U.S. competitors are turning to new warfighting domains where they are less disadvantaged than they are against conventional U.S. weapons. A panel that includes Thomas C. Wingfield, deputy assistant secretary of defense for cyber policy, examines the current state of cybersecurity as a national security concern and explores how the U.S. can use 5G, quantum computing and other emerging technologies to retain its advantage in cyberspace, the fifth domain of warfare, June 18, 2020.
Transcript
and national security. On the cyber front, I’m Erin Boy, the senior editor of Technology and Events. At next go join me for this important discussion. I’m excited to welcome our steam Panelist for this morning. John Demos from the Department of Justice. Colonel Brian Vile from the U. S. Army. Thomas C. Winfield from the Department of Defense and Lauren Zebra from the Harvard Kennedy School. So to get us kicked off, I’m gonna ask each of you to just, uh, first off, introduce yourselves quickly, who you are, what you do and how your jobs relate to the fifth domain Sacra space. So, John, let’s start with you. Great. Thanks very much. And thanks for having me on this. And, uh, nice to meet all the Panelists remotely. I’m the head of the National Security Division here at the Justice Department, which basically is a prosecuting division counter terrorism and counter espionage. As it relates to this space, we prosecute individuals who are engaging in cyber theft from nation states. So we don’t really do the criminal side of things so much. We’re focused on nation state threats to us intellectual property or, you know, emanating from other cyber intrusions. And a lot of that, obviously, Chinese focus also, Russia and Iran and North Korea. Big actors here. We’ve indicted players from each one of those countries multiple times. So, uh, that’s the focus of our job here. And it really is where three. US has a technological advantage trying to protect that technological advantage of the cyberspace by protecting that intellectual property. And this is no small or simple area, either. I mean, we’re talking about the difference between traditional espionage raises economic espionage. We’re talking about problems with attribution. There’s ah a lot to get into there and we’re going to dig in tow. All of it. Or at least as much as we can get you a little vial. Europe next. Who are you? What do you do? Yeah, You storm you. There we go. All right. Thanks for having us. So one girl, Brian Vile commander of 7/80 Military Intelligence Brigade. And what we are is where the army’s offensive contributions the U. S s. So what do we do? My teams responsible for delivering effects and supported of joint and national requirements and in through cyberspace Excellent. It will be good to get that perspective on on how our offense are. Offensive measures are being used and what that means. Uh, no offense and defense, er, especially in cyberspace. One of those tandem things. So we’re talking about how all those things intercept. So thanks for joining us, Tom. Let’s go to Unite have Tom Wingfield. My title is deputy assistant secretary of defense for cyber policy. But what that really means is we’re the border collies of military cyber. We’ve got two rules in this whole show. One is vertically integrating the policy, that strategy and the operations from the White House down to the soldier with her hands on the keyboard at Cyber com and the other is horizontal integration, not just across the Department of Defense Services but within the interagency with the intelligence community, State Department, DOJ and FBI, open land security, but also with Congress and with international partners. So we try to keep all of the pieces moving in the same direction when it comes to what do you d is doing in cyberspace? Fantastic. Yeah, the the the international norms piece of this, which we kind of alluded to. Uh, when John was talking earlier but we’re gonna get a lot deeper into all of that, cause that really is like, that’s the ball game these days, right? How do we how we interact with everyone else in the world in cyberspace is is everything we’re talking about, So we’ll get to all of that. But before we do, uh, last certainly not least, Lauren. Who are you and what do you do? Hi. Thanks so much for having me. My name is Lawrence a Brick, and I am the executive director of the Cyber Project at the Belfer Center for Science and International Affairs at the Harvard Kennedy School. This is Ah, Belfer Center is a think tank. And so I run a research policy program there. My I come to this role as a practitioner, having spent the majority of my career in national security. And so my driving theme for our research and our program programming that we do with our students who are fellows that cetera is cybersecurity Is national security, of course, with e acknowledgement that national security is no longer a solely government function. So I like to start there then and start with you to kind of set the table for this whole discussion. So when you say cybersecurity is national security, if a foreign adversary is hacking our missile system and launching our nukes without our US knowing right, that’s obviously a national security problem. But that’s not what you mean. When you say cybersecurity is national security. Can you get into that a little more? Yeah, absolutely. Um, I think for a long time, cybersecurity has been sort of thought about as, um maybe a nuisance. Certainly. There’s, ah, law enforcement flavor to it, especially domestically. Um, but really, you know, when you have actors, foreign adversaries, Aziz Well, a criminals, for instance. And you know, hackers, etcetera, trying to not only affect those systems that you talk about, but also, um, you know what John was saying earlier was feeling intellectual property affecting our economy? Um, different crimes, etcetera. These are to me, concerns of national security on DSO you know, especially in this age with are the pandemic and, um, issues with racism, etcetera. There’s so many things that we really need to think about and really wide in the scope of national security. Um, and so, you know, I believe that, um, cybersecurity really affect all of this. And so we need to really take a step back, um, and acknowledge that all of these things really affect our overall security. Tom. Is is that the way the D. O. D. Is is looking at at this problem? Absolutely. Um, in addition to the very narrow focus of preparing for a fight, we hope never has to happen in the future. That’s in the what we call the conflict space and, of course, is an appropriate role for Manning training, equipping cyber forces to be able to do cyber things and then some order our traditional kinetic forces out in the real world. But below that threshold, there’s a lot that needs to be done and what we call the competition in space. Lauren mentions, You know, the most important things the theft of intellect. Intellectual property is not just in economic problem, but some of that property underlies our defense capabilities. When we talk about election interference, which is an enduring mission for D o. D. Now we’re not just talking about annoyance or nuisance. We’re talking about trying to undermine faith in our democratic system. So these are actual threats, obviously, when it comes to d o. D. We are outward oriented were we defend forward as close to the origin of the threats as possible and for many reasons legal, constitutional, cultural. We have a very, very small domestic role to play what role we do play if I was providing insights to domestic authorities and supporting them specifically FBI. When it comes to influence in our elections and DHS when it comes to interference, mechanical interference would say would say voting. That’s probably the most immediate thing we’re concerned about, but there is a wide range of topics that we find ourselves following. So it’s addressing that the dear D I. D. So cyberspace in general is just such a wide area, right? There’s so much going on in this space. But as D. O. D is tackling it, it sounds like you’re trying to eat the whole elephant as it were. So how are you getting your arms around that problem? Have you compartmentalized the issue and multiple bureaus? Are you trying to grab existing things like existing information warfare and e w and the like and wrap them all up into a single place? That’s a great question. We’re pretty, pretty big organisations. So the problem is less total manager capability to use an analogy in our orchestra, we’ve got plenty of instruments and lots of variety of where the challenge really is. The next level look is the orchestration of all event and bringing them together. As you said, because cyber touched his every single part of our society and there’s no order for national defense that can be successfully without it, then it’s a very complex problem to we’ve all of those pieces together successfully. So that is what we’re working very hard to do in d o d. To address the threats that we see and trying to get ahead of threats before they really emerge. Excellent. Uh, current vile. You play one of those instruments. Can you tell us about how that goes? So, what is a cyber a military cyber operation look like? Is it, uh, paratroopers landing on the ground with laptops and tablets? Or are you staying at home and Virginia? How does that work? Yeah, well, stay away from the tradecraft, but Tom absolutely nailed it. So I mean, if you take a look at the spectrum, a conflict you know where the special competition to conflict at the four left. Part of what we do is involved with the whole of government approach. How do we identify Rapid Sary’s activities and intend? How about we stop this? How to be deterred? It only when you get closer to that conflict scale really is where you’re going to see the sorts of things that people like the stated movies on books. That’s really where you’re gonna see the delivering effects through cyberspace, but really the most important places to fight the left of the competition base To make sure that we never get close to con. So Sybers employed properly. And this is actually the most powerful use of cyber. We never have to use our We never have to go into arms. So when you talk about using cyber, you mentioned on the top right that it is possible Teoh have kinetic effects through cyber. But that’s not the norm of what we’re talking about. In fact, the US doesn’t as faras the public. No, we don’t normally engage in that kind of stuff that they day basis. What kinds of, ah tactics and techniques do you use that you can share on a day to day basis. Is it taking down websites? Uh, disinformation, is it, uh, you know, putting funny pictures up on isis websites. Are you Are you just trolling out there or how are you working? So I’m not gonna be able to answer the question specifically, That’s just not something I’m authorized to do today. But you also say we’re prepared to do whatever it takes in order to compete not just in the cyber domain, but also with the information and fire. It’s another thing you might be able to talk about is one of the reasons that all the cyber teams were stood up in defence in the Defense Department when those were being set up on the reasons that was given with the idea of having that big gun as deterrents for others wanting to come in and have conduct cyber attacks on our nation. So how does having an offensive capability lead to defense? And when you can’t necessarily talk about all your offensive capabilities, how do you show that big gun toe help help with that without giving away the store? Is it work? Yes. So the short answer is you have trained and ready forces, and we demonstrate that we have trained and ready forces every day. The soldiers have you recruited the civilians that we’ve recruited, the people that I am honored to serve with truly are some of the finest individuals from the United States of America. They really do. Representative represents incredibly well the training of mount training, the amount of time that it takes to build some of our soldiers. It’s literally measured in years, not months. Thes are top tier operators, and so having them knowing that they’re there, that’s a determines in itself. When you take a look, you know I have a Web page you can read my bio. You can google the gate on and we’re out there. We know what we dont need presented to our adversaries on anyone that’s listening that cares, that were absolutely prepared to respond in any way, shape or form that were directed to do so on and will do so. Skill will do so with professionalism on bullfight televisions, more for you before we move on. When we were talking about about offense on and defense through deterrents, do you do any defense work otherwise, or is your is your outfit mostly, uh, working on outward effects. So the way that we doctrinally break it out is easy. Oh, defensive cyberspace operations really has to compose. You have internal defense measures, which is stuff you do inside blue networks or networks. Believes Tom talked about, you know, civilian efforts, Air Civilian. That works. That’s not our job. But we do defend. Blue Space is part of these yet, but there’s also component called D C O. R. A. Or defensive cyberspace operations response actions. And that is an offensive action taken in reaction are taken in defense of our networks. Eso it absolutely doctrinally is part of our mission space. But again, talking specifically about what we do when we do it just No, it’s not for today, Unfortunately, understandable. We will come back to talk with you about some more things later on, but right now I want to switch over to John, uh, when we talk about what’s going on in the world. The Justice Department definitely has a major role to play in our our international cyber security posture. Ah, lot of that is through things like attribution, naming and shaming, putting indictments out there against foreign actors. Can you talk a bit about some of the work you’ve done in that space and how effective it is at preventing cyber attacks? So one of the things that we’re trying to do with our indictments that we’ve been trying to do for a number of years is to establish norms of nation state behavior in cyberspace. So if you look at our indictments, you’ll see that we haven’t indicted for instance, traditional political or military espionage. But we have gone after a bank robbery in cyberspace. Is the North Koreans do? We have gone after intellectual property theft in cyberspace, as the Chinese and the Iranians have done, and we have gone after, obviously, the election interference on the foreign influence aspects of the Russian campaigns in 2016. So in doing that and one of the reasons why we’re doing that through indictments, it’s because we can speak publicly about what we’re doing. Once we as a government have decided to go ahead with this indictment and you hear ready in the conversation. Sometimes it’s very difficult to talk about aspects of the work in cyberspace because it is classified, but in the indictments, what we’re saying is that we can prove, you know, we’re not saying that this is what happened. But we have We have done attribution down to the individual actor level, not nation state, not an organization within the nation state, but a person who belongs to that organization within that nation state. And we’re saying we can prove this in court beyond a reasonable doubt with Onley unclassified, admissible evidence. And I could do it tomorrow if that person showed up. So there’s a lot of credibility to those indictments, and then there’s it gives us the ability to speak. So when Lawrence says that you know, cyberspace and cyber security is not just the government functions of private sector function, that’s totally right. And but the private sector has to be educated. And one of the ways in which we can educate the private sector is just show them individual instances either of intellectual property theft or any other kind of, um, cyber intrusions or cyber affect operations that have been going on from nation states. So that too, with our international partners. And if you look at our last cyber indictment, big Chinese MSs Chinese Intelligence services Cyber indictment about a year ago, year and 1/2 ago at this point, we had 12 other nations around the world support us in the attribution of those actions to those actors. And that’s been a very slow and gradual process of getting other nations on board with hauling out nations states Cyber Act tres. But it’s very important to developing these international cyber norms that we get those folks on board. And what we saw just a month ago was the Germans indicting a Russian hacker for the first time for axe in tow, their political system. He’s a person who is under indictment by us already. But that, to me was a great sign of other nations in the world saying You know what? The criminal justice system is away at tool. That’s obviously not by far not the only tool here. But it is a tool for helping establish his cyber norms and calling people out on the violate. And I think that the norm development is an important piece of this and what I’d like toe del open tomb or but before we get there, I like to talk about the indictments and how you use them effectively. Um, most of these there have definitely been times I could think of a few arty for easy. For instance, the quite is the first, uh, cyberattack terrorist. Uh, and that kind of get it up in a Malaysian country and was extradited to the US outside of those kind of instances, though, where we can’t go in and actually grab the person and put them on trial. Right? What what effect does the these indictments have? Why do you do them If you don’t believe that you can get the person in the world. Yeah. So look, we do him, as you said, cause sometimes you do end up getting that person when you can’t. If there still valuable, I think because for the reason of saying one, they play an educational function and we can go out and we can. Francis, When we invited a group of Iranian hackers the Magna folks, for stealing a lot of intellectual property from universities and research institutions, you can take that indictment, then go to the research institutions. And you’re not just saying I’m warning you. These things were happening. You’re able to lay that story out in what’s effectively what we call us eking indictment. That is this an indictment that tells a story that is understandable and is all unclassified. So it has an educational aspect as well. The other thing is, we’re trying and look, you can’t establish norms if you can’t educate and you can’t lay out, you know, you’re thinking in these areas so and the other thing is, you know, we’re trying to strip, um, the Internet of anonymity for these really serious cyber attacks. And some of these individuals, you know, we end up very often with their pictures, you know, as well as their names that we can post at Thea what when we do the indictment. So we’re telling them and look, I’ll say that that’s more effective when you’re dealing with, um, contractors. Sometimes nation states air using private actors to do their cyber intrusions. Mossad. Those actors have other business interests. It’s not just a contract with the nation State. A military officer of the nation state is very rarely deterred by the possibility of indictment because that’s his job and he’s gonna be protected in that job. And that’s his job. But a lot of these air folks who you know, one day the work for Russian military unit andan another day they will be working, doing intrusions for themselves and selling information to the eyes better in another day. Perhaps for somebody who wants to do some corporate espionage, those air individuals who are more frequently deterred by the thought that hey, I’m actually really good computer expert and I’m never gonna be able to get a job in Europe. Right? So that’s that. That’s a deterrent first, and a lot of these folks there on the younger end of things, you know, and they’ve got their whole career in their old lives ahead of them and having an indictment hanging out there with their name on it. Picture attached to it, you know, is it can play a deterrent function. Interesting. So, uh, we’ll come back to you in a little bit to talk more about some of those international norms and the different kinds of espionage and hacks and life. First, I like to go back to our military men year. Tom Bryant, can you give us an idea? You know, what does conflict look like in the fifth domain. You know, we went a little bit into into talking about some of the defensive and offensive things in the light. But when we talk about fighting in the fifth domain, what are we talking about? Are we talking about knocking out the actual great before rolling tanks? Or are we talking about, uh, disinformation campaigns and and propaganda on the like? Where does it fit time? We’ll start with you. Is the policy Absolutely. We’re talking about a full spectrum of things, some of them or the cyber on cyber things you might expect from a movie where we make things happen in cyberspace. Other things are simply enabling. The other things that we have to do that are part of war plans. They’re part of day to day operations. Uh, there are so many ways that they are dependent on cyber for information position, navigation, timing for so many things that there’s a huge attack surface to be protected. And there are many targets on a potential adversary side. Just wow, what we do in the kinetic world, our planes or ships or tanks to do their mission. So that’s an awfully large part of what’s done. And even that is just in a conflict space below that in the competition space, Uh, day in and day out, with our doctrine of persistent engagement, things were going on. Every single day is for is, um what our forces do, what they’re learning, where their present and that what they learn their what they do there will be, is very important for our posture if if a conflict did arise. Colonel, I know this is this is something you deal with that walking that line between competition and conflict because your troops don’t just get called out When war is declared correct, you’re you’re working every day, and that’s a great point. So the brigades models everywhere and always in the fight. So we’re in the fight today. They’re soldiers in the fight right now. The reality. So the way we explain it is be degrade. Denying, disrupts, destroying, manipulate where when that just depends. But really again, the greatest use of cyber is in that competition face, we don’t know. It’s a nasty metric threat. It’s something that’s difficult to attribute if something blows up. Was it us? It wasn’t a mistake that somebody show up drunk for work and touch the wrong switch or was it a cyber attack? So the really cool thing about cyber, particularly that competition phases you give a measure of deniability to the adversary. Most of us. It wasn’t not that really works particularly well when autocratic nations. So it’s just really important to understand. Then, yeah, we operate across the entire spectrum, were capable of operating across the entire spectrum. But again, it’s really the competition phase. That is where our greatest strength it’s We have bombs, we have missiles. We have tanks that’s gonna deliver kinetic effects. Can’t inside will do the same thing. Yes. Is it exceedingly difficult or cyber weapon Weapons? Fragile, Yes, but there’s very few weapons. There’s very few effects that Dogg can. The lips. If you think about traditionally the way that we do deterrence, what we’ll do is we’ll go do exercises with our partners. Our allies will demonstrate our capabilities short of saber rattling. There’s not really a ZMA. Much that the military element of national power could do is part of that whole of government approach. You know that the main strategy in cyber is one of those few things that as you get closer the conflict you can start to touch the Connecticut, Maine, you can start. You can definitely touch the information to me in order, Teoh prevent a conflict from happening or shape our adversaries actions. Lauren is from your research. Your engagement. Is this how it’s used mostly around the world? Or is this you need to go to the U. S. Posture? Um, I can’t speak for around the world, but, um, you know, persistent engagement. Obviously, the strategy is very unique to the United States. Um, with regard to, you know, the the adversaries that we were discussing earlier, you know, it definitely depends on their individual doctrines and there interest. So I think that’s probably one of the most challenging things about dealing with other nation state actors is that each seems to have its own driving force and tactics and strategy and operations, um, for what they’re doing. So, um, for instance, when we’re looking at North Korea more financially motivated versus Russia vs China versus Iran. So, yeah, the person’s engagement, um, evolution is really unique to us. Um, you know, and really watching that evolved over the last couple of years. And then, of course, looking at what the Cyber Solarium Commission is trying to do with developing. Ah, comprehensive national strategy, I think has been really interesting when we talk about what other nations air doing one of the things that like toe start putting this whole conversation toward is this development of international norms? Um, other countries, Yeah, you mentioned North Korea. They tend to have ah financial motive because they want to get aid versus China, which, depending on who you ask, has their own economic motive. Right. If you ask the us they’re stealing our intellectual property US, China, they’re doing it for their own national defense because they’re stealing defense secrets. Uh, so what is the lay of the land out there? I mean, are there we have the talent to manual, right? But are there any actual norms out there or is everybody just doing their own thing and telling everybody else to do it like that? So one thing that a lot of people bring up is that it’s still very much a wild Wild West situation. Um, and the purpose of persistent engagement is to really understand that as Colonel Vile saying, um, Teoh shape those, um, activities in a stage of competition. Um, so, you know, and there have been a number of diplomatic initiatives to try to come up with more norms. So, for instance, the U N group of governmental experts, um, in other efforts there. But really, at this point, there is, um there really aren’t a lot of codified norms that every nation really is going to adhere to. So then there’s there. So a lot of discussion out there. Um, you know, John was saying, you know, these, these particular actions, whether they’re in, um, you know, law enforcement or military are seeking to shape that environment as much as they can, But he gone without, um, you know, real agreement between certain parties. There’s, you know, really not a lot there. Now. There are a lot of, I would say, smaller effort to try. Teoh developed the norms. So, for instance, track two dialogues. So the Belfer Center. We have a couple of different track two dialogues with with different parties and even just the discussions of, you know, should there be rules of the road, that sort of thing. I think it’s helpful in moving the conversation along. But I don’t think in this environment, any sort of actual norms will be codified any time soon. Is that just because there’s no agreement and everyone has different priorities? Essentially. So, for instance, if you look at, um, the, uh, the Russians, for instance, um, you know, they they have a lot of their interests differ very much from art. Now, that’s not to say that there are no areas of overlapping interests, but the interests that they have really driving their cyber operations are really part different. So, for instance, you know, we look at freedom of the Internet very, very differently than they would look at the purpose of the Internet. So there are some really issues where we differ, and we’re only not going Teoh come to any sort of agreement. And then a little, um, you know, potential agreements might of those perceptions and, you know, pull some levers that maybe, you know, some people don’t want to pull at this point. Um, so, yeah, still a lot of different competing interests, different ways that we’re using at the Internet to drive this interest for, for example, Um, yeah, so I don’t think that there’s a lot of potential right now, John. Part of your job is to work all this out is has that been your experience? Ah, trying to get this done. Well, um, look, it’s a long, slow road, but I do think, you know, some progress has been made, and I think we need to separate the development of norms from adherence to those norms. Those things don’t go hand in hand. I mean, just to come back to the most basic, we have a norm against murder in this country. We have thousands of murders a year in this country, right? So the fact that people will continue to violate norms doesn’t mean the the norm is not a norm. And the first step is just the development of the norms. I think before you see the change in behavior and on that side, you know that there were some efforts that, at least for a little while, bore fruit back in the Obama years with the Chinese to try to establish a norm against intellectual property espionage for commercial game, uh, that the Chinese signed onto a G 20 statement to that effect. There is an understanding between President Obama and President Xi. Now the Chinese have violated that since then repeatedly. But it was a first step in establishing the norm, even if he didn’t have adherence to that norm. And I think the important in this space was important about starting to establish those norms is also discouraging other actors from coming into the fray. So even if you have a very big actor like China or Russia or Iran, who’s gonna continue down those paths, you know, are there smaller at that? There are smaller countries in the world that are looking at what these countries do, and they’re seeing what they’re gonna get away with and what they can get away with and what they get called out for. And they will, I think, modify their behavior, at least on the edges. Uh, you know, if a lot of other developing countries think wow, great way to develop yourselves is to steal someone else’s intellectual property. You know, that could then just be a widely accepted means of developing oneself. And we have to fight against that. So, um, so it is a long, slow road. I agree with more on that. Maybe I’m just a little bit more optimistic that over time will get there an area that I know less about. But I know and maybe our unique colleagues get address is sort of in the law or space. There’s been some efforts to develop norms of cyber intrusions, and when you know those would constitute acts of war on DWhite, they could be retaliated against him when they shouldn’t be. So there’s there’s work in that space, but it is all you know, very gradual for sure. Now, uh, I think that’s Ah, great question, John. So I’ll put it Teoh R D o d friends here. What? How far along are we? You know, there was has been allowed to talk over the last 45 years about We don’t really want to develop red lines in cyberspace for conflict. But at what point are you considering your cyber effects on the side of conflict versus just on the side of deterrence? And when do we consider that we’ve been attacked at Houry? Have we been to cyber war yet, and how do we know when we’re there? We’ll take a whack at that before I went into policy. It was a law professor and when we sat down toe work on the Tallinn manual back in 2000 and eight, that was the first question we asked ourselves. And there are a couple of surprising things. The first is that there are two separate categories. There’s the no kidding law that almost all countries follow almost all of time. And then there’s a lesser area of norms which are not rising to the level of treaty lar customary international law. And that’s where the development work really has to have. Another surprise was that most of the countries that were represented we put together the Tallinn Manual. We agreed pretty clearly on the existence. These principles the Russians and the Chinese have made a big effort to say that cyber is a law free zone. And not many other countries in the world agreed with that, that we thought that the same law that applies to crime, and especially a law of war applies in every domain of warfare. And there’s nothing special about cyber that would make war crimes. There were crimes against humanity off limits. So that was first thing we discovered so the position of the United States is that war crimes and crimes against humanity, those things apply in cyber as they apply anywhere else beneath that level, we are trying to work with other countries to strengthen other norms that are more specific to cyber. Um, it’s our is not to below the level of armed conflict, not targeting civilian infrastructure in peace time, not interfering with sir teams in their work and other norms as well. One other quick point when it comes to actor of war of lawyers just like to say, Has there been an armed attack once? There’s something called an armed attack. Whether it’s a cyberspace or another domain, then a country has the right of self defense, so that would be the same in cyberspace is anything else when there is loss of life or significant entry, humans or destruction or significant damage to property? When something looks like an armed attack in the kinetic world, whatever caused it, whether it was cyber or kinetic, we would consider that an armed attack, and that’s a decision that each national government would make. But we’re playing ah, largely the same rule book when it comes to that kind of destruction regardless of the of the source. Interesting, Colonel. Vile. This space is so new. How are you educating your soldiers? How are you instructing them to avoid cyber war crimes? What would that even look like? And how do you train your people to steer clear of the possibility of something like that? Yes. So every action that we take is it’s clear that’s reviewed in order to make sure every soldier has to take a class and well armed conflict. So we never even go near the great space on that side. I think to go back to the question Have we been in cyber war? The key thing to remember, at least from a research perspective, his wars of political term. Later or not, the military dictionary does not find war. Eso When does it rise to the level of an armed attack? That’s purely a political decision. That’s really not a military decision. Uh, yeah. When you start talking about hey, what are the norms which shut the norms being I’d offer that our adversaries are already to find their ignorance. Are champions really is getting to them, shaping it and putting it to where it should be versus where they’ve set. Yeah, that’s interesting on I think that’s well, it seems like different perspective than some of the others we’ve heard today. I think they all kind of come together in one place, which is everyone in the world is working on this issue. Every government has their own norms, their own military postures, their own policies and the like. So from a technical side, uh, are we nearing a place where the Internet is going to fracture due to national security? There’s the term called the Balkanization of the Internet. Right. Could we see Ah, Chinese Internet, a Russian Internet, a U. S. Internet, a certain continental Internet, all broken up and walled off from each other? Is that the technical solution? Or do you think that we can get there through policy and international norms and and diplomacy? This is an open question. If anybody wants to jump on it, I would just start off by saying that I wouldn’t imagine there via us or a UK or ah, French Internet, because the whole approach of these societies thes rule of law societies, is for the open and free exchange of information. Ah, politically, economically, in most other areas of life, the whole idea of balkanizing the Internet would would reduce its value for us. When it comes to other non rule of law states, they there, they depend on control of information. So it’s not surprising they would have an exactly opposite approach to the free flow of information and how they want to do it. That’s probably a symmetric, with a large number of countries seeing the benefit of information flowing around the world, and then a smaller number of countries knowing that their regime elites pretty much depend on on the control of in right learn from a policy analyst perspective. How do you see this working out? I’ve definitely heard this argument before. Um, and certainly there is some precedent, especially with China, and they’re, you know, great firewall. And you know, that sort of structure. Um, I don’t I honestly don’t know if something like this will happen. I think that, um, again because of his presence there, Certainly, um, you know, possibility. But, you know, I think with, you know, the technical scientific level. I wonder if that is a possibility between the standard setting bodies. Um, you know, the different exchanges would that actually happen? And so is this more of a technical discussion? Is this more of a political discussion? I’m not sure. Um, but yeah, I have definitely heard the Hardiman discussed a lot and heard, you know, hillsides like, Yes, it probably could happen. Or or No, it won’t happen because of, you know, all the, uh um the administrative sort of work that would go into something like that. So, yeah, I definitely would be complicated. John, is this ever something that’s come up as you ever been at the table and said, You know what? We’re just gonna take our internet and go home. No, I mean, I think the cost would be so great. You, Aziz Tom pointed out to the kind of society that we want that we want other countries tohave. You know, I do think that you know. So, Lawrence, pointy. You know the Chinese through a filtering system. Basically the great firewall. Not It’s not as if they have a whole separate technical internet, so to speak, but in terms of what their citizens can access for information and websites, um, it is a different Internet than what we can access here. And I think that will continue. Um, the those countries, you know, authoritarian countries have too much reason to control the flow of information. And the maybe the most extreme version of this right now is North Korea, right? And, you know, the Chinese air gonna have to constantly balance the control that North Korea gets through. It’s, you know, almost complete shutdown of communications into that country, at least officially, with wanting to remain open enough on the economic side to remain prosperous and to continue to develop. And I think that’s the balance that they’re gonna have to struggle on. And they’re trying to balance that using using firewalls. I, um So But I don’t I don’t think that city, you know where we will go, Um, as a as a as a society or technologically. So we’re getting toward the end of our time. But I do know this whole This is the defense. Would text summit, right. So we’re here to talk about technology, and so far we’ve been talking about the technology as the battle space, so I would like to kind of turn that around and talk about how some technology can be used in this space. Uh, Lauren, let’s start off with you. What are some of the weaken? There’s some obvious things, right? There’s artificial intelligence, and and, uh, uh, you know, some of these other technologies that are that are coming out. You talk about how you’re seeing those being employed in, ah, offensive operations out there. Well, you know, from my perspective, I don’t necessarily have a view on the operational employment of that. Um, but e have more perspective on how people are thinking about it and talking about it. Um, So, for instance, you mentioned AI, and obviously, this is, um ah, huge issue of importance in our country and other countries as well, both for adversaries and our allies, and, you know, more and more. Um, you know, we really recognized the value of our allies and our partnership in trying to ensure that the development of artificial intelligence and really other emerging technologies, you know, we could talk about five j. We could talk about quantum, etcetera, really do a line with our shared democratic values. So yeah. So, from a policy perspective, you know that Those are the conversations that we’re having and, you know, trying to look out at you know, what these governments are doing in terms of that. So you would you have this particular line of research right now looking at, um, the different areas of collaboration between the United States and its European allies in artificial intelligence, for instance, And, you know, in the areas of specifically depends environmental science and health care. So lots of different applications of those technologies. Certainly, Um, in another area of research for the project for the China Cyber Initiative Looking at, um, you know the digital Silk Road and Build Act, for instance, and really understanding, Um, you know, the more policy implications of these technologies and how they’re employed? Yeah. And also, I appreciate you bringing up five G’s that would have been remiss in not tackling that issue as well, and we’ll get there in just a second. But Colonel Vile, uh, how far along are thes innovative technical capabilities You’re being put into operation. Are you still soldier on soldier, or is it bottomed out there in cyberspace, but without getting into the specifics? So one of the things that we do in order to make sure that we’re on the cutting edge of technology, is we pull that, guys. In fact, the army’s specifically is building a new MLS A. So I have my own coders that work for me. They have access. Do whatever technology is a bill and Melinda will resource Mom. Well, given what they need in order to build whatever capabilities they can eso instead of going out to the contracting zone or going out the ends that Eos for a lot of our capabilities One of the great things were able to do is actually built that in the house. How are you also working with some of the other AI efforts around the department offensive Digging off time? I had Jake, which is the big one. Um, you mentioned you have your own mos encoder so you can do your work in house. Are you pulling best practices and expertise from them when you’re pulling platforms and base code from them? How are you working? Uh, without it with other components, all the above it za community of interest. S o r coders still go out That will deal with this tree, will deal with other government organizations will deal within the GOP with work with anybody that’s gonna help further the whole of government international interests. Excellent, Tom with regard to artificial intelligence in particular because it can be a squishy subject of times. Ah, At what point are those bots gonna be making decisions for us in cyberspace? Are they ever gonna be like? You know what? Here’s Ah, sweet target. We can hit really easy. Let us just go off here and do this for you without you hit. Enter. That’s a great question that you’re asking. And obviously we would start off at a level where they’re making very small tactical decisions about very small things that had small consequences. But eventually you get to an interesting point. There’s an inflection point, and that is it will no longer be like, um, the world of drones. Where will have an auditorium full of people with a drone that’s flying for hours and hours and hours out of enemy reach and has lots of dwell time. And you have a commander and a weapons operator and a sensor operator and a pilot and a lawyer there advising the commander and you got all the time in the world to think through. Is this the right thing to strike, or will we have another chance to do it or safely? Um, at some point in the cyber fight, we’re gonna move beyond meat speed and into cyber speed. And if we don’t have a I we don’t have capabilities that are able to make decisions at cyber speed. Then we would be seeding the battlefields to an adversary. So we were coming back to the beginning again, where Justice Colonel Bile was saying that every one of his soldiers goes through our conflict training. Then we can imagine a future, maybe not even a distant future where a I would have to go through the same training. And if we’re going to allow a I to make decisions that could have destructive consequences and they would have to make them so quickly that we couldn’t plausibly have humans in the loop, Then we have to make sure we gave them a very good education and very good information because humans that sent them out and the commander the colonel files for the future, they would be responsible for what those decisions are. So it’s in our interest now to make sure that that we give them the best education we can. So so we don’t turn into a war criminals. Yeah, definitely. You mentioned that. That’s in the future. Maybe the not too distant future. Do you have any, uh, purview into how far away we are from that? How close is that inflection point? Where machines are thinking so fast, we just have to give them more autonomy? Well, I think it’s safe to say that there’s so many different angles to that question that in some areas it’s already happening, and in some areas it’s fall are away. The most important point we need to look for is when machines are able to do things that cause damaging, maybe even lethal, real world consequences. Whenever that happens, that’s the point. It which we we have to make sure that we’ve we’ve we’ve taken care of our offense, so we’re doing it lawfully, and we can protect ourselves against other countries that may not be as careful in that area. Yeah, John, uh, Lauren previously mentioned five g is one of these technologies we should be talking about again. Thank you for reminding me of that one because there’s a lot of in this space that you all have been working on lately, primarily with Chinese. Tell a cop then restricting how much they can get involved in the development of our five G. Uh, can you were? We only have about five minutes up here. So if you could quickly walk us through for the uninitiated, what that problem is and and why you all have decided to with the cybersecurity play behind, restricting certain Chinese telecoms from participating in our lives, you development right? So that’s the other part of the work so that we’ve been really talking about the prosecution side so far. The other part is more on the policy kind of supply chain integrity side of things. And that’s where we run into five G and Chinese telecommunications, both with respect to Chinese telecommunications companies that are licensed to provide telecommunications services here and our work, and advising the Federal Communications Commission on either branding or maintaining those licenses, and then on kind of the five G technologies. And while way in particular, as a provider of those technologies and our concerns in this area, and it appears really on. Both sides of that are about trust. At the end of the day, do you trust if you look at five G and you look at what will be running over five G in terms of your life and the nation’s life and the military’s life and the work that we all do, Aziz well as the personal things we all do on the Internet, from banking to dating? Um, do you trust that a foreign actor won’t exploit that technology if it’s the technology of a company that is beholden because of the way the Chinese government system works to the Chinese government? And if you don’t share the same values with those countries where these technologies are coming from, and to be clear, a lot of the alternatives are not America. I mean, unfortunately, a lot of American company is exited the market for some of these technologies a while ago, some of them pushed out by predatory competition from the Chinese eso we have. But we could go some European counterparts from nations with which produced chair the same democratic values. So, um, if if you do share those values, then you know you’re gonna trust better that, um, there won’t be unauthorized surveillance, theft of data, theft of intellectual property, all things that we see from the Chinese government that at a moment of, um, difficulty, let’s say even a potential conflict with that country that you can trust in the integrity of those systems on that they’re not being a to that points or sabotage in order to gain some kind of advantage. So that’s been, uh, you know, very much our focus here at the department together with, you know, the Defense Department, a Commerce Department and others toe Look at making sure we have trusted vendors in this space with the other concern for us being that where you have a company, like while way that state backed that cannot become price under the market, that you’re not gonna end up in a situation where you’re beholden on one provider for these kinds of technological certain services and were very close to that with five G right now, a lot of the U. S. Companies having exited the market years ago, do European companies on Maybe you know, South Korean company being competitors, but at the edge of no longer being able to keep up with a way because of the tremendous government subsidies that it receives. So we’ve got to keep that diversity in the market and we’ve got to keep the trust in the market. And I think this is something we haven’t common with our friends in Europe. And so we need to work with them on developing those alternatives for five G. So so is that the play? Is it to say we don’t want the the specific Chinese telecoms providing this, this hardware and infrastructure? So we’re going to help support and boost companies from our allies to help them build our infrastructure? Well, you have to have an alternative, right? You can’t tell someone where you can’t buy from those guys and therefore you cannot five G’s, So you’re gonna fall behind technologically as country when so much of the economy and the personalizes is going on. So the question is, how do we provide an ecosystem that encourages the development of those alternatives? And one of the ways in which we do that is, you know, as we’ve done it, just to make clear, you know, the U. S. Market is going to be available for you because it’s not available for Wall A right, and that by itself gives a company reason to invest its money in research and development. And there may be other things that need to be done in terms of helping with with research and development that that’s still all being considered. But ultimately, you know, it’s not enough to say no. You have to have an alternative, you know, And that’s true for around the world as we go around to convince countries not to put untrusted equipment on their networks. So as mayor of the Zone, I’m thinking of like that the devil’s advocate, right? The reverse side of this If I’m, ah, Chinese citizen being feted radically diet of of state owned media, right, I’m I would be wary of a U. S Telecom. Coming in and building are five g network. Obviously, because of the current state of things, that’s that’s not the way it’s going. But again, it leaves me to this question off. Are is the Internet going to become fractured? If, as as a world, we can all agree on one way to use it, develop it and maintain it. Um, so we’re right about out of time. Here’s the Lord. I’m gonna leave final thoughts with you with everything going on. Cyber conflict. And ah, these these major issues with technology and infrastructure, where is the fifth domain going? If that’s not a big question, a huge question. Um, I wish I wish I knew that answer. Um, I will say that from a United States perspective. I think what we’re trying to dio is to shape the 50 mean to make it, um, align with our democratic values, Teoh shape the battle space in that competition space, um and and really sort of, you know, come back off of our heels to lean forward and be that leader. Um, you know, the world wants to see whether in the policy side, the technical side, the conflict side, etcetera. So that’s where I see it going. Fantastic. Thank you. And thank you, John. Bryan and Thomas. Well, for joining us. But without we’ve reached the end of our time. Thank you all for joining us this morning out there in cyberspace. Shame we couldn’t be together all in person today, but nice that we can still connect and share some of these ideas. As you continue watching the defense. One text summit programming throughout the day. I encourage you to check out the D lab and explore innovative demonstrations and solutions from our underwriters as well. Uh, you’ve been able, Teoh virtualized that that showcase Flora’s well. So once again, thank you all for joining us and stay tuned for more today.