence and this is awful we will not stand for this and were going to swing this up and the second day we will have a sightseeing tour and will go around sightseeing and on the third date they were going to do some more sightseeing in the fourth day there was nothing. on the 25th day there was nothing. oh he's busy now and there is and so they left in the embassy is calling, the legal office and will send you a memo on this and what they realized when they got back is that this wasn't a government program in the sport general who god knows what happened to him for helping the united states military intelligence guys coming over, he just didn't know anything about it. for a while the hacking did stop
8:21 pm
but then it started again and the chinese started doing it, too. [inaudible conversations] the story you just told is a very military have a story, literally going through the war in iraq and clearly your other books were led to the establishment of a new organization in these networks [inaudible] in the 1990s there was a parallel the moment going on in the white house where people are starting to realize the critical infant structure is vulnerable and can you talk more about -- >> as all this other stuff was going on well, a couple years
8:22 pm
before and the oklahoma city city bombing led to president clinton signed a presidential directive on terrorist, a policy on terrorism and they started setting up a joint task force called the critical infant structure working group because people were thinking he blew up federal office building and a lot of people were killed and a lot of -- but what happened in the next date they blow up a power grid or an electric facility and it could affect the economy. we need to set up some policies. they define what critical and production was. eight sectors of the economy picking and finance, waterworks, and what and then they decided to create a commission to look into this. well, the people who are on this commission they had had
8:23 pm
background in black programs and they knew about this cyber development and they thought it is pretty obvious how you protect something from physical damage but there's this other thing going on, this vulnerability to electronic and computer hacking in that sort of thing so as this report got written half of it was about and this is where the term was first used it talked about two types of vulnerability, fiscal vulnerability and cyber vulnerability and in the future, someone should do more damage with a keyboard than with a bomb. that sort of thing and they were looking at this is that new nuclear weapon. that was in 1997 and this analyst named richard clark, probably heard of them since was sort of put in charge of this and he didn't know anything about computers, no beaded at the nsa. he decided to go to a road trip
8:24 pm
and went out to silicon valley and went to talk to all the executives and they learned that well, microsoft knows a lot about operating systems and the guys from cisco and intel know about chips but no one knew about anything else and they didn't know about the vulnerabilities in the things in between and so i don't know if you want me to get into this but basically he stopped through an fbi context with a hacker, a hacker [inaudible] he met them at harvard square in this whole group called the loft and they took him to the loft and the second floor of a warehouse in boston and they had stuff there and they were able to do things there, hacking into [inaudible] and replicate equipment and that
8:25 pm
changed the whole threat model. he realized that you guys are doing things and are able to do things that we in the white house has said in the intelligence committee has said only nationstates can do and clark, at the time, was head of counterterrorism but was chasing osama bin laden all over the place and he said this will be great for part of my portfolio, cyber terrorism because these guys were terrorist they could do acts of cyber terrorism so that did expand the whole notion of cyber war and what it might result in. that is one thing that hasn't panned out at least yet but i don't think there are any terrorist groups now able to do quite things that the hackers who are paid a lot of money to do certain things to her in
8:26 pm
structure. >> why hasn't that happened? it's one more iteration where we have an arrival of mike hayden at the nsa and 911 where surveillance becomes part of the story. can you tell us more about the impact and the changes in technology that takes us pretty much up to this moment in the president day? >> the nsa, up to about this point we been talking about they were still very much weathered [inaudible] intercepting radio signals, intercepting machines and in the early '90s they noted that they had these big listening towers and dishes all over the world and certain parts of the world nothing is coming in anymore.
8:27 pm
they were not getting any communication because they had gone underground and gone to fiberoptics or gone to cellular and they have no ability to do this. someone who is the director of that assay before wrote a paper for a congressional classified congressional committee and the paper was called are we going to and they realize that we are focused on the wrong things. so, the nsa used to be divided into the a group which where the guys were tracking the russians and the p group which was the rest of the world. the a group shouldn't even be called the a group but were not checking the russians anymore or not so much. so, this is where we get into the movie sneakers, do you all remember sneakers? mike mcconnell, career navy intelligence guy gets into the nsa, looking around and he is
8:28 pm
saying what does this big organization do? the cold war is over here not getting these [inaudible] people are coming into this office and saying admiral, here is a map of lanes of communication and here's a map you really need to look at and they would show a map to fiberoptics. then he went to see and for those of you who didn't see, it's a movie about these hackers and its 1993, and nothing like this existed that much but there's this whole ridiculous plot where they get a call from the nsa and some bad guy has a decrypting code and they want him to kill the black box and the nsa people were really the criminals and they tried to get it back and there is one scene where ben kingsley is the evil mastermind who used to be a college roommate of the lead guy
8:29 pm
hackers played by robert redford and this whole monologue they have any says marty, it's not about bullets and bombs but about the information and it's about zeros and ones and they are in a war and it's about who has the most information. mike mcconnell sits up in his chair and realizes this is our mission statement now. he goes back and he gets the last wheel of this film and he is everybody in the senior executive of the that they wanted and tells everyone to watch this movie and even take off the afternoon to go watch this movie. this is what we are doing now. he takes one of the best field officers, brings it back to the fort, creates a job called the director of information warfare and all of these cyber type outfits around the bureaucracy of the military and call themselves and this is where the air force information warfare
8:30 pm
offices and it's the new thing. it's where the money is in its for capital but what they really did do and then when hayden came along they created the taylor access operation. tao these are the guys who figured out how to get into computers, how to make us not [inaudible] let's say the president says i need to get into this guys e-mail, they figure out how to do it. they are the ones who break and the new codes are not phones or radios but it's fiber-optic. now they create an aircraft where they unplug this computer from the internet and how do we cross over the internet. there is something created in the cia called the information operations center which is a joint operation and they did this in yugoslavia they would go over and plan to device or put in a thumb drive in with that it would insert the malware in the nsa can get into them from that. that is how [inaudible] so, the
8:31 pm
cao, people asked me and they knew that i was doing this book and they asked what can i do to protect myself and i said well, look, if all you're interested in is keeping out petty criminals and kids trolling the net there are things you can do that are pretty effective is like. good luck on your door. it is worth doing. but if someone really knows what they are doing, really want something that you have especially if they're a nationstate and they have the resources of a nationstate there is really nothing that you can do. in fact, this is skipping ahead a little bit but a few years ago the defense had a special panel on cyber warfare and they concluded that they talked about in one part the inherent fragility of our structure and
8:32 pm
it's the same thing that will is where has been talking about since 1967. the fragility of our network and all of the things that have built up over time but [inaudible] they looked at the records of a lot of red team, blue team and the red team was tapped to hack into the command control and they always got in. now the buzzwords and pentagon circles don't talk about prevention really much anymore. you do and you try -- you don't just leave your doors open they talk about protection and resilience. the important thing is if you can detect when someone is attacking you really fast and resilience is you can seek them out and repair the damages that have been done very quickly. that's what they are talking
8:33 pm
about. the game is lost on keeping people out. i mean, again, you don't want to give up the game but they will get in and in fact, i learned after i wrote the book so it not in the book the navy, for example, is now teaching people how to use [inaudible] to navigate with because they figure that the data links to gps might be hacked and there is a lot of worry about is our entire quality in the military is built on things that are networked and if they can hack into that and then, you know, it's back to tanks and m-16 rifles so that is what people think about this in the military are very worried about. >> one of the is this youth nature private thing and which
8:34 pm
raises the important question of [inaudible] if it is all about information and the adversary can attack civilian systems just as easy as military systems which might not be as well protected what does this mean for your student national security? is it a game changer? >> well, it could be. there are a lot of vital military networks such as transportation, logistics and somebody wants the logistics professional strategy and logistics. how you get supplies and how do you get food and how to get water and a lot of that is on open networks. they are played or games where people mess that.
8:35 pm
the air task orders, over here instead of over there and the parts of the plane was to meet up with the refueling plane but the receiving plane is way over here and crashes into the ocean. you could do a lot of funny business that and in a way that you don't even know it's been hacked. there are lots of things. in terms of the vulnerability of infrastructure is where these things [inaudible] the idea and i don't know how much i really -- the idea that the scenario in wargames was, you know, china is exerting pressure on taiwan or in the south china sea and they say okay you take your aircraft carriers out of here or peer turning off our nothing [inaudible] on the eastern seaboard and then what you do.
8:36 pm
as china becomes more plugged in the deterrence begin to set in because we do the same thing to them. korea, iran, they don't have anything to fax so what is the response i don't know but things like that can conceivably happen. the interesting thing about civilians is that over the past few decades as a military become more aware of this they have reduced the number of intersections between their own networks and the outside internet to about eight, the nsa can sit on those intersections and they can do that legally because they have the legal right to do this military and military network. they could actually see when someone is coming over in the spigot. civilians and even civilian government there are hundreds and thousands of these intersections. there is no way that you can
8:37 pm
even if the nsa had the legal right there is a way the department of homeland security which supposedly has they have the statutory power to do this but they are really out to lunch there is no one to do this. this is what has led to a policy of cyber [inaudible] in a long time ago they came up these three terms, computer network systems, internetwork attack and something in the middle called computer network expectation. this is a double-edged sword. it means you want to get inside the other guys network run around and see what's going on. you could say this is, in fact, the only way i can tell whether there is a plan of attack. let's see what they are doing. at the same time it is one step short of computer network attack. you're in there, all you have to
8:38 pm
do is push a button and you are attacking. okay. they are into our stuff and were into their stuff this way and it's kind of generally accepted that they can do this and that we can do it to them and they can do it to us but to what extent, how much, i don't know but one reason they are able to do it is because for years ever since this reagan plan and directive and the clintons as well they had tried to get critical infrastructure which is all privately owned and man up on this and get security going but they have done well with this and there into taking your money and taking your trust that your money will get lost but there are actually some great information security and while we hear a lot about there are
8:39 pm
thousands of attempts a day but not very many get in. power companies, electrical power grids, dams, things with this they really still aren't paying much attention because first of all, you have given us advice on [inaudible] the bad guy is just working around that and then i spent another 10 million and the amount of money it cost to do this productively isn't less than the cost of cleaning up "after words" and maybe i can get the government to pay for this and there are no incentives to this. one thing that clark to do in the white house was lay down mandatory security requirements to critical if a structure but lobbyists and the secretary of treasury and commerce always resisted because they would impede our servers and it would reduce their competitiveness all
8:40 pm
of which is true. they aren't evil but they have their own self interest and is contrary to what this is. >> over the last few years the regulators are more interested in it and i think just how far back the [inaudible] for example, president obama just signed something called the cyber security national action plan which if you read the book sounds a lot like about eight or nine other commissions that have been formed or planned over the last 20 years with a few things interesting that haven't seen before but it created something
8:41 pm
called an information security, chief information security officer for the whole federal government but the thing is there is no executive order giving him the power so this guy is like the director of national intelligence. he's supposed to set up all of this but he doesn't have authority to hire anybody or in a real guy like this would have the authority to go to an agency which is popping off the passwords like one, two, three, four, five and saying i'm taking you off the internet so that your off the internet and you have a month to fix it but no one has the power to do that. one thing that several people told me and i learned was the executive branch in general and maybe some of you know this the executive branch they say they will set policy and about 10% of
8:42 pm
it is grading policy and the other 90% is implementing it and going back time and time again and this implement in part is what has [inaudible] it has what has always been lacking and this is something that is not new, it didn't start with it's been known on a potential level for more than 30 years. >> we have michael daniel and he was seen here weeks ago and send it to michael would tell us that one reason to set up information not to create new ideas but to take ideas -- >> when it works, it's the commission that i talk about and [inaudible]
8:43 pm
>> in this case, it's a little late but this thing will land on the next administration. the commission and they fixed the commission and the head of the commission a few weeks ago and i don't know if other commissioners but they don't have clearances and have to be vetted and have to find the -- let's say if they land on the [inaudible] the new administration [inaudible] what lessons should they take from that about how it should go
8:44 pm
forward and what can they learn from the history that you bring smart. >> right. i don't like books that have explicit policies until the end but yeah, they would look at that and well, again, i hope some of the lessons taken from [inaudible] there is a long history of this. this has been going on for a very long time and read histories as would case studies and see why this actually led to something and why this didn't lead to anything and try to make it seem more like -- the thing you do need, i think, and just to say ignore -- you need someone in the executive branch who does have a lot of talent because [inaudible] is one of the most overused words and he's
8:45 pm
the energies are and you need to create a czar and who has direct access to the president and the president who at least is kind of interested in this. the problem is of course and i don't know how they work in places like the white house because i wouldn't be able to stay awake but you have 20 crisis hitting you every day from 30 different subjects and then someone comes in and says we might have a problem with critical infrastructure and excuse me, i have people been kidnapped and killed over here right now and your 30 year plan on the cyber security let's like i've seen in all the presidents where the editorial and i think [inaudible] might have a good chance this time that we should put this on the front page now. it looks theoretical for a lot
8:46 pm
of people. when you have something been cited tomorrow focus your attention on something is compensated this and it's difficult. it seems to be an obvious solution but let's take this on but if it were that easy then it would have been done a long time ago. >> we have a room full of people and now is an opportunity to take questions. please, when i call on you identify yourself, give your affiliation, keep your questions short and end it with question. >> a few months back. major computer systems, wall
8:47 pm
street, united airlines and wall street journal all came down more or less simultaneously and do you think that was the dental? >> some things really are coincidental but i think the wall street journal wasn't that the syrian electronic army or something like that [inaudible] the thing is there are now about the nations with military explicit cyber units. some are better than others and i don't know how much is cyber but they're good at hacking into "the new york times" washington journal. although, some of them in "the new york times" are make it harder now but you know, i don't know and i don't know of anything and another thing aboua ballistic missile at you you can trace the arc and you can see where it's coming from and they
8:48 pm
are getting much better at tracking but you can hop from one place to another and you can disguise where you came from but they are getting better at tracing that and they're still not a one 100% of where you want to know the reason of why the north koreans attacks [inaudible]? basically they weren't doing this in real time because there is no [inaudible] we are so infiltrated into the north korean computer network that going back to the files the nsa hackers can watch on their monitors what the north korean hackers are watching on their monitors while they were doing the hacking. that case the fbi says we actually high content and this
8:49 pm
is unusually certain language and initially a lot of [inaudible] set i don't believe this and it looks more like an inside job but they absolutely knew it. >> right in the back and then over here. >> my name is ethan berger and cyber security and i'm wondering if you looked at the private sector in terms of stock market and the exchanges and for my perception it's up to numbers on the screen and it's pretty messed up and the economy of the country and being an insider and
8:50 pm
if you're a foreign power you can do a lot of damage to the country and it's part of it. >> the intelligence community knows how to get into [inaudible] they know where the money is being kept and they have made an explicit decision and there's a proposal that we know where [inaudible]'s we know where mr.'s bank account is there has been a petition by the cabinet that we do not want to go down that road because it can go the other way. they did mess with a bunch of [inaudible] and they could do that for the thing but there's explicit decision because of the backlash. they don't want it happening and
8:51 pm
someone could do it to us anyway. look it otm. they have everyone's personal records which we are not protected at all. that kind of thing, remember they asked about this and we said what kind of retaliation we have against china for doing this and it's less than an attack but in intelligence operation and there are certain things that we do sometimes. i don't blame them for getting into the network, it's not like they were attacking anything but getting information like intelligence. in terms of messing with the stock market or voting tabulation or, yeah, you know it's all out there and open and this has been going on for decades as i keep saying. there is only now a defense
8:52 pm
science board panel writing a report on cyber deterrent and one of the things they are trying to do is to define what that means, what are you trying to deter is it really the government's responsibility to deter an attack on the bank or two things or three banks. is it just government facilities? how do you define nuclear deterrent it's clear what nuclear deterrence means that cyber deterrent so what are you trying to deter? how big are the attacks which mark at what point at what point does an attack like this constitute an act of war and 2 meters later that the lawyers and the defense department wrote that there are special circumstances and -- it's not an issue for lawyers and the
8:53 pm
pentagon and it's not been -- you know, with nuclear weapons there are a very, very thick red line between new using nuclear weapons and not. that is one reason why nobody can use them in the past few years because you don't know what will happen after but with cyber there are cyber attacks going on thousands of times a day but no one knows where the individual cyber line or lines of attack is the first time that the president said they are going to retaliate against this attack that just happened is when the north koreans attacked bernie over of movie. who would have thought that there are many opportunities for miscommunication out of hand because one person's nuisance turns out to be another person's grave national threat and then
8:54 pm
what happens on day two? i was in -- one guy was pretty high up in intelligence and i interviewed him and we sit down and he says what you are thinking about cyber deterrent and i said well, i don't no, i'm trying to figure that out. it's a shame that i'm on this panel and i thought you might want to be on it. i considered asking i would never do it of course but they are so desperate that they need to see if i will join the cyber panel and they not thought through. part of the reason is that for a decade this has been tied up in the nsa which, as you know, the joke used to be the nsa stood for no such agency, the most declassified. so, even when the bomb went off in 1945 there were things about
8:55 pm
that classified but the general workings and certain effects were well understood and from the very beginning you had civilian strategist thinking about well, what does it mean and how does it affect for and what do deterrence mean in this context and can we use these weapons and people who were not wrapped up in [inaudible]. in cyber, until very recently, you have to have a clearance to even know about things going on so there is nobody can think about this was really in a position to think about it seriously. in fact, the title of this book and i'll tell you where the title comes from is the stories. when i write my books i always say a title will emerge and it never doesn't but this time it did. i was looking over my notes from
8:56 pm
an interview with robert gates and he was saying he was talking with his colleagues and he's thinking we need to get together with the other major cyber powers to figure out the rules of the road. you know, what kind of targets and even about the steps of the darpa decks of depth of the cold war like the americans and russians they didn't kill each other's spies, simply simple like that. there was nothing like that. you could tell people that we are wandering in dark territory and there is the title of my book. then i looked it up, did a google search of dark territory and what does this mean, i didn't want to have some obscenity so it turns out this is a north american rebel that signifies the stretch of track that is ungoverned by [inaudible] and i'm thinking wow, that is perfect.
8:57 pm
i wrote him an e-mail and said did you know this and he said oh yeah, my grandfather worked as a stationmaster on the santa fe railroad across kansas for 50 years. we talked railroad terminology all the time. so, that is where i get the perfect description of what is going on except the stretch is much bigger, the engineers are unknown, the consequences of a collision are far more cataclysmic than two trains and that is the situation we are in. >> i have no interest in speaking for the us government but there are beginnings of this work and the strong relation to the chinese and the -- they are talking about setting up a forum to discuss a process by which they can discuss rules of the road. it is that far out but now gates
8:58 pm
said this when you are talking about russia and israel in france and china, now how do you bring north korea and iran and syria and how do you bring these guys into this cooperative back room and you know, in the back room someplace and how to divvy up the heroin market. how do you do this now? it's a tough one. there is a document -- one of the documents that snowden out called tpd 20 which was cyber operation policy and it had certain things like different departments were supposed to do and one of them was precisely this, setting rules of the road, state department. there was a progress report a year later pending, progress report was pending. it's the hardest thing in the world to do because the other
8:59 pm
thing is if you are going to say okay let's stay out of each other's whatever, electrical power plants, you've got to stay out of their electrical power plants, to and how can this be verified. how do you know that they are not in the one time -- the first discovery of a known intrusion into a classified territory happened in 2008 called buckshot yankee operation and they discovered soviet russian it's and other things inside a classified network of us central command. they discovered this because they had the entrance points locked. what if someone is in there messing around and they thought we should go look for the networks and see if anyone is in their and they discovered someone in there. they hadn't gone looking, they might still be in there.
9:00 pm
so, it's a very -- we are talking about things we have lines of code and thereby meet malware taking up 150 lines of code so how do you even detect that contract how do you detect the lines of code within something that is millions of lines of code it's within five minutes they come up with a concept solution. within 24 hours, they have the solution, tested it and put it
9:01 pm
into motion. so by monday morning, people were alerted to this and going around counting the number of computers that might be infected and he's saying ridiculous. so he did what people had been urging him to do for a while and put the director of the nsa in charge of cyber command as well. and that is when the offense and defense knew what happened. the problem was with the same technology and the only company that knows how to do this everybody else is completely left-sided. so okay, we now have $7 billion. they have links with the combatant commands and if they are devising and have action
9:02 pm
plans. tens of thousands of people assigned to this. where is your area of growth and yet as i was saying a few minutes ago, there is no concept of deterrence or what happens on the second day of the cyber war so you have this machinery and it is all incredibly classified. this machinery going up so you are advanced in the technology field before even the finished the year of the policy and strategy have been cemented in two. is it thathis event is kind of a dangerous thing. >> the gentle man in the middle.
9:03 pm
david spencer, georgetown students. what do you propose we do to respond to the level of cyber attacks? >> what do you mean by strategic -- >> strategically or hypothetically in the situation not energy but other critical infrastructures safe transportation. >> one thing that's true about our economy if you shut down the subway system of new york with what goes on in washington, san
9:04 pm
francisco, some countries it could be shot down like transportation and tokyo. they are expending on the smart grid for cyber purposes but it still doesn't take up the entire country. in some ways, everything just looks up to computer networks to get the economies of scale. you have everything monitored by sensors and it makes perfect sense. >> it's everything in control of the computer network.
9:05 pm
they didn't shut down the centrifuges. they manipulated the control devices that were governing. so there's something that's controlling the amount of water going in and out and the amount flowing through the electrical line. in some ways, the networks are set up in a way that is hard to defend them. the trend in economic commerce is to make them more and more centralized. they want something going on in the entire region of the united states controlled by then this
9:06 pm
was done. they looked to them like security, what do you mean? you can do things to make the networks more secure. maybe it's been open for years and short of starting all over, which nobody is going to do, it's like they were in control and they would go to the government and say what can you do to help us? while, one thing we can do is
9:07 pm
just sitting on your network, no, not really. maybe we can give you some of this information sharing ideas and come in for commentary secf briefing with some tools you can use in the justice department. this isn't typical of a terribly happy ending. >> [inaudible] you might argue one of the factors that are at play
9:08 pm
[inaudible] is a certain amount of deterrence and now russia and china have their stuff hooked up to the networks. the more this happens the more it rises up suite is a dark territory rise. can you wait for the people who are online?
9:09 pm
it's slow and the wind technology leaders. as far as you are aware, has the government done anything to create, classify some kind of safe environment for technology leaders to be talking to them about how the government could be aware and leverage that? >> in the defense industry there was a security base. there are lots of interchanges like this like lockheed martin. luckily there's about three big defense companies left. there are things like that are available. and in recent years, again, there is information sharing
9:10 pm
system. when he was the cyber guy in the white house that was a certain authoritarian personality. he wanted to create basically an intranet for critical structure where their intranet with the hooked up to something like the government agency.
9:11 pm
in the domestic context unless they have a court order. there are some very good people ahead of the private industry and the nsa but again they can't really show. >> [inaudible] >> speak into the microphone, please. >> there is some thinking to make innovative companies comfortable about what they are doing because it would be a position to manage one of the
9:12 pm
hackers in my book went to work for about 1 18 months have cread 140 projects, the most expensive of which $100,000. he funded the experiment when they hacked into a jeep cherokee to show this is the way to do something about this. what they should have done is look at the top ten graduates to give $100,00 $100,000 go work o.
9:13 pm
there's the offense defense cyber arms race [inaudible] >> wednesday at the conference we had prevented this for the security officials specifically talking up the public-private partnerships >> retired physicist, spent a lot of my career.
9:14 pm
as i look around at the defense department, a very vulnerable place to attack you would think somehow the signals are going out over the air someplace. are there any stories about that happening? >> there've been certain rumors, but they are very vocalized. theif they can get into this s
9:15 pm
signal. maybe it is signaling a drone that is just doing surveillance. they had a little game where they are going to hack into the command and control for the refueling plane was sent over here.
9:16 pm
drones crash. i'd nevei've never seen that ve. there could be that like what is
9:17 pm
this drone looking at then you can look at what the u.s. is interested in. >> i'm going to take on this side the gentleman but some questions.
9:18 pm
if there are supports that they have been chalking around for freelancers to do that but maybe there aren't that many that are willing to do this. they have their eyes on certain groups that do work for that guy operating out of singapore. they have enough money that they actually do get a permanent so
9:19 pm
it's not out of the question but i do think the convergence of the forces has not happened yet. talking about the industry and the government. there are a few things. the public statements of both sides do not really coincide with what they are up to.
9:20 pm
the the fbi already had the metadata. the nsa director said i don't know what is in this phone that they need right now for national security purposes they could send the letter to the nsa and the attorney general. they didn't require the active cooperation with the bat. at the same time i think
9:21 pm
basically what the fbi is trying to do is looking for a new legal precedent that gives them the authority to do this sort of thing before encryption gets really, really hard. when this started happening i talked with a number of people in the intelligence agency, and i am pretty convinced there' tha way they could have cooperated without having to write a whole new operating system which they say they were being forced to do. the way this works is a security
9:22 pm
feature that if you type in the ten passcodes and everything else what the fbi could do is create a program, we don't even have to be in the same room. so that's after 10,000 tries. we need to have you take away this linear. i'm told he can play people on this side of this there are ways they can make that change
9:23 pm
without writing a whole new operating system. what they are concerned about is once they succumb to this that could be succumbing to other things were saying the things the fbi had to do, we want to have you do that although the chinese could do that anyway. somebody said i don't know if i can quietly cooperate on this one because you talk about he's dead and has no privacy rights. for practical reasons and
9:24 pm
political operatives it doesn't look like a great test case for apple. they are writing amicus briefs and if you have a contract with the government you want to sell an operating system for the government. the first windows program that went through they found 1500 points of vulnerability. microsoft knew that and they were fine with it.
9:25 pm
the system was hacked. there's been a two-way street and shot for this gambling going on so there's a bit of hypocri hypocrisy. but he does believe in this very strongly and they often go to the companies that seethe compaa meeting to talk about the interests. although again, [inaudible]
9:26 pm
the way that they elevated this battle could end up having senator feinstein has code written in law presented with a lawful for rent. there are people worried about elections soft on terrorism. so again i don't know why they've decided to make a big political issue of this.
9:27 pm
>> [inaudible] heidelberg was the one thing we should take away from your buck, but one thing [inaudible] >> ho >> how many cyber books can you say that about? >> thank you very much for coming. [applause] [inaudible conversations]
9:28 pm
everything was devastating at the end. he was isolated and alone
9:29 pm
he trusted them to follow him where he had never gone before to democratize the country in a few short years and to follow him as he moves into a market economy. he trusted them to follow him and as he made peace in the cold war against the ancient enemy in the united states said he trusted them too much it turned out
9:30 pm
next on "after words," "the washington times" columnist bill gertz on how modern warfare has evolved with new technologies and what they u.s. must do to be successful in this new age. his new book "!war" interviewed by elise stefanik a member of the intelligence community and the chair of the armed services subcommittee on emerging threats and capabilities. >> bill gertz, i am excited to be with you today to discuss the book that came out this past january, "!war" war and peace in the information age. you are a senior editor at the washington free beginning and in the introduction you talk about how the book is a culmination of the many years of experience selling national security


1 Favorite

info Stream Only

Uploaded by TV Archive on